Bitte geben Sie mindestens 3 Zeichen ein

Privacy Policy

Last updated: April 2th, 2026

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as the "online offering").

The terms used are not gender-specific.

Controller

Lisa Dostmann
c/o COCENTER
Koppoldstr. 1
86551 Aichach

Email: hi[ät]immunoloco.com

Imprint: www.immunoloco.com/impressum

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects concerned.

Types of data processed

  • Inventory data
  • Payment data
  • Contact data
  • Content data
  • Contract data
  • Usage data
  • Meta, communication, and process data
  • Log data

Special categories of data

  • Health data

Categories of data subjects

  • Service recipients and clients
  • Prospective customers
  • Communication partners
  • Users
  • Business and contractual partners

Purposes of processing

  • Provision of contractual services and fulfillment of contractual obligations
  • Communication
  • Security measures
  • Direct marketing
  • Office and organizational procedures
  • Affiliate tracking
  • Organizational and administrative procedures
  • Feedback
  • Provision of our online offering and user experience
  • Information technology infrastructure
  • Public relations
  • Business processes and operational procedures

Legal bases under the GDPR: The following provides an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence. Where more specific legal bases are applicable in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

National data protection regulations in Germany: In addition to the GDPR, national data protection regulations apply in Germany. These include in particular the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which contains special provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, transmission, and automated individual decision-making including profiling. In addition, state data protection laws of the individual German federal states may apply.

Security Measures

We implement appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the costs of implementation, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.

These measures include in particular ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input of, disclosure of, ensuring availability of, and segregation of the data. We have also established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data breaches. Furthermore, we take the protection of personal data into account when developing and selecting hardware, software, and procedures, in accordance with the principle of data protection by design and by default.

Securing online connections using TLS/SSL encryption technology (HTTPS): To protect the data of users transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt information transmitted between the website or app and the user's browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by HTTPS in the URL, signaling to users that their data is being transmitted securely and in encrypted form.

Transmission of Personal Data

In the course of processing personal data, it may be transmitted to or disclosed to other parties, companies, legally independent organizational units, or individuals. Recipients of this data may include, for example, service providers entrusted with IT tasks, or providers of services and content integrated into a website. In such cases, we comply with the legal requirements and in particular conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with the statutory provisions as soon as the underlying consent is revoked or no further legal basis for processing exists. This applies to cases where the original purpose of processing no longer applies or the data is no longer needed. Exceptions apply where statutory obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons, must be archived accordingly.

Our privacy notices contain additional information on the retention and deletion of data that apply specifically to certain processing activities.

Where multiple retention periods or deletion deadlines are specified for a piece of data, the longest applicable period shall prevail. Data that is no longer retained for its originally intended purpose but for legal or other reasons shall be processed exclusively for the reasons justifying its retention.

Retention and deletion of data: The following general deadlines apply for retention and archiving under German law:

  • 10 years – Books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as the operating instructions and other organizational documents required for their understanding (§ 147(1)(1) in conjunction with (3) AO, § 14b(1) UStG, § 257(1)(1) in conjunction with (4) HGB).
  • 8 years – Accounting documents, such as invoices and cost receipts (§ 147(1)(4) and (4a) in conjunction with (3)(1) AO and § 257(1)(4) in conjunction with (4) HGB).
  • 6 years – Other business records: received commercial or business letters, copies of dispatched commercial or business letters, other records insofar as they are relevant for taxation purposes (§ 147(1)(2, 3, 5) in conjunction with (3) AO, § 257(1)(2, 3) in conjunction with (4) HGB).
  • 3 years – Data required to take into account potential warranty and liability claims or similar contractual claims and rights, as well as to handle related inquiries, based on prior business experience and standard industry practices, is stored for the duration of the standard statutory limitation period of three years (§§ 195, 199 BGB).

