Der Einfachheit halber stellen wir diese Seite für unsere deutschsprachigen Besucher auch auf Deutsch zur Verfügung.

Last update: April 2021

Introduction

We would like to welcome you to the website of “Optimum Health Research” (OHR). For us, data protection has of course a particularly high priority.

In principle, the use of the OHR website is possible without providing personal data. However, if you wish to use a service via our website, it may be necessary to collect, store and pass on your personal data. Of course, you will always be informed by us of possible data collection prior to these processes and these will only take place with your consent.

In the course of the General Data Protection Regulation (GDPR), some new terms were introduced, which we will explain to you in more detail. Likewise, some new rights have been added for you as a data subject. We will show you which rights you have later in the text. For us as the responsible party, some obligations have been added at the same time, which we will also be happy to explain to you in this data protection declaration.

You can be sure that we have taken all necessary technical and organizational measures to protect your data in the best possible way. Unfortunately, despite our best efforts, we can never guarantee that a security breach will not occur. Should this occur, we will inform you and immediately ensure that this security gap is closed. As you can see, we stand for open communication and the highest level of data protection.

The transparency created by OHR on the subject of data protection should enable you to build up the best possible trust in us.

Data Controller

Gesund4You GmbH
Bahnhofstraße 76
35630 Ehringshausen
Phone: +49 (0) 6443 833 734 3
E-Mail: mail@gesund4you.org
Website: https://gesund4you.org

Mr. Jens Brünnler has been appointed as data protection officer for the company. He performs the activities according to Art. 38 and Art. 39 GPDR. You can contact our data protection officer at datenschutz@gesund4you.org at any time with data protection-related concerns.

The use of the contact data provided here for commercial advertising is expressly not desired, unless we had previously given our written consent, or a business relationship already exists. The provider and all persons named on this website hereby object to any commercial use and disclosure of their data.

Nature of the data processed

In the following we show you what data you might collect or what information we could receive from your visit:

  • Address data: first name, last name, street, house number, country, city, zip code
  • Contact details: phone number, e-mail address
  • Technical data: device information, IP address

Purpose of processing

Your data will be collected for various reasons.

The main purpose of the collection is to make our online offer available in the form of our website. Certain features and content can only be provided with the help of your data and information.

Furthermore, the collection is designed to allow us to analyze your user behavior in order to potentially create a better visitor experience on our website for you.

We also collect data so that we can analyze our own website. For us, it is very important to recognize visitor behavior and wishes and to optimize our web offers on the basis of these. In this way, a better user experience can be created for you and we can operate and expand our company, as well as our Internet presence, in a more targeted manner.

Furthermore, data is collected through the contact form so that we can process and respond to your enquiries and suggestions. Finally, we can use the data to take various security measures to make our website more secure.

Summarizing

  • Analysis of your own website
  • Adaptation of security measures
  • Optimizing the Internet presence
  • Simplified contact

Category of data subject

By data subject, according to the GDPR, we mean you. This means that when you come to our website, we process your data. In the following, we will refer to you as a data subject or user.

Definitions

In the following, we will now explain the terms that are explained in the law. It is indeed our duty to do so.

1. Personal data

Any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Data subject

Any identified or identifiable natural person whose personal data are processed by the controller.

3. Data processing

Any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4. Restriction of processing

The flagging of stored personal data with the aim of limiting their future processing.

5. Profiling

Any type of automated processing of personal data consisting of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

6. Pseudonymization

Processing of personal data in such a way that the personal data can no longer be allocated to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures to ensure that the personal data is not allocated to an identified or identifiable natural person.

7. Data controller

The natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

8. Data Processor

A natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

9. Recipient

A natural or legal person, public authority, agency or other body to which personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients. The processing of these data by the aforementioned authorities shall be carried out in accordance with the applicable data protection legislation, in accordance with the purposes of the processing.

10. Third party

A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

11. Consent

Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Rights of the data subjects

1. Right of confirmation

You have the right to request confirmation from the data controller about the processing of personal data. If you wish to do so, you may at any time contact employees or the data protection officer of the controller.

2. Right of information

You have the right to obtain confirmation from the data controller as to whether personal data concerning you are being processed; if this is the case, you have the right to obtain access to such personal data and the following information:

  • The purposes of processing
  • The categories of personal data being processed
  • The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations
  • The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations
  • The existence of a right to obtain the rectification or erasure of personal data concerning you, or to obtain the restriction of processing data by the controller, or a right to object to such processing
  • The existence of a right to lodge a complaint with a supervisory authority
  • If the personal data is not collected from the data subject: Any available information about the origin of the data
  • The existence of automated decision-making, including profiling, pursuant to Article 22 (1) and (4) of the GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject
  • In addition, if personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed about the appropriate safeguards pursuant to Article 46 in connection with the transfer.
  • If the data subject wishes to exercise his or her right to information, he or she may, at any time, contact employees, or the data protection officer(s) of the data controller.

