Privacy Policy

Effective Date: June 7, 2025

Table of Contents

• Controller
• Contact Data Protection Officer
• Overview of Processing
• Relevant Legal Bases
• Security Measures
• Transfer of Personal Data
• International Data Transfers
• General Information on Data Storage and Deletion
• Rights of Data Subjects
• Business Services
• Business Processes and Procedures
• Provision of the Online Offering and Web Hosting
• Use of Cookies
• Contact and Inquiry Management
• Web Analytics, Monitoring and Optimization
• Social Media Presence
• Plugins and Embedded Content
• Definitions of Terms

Controller

The controller responsible for data processing on this website is:

Institute for Bioenergetic Blood Diagnosis
Naturopath Juliane Schulze
Hauptstraße 30
23611 Bad Schwartau, Germany
Phone: +49 451 47 93 42 00
Email: naturheilpraxis.schulze@email.de
Legal Notice: https://blutdiagnose.com/impressum/

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

Contact Data Protection Officer

Email: naturheilpraxis.schulze@email.de

Overview of Processing

The following overview summarizes the types of data processed, the purposes of processing, and the categories of data subjects involved.

Types of Data Processed

• Inventory data
• Payment data
• Location data
• Contact data
• Content data
• Contract data
• Usage data
• Meta, communication and procedural data
• Log data

Special Categories of Data

• Health data

Categories of Data Subjects

• Service recipients and clients
• Interested parties
• Communication partners
• Users
• Business and contractual partners

Purposes of Processing

Business processes and economic procedures

Provision of contractual services and fulfillment of contractual obligations

Communication

Security measures

Reach measurement

Tracking

Office and organizational procedures

Audience targeting

Organizational and administrative procedures

Firewall

Feedback

Marketing

User profiling

Provision of our online offering and user-friendliness

Information technology infrastructure

Public relations

Relevant Legal Bases

This section provides an overview of the legal bases under the GDPR on which we process personal data. Please note that national data protection laws may also apply depending on your or our place of residence. If more specific legal bases apply in individual cases, we will inform you accordingly within this privacy policy.

• Consent (Art. 6(1)(a) GDPR): The data subject has given their consent to the processing of their personal data for one or more specific purposes.
• Performance of a Contract and Pre-contractual Inquiries (Art. 6(1)(b) GDPR): Processing is necessary for the performance of a contract with the data subject or to take steps at the request of the data subject prior to entering into a contract.
• Legal Obligation (Art. 6(1)(c) GDPR): Processing is necessary to comply with a legal obligation to which the controller is subject.
• Legitimate Interests (Art. 6(1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject.

National data protection regulations in Germany: In addition to the GDPR, national data protection regulations apply in Germany, especially the Federal Data Protection Act (BDSG). This act includes specific provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, data transfers, and automated decision-making including profiling. State-specific data protection laws may also apply.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

These measures include safeguarding the confidentiality, integrity, and availability of data through physical and electronic access control, access authorization, input control, transmission control, availability control, and data separation. We have also established procedures to ensure data subject rights, deletion of data, and responses to data threats. Furthermore, we consider data protection when developing or selecting hardware, software, and procedures according to the principles of privacy by design and by default.

IP Address Shortening

Where IP addresses are processed by us or our service providers and full IP addresses are not required, they are shortened (known as “IP masking”). This involves removing or replacing the final part of the IP address to make it difficult or impossible to identify the user.

TLS/SSL Encryption (HTTPS)

To protect users’ data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are key technologies for secure internet communication. They encrypt data transferred between the website or app and the user’s browser (or between two servers), ensuring confidentiality. TLS, being the more advanced and secure version of SSL, ensures the highest standards of secure data transmission. A secure connection is indicated by “https://” in the browser’s address bar.

Transfer of Personal Data

As part of our processing activities, personal data may be disclosed to or transmitted to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include IT service providers or providers of content and services embedded in the website. In such cases, we observe all legal requirements and enter into corresponding agreements or contracts to protect your data.

International Data Transfers

If we transfer data to a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA))—whether in connection with the use of third-party services or by disclosing or transmitting data to other persons, entities, or companies—this is done in accordance with legal requirements.

