PRIVACY POLICY
This privacy statement clarifies the nature, scope and purpose of the processing of personal data (hereinafter "data") in the context of the provision of our services as well as within our online offer and related websites, Functions and contents as well as external online presences, such as our social media profile (hereinafter collectively referred to as "online offer"). With regard to the terminology used, such as "processing" or "responsible person", we refer to the definitions in article 4 of the Basic Data Protection Regulation (GDPR).
Responsible
NEUROSANTE OÜ
Järvevana tee 9, 11314, Tallinn, Estonia
Tel: +49 170 2985189
https://www.neuroces.com/imprint
Types of Data Processed
-
Inventory data (e.g., personal master data, names or addresses).
-
Contact information (e.g., e-Mail, telephone numbers).
-
Content data (e.g., text input, photographs, Videos).
-
Usage data (e.g., websites visited, interest in content, access times).
-
Meta-communication data (e.g., device information, IP addresses).
Categories of Persons Affected
Visitors and users of the online offer (hereinafter, we refer to the persons concerned as "users" in summary).
Purpose of Processing
-
Provision of the online offer, its functions and contents.
-
Answering contact requests and communicating with users.
-
Security measures
-
Range Measurement/Marketing
Terms Used
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject" a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier (e. g. a cookie) or to one or more specific characteristics which express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, is regarded as identifiable.
"Processing" means any operation or set of operations which is carried out with or without the aid of automated processes and which involves personal data. The term reaches far and covers practically every handling of data.
"Pseudonymisation" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.
"Profiling" means any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movements of that natural person.
"Controller" means any natural or legal person, public authority, agency or body which alone or jointly with others determines the purposes and means of the processing of personal data.
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Applicable Legal Bases
In accordance with Art. 13 DSGVO we inform you about the legal basis of our data processing. The following applies to users from the scope of the Basic Data Protection Regulation (DSGVO), i. e. the EU and the EEC, unless the legal basis is mentioned in the data protection declaration:
-
The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 DSGVO;
-
The legal basis for the processing for the fulfilment of our services and the implementation of contractual measures as well as the answering of inquiries is Art. 6 para. 1 lit. b DSGVO;
-
The legal basis for the processing for the fulfilment of our legal obligations is Art. 6 para. 1 lit. c DSGVO;
-
In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 para. 1 lit. d DSGVO serves as the legal basis.
-
The legal basis for the processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority entrusted to the controller is Art. 6 para. 1 lit. e DSGVO.
-
The legal basis for the processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f DSGVO.
The processing of data for purposes other than those for which they were collected is governed by the provisions of Art. 6 (4) DSGVO. -
The processing of special categories of data (pursuant to Art. 9 para. 1 DSGVO) is governed by the provisions of Art. 9 para. 2 DSGVO.
Safety Precautions
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, extent, circumstances and purposes of the processing, as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
Measures shall include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to, access to, inputting, disclosure, securing and separation of data. In addition, we have established procedures to ensure that data subjects rights are exercised, that data is deleted and that we react to data threats. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings.
Cooperation with Contract Processors, Joint Managers and Third Parties
Insofar as we disclose data to other persons and companies (contract processors, jointly responsible persons or third parties) within the scope of our processing, transfer them to them or otherwise grant them access to the data, this shall only take place on the basis of legal permission (e. g. if a transfer of the data to third parties, such as payment service providers, is necessary for the fulfilment of the contract), users have consented, a legal obligation provides for this or on the basis of our legitimate interests (e. g. when using agents, web hosts, etc.).
Insofar as we disclose, transmit or otherwise grant access to data to other companies of our group of companies, this is done in particular for administrative purposes as a legitimate interest and beyond that on a basis corresponding to the legal requirements.
Transfers to Third Countries
If we process data in a third country (i. e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or if this is done in the context of the use of third party services or disclosure or transfer of data to other persons or companies, this only occurs if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, a legal obligation or on the basis of our legitimate interests. Subject to express consent or contractually required transfer, we process or allow the data to be processed only in third countries with a recognized level of data protection, which includes US processors certified under the "Privacy Shield" or on the basis of special guarantees, such as a contractual obligation through so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO, information page of the EU Commission).