3. Right of rectification

You have the right to request the data controller to correct your inaccurate personal data. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration. Should you wish to exercise your right to rectification, you may at any time contact employees, respectively the data protection officer(s) of the data controller.

4. Right of erasure (right to be forgotten)

As a data subject, you have the right to request the data controller to delete your personal data without undue delay. The controller is obliged to delete personal data without delay if one of the following reasons applies:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • The data subject revokes his or her consent on which the processing was based pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR and there is no other legal basis for the processing.
  • The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
  • The personal data have been processed unlawfully.
  • The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
  • The personal data has been collected in relation to information society services offered pursuant to Article 8(1) GDPR.
  • If one of the aforementioned reasons applies, and a data subject wishes to arrange for the erasure of personal data stored by the data controller, he or she may, at any time, contact any employee or the data protection officer of the data controller, who will promptly ensure that the erasure request is complied with immediately.
  • If the controller has disclosed the personal data and is obliged to erase it pursuant to paragraph 1, it shall implement reasonable measures, including technical measures, taking into account the available technology and the cost of implementation, to inform the data controller that a data subject has requested the erasure of all links to or copies or replications of the personal data.

5. Right to restrict processing

You have the right to request the controller to restrict processing if one of the following conditions is met:

  • The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful, the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data.
  • The controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for the assertion, exercise or defense of legal claims.
  • The data subject has objected to the processing pursuant to Article 21 (1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned reasons apply, and a data subject wishes to exercise the right to restrict the processing, he or she may, at any time, contact any employee or data protection officer of the controller.

6. Right of data portability

As a data subject, you have the right to receive the personal data concerning you that you have provided to a controller in an orderly and commonly used format. Furthermore, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) or on a contract pursuant to Art. 6(1)(b) and the processing is carried out using automated procedures. This does not apply if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

In addition, when exercising your rights of data portability pursuant to Article 20(1) of the GDPR, you have the right to obtain that your personal data be transferred directly from one controller to another controller, to the extent that this is technically feasible and does not adversely affect the rights and freedoms of other individuals.

If you wish to exercise your rights of data portability, you may at any time contact employees or the data protection officer of the controller.

7.  Right of withdrawal

You have the right to revoke consent you have already given for the future. This right is based on Article 7 of the GDPR.

8. Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. The controller will no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of you, or the processing is for the establishment, exercise or defense of legal claims. If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. You also have the right to object, on grounds relating to your particular situation, to processing of personal data concerning you which is carried out for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.

You may exercise your right to object at any time by contacting any employee or the data protection officer of the controller directly. In addition, you are free to exercise your right to object via automated procedures using technical specifications in connection with the use of information society services.

Provision of the personal data

If you conclude a contract with us, you are obliged to provide us with your personal data relevant to the contract so that a contractual relationship can come into being and exist. As the responsible party, we must show you what would happen if you did not provide the data.

The provision of personal data is partly required by law, for example by tax regulations. The provision can also result from contractual regulations, such as information about the contractual partner, etc.. For the conclusion of a contract between you and us, it may be necessary that you provide your personal data. This obligatory provision then serves the execution of the contract.

However, if you do not provide us with the data in such a case, it will not be possible to conclude a contract. However, before you as the data subject provide your personal data, you must either contact one of our available employees or our data protection officer. Here you will be informed, taking into account your individual case, whether the provision of your data is required by law or contract or even necessary for the conclusion of a contract.

Storage period of the personal data

We may retain and store your personal data only on the basis of the statutory periods. After expiry of this period, we are obliged to delete your personal data if they are no longer required for the performance of a contract or for the initiation of a new contract. Otherwise, our legitimate claim according to Art.6 GDPR would take effect. Likewise, we must comply with certain legal deadlines that prescribe longer storage periods.

Erasure of personal data

Processed data will be deleted or restricted in its processing in accordance with Art. 17 and 18 GDPR. Unless specified in this privacy policy, stored personal data will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, processing will be restricted. This means that the data is blocked and not used for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.

According to legal requirements, in Germany data is stored in particular for 10 years in accordance with §§ 147 para. 1 AO, 257 para. 1 nos. 1 and 4, para. 4 HGB (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and 6 years in accordance with § 257 para. 1 nos. 2 and 3, para. 4 HGB (commercial letters).