For data transfers to the United States, we primarily rely on the Data Privacy Framework (DPF), recognized by the EU Commission’s adequacy decision of July 10, 2023, as a secure legal basis. In addition, we have concluded Standard Contractual Clauses (SCCs) with the relevant providers in accordance with EU Commission requirements, which establish contractual obligations to protect your data.

This dual approach ensures comprehensive protection: the DPF serves as the primary protection mechanism, while the SCCs provide an additional safeguard. Should changes affect the DPF, the SCCs act as a fallback to ensure continuous protection of your data, even in the face of legal or political developments.

We will inform you whether individual service providers are DPF-certified and whether SCCs are in place. Further information about the DPF and a list of certified companies can be found on the website of the U.S. Department of Commerce: https://www.dataprivacyframework.gov/.

For data transfers to other third countries, appropriate safeguards apply, including SCCs, explicit consent, or legally required transfers. More information on international data transfers and applicable adequacy decisions is available from the European Commission: EU Commission Information on International Data Transfers.

General Information on Data Storage and Deletion

We delete personal data in accordance with legal requirements, particularly when consent is withdrawn or when no other legal grounds exist for the processing—such as when the original purpose no longer applies or the data is no longer required. Exceptions may apply where legal obligations or special interests require longer storage or archiving.

Specifically, data that must be retained for commercial or tax law reasons, or that is necessary for legal claims or to protect the rights of others, is archived accordingly. Our privacy notices include additional details on storage and deletion specific to certain processes.

If multiple retention periods apply, the longest period is authoritative. If a retention period does not begin on a specified date and is at least one year, it automatically begins at the end of the calendar year in which the triggering event occurred. For ongoing contractual relationships, the triggering event is the termination date or the end of the legal relationship.

Data retained solely due to legal obligations or other justifications will only be processed for the reason that justifies its retention.

Retention and Archiving Periods under German Law

• 10 years: Retention of books and records, financial statements, inventories, management reports, opening balance sheets, and related documentation (§ 147(1) no. 1 in conjunction with (3) AO, § 14b(1) UStG, § 257(1) no. 1 in conjunction with (4) HGB).
• 8 years: Accounting documents such as invoices and expense receipts (§ 147(1) no. 4 and 4a in conjunction with (3) sentence 1 AO and § 257(1) no. 4 in conjunction with (4) HGB).
• 6 years: Other business documents including received and sent commercial letters, other documents relevant for taxation (e.g., payroll records, cost accounting sheets, calculation documents, price listings) and non-accounting payroll records (§ 147(1) no. 2, 3, 5 in conjunction with (3) AO, § 257(1) no. 2 and 3 in conjunction with (4) HGB).
• 3 years: Data relevant to potential warranty or damage claims or similar contractual rights, stored for the duration of the standard statutory limitation period of three years (§§ 195, 199 BGB).

Rights of Data Subjects

As a data subject under the GDPR, you have the following rights, particularly under Articles 15 to 21:

• Right to Object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to such processing; this includes profiling related to direct marketing.
• Right to Withdraw Consent: You have the right to withdraw any consent you have given at any time.
• Right of Access: You have the right to request confirmation as to whether personal data concerning you is being processed and to access such data and further information, including copies, in accordance with legal requirements.
• Right to Rectification: You have the right to request the correction or completion of inaccurate or incomplete personal data concerning you.
• Right to Erasure and Restriction: You have the right to request the erasure or restriction of processing of your personal data in accordance with legal requirements.
• Right to Data Portability: You have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format and to transmit that data to another controller where applicable by law.
• Right to Lodge a Complaint: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data infringes the GDPR.

Business Services

We process data of our contractual and business partners (collectively referred to as “contractual partners”) within the framework of contractual and similar legal relationships, and related measures, including pre-contractual communication such as responding to inquiries.

This includes fulfilling our contractual obligations, such as providing agreed services, updates, and addressing defects or service disruptions. We also use the data to enforce our rights and perform related administrative and organizational tasks. Additionally, we process this data based on our legitimate interests in the proper, economical operation of our business and the security of our partners and business operations (e.g., involving telecommunications, logistics, subcontractors, tax or legal advisors, payment services, or financial authorities).