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, arising in particular from Articles 15 to 21 GDPR:

  • Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. Where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw your consent at any time.
  • Right of access: You have the right to obtain confirmation as to whether personal data concerning you is being processed, and to access that data as well as further information and a copy of the data in accordance with statutory requirements.
  • Right to rectification: You have the right, in accordance with the statutory requirements, to request the completion or correction of inaccurate personal data concerning you.
  • Right to erasure and restriction of processing: You have the right, in accordance with the statutory requirements, to request the immediate erasure of data concerning you, or alternatively to request the restriction of processing of the data.
  • Right to data portability: You have the right to receive personal data concerning you that you have provided to us, in a structured, commonly used, and machine-readable format, or to request its transmission to another controller, in accordance with statutory requirements.
  • Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

Business Services

We process data of our contractual and business partners, e.g. clients and prospective customers (collectively referred to as "contractual partners"), in the context of contractual and comparable legal relationships and associated measures, and in the context of communication with contractual partners (or pre-contractually), for example to respond to inquiries.

We use this data to fulfill our contractual obligations. This includes in particular the obligations to provide the agreed services, any update obligations, and remedies for defects and other service disruptions. We also use the data to protect our rights and for administrative tasks related to these obligations, as well as for business organization. In addition, we process the data on the basis of our legitimate interests in both proper and sound business management and in security measures to protect our contractual partners and our business from abuse, threats to their data, secrets, information, and rights (e.g. involving telecommunications, transport, and other auxiliary services and subcontractors, banks, tax and legal advisers, payment service providers, or financial authorities). Within the scope of applicable law, we only disclose the data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about further forms of processing, e.g. for marketing purposes, in this privacy policy.

The data required for the aforementioned purposes will be communicated to contractual partners prior to or during data collection, e.g. in online forms, by means of special labeling (e.g. colors) or symbols (e.g. asterisks), or personally.

We delete the data after the expiry of statutory warranty and comparable obligations, i.e. generally after four years, unless the data is stored in a customer account – e.g. for as long as it must be retained for legal archiving purposes (e.g. for tax purposes, generally ten years). Data disclosed to us by the contractual partner in the context of an assignment will be deleted in accordance with the requirements of the assignment and generally after the end of the assignment.

  • Types of data processed: Inventory data; payment data; contact data; contract data.
  • Special categories of personal data: Health data.
  • Data subjects: Service recipients and clients; prospective customers; business and contractual partners.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; communication; office and organizational procedures; organizational and administrative procedures; business processes and operational procedures.
  • Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion".
  • Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); legal obligation (Art. 6(1)(c) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing activities, procedures, and services:

Therapeutic services: We process data of our clients as well as prospective customers and other clients or contractual partners (collectively referred to as "clients") in order to provide our services to them. The data processed, and the nature, scope, purpose, and necessity of their processing are determined by the underlying contractual and client relationship.

In the context of our activities, we may also process special categories of data, in particular information about the health of clients, possibly in relation to their sex life or sexual orientation, as well as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. Where required, we obtain the explicit consent of clients for this, and otherwise process the special categories of data where it serves the health of the clients, the data is publicly available, or other legal permissions exist.

Where necessary for the performance of our contract, to protect vital interests, or as required by law, or where client consent has been obtained, we disclose or transmit client data to third parties or processors in accordance with professional regulations, such as authorities, medical facilities, laboratories, billing centers, and providers of IT, administrative, or comparable services; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Provision of the Online Offering and Web Hosting

We process user data in order to provide our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

  • Types of data processed: Usage data; meta, communication, and process data; log data; content data.
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user experience; information technology infrastructure; security measures.
  • Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion".
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing activities, procedures, and services:

Provision of the online offering on rented server space: For the provision of our online offering, we use server space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also referred to as a "web host"). The web host processes, on our behalf, inventory data, contact data, content data, contract data, usage data, and meta and communication data of customers, prospective customers, and visitors to this online offering on the basis of our legitimate interests in the efficient and secure provision of our online offering. The web host is based in the European Union; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files." Server log files may include the address and name of the web pages and files accessed, the date and time of access, the volume of data transferred, notification of successful retrieval, browser type and version, the user's operating system, the referring URL (the previously visited page), and generally IP addresses and the requesting provider. Server log files may be used for security purposes, e.g. to avoid server overload (particularly in the case of abusive attacks, so-called DDoS attacks), and to ensure server stability and performance; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further retention is required for evidentiary purposes is exempt from deletion until the final resolution of the relevant incident.