Automatic decision making (profiling)

As a data subject, you have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. However, this does not apply if the decision:

  • is necessary for the conclusion or performance of a contract between the data subject and the controller,
  • is permitted by legal provisions of the Union or the Member States to which the controller is subject, and these legal provisions contain appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, or
  • is carried out with the explicit consent of the data subject.

Should the decision:

  1. be necessary for entering into, or the performance of, a contract between the data subject and the controller; or
  2. it is made with the explicit consent of the data subject,

the controller will take reasonable steps, as a consequence, to safeguard the rights and freedoms as well as the legitimate interests of you, which include the right to obtain the involvement of a data subject on the part of the controller, to express his or her point of view and contest the decision.

If you wish to exercise your right in relation to automated decisions, you may, at any time, contact any employee or the data protection officer of the controller.

Safety precautions & measures

In consideration of Article 32 GDPR and taking into account the state of the art, we take appropriate technical and organizational measures to minimize any risk of unlawful handling of your personal data. We thus aim to ensure the highest level of security and compliance with the law. This includes, for example, the security, confidentiality, integrity and availability of your personal data. We ensure this through physical access controls to buildings and data carriers, separation of the various categories of data, control of access and disclosure rights, and much more. In addition, the same careful protection of your data is carried out through appropriate technical measures of your electronic personal data. Our measures are constantly improved and adapted based on the latest findings. In this way, we guarantee the best possible security for your personal data.

Administration of personal data

We process your data within the scope of administrative tasks as well as the organization of our operations and/or to comply with legal obligations. In doing so, we process the same data that we also process in the course of providing our contractual services. In the course of these processing bases, we invoke Article 6 para. 1 lit. c. GDPR and Article 6 para. 1 lit. f. GDPR. You are affected by the processing as a customer, interested party, business partner and website visitor. The purpose and our interest in the processing lie in the administration and archiving of data, i.e. tasks that serve the maintenance of our business activities, the performance of our tasks and the provision of our services.

Personal data in the context of contact management

We process your data within the scope of and for the purposes of contact management, also in the context of organizational purposes and/or to comply with legal obligations. In this context, we process the same data that we also process in the context of the provision of our contractual services. In the course of these processing bases, we invoke Article 6 para. 1 lit. c. GDPR and Article 6 para. 1 lit. f. GDPR. You are affected by the processing as a customer, interested party, business partner and website visitor. The purpose and our interest in processing your data is the management of your contact data for organizational purposes and to fulfill our services.

Personal data in the context of the internal organization

We process your data within the scope of and for the purposes of contact management, also in the context of organizational purposes and/or to comply with legal obligations. In this context, we process the same data that we also process in the course of providing our contractual services. In the course of these processing bases, we invoke Article 6 para. 1 lit. c. GDPR and Article 6 para. 1 lit. f. GDPR. You are affected by the processing as a customer, interested party, business partner and website visitor. The purpose and our interest in the processing lie in the management of your personal data for organizational purposes to ensure a smooth operational process.

Cookies

The internet page of OHR uses cookies. Cookies are text files that are placed and stored on a computer system via an Internet browser.

Numerous Internet pages and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific internet browser can be recognized and identified via the unique cookie ID.

Through the use of cookies, OHR can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.

By means of a cookie, the information and offers on our website can be optimized for the user. Cookies enable us, as already mentioned, to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter his or her access data each time he or she visits the website, because this is handled by the website and the cookie stored on the user’s computer system. Another example is the cookie of a shopping cart in an online store. The online store remembers the items that a customer has placed in the virtual shopping cart via a cookie. The data subject can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers.

You can also change your personal cookie settings subsequently by clicking on the following button:

Show or change cookie settings

If the data subject deactivates the setting of cookies in the Internet browser, not all functions of our website may be fully usable.

Contact form

When contacting us (via contact form, e-mail, telephone or social media), the user’s data will be used to process the contact request and its settlement pursuant to Art. 6 para. 1 lit. b. (in the context of contractual/pre-contractual relations) and Art. 6 para. 1 lit. f. (other requests) GDPR processed. This user information is stored in a customer relationship management system (CRM system) or similar inquiry organizations.

We delete these requests as soon as they are no longer necessary. The necessity of these inquiries is checked every two years, furthermore the legal archiving obligations apply.

We provide the contact form function via the “Contact Form 7” plugin. For more information, you can look here: (https://de.wordpress.org/plugins/contact-form-7/)

E-mail marketing/newsletter subscription

If you would like to receive information and news from us by e-mail, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive it. Further data is not collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered in the registration form is based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and their use for sending at any time, for example via the “unsubscribe” link in the messages we send. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide for the purpose of receiving information will be stored by us until you unsubscribe from our mailing list. Data stored by us for other purposes (e.g. e-mail addresses for the member area) will remain unaffected by this.