We only share data with third parties as necessary for the aforementioned purposes or to comply with legal obligations. We inform our partners separately, including in online forms or via markers (e.g., asterisks), regarding required data.

Data is deleted after the expiration of legal warranty and related obligations—generally after four years—unless it is stored in a customer account or subject to longer legal retention periods (typically ten years for tax purposes). Data shared with us for processing under a contract is deleted upon contract termination, unless otherwise required by law or agreement.

Processed Data Types:

• Inventory Data (e.g., full name, address, contact info, customer number)
• Payment Data (e.g., bank details, invoices, payment history)
• Contact Data (e.g., mailing address, email, phone)
• Contract Data (e.g., subject of contract, duration, customer category)
• Special Categories of Personal Data: Health data

Data Subjects:

Service recipients and clients; prospective clients; business and contractual partners.

Purposes of Processing:

• Provision of contractual services
• Communication
• Office and organizational procedures
• Organizational and administrative operations
• Business processes and commercial procedures

Data Retention and Deletion: See “General Information on Data Storage and Deletion”.

Legal Bases:

• Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR)
• Legal obligation (Art. 6(1)(c) GDPR)
• Legitimate interests (Art. 6(1)(f) GDPR)

Further Information on Processing Activities:

Therapeutic Services: We process data of clients, prospective clients, and other partners (collectively referred to as “clients”) to provide our services. The type, scope, purpose, and necessity of the data depend on the underlying client relationship or contract.

This may include special categories of personal data, particularly health-related data, possibly relating to sexual life or orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. Where required, we obtain explicit consent for such processing, or process the data based on legal permissions—e.g., for health care purposes or where the data is public.

Where necessary for performance of the contract, vital interests, or legal obligations—or where consent exists—we may disclose client data to third parties, including authorities, medical institutions, laboratories, billing entities, and IT or administrative service providers, in accordance with professional regulations.

Legal Basis: Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Business Processes and Procedures

Personal data of service recipients and clients – including customers, clients or, in special cases, principals, patients or business partners, as well as other third parties – is processed in the context of contractual and similar legal relationships, as well as pre-contractual measures such as the initiation of business relationships. This data processing supports and facilitates business processes in areas such as customer management, sales, payment transactions, accounting, and project management.

The collected data is used to fulfill contractual obligations and to streamline operational processes. This includes handling business transactions, managing customer relationships, optimizing sales strategies, and ensuring internal accounting and financial processes. In addition, the data supports the protection of the controller’s rights and facilitates administrative tasks and the organization of the company.

Personal data may be shared with third parties to the extent necessary to fulfill the aforementioned purposes or legal obligations.

Categories of Processed Data: Inventory data (e.g. full name, residential address, contact information, customer number); payment data (e.g. bank details, invoices, payment history); contact data (e.g. postal and email addresses or phone numbers); content data (e.g. textual or visual messages and contributions and related information, such as authorship); contract data (e.g. subject matter of the contract, duration, customer category); usage data (e.g. page views and duration of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content); meta, communication and procedural data (e.g. IP addresses, time stamps, identification numbers, parties involved).

Data Subjects: Service recipients and clients; interested parties; communication partners; business and contractual partners.

Purposes of Processing: Fulfillment of contractual services and obligations; office and organizational procedures; business processes and economic procedures.

Retention and Deletion: Deletion in accordance with the information in the section “General Information on Data Retention and Deletion”.

Legal Bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(1)(b) GDPR); legitimate interests (Art. 6(1)(1)(f) GDPR).

Additional Information on Processing Operations, Procedures, and Services:

Business Analyses and Market Research:
To fulfill business objectives and identify market trends, contract partner preferences and user behavior, data on business transactions, contracts, inquiries, etc. is analyzed. Data subjects may include contract partners, interested parties, customers, visitors, and users of the online offer. The analyses serve business evaluations, marketing, and market research (e.g. identifying customer groups with different characteristics). Registered user profiles may be considered, including their information on services used. Analyses are conducted exclusively for the controller and not disclosed externally, unless in anonymous form. Privacy is respected by processing data pseudonymously or anonymously where possible (e.g. aggregated data); Legal basis: legitimate interests (Art. 6(1)(1)(f) GDPR).

Provision of Online Services and Web Hosting:
We process user data to provide our online services. This includes processing the user’s IP address, which is necessary to deliver content and features to the user’s browser or device.