Email dispatch and hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of recipients and senders, as well as further information relating to the email dispatch (e.g. the providers involved) and the contents of the respective emails, are processed. The aforementioned data may also be processed for the purposes of detecting spam. Please note that emails on the internet are generally not transmitted in encrypted form. While emails are usually encrypted in transit, they are not encrypted on the servers from which they are sent and received (unless end-to-end encryption is used). We therefore cannot accept responsibility for the transmission path of emails between the sender and receipt on our server; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Content delivery network: We use a content delivery network (CDN). A CDN is a service that helps deliver content of an online offering, in particular large media files such as graphics or program scripts, more quickly and securely using regionally distributed servers connected via the internet; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Registration, Login, and User Accounts

Users may create a user account. In the course of registration, users are informed of the required mandatory details, which are processed for the purpose of providing the user account on the basis of contractual obligation fulfillment. The data processed includes in particular login information (username, password, and an email address).

In the context of using our registration and login functions and the use of the user account, we store the IP address and the time of each user action. Storage is based on our legitimate interests as well as those of users in protection against misuse and other unauthorized use. This data is generally not disclosed to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users may be informed by email about processes relevant to their user account, such as technical changes.

  • Types of data processed: Inventory data; contact data; content data; usage data; log data.
  • Data subjects: Users.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; organizational and administrative procedures; provision of our online offering and user experience.
  • Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion". Deletion upon cancellation.
  • Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing activities, procedures, and services:

Registration with pseudonyms: Users may use pseudonyms as usernames instead of their real names; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Deletion of data upon cancellation: If users have cancelled their user account, their data relating to the user account will be deleted, subject to a legal permission, obligation, or consent of the users; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

No obligation to retain data: It is the responsibility of users to save their data before the end of the contract upon cancellation. We are entitled to irreversibly delete all data stored by the user during the contract period; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Blogs and Publication Media

We use blogs or comparable means of online communication and publication (hereinafter "publication medium"). Readers' data is processed for the purposes of the publication medium only to the extent necessary for its display and for communication between authors and readers, or for security reasons. For further information, we refer to the information on the processing of visitors to our publication medium within this privacy notice.

  • Types of data processed: Inventory data; contact data; content data; usage data; meta, communication, and process data.
  • Data subjects: Users.
  • Purposes of processing: Feedback; provision of our online offering and user experience; security measures; organizational and administrative procedures.
  • Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion".
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing activities, procedures, and services:

Comments and contributions: When users leave comments or other contributions, their IP addresses may be stored on the basis of our legitimate interests. This is done for our security in case someone leaves unlawful content in comments or contributions (insults, prohibited political propaganda, etc.). In such cases, we ourselves may be held liable for the comment or contribution and therefore have an interest in the identity of the author.

Furthermore, we reserve the right to process users' details for spam detection purposes on the basis of our legitimate interests.

On the same legal basis, we reserve the right to store users' IP addresses for the duration of surveys and to use cookies to prevent multiple votes.

The personal information, contact details, website information, and content details communicated in the context of comments and contributions are stored by us permanently until the user objects; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Newsletters and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter "newsletter") exclusively with the consent of the recipients or on a legal basis. Where the contents of a newsletter are specifically described when registering for the newsletter, those contents are determinative for the user's consent. To subscribe to our newsletter, it is normally sufficient to provide your email address. In order to offer you a personalized service, we may ask for your name for a personal salutation in the newsletter, or for further information where this is necessary for the purpose of the newsletter.

Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them, in order to be able to demonstrate previously given consent. The processing of this data will be restricted to the purpose of potential defense against claims. An individual deletion request is possible at any time, provided the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocklist.

The logging of the registration process is carried out on the basis of our legitimate interests for the purpose of demonstrating its proper execution. Where we engage a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure dispatch system.

Contents: The newsletter contains information on health topics, in particular chronic illnesses, mast cell disorders, dysautonomia, and related subjects. We also provide information about new blog posts and offerings on our website.

