1. General Information

1.1 What Is Personal Data
Personal data refers to information that reveals or could reveal the user’s identity. We adhere to the principle of data minimization. We refrain from collecting personal data to the greatest extent possible.

1.2 Handling of Personal Data
Personal data is used exclusively for the establishment, content, performance, or fulfillment of the contractual relationship (Art. 6(1)(b) GDPR).

Furthermore, personal data is processed only to the extent that we have obtained your consent (Art. 6(1)(a) GDPR) or where the processing is necessary for our legitimate interests and provided that a balancing test shows that no overriding interests, fundamental rights, or freedoms on your part stand in the way (Art. 6(1)(f) GDPR).

We may use processors to process your personal data, but we will generally not disclose personal data to third parties.

The data is only transferred to the shipping company responsible for delivery for the purpose of fulfilling the contract, to the extent necessary for the delivery of ordered goods. To process payments, the payment data required for this purpose is transferred to the bank responsible for the payment and, if applicable, to the commissioned and selected payment service provider.

Your personal data is processed exclusively within the EU, unless otherwise stated below.

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Since the data we process includes health-related data about you, a specific legal basis is required for this pursuant to Art. 9 GDPR. This basis is provided by Art. 9(2)(h) GDPR. Additionally, you may revoke your consent at any time with future effect.

1.3 Usage Data
When you visit the website, general technical information is collected. This includes the IP address used, the time of the visit, the duration of the visit, the browser type, and, if applicable, the referring page. For technical reasons, this usage data is recorded in a log file and may be used and stored for the purpose of statistical analysis of this website. This usage data is not linked to your other personal data.

1.4 Registration Data
Registration is required for full use of the functions of our website. Registration data is collected through your corresponding entries and used for the specifically stated purpose in accordance with your consent (Art. 6(1)(a) GDPR).

1.5 Duration of Storage
After the purpose for which the data was collected has been fulfilled, we will store your personal data only for as long as required by law (in particular tax laws).

2. Your Rights

2.1 Right of Access
You may request information from us regarding whether we process your personal data, and if so, you have the right to access this personal data and to receive the additional information specified in Article 15 of the GDPR.

2.2 Right to Rectification
You have the right to have inaccurate personal data concerning you rectified and, pursuant to Article 16 of the GDPR, may request the completion of incomplete personal data.

2.3 Right to Erasure
You have the right to request that we erase your personal data without undue delay. We are obligated to erase it without undue delay, particularly if any of the following grounds apply:

Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
You withdraw your consent on which the processing of your data was based, and there is no other legal basis for the processing.
Your data has been processed unlawfully.

The right to erasure does not apply if your personal data is necessary for the establishment, exercise, or defense of our legal claims.

2.4 Right to Restriction of Processing
Sie haben das Recht von uns die Einschränkung der Verarbeitung Ihrer personenbezogenen Daten zu verlangen, wenn

You have the right to request that we restrict the processing of your personal data if you contest the accuracy of the data and we are therefore verifying its accuracy, the processing is unlawful and you oppose erasure and instead request restriction of use, we no longer need the data, but you require it to assert, exercise, or defend legal claims, you have objected to the processing of your data, and it has not yet been determined whether our legitimate grounds override your grounds.

2.5 Right to Data Portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent or a contract and is carried out by us using automated means.

2.6 Right to Withdraw Consent
To the extent that the processing of your personal data is based on consent, you have the right to withdraw this consent at any time.

2.7 General Provisions and Right to File a Complaint
The exercise of your rights as described above is generally free of charge for you. You have the right to file a complaint directly with the supervisory authority responsible for us, the State Data Protection Commissioner.

3. Data Security

3.1 Data Security
All data on our website is protected against loss, destruction, unauthorized access, alteration, and disclosure through technical and organizational measures.

3.2 Sessions and Cookies
To operate this website, we use cookies and server-side sessions in which data may be stored. We use only cookies or server-side sessions that are technically necessary for the operation of this website (e.g., spam protection for contact forms, shopping cart functionality) and where a balancing of interests shows that there are no overriding interests on your part that would preclude their use (Art. 6(1)(f) GDPR).

4. Third-Party Services

4.1 Google Web Fonts
We use so-called web fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) to display a consistent font on our website. These are automatically stored in your browser cache when you visit one of our pages to enable the desired display. If your browser does not support the web fonts used, a standard font from your computer may be used instead. No user interests are affected here that would outweigh this technical necessity (Art. 6(1)(f) GDPR). You can view Google’s privacy policy here: https://www.google.com/policies/privacy/ Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq

4.2 ajax.googleapis.com
On our websites, we use ajax.googleapis.com/jQuery, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This service primarily enables a modern design for our websites. To increase the loading speed of our websites, we use Google’s CDN (Content Delivery Network) to load this library. In addition, Google may send further cookies to your browser. We have no influence over this process and do not receive any information from Google regarding the transmitted content. The legal basis for the use of ajax and the transmission of your data to it is Art. 6(1)(f) GDPR (Legitimate Interest in Data Processing). You can view Google’s privacy policy here: https://www.google.com/policies/privacy/

5. Contacting Us

If you have any questions regarding data protection, please feel free to contact us using the contact options below. Data controller within the meaning of the GDPR:

MY ORTHO LAB LLC