Categories of Processed Data: Usage data (e.g. page views, session duration, click paths, frequency, device types and operating systems, interactions); meta, communication and procedural data (e.g. IP addresses, time stamps, IDs, involved persons); log data (e.g. logins, data access, access times); content data (e.g. text or visual messages and related metadata).

Data Subjects: Users (e.g. website visitors, users of online services).

Purposes of Processing: Provision of online content and user-friendliness; IT infrastructure; security measures; firewall.

Retention and Deletion: Deletion in accordance with the “General Information on Data Retention and Deletion” section.

Legal Bases: Legitimate interests (Art. 6(1)(1)(f) GDPR).

Further Information on Processing Operations, Procedures, and Services:

Online Services Hosted on Leased Storage Space: We use hosting services (e.g. server space, computing power, software) leased or otherwise provided by a provider; Legal basis: legitimate interests (Art. 6(1)(1)(f) GDPR).

Collection of Access Data and Log Files: Access to our services is logged in server log files, including addresses and names of accessed pages and files, timestamps, data volumes, success messages, browser type and version, operating system, referrer URL, IP addresses, and requesting provider. These are used for security (e.g. protection against DDoS attacks) and to ensure server load and stability; Legal basis: legitimate interests (Art. 6(1)(1)(f) GDPR). Retention: max. 30 days unless needed as evidence.

Email Sending and Hosting: Hosting services also include email functions. Data processed includes sender and recipient addresses, metadata (e.g. providers), and email contents. These may also be analyzed to detect SPAM. Note: Emails are generally not end-to-end encrypted; Legal basis: legitimate interests (Art. 6(1)(1)(f) GDPR).

ALL-INKL: IT infrastructure provider; Service provider: ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany; Website: https://all-inkl.com/; Privacy Policy: https://all-inkl.com/datenschutzinformationen/.

WordPress.com: Website creation and hosting; Service provider: Aut O’Mattic A8C Ireland Ltd., Dublin, Ireland; Website: https://wordpress.com; Privacy Policy: https://automattic.com/de/privacy/; Data Processing Agreement: https://wordpress.com/support/data-processing-agreements/; Legal Basis: legitimate interests (Art. 6(1)(1)(f) GDPR); Legal framework for international transfers: DPF, SCCs.

Wordfence: Security and firewall service; processes user IP addresses, IDs, access logs; Service provider: Defiant, Inc., Seattle, WA, USA; Website: https://www.wordfence.com; Privacy Policy: https://www.wordfence.com/privacy-policy/; SCCs: https://www.wordfence.com/standard-contractual-clauses/; Legal basis: legitimate interests (Art. 6(1)(1)(f) GDPR).

Use of Cookies:
“Cookies” refer to technologies that store and read information on users’ devices. They are used for functionality, security, convenience, and analytics. Cookies are only used with user consent unless they are essential. Consent can be revoked at any time.

Legal Basis: Consent (Art. 6(1)(1)(a) GDPR) or legitimate interests (Art. 6(1)(1)(f) GDPR).

Storage Duration:

• Session Cookies: Deleted after closing the browser or app.
• Persistent Cookies: Remain stored and can last up to 2 years.

General Opt-Out Options: Users can revoke consent or object via browser settings.

Processed Data Types: Meta, communication and procedural data (e.g. IP addresses, timestamps, identifiers).

Data Subjects: Users (e.g. website visitors, users of online services).

Further Information:
Cookie Data Processing Based on Consent:
We use a consent management solution to collect, store, and manage cookie consent. Consent declarations are stored server-side and/or in a cookie to associate them with a specific user or device. Storage: up to 2 years. Pseudonymous user identifiers, timestamps, scope of consent, browser and device info are recorded; Legal basis: consent (Art. 6(1)(1)(a) GDPR).

Contact and Request Management

When contacting us (e.g., by post, contact form, email, telephone, or via social media) or within the context of existing user and business relationships, we process the personal data of the individuals making the inquiry to the extent necessary to respond to their inquiries and any requested measures.