  • Types of data processed: Inventory data; contact data; meta, communication, and process data; usage data.
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (e.g. by email or post).
  • Legal basis: Consent (Art. 6(1)(a) GDPR).
  • Right to withdraw (opt-out): You may cancel receipt of our newsletter at any time, i.e. withdraw your consent, or object to further receipt. A link to unsubscribe from the newsletter can be found at the end of each newsletter, or you may use one of the contact options provided above, preferably by email.

Further information on processing activities, procedures, and services:

Measurement of open and click rates: Our newsletters may contain so-called web beacons (tracking pixels) or similar technical means. A web beacon is an invisible graphic that is retrieved from our server when the newsletter is opened. As part of this retrieval, technical information such as browser and system information, your IP address, and the time of retrieval are collected. This information is used to technically improve our newsletter based on technical data or target groups and their reading behavior based on retrieval locations or access times. This analysis also includes determining whether and when the newsletters are opened and which links are clicked. The measurement of open and click rates and the storage of measurement results in user profiles serve to optimize and tailor future newsletters to the needs of users. You may object to the recording of your usage behavior at any time by unsubscribing from the newsletter; Legal basis: Consent (Art. 6(1)(a) GDPR).

We include so-called affiliate links or other references (which may include search forms, widgets, or discount codes) to the offerings and services of third-party providers in our online offering (collectively referred to as "affiliate links"). If users follow the affiliate links and subsequently make use of the offerings, we may receive a commission or other benefits from these third-party providers (collectively referred to as "commission").

In order to track whether users have made use of an affiliate link's offerings, it is necessary for the respective third-party providers to know that users have followed an affiliate link within our online offering. The assignment of affiliate links to the respective business transactions or other actions (e.g. purchases) serves solely the purpose of commission settlement and is cancelled once it is no longer required for that purpose.

For the purposes of the aforementioned assignment of affiliate links, the affiliate links may be supplemented with certain values that form part of the link or may otherwise be stored, e.g. in a cookie. These values may include in particular the source website (referrer), the time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offering, the type of link used, the type of offering, and an online identifier of the user.

Notes on legal bases: Where we ask users for consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, users' data is processed on the basis of our legitimate interests (i.e. an interest in efficient, cost-effective, and user-friendly services). We would also draw your attention to the information on the use of cookies in this privacy policy.

  • Types of data processed: Contract data; usage data; meta, communication, and process data.
  • Data subjects: Prospective customers; users.
  • Purposes of processing: Affiliate tracking.
  • Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion".
  • Legal bases: Consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Presence on Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context in order to communicate with users active there or to provide information about ourselves.

We draw attention to the fact that user data may be processed outside the European Union in this context. This may give rise to risks for users, as it may, for example, make it more difficult to enforce users' rights.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles may be created based on users' usage behavior and resulting interests. These profiles may in turn be used to place advertisements within and outside the networks that are presumed to correspond to the interests of the users. For this purpose, cookies are generally stored on users' devices in which usage behavior and interests are stored. Furthermore, data may also be stored in usage profiles independently of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them).

For a detailed description of the respective forms of processing and options for objecting (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

Also in the case of requests for information and the assertion of data subject rights, we point out that these can most effectively be asserted with the providers. Only the providers have access to users' data and can take appropriate measures and provide information directly. Should you nevertheless require assistance, you may contact us.

  • Types of data processed: Contact data; content data; usage data.
  • Data subjects: Users.
  • Purposes of processing: Communication; feedback; public relations.
  • Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion".
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing activities, procedures, and services:

Fediverse/ActivityPub: Our online offering supports the ActivityPub protocol and is part of the so-called Fediverse. Users of other Fediverse platforms (e.g. Mastodon) can follow our content and interact with it. In doing so, data such as usernames, profile pictures, and interactions (e.g. comments, likes) are exchanged between the servers involved. This data is processed in accordance with the privacy policies of the respective servers. We have no influence over data processing by other Fediverse servers; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Changes and Updates

We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your involvement (e.g. consent) or other individual notification.

Where we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and ask you to verify the details before making contact.

Definitions

In this section you will find an overview of the terminology used in this privacy policy. Where terms are defined by law, their statutory definitions shall apply. The following explanations are intended primarily as an aid to understanding.

