Privacy Policy

Welcome to the privacy policy of www.elara-health.de/. This policy helps you understand what data we collect, why we collect it, and what rights you have in this regard. Where personal data is collected on the website, this is done – to the extent legally required – on the basis of explicit consent pursuant to Art. 6(1)(a) GDPR.

Controller Responsible for Data Processing on this Website

MS Nucleus GmbH
Gundelfinger Straße 5
10318 Berlin
Germany
Commercial Register: Berlin (Charlottenburg)
Registration number: HRB 243388
Authorized Managing Director, Data Protection Officer: Frederik Marquart
Email address: frederik@elara-health.de

Categories of Processed Data

In most cases, Elara Health collects personal data directly from you when you fill out questionnaires or contact us with a question or complaint. When you visit the Elara Health website, we collect analytical data about you via your device and using cookies and various other technologies.

We process the following categories of personal data when you visit our website:

• Contact data such as name, email address.
• Content data such as text entries.
• User activity such as browsing behavior on the website and, if applicable, your communication with us.
• Device information such as IP address, time of visit, and location data.

Categories of Data Subjects

Visitors and users of the online offer (hereinafter we also collectively refer to the data subjects as "users").

Purposes of Processing

When you visit the Elara Health website, we process personal data for the following purposes:

To provide the services on our website

We process personal data to keep our offers and services relevant, for example, when you visit our websites. This can also include processing your data so that the website functions efficiently.

To provide customer service

We process personal data to provide our customer service, to manage customer communication and thus to clarify any issues.

To protect your privacy

We may process your personal data about the use of our services to protect your data. Privacy-enhancing technologies and other privacy-protecting techniques may be used for this purpose. When information is bundled or anonymized, it is no longer personal data.

To improve our website

We process personal data to analyze and improve our websites. For example, we process personal data to analyze the functionality of the website, improve user-friendliness, and optimize the content and layout of the website. Where possible, this is done with data that has been processed in a way that protects your privacy.

For advertising and marketing purposes

We process personal data to provide online advertising and marketing communications on behalf of Elara Health and our partners. As fully explained in our Cookie Policy, we use cookies on our website to generate target groups for our online advertising.

Use of Cookies

We use cookies and various other technologies to collect and store analytical and other data when visitors use our website, as well as for personalization and advertising purposes.

Cookies are small text files that are sent to and stored on your device. They allow us to identify visitors to our website, facilitate the use of our website, and create aggregated information about our visitors. This allows us to improve our service and better serve our users. Cookies do not harm your device or files. We use them and similar technologies to tailor our website and the information we provide to the individual interests of our users. Cookies are also used to track your browsing habits and to place and optimize advertising, both on our website and on other websites you may visit.

For more information on the use of cookies by Elara Health and how you can set your cookie preferences, please see our Cookie Policy.

Processing Methods

The provider processes users' personal data in a proper manner and takes appropriate security measures to prevent unauthorized access and unauthorized disclosure, modification, or destruction of data.

Data processing is carried out using computers or IT-based systems according to organizational procedures and practices specifically aimed at the stated purposes. In addition to the controller, other persons internally (personnel administration, sales, marketing, legal department, system administrators) or externally – and in that case, to the extent necessary, appointed by the controller as processors (such as technical service providers, delivery companies, hosting providers, IT companies or communication agencies) - may operate this application and thus have access to the data. An up-to-date list of these parties can be requested from the provider at any time.

Location

The data is processed at the provider's office and at any other locations where the parties involved in data processing are located.

Depending on the location of users, data transfers may involve the transfer of the user's data to a country other than their own. To learn more about the location of processing of the transferred data, users can consult the section with detailed information on the processing of personal data.

Retention Period

Your personal data will – unless otherwise specified in our privacy policy – be deleted or blocked as soon as the purpose of storage no longer applies or you withdraw your consent. Storage may also take place if this is provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject.

If the storage purpose no longer applies, you withdraw your consent or a storage period prescribed by the European directives and regulations or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the legal provisions, unless there is a necessity for further storage of the data for a contract conclusion or contract fulfillment.

Hosting

External Hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This can mainly include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website access and other data generated via a website. The use of the hoster is for the purpose of contract fulfillment towards our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6(1)(f) GDPR). If a corresponding consent was requested, processing takes place exclusively on the basis of Art. 6(1)(a) GDPR and §25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Our hoster will only process your data to the extent necessary to fulfill its performance obligations and will follow our instructions regarding this data.