Rights of the Persons Concerned
You have the right to request confirmation as to whether the data in question will be processed and to be informed of this data and to receive further information and a copy of the data in accordance with the provisions of the law.
You have the right, in accordance with the law, to request the completion of the data concerning you or the rectification of the incorrect data concerning you.
In accordance with the statutory provisions, you have the right to demand that the relevant data be deleted immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the statutory provisions.
You have the right to demand that we receive the data concerning you that you have provided to us in accordance with the statutory provisions and to demand that it be passed on to other persons responsible.
They also have the right to file a complaint with the competent supervisory authority in accordance with the statutory provisions.
Right of Withdrawal
You have the right to revoke any consent you have given with effect for the future.
Right of Objection
You may object at any time to the future processing of the data concerning you in accordance with the statutory provisions. The objection may in particular be lodged against processing for the purposes of direct marketing.
Cookies and right to object to direct advertising
"Cookies" are small files that are stored on the user's computer. Different data can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after the user's visit to an online service. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his browser. The content of a shopping cart in an online shop or a login status, for example, can be stored in such a cookie. Cookies are referred to as "permanent" or "persistent" and remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days. The interests of the users can also be stored in such a cookie, which are used for range measurement or marketing purposes. "Third-Party-Cookie" are cookies that are offered by other providers than the responsible person who operates the online service (otherwise, if they are only their cookies, one speaks of "First-Party Cookies").
We may use temporary and permanent cookies and explain this in our privacy policy.
If we ask users for their consent to the use of cookies (e.g. in the context of a cookie agreement), the legal basis for this processing is Art. 6 Para. 1 lit. a. DSGVO. Otherwise, the personal cookies of the users will be processed in accordance with the following explanations within the framework of this data protection declaration on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. of the German Data Protection Act). DSGVO) or if the use of cookies is necessary for the provision of our contract-related services, in accordance with Art. 6 Para. 1 lit. b. DSGVO, or if the use of cookies is necessary for the performance of a task in the public interest or in the exercise of official authority, pursuant to Art. 6 para. 1 lit. e. DSGVO, processed.
If users do not wish cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
A general objection to the use of cookies for online marketing purposes can be raised for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by switching them off in the browser settings. Please note that in this case not all functions of this online offer can be used.
Deletion of data
The data processed by us will be deleted in accordance with the statutory provisions or their processing will be restricted. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.
If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons.
Changes and updates to the data protection declaration
We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
Business-related processing
In addition, we process
-
Contract data (e.g., subject of the contract, term, customer category).
-
Payment data (e.g., Bank account details, payment history)
from our customers, prospects and business partners for the purpose of providing contractual services, Service and customer care, Marketing, advertising and market research.
Ordering process in the online shop and customer account
We process the data of our customers as part of the ordering process in our online shop to allow them to select and order the selected products and services, as well as their payment and delivery, or execution.
The processed data includes inventory data, communication data, contract data, payment data and those affected by the processing belong to our customers, prospects and other business partners. Processing is for the purpose of providing contractual services in the context of operating an online shop, billing, delivery and customer service. Here we use session cookies for the storage of the shopping cart contents and permanent cookies for the storage of the login status.
Processing takes place in order to fulfill our services and to carry out contractual measures (for example, carrying out order processes) and insofar as required by law (for example, legally required archiving of business transactions for trading and tax purposes). The information marked as required for the establishment and fulfillment of the contract is required. We disclose the data to third parties only in the context of extradition, payment or legal permissions and obligations, as well as if this is based on our legitimate interests, which we inform you in the context of this privacy policy (eg, to legal and tax consultants, financial institutions, freight companies and public authorities).
Users can optionally create a user account, in particular by being able to view their orders. As part of the registration, the required mandatory information will be communicated to the users. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data will be deleted with respect to the user account, subject to their retention is necessary for commercial or tax reasons. Information in the customer's account remains until its deletion with subsequent archiving in the case of a legal obligation or our legitimate interests (for example, in the case of litigation). It is the responsibility of the users to secure their data upon termination prior to the end of the contract.