Types of Data Processed:

• Master data (e.g., full name, residential address, contact details, customer number)
• Contact data (e.g., postal and email addresses, telephone numbers)
• Content data (e.g., messages, submitted forms or documents)
• Usage data (e.g., page visits, click paths, device information)
• Meta, communication, and procedural data (e.g., IP addresses, timestamps)

Data Subjects:

• Communication partners

Purposes of Processing:

• Communication
• Organizational and administrative processes
• Feedback collection
• Provision of our online services and user-friendliness

Legal Bases:

• Art. 6(1)(b) GDPR – Performance of a contract or pre-contractual inquiries
• Art. 6(1)(f) GDPR – Legitimate interests

Additional Notes:

When users contact us via forms or other means, we process the submitted data solely to fulfill the contact request. We do not use this data for any other purposes unless explicitly stated.

---

Web Analytics, Monitoring and Optimization

We use web analytics to understand how visitors interact with our website. This includes pseudonymized data regarding behavior, interests, and demographic information (e.g., age or gender). The goal is to improve usability, content relevance, and service performance.

Types of Data Processed:

• Usage data (e.g., site visits, duration, device information)
• Meta, communication, and procedural data (e.g., IP addresses, session IDs)

Data Subjects:

• Users (e.g., visitors of our online services)

Purposes of Processing:

• Reach measurement (e.g., visitor statistics)
• Creation of user-related profiles
• Provision of our online services

Legal Bases:

• Art. 6(1)(a) GDPR – Consent
• Art. 6(1)(f) GDPR – Legitimate interests

Security Measures:

• IP masking (pseudonymization of IP addresses)

Cookie Duration:

• Cookies may be stored for up to 2 years unless otherwise stated.

Tools and Providers:

• Google Analytics
  Service provider: Google Ireland Ltd.
  Privacy policy: policies.google.com/privacy
  Opt-out: gaoptout
  Legal basis: Consent (Art. 6(1)(a) GDPR)
• Google Tag Manager
  Service provider: Google Ireland Ltd.
  Purpose: Tag management for other analytics tools
  Privacy policy: policies.google.com/privacy
• Jetpack (WordPress Stats)
  Service provider: Aut O’Mattic A8C Ireland Ltd.
  Privacy policy: automattic.com/privacy
  Legal basis: Consent (Art. 6(1)(a) GDPR)

Presence on Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context in order to communicate with users active there or to offer information about us.

Please note that user data may be processed outside the European Union. This can result in risks for users, for example, because the enforcement of user rights may be more difficult.

Furthermore, user data is generally processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on user behavior and the resulting interests. These profiles may in turn be used to display advertisements inside and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are typically stored on users’ devices, in which the usage behavior and interests of the users are stored. Additionally, data may also be stored in the usage profiles regardless of the devices used by the users (especially if users are members of the respective platforms and are logged in).

For a detailed presentation of the respective processing operations and the opt-out options, we refer to the privacy policies and information provided by the operators of the respective networks.

Also, in the case of requests for information and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers. Only the providers have access to the user data and can take appropriate measures directly and provide information. If you still need help, you can contact us.

Processed Data Types:

• Contact data (e.g. postal and email addresses or phone numbers)
• Content data (e.g. text or image messages and contributions, including authorship or creation timestamp)
• Usage data (e.g. page views, dwell time, click paths, usage frequency and intensity, device types, operating systems, interactions with content and functions)

Affected Persons:

Users (e.g. website visitors, users of online services)

Purposes of Processing:

• Communication
• Feedback (e.g. collection of feedback via online forms)
• Public relations

Retention and Deletion:

Deletion in accordance with the section “General Information on Data Retention and Deletion”.

Legal Bases:

Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f GDPR)

Additional Notes on Processing, Procedures, and Services:

Instagram

Social network for sharing photos and videos; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Website: instagram.com; Privacy Policy: privacycenter.instagram.com/policy; Data transfer basis: Data Privacy Framework (DPF).

Facebook Pages

Joint responsibility with Meta Platforms Ireland Limited for the collection (not further processing) of data of visitors to our Facebook page (“fan page”)… More details in Facebook Privacy Policy

YouTube

Video and social networking platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Privacy Policy: policies.google.com/privacy; Opt-Out: myadcenter.google.com/personalizationoff.