Functions for the integration of social media (social media buttons)

We offer you the option of using so-called “social media buttons” on our website. To protect your data, we rely on the “Shariff” solution for implementation. This means that these buttons are only integrated on the website as a graphic that contains a link to the corresponding website of the button provider. By clicking on the graphic, you are thus redirected to the services of the respective provider. Only then your data will be sent to the respective providers. Unless you click on the graphic, no exchange of any kind takes place between you and the providers of the social media buttons. Information about the collection and use of your data in the social networks can be found in the respective terms of use of the corresponding providers. You can find more information about the Shariff solution here: http://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

We have integrated the social media buttons of the following companies on our website:

  • Facebook Inc. (1601 S. California Ave – Palo Alto – CA 94304 – USA)
  • Twitter Inc. (795 Folsom St. – Suite 600 – San Francisco – CA 94107 – USA)

Embedded content (Plugins)

YouTube

Videos of the platform “YouTube” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, can be integrated by us. The privacy policy can be found under the following link: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Based on our legitimate interests, according to Article 6 para. 1 lit. f. GDPR, this processor is used by us.

Vimeo

Videos of the platform “Vimeo” of the provider Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA, can be integrated by us. The privacy policy can be found under the following link: https://vimeo.com/privacy.

We draw your attention to the fact that Vimeo may use Google Analytics and therefore refer you to the relevant data protection declaration (https://www.google.com/policies/privacy) as well as to the opt-out options (http://tools.google.com/dlpage/gaoptout?hl=de) and Google’s settings for data use for marketing purposes (https://adssettings.google.com/.).

Based on our legitimate interests, according to Article 6 para. 1 lit. f. GDPR, this processor is used by us.

Google ReCaptcha

The function for the recognition of bots, e.g. for entries in online forms (“ReCaptcha”) of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, is integrated by us. The privacy policy can be found under the following link: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Based on our legitimate interests, according to Article 6 para. 1 lit. f. GDPR, this processor is used by us.

Google Fonts

The fonts (“Google Fonts”) of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, are integrated by us. The privacy policy can be found under the following link: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Based on our legitimate interests, according to Article 6 para. 1 lit. f. GDPR, this processor is used by us.

Online marketing and partner programs

DigiStore24

We sell our own products and third-party products on our website via the online sales platform DigiStore24. On our pages, links to the platform of Digistore24 are included, from which we can earn money via advertising reimbursement. Digistore24 uses cookies for this purpose in order to be able to trace the origin of the orders. This allows Digistore24 to recognize that you have clicked the partner link on our website.

For more information on data usage by Digistore24, please see Digistore24’s privacy policy: https://www.digistore24.com/page/privacy.

Sale and provision of products, digital content & services

We use the reseller Digistore24 GmbH, St.-Godehard-Straße 32, 31139 Hildesheim, Germany (“Digistore24”) to process orders and payments for our digital products. DigiStore24 is the seller of the products. We ourselves do not operate our own web shop but are merely the product manufacturer. In order to process orders, your personal data will be stored by Digistore24.

For more information on data usage by Digistore24, please see Digistore24’s privacy policy: https://www.digistore24.com/page/privacy.

Kajabi

To provide our media library, we use the service provider Kajabi, LLC, 15495 Sand Canyon Ave Suite #300, Irvine, CA 92618. The data provided in connection with the registration and use of our media library, such as in particular your name, e-mail address, address and, if applicable, payment data, are stored on Kajabi’s servers in the USA.

Kajabi uses this data to provide the Media Library on our behalf. In addition, Kajabi uses the transmitted data to optimize or improve its own services, such as for the technical optimization of the services. According to our information, Kajabi does not use the data to pass it on to third parties.

We have concluded a contract with the provider Kajabi for processing on behalf of us. The standard contractual clauses for the transfer of personal data to commissioned data processors in third countries apply to the transfer of personal data.

For more information about Kajabi’s use of data, please refer to the information provided on the following page: https://kajabi.com/policies/.

External links

If we use external links that are offered within the framework of our Internet pages, this data protection declaration does not extend to these links. If we offer links, we make every effort to ensure that they also comply with our data protection and security standards. However, we have no influence on other providers’ compliance with data protection and security regulations. Therefore, please also inform yourself on the websites of the other providers about the data protection declarations provided there.

Conclusion

If you have any further questions or if you have noticed incomplete information, please feel free to contact us at any time.