As part of the registration and re-registration and use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. A transfer of these data to third parties does not take place, unless it is necessary for the pursuit of our legal claims as a legitimate interest or there is a legal obligation to do so.
The deletion takes place after expiration of legal warranty and other contractual rights or obligations (for example, payment entitlements or performance obligations from contracts with customers), whereby the necessity of keeping the data is checked every three years; in the case of storage due to legal archiving obligations, the deletion takes place after its expiration.
External Payment Service Providers
We use external payment service providers whose platforms allow users and we to make payment transactions. These payment service providers may include, in each case with a link to the Privacy Policy:
As part of the fulfillment of contracts, we set the payment service providers on the basis of Art. 6 para. 1 lit. b. DSGVO. In addition, we use external payment service providers on the basis of our legitimate interests in accordance with art. Art. 6, Para. 1 lit. f. DSGVO in order to offer our users effective and secure payment options.
Amongst the data processed by the payment service providers are inventory data, e.g. the name and the address, bank data, e.g. Account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, summary and recipient-related information. The information is required to complete the transactions. However, the data entered will only be processed and stored by the payment service providers. That We do not receive any account or credit card related information, but only information with confirmation or negative disclosure of the payment. The data may be transmitted by the payment service providers to credit reporting agencies. This transmission aims at the identity and credit check. For this we refer to the terms and privacy policy of payment service providers.
For the payment transactions, the terms and conditions and the privacy notices of the respective payment service providers, which are available within the respective websites, or transactional applications apply. We also refer to these for further information and assertion of rights of revocation, information and other data subjects.
Administration, Financial Accounting, Office Organization, Contact Management
We process data in the context of administrative tasks and organization of our business, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the course of rendering our contractual services. The processing principles are Art. 6 para. 1 lit. c. DSGVO, Art. 6 para. 1 lit. f. DSGVO. The processing affects customers, prospects, business partners and website visitors. The purpose and interest in processing lies in administration, financial accounting, office organization, data archiving, that is, tasks that serve to maintain our business, perform our duties and provide our services. The deletion of the data with regard to contractual services and contractual communication corresponds to the information provided in these processing activities.
We disclose or transmit data to the financial administration, consultants, such as tax accountants or auditors, and other fee agents and payment service providers.
Furthermore, based on our business interests, we store information about suppliers, promoters and other business partners, e.g. for later contact. We generally store this majority of company-related data permanently.
Business Analysis and Market Research
In order to operate our business economically, to recognise market trends and the preferences of our business partners and customers, we analyse the data available to us relating to business transactions, contracts, inquiries, etc. We process stock data, communication data, contract data, payment data, usage data, metadata based on the terms of 6 paragraph 1 part f DSGVO, whereby the data subjects include contractual partners, interested parties, customers, visitors and users of our online offer.
The analyses are carried out for the purpose of business analysis, marketing and market research. In doing so, we can provide the profiles of registered users with information, e.g. take into account their services. The analyses are carried out to increase our user-friendliness and to optimise our range and the economics of the business. They are for us alone and will not be disclosed externally unless they are anonymised, aggregated value analyses.
If these analyses or profiles are personal, they will be deleted or anonymised upon termination of the users account, otherwise two years after the conclusion of the contract. Wherever possible the overall business analyses and general trend assessments are created anonymously if possible.
Google Cloud services
We use the cloud offered by Google and the cloud software services (so-called Software as a Service, e.g. Google Suite) for the following purposes: document storage and management, calendar management, email delivery, spreadsheets and presentations, exchange of documents, content and information with specific recipients or publication of web pages, forms or other content and information as well as chats and participation in audio and video conferences.
The user's personal data are processed here insofar as they become part of the documents and content processed within the services described or are part of communication processes. This may include, for example, master data and contact data of users, data on processes, contracts, other processes and their contents. Google also processes usage data and metadata that are used by Google for security purposes and service optimisation.
