Privacy Policy
Preamble
With the following Privacy Policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data"), the purposes for which, and the extent to which we process them.
This Privacy Policy applies to all processing of personal data carried out by us — both in the context of providing our services and, in particular, on our websites, in mobile applications, as well as within external online presences such as our social-media profiles (collectively referred to as our “online offering”).
The terms used are gender-neutral.
Effective date: October 15, 2025
Controller
Domenik Gerhards131 Continental Dr, Suite 305
Newark, DE 19713, USA
Email: domenik@getmorehealthspan.com
Overview of Processing
The following overview summarizes the types of data processed, the purposes of processing, and the data subjects concerned.
Categories of Data Processed
- Master data
- Contact data
- Content data
- Usage data
- Meta, communication, and procedural data
- Log data
Categories of Data Subjects
- Communication partners
- Users
Purposes of Processing
- Communication
- Security measures
- Organizational and administrative procedures
- Feedback
- Provision of our online offering and user-friendliness
- Information technology infrastructure
Applicable Legal Bases
Under the EU General Data Protection Regulation (GDPR), we process personal data based on the following legal grounds:
- Consent (Art. 6 (1)(a) GDPR): The data subject has given consent to the processing of their personal data for one or more specific purposes.
- Performance of a contract and pre-contractual inquiries (Art. 6 (1)(b) GDPR): Processing is necessary for the performance of a contract with the data subject or to take pre-contractual steps at their request.
- Legitimate interests (Art. 6 (1)(f) GDPR): Processing is necessary for the purposes of legitimate interests pursued by us or a third party, provided these are not overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data.
In addition, national data protection provisions of the country where the controller is established may apply alongside the GDPR.
Security Measures
We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.
These measures include safeguarding the confidentiality, integrity, and availability of data by controlling both physical and electronic access to the data, input, transmission, availability, and separation.
We also implement procedures to ensure the exercise of data subject rights, data deletion, and response to data threats.
Securing Online Connections (TLS/SSL Encryption)
To protect users’ data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. This ensures that information exchanged between our website or app and the user’s browser (or between servers) is encrypted and protected against unauthorized access. You can recognize a secure connection by “HTTPS” in your browser’s address bar.
Transfer of Personal Data
In the course of processing personal data, it may happen that data is transmitted to other entities, companies, legally independent organizational units, or individuals, or otherwise disclosed to them. Typical recipients include IT service providers or providers of services and content integrated into our website.
In such cases, we comply with the legal requirements and enter into appropriate contracts or agreements with the recipients of your data to ensure their protection.
International Data Transfers
When we transfer data to countries outside the European Union (EU) or European Economic Area (EEA), we do so in compliance with legal requirements.
For transfers to the USA, we primarily rely on the EU–US Data Privacy Framework (DPF), recognized by the EU Commission as providing an adequate level of protection. In addition, we have entered into Standard Contractual Clauses (SCCs) with relevant providers to ensure contractual data protection guarantees.
For transfers to other third countries, equivalent safeguards such as SCCs, explicit consent, or legal obligations apply.
Further information about adequacy decisions and certified companies can be found on the U.S. Department of Commerce website: https://www.dataprivacyframework.gov/
Data Storage and Deletion
We delete personal data in accordance with legal requirements once consent is withdrawn or the processing purpose no longer applies and no other legal basis exists.
Certain data may be retained longer if required by statutory retention obligations (e.g., commercial or tax law) or for the establishment, exercise, or defense of legal claims.
Where multiple retention periods apply, the longest period is decisive.
If no explicit date is stated, retention periods begin at the end of the calendar year in which the triggering event occurred.
Rights of Data Subjects
Under the GDPR, you have the following rights:
- Right to object (Art. 21 GDPR): You may object at any time to processing based on Art. 6 (1)(e) or (f) GDPR for reasons relating to your particular situation. You may also object to processing for direct marketing at any time.
- Right to withdraw consent (Art. 7 (3) GDPR): You may withdraw your consent at any time with future effect.
- Right of access (Art. 15 GDPR): You have the right to request confirmation whether we process your data and to obtain access and information about it.
- Right to rectification (Art. 16 GDPR): You have the right to have inaccurate data corrected or incomplete data completed.
- Right to erasure and restriction (Arts. 17–18 GDPR): You can request the deletion of your data or restriction of processing as provided by law.
- Right to data portability (Art. 20 GDPR): You can receive data you have provided in a structured, commonly used, machine-readable format or request its transfer to another controller.
- Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority in your habitual residence, place of work, or place of the alleged infringement.
Provision of Online Services and Web Hosting
We process user data to provide our online services, including the user’s IP address, which is required to deliver content and functionality to their browser or device.
Data processed: usage data (e.g., pages viewed, dwell time, device type, OS, interactions), meta and log data (e.g., IP address, timestamps, IDs).
Purpose: providing our online offering and ensuring system security.
Server Log Files
Access to our website is logged (server log files), recording retrieved pages, file names, timestamps, data volume, browser type and version, operating system, referrer URL, and IP address. Logs are kept for security and performance reasons (e.g., DDoS protection) and deleted or anonymized after a maximum of 30 days, unless required as evidence.
Use of Cookies
“Cookies” are small files stored on users’ devices to store and retrieve information. They may serve functional, security, comfort, or analytics purposes.
We use cookies according to legal requirements, seeking consent where necessary. If consent is not required, cookies are used on the basis of our legitimate interests (e.g., ensuring functionality or security).
- Session cookies: deleted when the browser is closed.
- Persistent cookies: remain stored for up to two years or until manually deleted.
Users can withdraw consent or object to processing at any time via browser settings.
We use a consent-management solution to record and manage cookie consent in compliance with the law.
Contact and Inquiry Management
When contacting us (e.g., by post, email, phone, contact form, or social media), the information provided is processed to respond to inquiries and manage communication.
Data processed: master, contact, content, usage, and meta data.
Data subjects: communication partners.
Purpose: communication, feedback management, and service quality.
Changes and Updates
We encourage you to review this Privacy Policy regularly. We will update it whenever changes in our data processing activities make this necessary and will inform you if your cooperation (e.g., renewed consent) or other notification is required.
Please note that company addresses and contact details mentioned may change over time; verify the information before contacting them.
Definitions
This section explains key terms used in this Privacy Policy in line with legal definitions under the GDPR, such as personal data, processing, usage data, content data, log data, and controller.