Vercel

Vercel is a web hosting and backend service provided by Vercel Inc.

Processed personal data: usage data, various data types as described in the service's privacy policy.

Service provided by: Vercel Inc. (USA) – Privacy Policy

Integration of Third-Party Services and Content

Within our online offer, we use content or service offers from third-party providers on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6(1)(f) GDPR) to integrate their content and services, such as fonts (hereinafter uniformly referred to as "content").

This always requires that the third-party providers of this content perceive the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is therefore required for the display of this content. We strive to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, visit time and other information on the use of our online offer, as well as be combined with such information from other sources.

PostHog Product Analytics

PostHog Product Analytics is a service offered by PostHog, Inc. for analytics, through which the provider can determine how users use this application.

Processed personal data:

• Browser information
• Browser history
• Device information
• IP address
• Clicks
• Page views
• Trackers

Service provided by: PostHog, Inc. (Germany) – Privacy Policy

Sentry

Sentry is a service for error tracking and analysis provided by Functional Software, Inc.

Processed personal data: Device data, technical error data, usage data.

Service provided by: Functional Software, Inc. (USA) – Privacy Policy

General Data Subject Rights

You have the right

1. to request information on categories of processed data, processing purposes, any recipients of the data, the planned storage period (Art. 15 GDPR);
2. to request the rectification or completion of incorrect or incomplete data (Art. 16 GDPR);
3. to withdraw consent given at any time with effect for the future (Art. 7(3) GDPR);
4. to object to data processing that is to take place on the basis of a legitimate interest for reasons arising from your particular situation (Art. 21(1) GDPR);
5. in certain cases within the framework of Art. 17 GDPR to request the deletion of data - especially insofar as the data is no longer necessary for the intended purpose or is processed unlawfully, or you have withdrawn your consent as per above (c) or declared an objection as per above (d);
6. under certain conditions to request the restriction of data, insofar as deletion is not possible or the deletion obligation is disputed (Art. 18 GDPR);
7. to data portability, i.e. you can receive your data that you have provided to us in a common machine-readable format such as CSV and, if applicable, transfer it to others (Art. 20 GDPR).
8. to object to the processing of your personal data for the purpose of direct marketing at any time. This also applies to profiling insofar as it is associated with such direct marketing (Art. 21(2) GDPR).

Data Protection for Users in Switzerland

For individuals residing in Switzerland, personal data is processed in accordance with the revised Swiss Federal Act on Data Protection (revFADP).

Data subjects have in particular the right to access, rectification, deletion, and to object to the processing of their personal data under applicable Swiss data protection law.

Complaints may be submitted to the Federal Data Protection and Information Commissioner (FDPIC).

Data Protection for Users in the United Kingdom

For individuals residing in the United Kingdom, personal data is processed in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Users have the same rights of access, rectification, erasure, restriction of processing, data portability, objection, and withdrawal of consent.

Complaints may be submitted to the competent supervisory authority, the Information Commissioner’s Office (ICO).

Information for Users in the United States of America (USA)

Elara Health is not a “Covered Entity” or “Business Associate” under the U.S. Health Insurance Portability and Accountability Act (HIPAA).

For users residing in the State of California, additional rights apply under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to access, correct, delete personal data, and to object to the sharing of personal data.

Elara Health does not sell, rent, or share personal data for commercial purposes within the meaning of the CCPA/CPRA.

Requests to exercise these rights may be submitted at any time via email to frederik@elara-health.de.

Information for Users in Canada

The processing of personal data of users residing in Canada is carried out in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA).

Personal data is processed solely for the purposes described in this Privacy Policy and generally on the basis of your consent or another lawful basis.

Users have the right to access their personal data and to request correction or deletion of inaccurate information. Complaints may be submitted to the competent supervisory authority or to us as the responsible entity.

Information for Users in Australia

The processing of personal data of users residing in Australia is carried out in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

Users have the right to access personal data stored about them and to request correction of inaccurate information. Complaints may be submitted to us as the responsible entity or to the competent Australian data protection authority.

Legal Notice

This privacy policy relates exclusively to the Elara Health website, unless otherwise stated in this document.