In the course of using publicly accessible documents, websites or other content, Google may store cookies on the user's computer for the purpose of web analysis or to remember user preferences.
We use the Google Cloud services on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO in efficient and secure administrative and cooperation processes. Furthermore, the processing is based on an order processing contract with Google (https://cloud.google.com/terms/data-processing-terms).
You can find more information in Google's Privacy Policy (https://www.google.com/policies/privacy) and the Google Cloud Services Security Notes (https://cloud.google.com/security/privacy/). You can object to the processing of your data in the Google Cloud in accordance with the legal requirements. In addition, the deletion of data within Google's cloud services is determined by the other processing procedures in which the data is processed (e.g., deletion of data no longer required for contractual purposes or storage for purposes of taxation).
The Google Cloud services are offered by Google Ireland Limited. As far as a transmission to the USA takes place, we refer to the certification of Google USA under the Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt00000000001L5AAI&status=Active) and standard protection clauses (https://cloud.google.com/terms/data-processing-terms).
Contact
When contacting us (for example, by contact form, e-mail, telephone or via social media) the information of the user to process the contact request and its processing in accordance with. Art. 6 para. 1 lit. b. (in the context of contractual / pre-contractual relationships), Art. 6 para. 1 lit. f. (other requests) DSGVO processed. User information can be stored in a Customer Relationship Management System ("CRM System") or similar request organization.
We delete the requests if they are no longer required. We check the necessity every two years; furthermore, the legal archiving obligations apply.
Hosting and E-Mail Delivery
The hosting services we use are designed to provide the following services: infrastructure and platform services, computing capacity, storage and database services, e-mailing, security, and the technical maintenance services we use to operate this online service.
Here we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in an efficient and secure provider of this online offer according to Article 6 paragraph 1 part f DSGVO, in conjunction with Article 28 DSGVO (conclusion of contract processing contract).
Collection of Access Data and Log Files
We, or our hosting provider, collect on the basis of our legitimate interests, within the meaning of Article 6 paragraph 1 part f. DSGVO, data on every access to the server on which this service is located (so-called server log files). The access data includes name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider,
Logfile information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.
Google Tag Manager
Google Tag Manager is a solution that allows us to manage so-called website tags through a single interface (including integrating Google Analytics and other Google marketing services into our website). The Tag Manager itself (which implements the tags) does not process any personal user data. Regarding the processing of users’ personal data, reference is made to the following information on the Google services. Usage Policy: https://www.google.com/intl/de/tagmanager/use-policy.html.
Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google uses cookies. The information generated by the cookie about users' use of the website is generally transmitted to and stored by Google on servers in the United States.
Google will use this information on our behalf to evaluate the use of our online services by users, to compile reports on the activities within this online service and to provide us with other services associated with the use of this online service and the Internet. Pseudonymous user profiles of the users can be created from the processed data.
We only use Google Analytics with IP anonymization enabled. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there.
The IP address submitted by the user's browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly; Users may also prevent the collection by Google of the data generated by the cookie and related to their use of the online offer as well as the processing of such data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser add-on or within browsers on mobile devices, please click on the "Opt Out of GA" button at the bottom of the page to prevent Google Analytics from entering this website in the future. An opt-out cookie is stored on your device. If you delete your cookies, you must click this link again.
If we ask the users for their consent (e.g. in the context of a cookie agreement), the legal basis for this processing is Art. 6 Para. 1 lit. a. DSGVO. Otherwise, the personal data of the user will be processed on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online service within the meaning of Art. 6 Para. 1 lit. f. of the German Data Protection Act). DSGVO) processed.
Where data is processed in the United States, we would like to point out that Google is certified under the Privacy Shield Agreement and thereby warrants compliance with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy (https://policies.google.com/privacy) as well as in the settings for the display of advertising by Google (https://adssettings.google.com/authenticated).
Users' personal data will be deleted or anonymized after 14 months.
