Privacy Policy GAIA Website

Privacy Policy GAIA Website

Data protection is of particularly high importance to our management. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

The processing of personal data is always carried out in accordance with the EU General Data Protection Regulation (GDPR) and in accordance with the German Federal Data Protection Act (BDSG). By means of this privacy policy, our company would like to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed of their rights by means of this privacy policy.

As the controller responsible for processing, we have implemented numerous technical and organizational measures to ensure the most complete protection possible for the personal data processed. Name and Ad

Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union, and other provisions of a data protection nature is:

GAIA AG

Hans-Henny-Jahnn-Weg 53
22085 Hamburg, Deutschland

Contact for the Data Protection Officer: privacy@gaia-group.com

Collection of General Data and Information

With each access by a data subject or an automated system, the website temporarily collects a series of general data and information. This general data and information is stored temporarily in the server's log files. The following may be collected: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), and (7) other similar data and information used for security purposes in the event of attacks on our information technology systems.

When using this general data and information, we do not draw any conclusions about the data subject. Rather, this information is required to (1) deliver the content of our website correctly, (2) optimize the content of our website, (3) ensure the permanent functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

Collection of personal data when using a contact form

Where applicable, the website offers a contact form. If this is the case, the personal data necessary for establishing contact is collected when the contact form is used. The controller processes and stores the personal data entered via the contact form in order to respond to the respective inquiry.

The entered contact data may also be passed on to a processor who sends information material to the data subjects on behalf of the controller, if requested.

A separate contact form is available for professional circles, particularly from the medical field (e.g., physicians). Here, professionals can explicitly select the purpose of the contact. In the case of requested information material, the necessary contact data is likewise used to process the inquiry and send the information material, and is only transmitted to the commissioned processor.

The processor processes the contact data exclusively for this purpose and within the scope of the controller's instructions. 

The consent to data processing can be revoked at any time.

Service for assistance with prescription requests

Where applicable, this website offers you optional assistance with requesting a prescription for a digital health program as part of the contact form. If you use this service, we collect and process, in addition to your basic data, the information you provide regarding your treating physician and the name of your health insurance company.

This data is processed for the following purpose:

Creation and dispatch of the prescription request: We create a pre-formulated request in letter form on your behalf and send it to the medical practice you have named to inform them of your wish for a prescription.

Legal basis:

By using this service, you expressly consent, pursuant to Art. 6 (1) (a) and Art. 9 (2) (a) GDPR, to us transmitting information regarding your intended use of a digital health program (health data) to the medical practice of your choice for the purpose of the prescription request.

Collection of personal data for authorization purposes

Where applicable, in addition to the automated collection of general data and information, personal data serving the purpose of authorizing a person and verifying the respective eligibility to use a digital health application may also be requested. If this is the case, the following are collected: (1) the insurance number with the health insurance institution and (2) the date of birth. This data is transmitted to the insurance institution exclusively for the purpose of verifying the identity and the individual's eligibility to use a digital health application. No conclusions are drawn regarding the data subject through the collection and processing of this data.

Routine erasure and blocking of personal data

The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or another legislator in laws or regulations to which the controller is subject.

If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.

Rights of the data subject

a) Right to confirmation:

Every data subject shall have the right granted by the European legislator to obtain from the controller confirmation as to whether or not personal data concerning them are being processed.


b) Right of access:

Every data subject shall have the right granted by the European legislator to obtain from the controller, at any time and free of charge, information about the personal data stored about them and a copy of this information. Furthermore, the data subject shall have a right to be informed whether personal data have been transferred to a third country or to an international organization. Where this is the case, the data subject shall also have the right to be informed of the appropriate safeguards relating to the transfer. Furthermore, the data subject has a right to lodge a complaint with a supervisory authority.


c) Right to rectification:

Every data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject shall also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.


d) Right to erasure (Right to be forgotten):

Every data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning them without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • The data subject withdraws consent on which the processing is based according to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, and where there is no other legal ground for the processing.
  • The data subject objects to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21(2) GDPR.
  • The personal data have been unlawfully processed.
  • The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  • The personal data have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.


e) Right to restriction of processing:

Every data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
  • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims.
  • The data subject has objected to processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.


f) Right to data portability:

Every data subject shall have the right granted by the European legislator to receive the personal data concerning them, which was provided by the data subject to a controller, in a structured, commonly used, and machine-readable format.


g) Right to object:

Every data subject shall have the right granted by the European legislator to object, on grounds relating to their particular situation, at any time, to processing of personal data concerning them which is based on Art. 6(1)(e) or (f) GDPR. We shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.


h) Automated individual decision-making, including profiling:

Every data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, as long as the decision (1) is not necessary for entering into, or the performance of, a contract between the data subject and the data controller, or (2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is based on the data subject's explicit consent.


i) Right to withdraw data protection consent:

Every data subject shall have the right granted by the European legislator to withdraw their consent to processing of their personal data at any time.

 

Cookies and Tracking technologies

On this website, various tracking technologies and tools may be used to analyze the use of the website and to improve our offerings. If your consent is required for the use of cookies or tracking technologies, a corresponding cookie banner will be displayed to you. You can use this banner to inform yourself about which tools are being used and to manage your consent.

If no cookie banner is displayed to you on this website, this means that no cookies or tracking technologies are used on this page that would require your consent.

Use of the Cookie Consent Manager CCM19

Where applicable, this website uses the Cookie Consent Manager CCM19 to obtain your consent for storing certain cookies on your terminal device and to document this in a data protection-compliant manner. The Cookie Consent Manager CCM19 is a product of Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn (hereinafter "CCM19").

Processing of personal data: When you enter our website, a connection to CCM19's servers is established to obtain your consent and other declarations regarding cookie use. CCM19 then stores a cookie in your browser to be able to assign the granted consents to you. The data collected in this manner is stored until you request us to delete it, delete the CCM19 cookie yourself, or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected.


Purpose of data processing:

  • Obtaining and managing consents for cookie use.
  • Documentation of consents to demonstrate GDPR compliance.


Legal basis:

The processing of your data is based on your consent pursuant to Art. 6 (1) (a) GDPR. Furthermore, there is a legitimate interest in a legally compliant, user-friendly, and transparent use of cookies on our website pursuant to Art. 6 (1) (f) GDPR.


Storage duration:

The data is stored until you revoke your consent or delete the cookie. Mandatory statutory retention periods remain unaffected.


Withdrawal of consent:

You can withdraw your consent to the storage of cookies and the use of CCM19 at any time by changing the cookie settings on our website or by deleting the cookies in your browser.

Further information on data processing by CCM19 can be found in CCM19's privacy policy: https://www.ccm19.de/datenschutzerklaerung.html.

Data protection provisions regarding the application and use of HubSpot forms

Where applicable, this website uses forms provided by HubSpot, a software company based in the USA that offers tools for inbound marketing and sales. The provider is HubSpot, