Skip to content
Logo detoxi Health

Privacy

The protection of your personal data is a top priority for us. Therefore, we conduct our activities in compliance with applicable legal provisions on the protection of personal data and data security. Below, we inform you about how we process your data and what rights you have in this regard.

This privacy policy applies to all online offerings and services available under the detoxi brand. These currently include:

  • the „detoxi“ smartphone app for iOS and Android
  • the website at detoxi.info

The aforementioned offerings and services are hereinafter referred to briefly as „Services.“

Controller and Data Protection Officer

The controller within the meaning of the General Data Protection Regulation (GDPR) is detoxi Health GmbH, Schützallee 5, 14169 Berlin, E-mail: info@detoxi.info (referred to in this policy as „we“).

For all questions and comments regarding data protection, you can contact our data protection officer: Nils Möllers, Keyed GmbH, Siemensstraße 12, 48341 Altenberge, Westphalia, E-mail: datenschutz@detoxi.info.

What are Personal Data?

Personal data are information relating to personal or material circumstances of a specific or identifiable natural person. This includes, for example, your name, address, telephone number, or date of birth.

Cookies and Tracking Technologies

a. Nature and Scope of Data Processing

We use cookies and similar technologies, such as web storage (hereinafter generally „Cookies“), on our Services. Cookies are data stored on the user’s end device. Cookies may be transmitted to us when a website or Service is accessed, enabling user identification.

Strictly necessary cookies ensure functions without which you cannot use our Services as intended. Strictly necessary cookies, for example, ensure that you remain logged in as a registered user and do not have to re-enter your login details each time you access a page. Strictly necessary cookies are set automatically.

We inform you about the processing operations we use regarding which additional cookies beyond those mentioned above are set and used. These cookies are only set if you have consented via our banner. We also indicate how cookie storage can be prevented.

b. Legal Basis

The legal basis is Art. 6(1)(b) GDPR for contract initiation and Art. 6(1)(f) GDPR for legitimate interests.

c. Storage Duration

You can delete cookies at any time. Please note that disabling cookies may prevent full use of all our Services functions. You can object to the use of third-party cookies for advertising purposes via so-called „Opt-out“ on this US website (https://optout.aboutads.info) or this European website (http://www.youronlinechoices.com/de/praferenzmanagement/).

Processing Operations

Logfiles

a. Nature and Scope of Data Processing

Each time one of our Services is accessed, data is captured by an automated system. This is stored in the server log files. No storage of this data together with other personal data of the user takes place. The following data may be collected:

  1. The user’s end device
  2. The user’s operating system
  3. The user’s Internet service provider
  4. The user’s IP address
  5. Date and time of access
  6. Information about browser type and version used
  7. Web pages from which the user’s system accesses our website (Referrer)
  8. Web pages accessed by the user’s system via our website

b. Legal Basis

The temporary processing and storage of the IP address is necessary for technical reasons to enable your visit to our website and serves to protect our company’s legitimate interests. The legal basis is Art. 6(1)(f) GDPR.

c. Storage Duration

The IP address is deleted after no more than 30 days. Further storage may occur in individual cases if legally required.

Contact & Support

a. Nature and Scope of Data Processing

You can contact us by e-mail. Inquiries about our apps also reach us via the contact forms in the App Stores by e-mail. By contacting us, you consent to the processing of your data. The data sent to us is stored for the purpose of processing and for follow-up questions.

Interested parties can request a voucher code for unlocking one of our programs by e-mail as part of various campaigns. Voucher codes are also sent by e-mail. When you contact us, our e-mail service provider Microsoft, represented by Microsoft Ireland Operations Ltd (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland), processes your contact details and the content of your inquiry. Microsoft may process and store e-mail data in the United States or any other country where Microsoft or its subprocessors operate. The transfer is subject to appropriate safeguards. For this purpose, we have concluded standard contractual clauses approved by the European Commission with Microsoft.

As a helpdesk, we use Zammad software (Zammad GmbH, Marienstraße 18, 10117 Berlin, Germany) to answer inquiries and provide the „Help Center (FAQ)“. In accordance with GDPR requirements, we have concluded a data processing agreement with Zammad.

b. Legal Basis

The described data processing is for pre-contractual purposes and in our legitimate interest. The legal basis is Art. 6(1)(a) and (f) GDPR.

c. Storage Duration

We store your data for up to twelve months after your inquiry is fully resolved. If your inquiry relates to an existing contract, the storage periods specified for that contract apply.

Newsletter

a. Nature and Scope of Data Processing

For sending the newsletter, we use Mailchimp newsletter service from Intuit Inc. (2700 Coast Avenue, Mountain View, CA 94043 USA). When you subscribe to our newsletter, we process personal data such as IP address, e-mail address, date and time, action type, metadata, object and profile reference.

We note that we transfer personal data to the USA. The transfer is subject to appropriate safeguards. For this, we have concluded standard contractual clauses approved by the European Commission with the data importer. Further information on the processing of your personal data can be found here: https://www.intuit.com/privacy/statement/

When sending the newsletter, we analyze your user behavior. We track, e.g., when you read our newsletters and which links you click. We create a user profile from this data to tailor the newsletter to your interests.

b. Legal Basis

After submitting the form, you must confirm your registration via a link sent to the provided e-mail address. Your confirmation constitutes consent to the processing of personal data. The legal basis is Art. 6(1)(a) GDPR.

c. Storage Duration

Subscription to our newsletter and consent to storage of personal data for newsletter dispatch can be revoked at any time. Each newsletter contains a corresponding link for revocation. After revocation, personal data processed for newsletter purposes is irrevocably deleted.

Self-Tests

a. Nature and Scope of Data Processing

You can take self-tests. Participation may require providing personal data via one of our Services. The data collected is evident from the respective booking form.

The data sent to us is stored temporarily. Without processing personal data, you cannot use this service.

b. Legal Basis

The processing is based on your voluntary consent. Legal basis: Art. 6(1)(a) GDPR.

c. Storage Duration

Data is not stored permanently.

Member Area

a. Type and Scope of Data Processing

You can register for our services and create a user account. When you register, we use your data to provide you with personalized services. Which data we collect during registration can be seen in the corresponding registration form. Your email address is used to grant you access to the protected area and to send you emails.
For the use of certain services in the member area, the voluntary provision of additional personal data is required. Which data this concerns can be seen in the corresponding form. Furthermore, we collect data about the use of our services. We create a user profile from personal data in order to be able to offer you our services on this basis.
For data storage, we use the service provider IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, Germany. In addition to your user profile (e.g., login credentials), we also store usage data. In accordance with the requirements of the GDPR, we have concluded a data processing agreement with IONOS.

b. Legal Basis

The data processing described above is carried out for (pre-)contractual purposes and security measures. Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

c. Storage Duration

We store your data until you delete your user account. You can delete voluntary data at any time in your user account. We delete your user account if you have not actively used any of our services for a period of three years or no longer have an active subscription. Storage beyond this only occurs to the extent required by applicable law. The retention periods for this are 6-10 years.

Single Sign-On

a. Type and Scope of Data Processing

You can register for our member area using a Single Sign-On account (SSO). This requires that you are already registered with an SSO provider. Please note that the terms of use and privacy policies of the respective provider apply to the use of an SSO service.

When you use an SSO service to register for our member area, we process your personal data. The personal data transmitted to us by the SSO service typically includes first name, last name, and email address. You will be informed which data we can use from your SSO profile when you activate the SSO service for the first time.

Apple’s SSO service is offered by Apple Inc., Infinite Loop, Cupertino, CA 95014, USA. Apple’s privacy and terms of use apply to registration and use of Apple services.

Google’s SSO service is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google’s privacy and terms of use apply to registration and use of Google services.

When you wish to register using an SSO service, the SSO provider becomes aware that you wish to register on our website by clicking the button marked with the respective SSO provider logo.

The SSO provider typically sets cookies as soon as you click the button marked with the respective SSO provider logo. The SSO provider can collect information about your browsing behavior. This information is transmitted to the SSO provider’s servers. These may be located outside Germany, for example in the USA. The information is stored there and may be merged with other data that the SSO provider has stored about you.

We expressly point out that when using this service, personal data may be transmitted to the USA, which involves risks.

b. Legal Basis

The data processing described above is based on your voluntary consent. The legal basis is Art. 6 para. 1 lit. a) GDPR.

c. Storage Duration

We store your data until you delete your user account. Storage beyond this only occurs to the extent required by applicable law. The retention periods for this are 6-10 years.

You can disconnect from an SSO service at any time in your user account. It is possible that the SSO service may still know that you once established a connection to our website even after the connection has been disconnected.

We continue to store the email address you used with the SSO service even after disconnecting from the SSO service to enable you to access the member area. If you wish to continue using the member area without the SSO service, you must request a password via the „forgot password“ function on one of our services.

Prevention Programs

a. Type and Scope of Data Processing

You can participate in a prevention program. To participate, you may need to provide additional personal data on one of our services if this has not already been stored in your profile. Which data we collect can be seen in the corresponding booking form.

The data sent to us is stored by us for the purpose of application processing, billing, and quality assurance. You cannot use this service without the processing of personal data.

Insured persons of various health insurance companies can activate the prevention program using a Single Sign-On (SSO) procedure. Please note that the terms of use and privacy policies of the respective provider apply to the use of an SSO service.

We may transmit personal data to health insurance companies in order to bill our services with the health insurance company. The personal data transmitted to health insurance companies includes first name, last name, insured person number, health insurance company, date of course registration, course progress, and course name.

b. Legal Basis

The data processing is carried out for contractual purposes.

c. Storage Duration

We store your data until you request deletion, revoke your consent to storage, or the purpose for data storage ceases to exist while observing statutory retention periods. The retention periods for this are 6-10 years.

App-Stores

a. Type and Scope of Data Processing

Some of our apps are obtained via special online platforms operated by other service providers (so-called „app stores“). In this context, in addition to our privacy notices, the privacy notices of the respective app stores apply. This applies in particular with regard to the procedures used on the platforms for audience measurement, marketing, and payments.

Apple App Store: App and software sales platform; service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; privacy policy: https://www.apple.com/legal/privacy/de-ww/.

Google Play: App and software sales platform; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; privacy policy: https://policies.google.com/privacy.

b. Legal Basis

We use app stores to provide our services. Legal bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

c. Storage Duration

You can object to this data collection and storage vis-à-vis the app store provider at any time with effect for the future.

Customer Surveys

a. Type and Scope of Data Processing

We conduct customer surveys at various points. For example, we want to know how old you are or what your gender is. We store this data separately from personal data. This makes it impossible to draw conclusions about you personally. You can cancel the survey at any time. The data collected up to that point will then be deleted.

We use the data obtained from customer surveys to better tailor our offerings to our customers and for scientific evaluation of our offerings.

b. Legal Basis

The data processing described above for the purpose of creating statistical analyses is based on your voluntary consent. The legal basis is Art. 6 para. 1 lit. a) GDPR.

c. Storage Duration

Due to the anonymous data collection, deletion of your data upon request is not possible. We store statistical data until the purpose for data storage ceases to exist.

Evaluation

a. Type and Scope of Data Processing

We conduct a scientific evaluation of our app. We store this data separately from personal data. This makes it impossible to draw conclusions about you personally.

We conduct surveys at three points in time. So that we can assign the questionnaires to each other, we store a pseudonymized ID together with your answers. This ID was transmitted via the link with which you accessed this questionnaire. For further analysis, the questionnaire data is assigned to app usage data via the pseudonymized ID. This analysis is carried out anonymously; no personal data is processed. Evaluation and use of the data occur exclusively within the framework of this study. If results of the study are published, it will not be possible for the data to be assigned to you personally.

b. Legal Basis

The data processing described above for the purpose of creating statistical analyses is based on your voluntary consent. The legal basis is Art. 6 para. 1 lit. a) GDPR.

c. Storage Duration

Due to the anonymous data collection, deletion of your data upon request is not possible. We store statistical data until the purpose for data storage ceases to exist.

Google Analytics

a. Type and Scope of Data Processing

To evaluate how our website is used and where visitors to our website come from, we use Google Analytics, a web analytics service from Google LLC. The data protection contact is Ireland Limited (Gordon House, Barrow Street, Dublin, D04 E5W5, Dublin, Ireland).

We point out that Google Analytics transmits personal data to the USA. The transmission is subject to appropriate safeguards. The standard contractual clauses approved by the European Commission with the data importer apply. Further information on the processing of your personal data can be found here: https://policies.google.com/privacy?hl=de&gl=de and on the Google website Responsible Handling of Business Data.

IP addresses are processed in abbreviated form; therefore, inference about a specific person is not possible.

b. Legal Basis

The data processing described above is based on your voluntary consent. The legal basis for processing your personal data is Art. 6 para. 1 lit. a) GDPR.

c. Storage Duration

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Furthermore, the data will be deleted if you assert your right to erasure. The maximum storage period is 6 months.

You can object to this data collection and storage at any time with effect for the future.

Google Analytics for Firebase

a. Type and Scope of Data Processing

To evaluate how our apps are used, we use Google Analytics for Firebase, a service from Google LLC. The data protection contact is Ireland Limited (Gordon House, Barrow Street, Dublin, D04 E5W5, Dublin, Ireland).

Google Analytics for Firebase processes user data such as IP address, technical data about the mobile device used and the installed software version, as well as usage data such as the number of accesses to the app and actions in the app such as subscription completions.

We point out that Google Analytics for Firebase transmits personal data (including IP address) to the USA. The transmission is subject to appropriate safeguards. The standard contractual clauses approved by the European Commission with the data importer apply. Further information on the processing of your personal data can be found here: https://firebase.google.com/support/privacy?hl=de and on the Google website Responsible Handling of Business Data.

b. Legal Basis

The data processing described above is based on your voluntary consent. The legal basis for processing your personal data is Art. 6 para. 1 lit. a) GDPR.

c. Storage Duration

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. You can object to this data collection and storage at any time with effect for the future.

Google Ads

a. Type and Scope of Data Processing

We use Google Ads, an online advertising program through which we place advertisements for our services. Google Ads is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of data processing is to display personalized and non-personalized advertising for our services to interested users, to measure the success of advertising measures, and to achieve fair calculation of advertising costs.

On our behalf, Google evaluates whether you became aware of our services through advertising material provided by Google Ads and subsequently visited our services. The purchase or booking of a service on our website can also be tracked by Google.

Google uses retargeting, an online marketing method in which visitors to a website are marked and subsequently targeted with specific advertising on other websites. The aim is to draw a visitor who showed interest in a service or product when visiting a website back to this service when visiting another website.

Google uses cookies and so-called tracking pixels. The information generated by cookies and tracking pixels about the use of this website (including IP address) is transmitted to a Google server and stored there.

Google’s deviating privacy policies apply to this data. Detailed information can be found in Google’s Privacy Center: Privacy Policy.

Information about any additional cookies set by Google can be found in Google’s Privacy Center and on the Google website Responsible Handling of Business Data.

We expressly point out that when using this service, personal data may be transmitted to the USA, which involves risks.

b. Legal Basis

The data processing described above is based on your voluntary consent. The legal basis for processing your personal data is Art. 6 para. 1 lit. a) GDPR.

c. Storage Duration

You can object to this data collection and storage at any time with effect for the future. Information on Google Ads tracking and deactivation of tracking and retargeting can be found here: https://adssettings.google.com/authenticated?hl=de

AppsFlyer

a. Nature and Scope of Data Processing

To evaluate how our app is used and where our app visitors come from, we use AppsFlyer, an app usage analytics service provided by AppsFlyer Ltd. The data protection contact is AppsFlyer Ltd. (Israel), Sarona, Building 203, 26 Kaplan Street, Tel Aviv.

The data collected by AppsFlyer includes information such as IP addresses (anonymized), browser, platform, SDK version, anonymized user ID, time stamps, developer key, application version and device identifiers, Google Advertising ID, device model, device manufacturer, operating system version, in-app events, and network status.

IP addresses are processed in truncated form; it is therefore not possible to draw conclusions about any specific individual.

b. Legal Basis

The data processing described above is carried out on the basis of your voluntarily given consent. The legal basis for the processing of your personal data is Art. 6(1)(a) GDPR.

c. Retention Period

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In addition, the data will be deleted if you exercise your right to erasure. The maximum retention period is 6 months.

You may object to this data collection and storage at any time with effect for the future by opting out of general tracking in the app settings.

Microsoft Clarity

a. Type and Scope of Data Processing

To evaluate how our website is used and where visitors to our website come from, we use Microsoft Clarity, a web analytics service from Microsoft Corporation. The data protection contact is Microsoft Ireland Operations Ltd (One Microsoft Place, South County Business Park, Leopardstown, Dublin, D18 P521, Ireland).

We point out that Microsoft Clarity transmits personal data to the USA. The transmission is subject to appropriate safeguards. The standard contractual clauses approved by the European Commission with the data importer apply. Further information on the processing of your personal data can be found here: https://www.microsoft.com/en-us/privacy/privacystatement.

IP addresses are processed in abbreviated form; therefore, inference about a specific person is not possible.

b. Legal Basis

The data processing described above is based on your voluntary consent. The legal basis for processing your personal data is Art. 6 para. 1 lit. a) GDPR.

c. Storage Duration

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Furthermore, the data will be deleted if you assert your right to erasure. The maximum storage period is 6 months.

You can object to this data collection and storage at any time with effect for the future.

Microsoft Advertising

a. Type and Scope of Data Processing

We use Microsoft Advertising, an online advertising program through which we place advertisements for our services. Microsoft Advertising is operated by Microsoft Corporation One Microsoft Way, Redmond, WA 98052-6399, USA.

The purpose of data processing is to display advertising for our services to interested users, to measure the success of advertising measures, and to achieve fair calculation of advertising costs.

On our behalf, Microsoft evaluates whether you became aware of our services through advertising material provided by Microsoft Advertising and subsequently visited our services. The purchase or booking of a service on our website can also be tracked by Microsoft.

Microsoft uses retargeting, an online marketing method in which visitors to a website are marked and subsequently targeted with specific advertising on other websites. The aim is to draw a visitor who showed interest in a service or product when visiting a website back to this service when visiting another website.

Microsoft uses cookies and so-called tracking pixels. The information generated by Microsoft and tracking pixels about the use of this website (including IP address) is transmitted to a Microsoft server and stored there.

Microsoft’s deviating privacy policies apply to this data. Detailed information can be found in Microsoft’s privacy policy.

b. Legal Basis

The data processing described above is based on your voluntary consent. The legal basis for processing your personal data is Art. 6 para. 1 lit. a) GDPR.

c. Storage Duration

You can object to this data collection and storage at any time with effect for the future. Information on Google Ads tracking and deactivation of tracking and retargeting can be found here: https://account.microsoft.com/privacy/ad-settings/

Applications

a. Type and Scope of Data Processing

You can submit your application documents to us by email. By submitting your application, you consent to the processing of your data. The data sent to us is stored by us for carrying out the application process and for making a decision on concluding an employment contract. No automated decision-making takes place.

We expressly point out that application documents containing „special categories of personal data“ pursuant to Art. 9 GDPR, with the exception of any severe disability that you wish to disclose of your own free will, are undesirable. You should submit your application without this data. This has no impact on your chances as an applicant.

b. Legal Basis

The data processing described above is carried out for (pre-)contractual purposes and based on your voluntary consent. The legal bases are Art. 88 GDPR, § 26 BDSG-neu, and Art. 9 para. 2 GDPR.

c. Storage Duration

Your data will be deleted 6 months after completion of the application process.

Legal and Contractual Obligations

The provision of all data to us is neither contractually nor legally required. However, without providing the mandatory information, we cannot implement your respective request or provide you with feedback on it. Failure to provide voluntary information has no consequences.

We only pass on your data to third parties if we are authorized or obliged to do so under applicable law. The same applies if we receive your data from third parties. Authorization to pass on personal data also exists when third parties process personal data on our behalf: If we have individual business activities (e.g., operation of the website, processing of credit card payments) carried out by other contractors, and these activities involve the processing of personal data, we have contractually obliged these companies in advance to use the data only for purposes legally permitted to us. We are authorized to control these companies to this extent.

Relevant Legal Bases

  1. Insofar as we obtain consent from the data subject for processing operations of personal data, Art. 6 para. 1 lit. a) EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

  2. For the processing of personal data that is necessary for the performance of a contract to which the data subject is party, Art. 6 para. 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

  3. Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c) GDPR serves as the legal basis.

  4. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d) GDPR serves as the legal basis.

  5. If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights, and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f) GDPR serves as the legal basis for processing.