Bing Webmaster Tools
Bing Webmaster Tools is a service as part of Microsoft’s Bing search engine which allows webmasters to add their websites to the Bing index crawler.
The Bing Webmaster Tools from Microsoft, store cookies and beacons on your computer. Beacons or pixels are small invisible graphics that can be used to detect if a webpage has been accessed.
With this tool, Microsoft can deploy its Bing services and optimize search results.
We use the Bing tracking tools if you have consented to them. We obtain your consent when you visit our website via the cookie banner at the bottom of the web pages.
The data is stored by Microsoft for a maximum of 180 days. You can prevent the collection and processing of data by deactivating the setting of cookies. This may limit the functionality of the web pages. You can disable cross-device tracking at the following link [http://choice.microsoft.com/en-us/opt-out].
Yandex Metrica
Yandex Metrica is an analytics and heat mapping service provided by YANDEX, LLC. Yandex Metrica can be used to display the areas of a page where Users most frequently move the mouse or click. This shows where the points of interest are.
This website uses the Yandex Metrica web analytics service provided by YANDEX LLC, 16 L. Tolstogo Str., Moscow, 119021, Russia (hereinafter referred to as "Yandex").
The Yandex Metrica Service uses "cookies" technology — small text files placed on users' computers with the purpose of analyzing their user activity.
The information collected by cookies cannot identify you, but it can help us improve the operation of our website. The information about your use of this website collected by cookies will be transmitted to Yandex and stored on the Yandex server in the EU and the Russian Federation. Yandex will process this information to evaluate your use of the site, compile reports for us on the activities of our site and provide other services. Yandex processes this information in accordance with the procedure established in the terms of use of the Yandex Metrica service.
You can refuse the use of cookies by selecting the appropriate settings in your browser. You can also use the tool — https://yandex.ru/support/metrika/general/opt-out.html . However, this may affect the operation of some functions of the site. By using this website, you consent to Yandex processing your data in the manner and for the purposes specified above.
Google AdWords and Conversion Measurement
We use Google's online AdWords marketing tool "AdWords" to place ads on the Google advertising network (e.g., in search results, in videos, on websites, etc.) so that they are displayed to users who have a suspected interest in the ads. This allows us to more specifically display ads for and within our online offering so that we only present ads to users that potentially match their interests. If for example a user sees advertisements for products he's been looking for on other online offers, this is called remarketing. For these purposes, upon access to our and other websites where the Google Advertising Network is active, Google will immediately execute a Google code and become so-called (re) marketing tags (invisible graphics or code, also known as " Web beacons ") incorporated into the website. With their help, the user is provided with an individual cookie,that means a small file is saved (instead of cookies, comparable technologies can also be used). In this file it is noted which websites the user visited, their content interest and what offers the user has clicked, as well as technical information about the browser and operating system, referring websites, visit time and other information on the use of the online offer.
Furthermore, we receive an individual "conversion cookie". The information obtained through the cookie is used by Google to generate conversion statistics for us. However, we only receive information about the anonymous total number of users who clicked on our ad and were redirected to a conversion tracking tag page. We do not receive any information that personally identifies users.
The data of the users are pseudonym processed within the Google advertising network. That means Google stores and processes for example not the name or e-mail address of the users, but processes the relevant data cookie-related within pseudonymous user profiles. That means from the perspective of Google, the ads are not managed and displayed to a specifically identified person, but to the cookie owner, regardless of who that cookie owner is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymisation. The information collected about users is transmitted to Google and stored on Google's servers in the United States.
If we ask users for consent (for example in the context of a cookie consent), the legal basis of this processing is Art. 6 (1) lit. a. DSGVO. Otherwise, the personal data of the users are processed on the basis of our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) lit. DSGVO).
As far as data is processed in the USA, please note that Google is certified under the Privacy Shield Agreement, and thereby assures that it complies with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Learn more about data usage by Google, for setting-up and contradictory options, please refer to the Google Privacy Policy (https://policies.google.com/technologies/ads) and Google’s Advertising Ads Settings (https://adssettings.google.com/authenticated).