Plugins and Embedded Functions and Content

We integrate functional and content elements obtained from the servers of their respective providers (“third parties”). This may include graphics, videos, or city maps (“content”).

This integration always requires that these providers process the users’ IP addresses, as they cannot send the content to their browser without it…

Legal Notes:

Where user consent is requested, this serves as the legal basis (Art. 6 para. 1 sentence 1 lit. a GDPR). Otherwise, the processing is based on our legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Examples of Services:

• Google Fonts: fonts.google.com | Privacy Policy
• Google Maps: mapsplatform.google.com | Privacy Policy
• Instagram Plugins: instagram.com | Privacy Policy
• OpenStreetMap: openstreetmap.de | Privacy Policy
• YouTube: youtube.com | Privacy Policy
• Vimeo: vimeo.com | Privacy Policy

Definitions

This section provides an overview of the terminology used in this privacy policy. Where terms are defined by law, the legal definitions shall apply. The following explanations are primarily intended to aid understanding.

Audience Building

“Audience building” (also known as “Custom Audiences”) refers to the definition of target groups for advertising purposes, e.g. the display of advertisements. For example, based on a user’s interest in certain products or topics on the internet, it can be inferred that this user is interested in advertisements for similar products or the online shop where the products were viewed. “Lookalike Audiences” are groups of users whose profiles or interests are presumed to resemble those of users for whom profiles were created. Cookies and web beacons are commonly used for creating such audiences.

Inventory Data

Inventory data includes essential information necessary for identifying and managing contractual partners, user accounts, profiles, and similar assignments. This may include personal and demographic details such as names, contact information (addresses, phone numbers, email addresses), birth dates, and user IDs. Inventory data is the basis for formal interactions between individuals and services, institutions, or systems.

Firewall

A firewall is a security system that protects a computer network or individual device from unauthorized access.

Content Data

Content data includes information created, edited, or published in various forms, such as text, images, videos, audio files, and other multimedia content. It also includes metadata like tags, descriptions, author information, and publication dates.

Contact Data

Contact data are essential for communication and may include phone numbers, mailing addresses, email addresses, social media handles, and instant messaging identifiers.

Meta, Communication, and Procedural Data

This includes information on how data is processed, transmitted, and managed. Metadata describes the context, origin, and structure of other data. Communication data covers interactions such as emails, call logs, and chat histories. Procedural data involves workflows, activity logs, and audit trails.

Usage Data

Usage data captures how users interact with digital products, services, or platforms. It includes preferences, page views, navigation paths, time spent, device types, and IP addresses. Such data helps analyze user behavior and optimize experiences.

Personal Data

“Personal data” refers to any information related to an identified or identifiable natural person (data subject). This includes identifiers like names, ID numbers, location data, online identifiers, or physical, physiological, genetic, mental, economic, cultural, or social identity factors.

User-Related Profiles

The processing of “user-related profiles” involves the use of personal data to analyze, evaluate, or predict aspects such as demographics, behavior, interests, content interaction, click behavior, or location. Cookies and web beacons are often used for profiling.

Log Data

Log data refers to records of events or activities within a system or network. It typically includes timestamps, IP addresses, user actions, error messages, and system usage details.

Reach Measurement

Reach measurement (web analytics) evaluates visitor flows to an online offering and may include interests in certain content. It helps website operators tailor content to user needs. Pseudonymous cookies and web beacons are typically used.

Location Data

Location data is generated when a mobile device connects to a cell tower, Wi-Fi, or similar. It identifies the geographical location of a device, enabling features like maps or location-based services.

Tracking

Tracking refers to monitoring user behavior across multiple online offerings. Typically, behavioral and interest data is stored in cookies or provider servers (profiling) to display ads matching user interests.

Controller

The “controller” is the individual or entity that determines the purposes and means of processing personal data, alone or jointly with others.

Processing

“Processing” refers to any operation performed on personal data, whether or not by automated means, including collection, analysis, storage, transmission, or deletion.

Contract Data

Contract data includes details regarding the formation of an agreement between parties, such as terms, services, product descriptions, pricing, payment terms, termination rights, and special clauses.

Payment Data

Payment data includes all information necessary for conducting financial transactions, such as credit card numbers, bank details, amounts, transaction IDs, verification codes, and billing information.