Data Subject Rights

Right of Access

You may, pursuant to Art. 15 GDPR, request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you may request information from the controller about the following:

  1. the purposes for which the personal data is being processed;
  2. the categories of personal data being processed;
  3. the recipients or categories of recipients to whom your personal data has been or will be disclosed;
  4. the planned duration of storage of your personal data or, if specific information on this is not possible, criteria for determining the storage period;
  5. the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller, or a right to object to such processing;
  6. the existence of a right to lodge a complaint with a supervisory authority;
  7. all available information about the source of the data, if the personal data is not collected from the data subject;
  8. the existence of automated decision-making, including profiling pursuant to Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

You have the right to request information as to whether your personal data is being transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

Right to Rectification

You have, pursuant to Art. 16 GDPR, a right to rectification and/or completion vis-à-vis the controller, provided that the processed personal data concerning you is inaccurate or incomplete. The controller must carry out the rectification without undue delay.

Right to Erasure

You may, pursuant to Art. 17 GDPR, request that the controller erase your personal data without undue delay, and the controller is obliged to erase this data without undue delay if one of the following reasons applies:

  1. The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. You withdraw your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) GDPR, and there is no other legal basis for the processing.
  3. You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
  4. The personal data concerning you has been unlawfully processed.
  5. The erasure of personal data concerning you is necessary for compliance with a legal obligation under Union law or Member State law to which the controller is subject.
  6. The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

If the controller has made your personal data public and is obliged pursuant to Art. 17 para. 1 GDPR to erase it, the controller, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that you as the data subject have requested the erasure of all links to, or copies or replications of, that personal data.

The right to erasure does not exist to the extent that processing is necessary

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h) and i) and Art. 9 para. 3 GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the right referred to in para. 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
  5. for the establishment, exercise, or defense of legal claims.

Right to Restriction of Processing

Under the following conditions, you may, pursuant to Art. 18 GDPR, request the restriction of processing of your personal data:

  1. if you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you oppose the erasure of the personal data and request instead the restriction of their use;
  3. the controller no longer needs the personal data for the purposes of processing, but you require it for the establishment, exercise, or defense of legal claims, or
  4. if you have objected to processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the controller’s legitimate grounds override your grounds

If the processing of your personal data has been restricted, such data may, apart from being stored, only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction of processing has been restricted under the above conditions, you will be informed by the controller before the restriction is lifted.

Right to Notification

If you have, pursuant to Art. 19 GDPR, asserted the right to rectification, erasure, or restriction of processing vis-à-vis the controller, the controller is obliged to communicate this rectification or erasure of data or restriction of processing to all recipients to whom the personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right vis-à-vis the controller to be informed about these recipients.

Right to Data Portability

You have, pursuant to Art. 20 GDPR, the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

  1. the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR, and
  2. the processing is carried out by automated means. In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another controller, where technically feasible. The freedoms and rights of other persons must not be adversely affected thereby. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to Object

You have, pursuant to Art. 21 GDPR, the right to object at any time, on grounds relating to your particular situation, to processing of your personal data which is based on Art. 6 para. 1 lit. e) or f) GDPR; this also applies to profiling based on these provisions. The controller shall no longer process your personal data unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims. If your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing; this also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. You have the possibility, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by automated means using technical specifications.

Right to Withdraw Data Protection Consent

You have, pursuant to Art. 7 para. 3 GDPR, the right to withdraw your data protection consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. As a rule, you may contact the supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

The supervisory authority with which the complaint was lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

The responsible authority is the Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin, email: mailbox@datenschutz-berlin.de. With the exception of your right to lodge a complaint with the data protection authority, you may address your respective concern to us using the contact details provided.

Automated Decision-Making in Individual Cases Including Profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  1. is necessary for entering into or performance of a contract between you and the controller,
  2. is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
  3. is based on your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a) or g) applies and suitable measures to safeguard the rights and freedoms and your legitimate interests have been taken.

With regard to the cases referred to in a. and c., the controller shall implement suitable measures to safeguard the rights and freedoms and your legitimate interests, which include at least the right to obtain human intervention on the part of the controller, to express one’s point of view, and to contest the decision.

Conclusion

This privacy policy is provided in multiple languages. Only the German version is legally binding for the contractual relationship. Translations are provided solely for better understanding and have no legal effect.

We reserve all rights to make changes and updates to this privacy policy.

Updated on: March 03, 2026

detoxi Health GmbH

detoxi Health GmbH is an e-health company based in Berlin. We help people develop a healthy relationship with digital media.