Affiliate tracking: In the context of affiliate tracking, links used by referring websites to direct users to websites with product or other offerings are logged. The operators of the respective referring websites may receive a commission if users follow these so-called affiliate links and subsequently make use of the offerings (e.g. purchase goods or use services). For this purpose, it is necessary for the providers to be able to track whether users who are interested in certain offerings subsequently make use of them at the instigation of the affiliate links. Affiliate links are therefore supplemented with certain values that become part of the link or are otherwise stored, e.g. in a cookie. These values include in particular the source website (referrer), the time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offering, an online identifier of the user, and tracking-specific values such as advertising material ID, partner ID, and categorizations.

Inventory data: Inventory data encompasses essential information required for the identification and management of contractual partners, user accounts, profiles, and similar assignments. This data may include personal and demographic details such as names, contact information (addresses, telephone numbers, email addresses), dates of birth, and specific identifiers (user IDs). Inventory data forms the basis for any formal interaction between individuals and services, facilities, or systems, by enabling clear identification and communication.

Content data: Content data encompasses information generated during the creation, editing, and publication of content of all kinds. This category of data may include texts, images, videos, audio files, and other multimedia content published on various platforms and media. Content data is not limited to the actual content itself but also includes metadata providing information about the content, such as tags, descriptions, author information, and publication dates.

Contact data: Contact data is essential information that enables communication with individuals or organizations. It includes telephone numbers, postal addresses, and email addresses, as well as communication means such as social media handles and instant messaging identifiers.

Meta, communication, and process data: Meta, communication, and process data are categories containing information about how data is processed, transmitted, and managed. Metadata, also known as data about data, encompasses information describing the context, origin, and structure of other data. It may include details about file size, creation date, the author of a document, and modification histories. Communication data captures the exchange of information between users across various channels, such as email traffic, call logs, social network messages, and chat histories, including the parties involved, timestamps, and transmission paths. Process data describes the processes and workflows within systems or organizations, including workflow documentation, transaction and activity logs, and audit logs used for tracking and auditing processes.

Usage data: Usage data refers to information that captures how users interact with digital products, services, or platforms. This data encompasses a wide range of information showing how users use applications, which features they prefer, how long they stay on certain pages, and the paths through which they navigate an application. Usage data may also include the frequency of use, activity timestamps, IP addresses, device information, and location data. It is particularly valuable for analyzing user behavior, optimizing user experiences, personalizing content, and improving products or services. In addition, usage data plays a crucial role in identifying trends, preferences, and potential problem areas within digital offerings.

Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Log data: Log data is information about events or activities recorded in a system or network. This data typically includes information such as timestamps, IP addresses, user actions, error messages, and other details about the use or operation of a system. Log data is often used to analyze system issues, for security monitoring, or to generate performance reports.

Controller: "Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processing: "Processing" means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data, including collection, analysis, storage, transmission, and deletion.

Contract data: Contract data is specific information relating to the formalization of an agreement between two or more parties. It documents the conditions under which services or products are provided, exchanged, or sold. This data category is essential for managing and fulfilling contractual obligations and encompasses both the identification of the contracting parties and the specific terms and conditions of the agreement. Contract data may include start and end dates of the contract, the type of agreed services or products, price agreements, payment terms, cancellation rights, renewal options, and specific conditions or clauses. It serves as the legal basis for the relationship between the parties and is crucial for clarifying rights and obligations, enforcing claims, and resolving disputes.

Payment data: Payment data encompasses all information required to process payment transactions between buyers and sellers. This data is of crucial importance for e-commerce, online banking, and any other form of financial transaction. It includes details such as credit card numbers, bank account details, payment amounts, transaction dates, verification numbers, and billing information. Payment data may also include information about payment status, chargebacks, authorizations, and fees.

Super! Sie haben sich erfolgreich angemeldet.
Willkommen zurück! Sie haben sich erfolgreich eingeloggt.
Sie haben immunoloco erfolgreich abonniert.
Ihr Link ist abgelaufen.
Das hat geklappt! Suchen Sie in Ihrer E-Mail nach einem magischen Link zur Anmeldung.
Das hat geklappt! Ihre Zahlungsinformationen wurden aktualisiert.
Ihre Abrechnung wurde nicht aktualisiert.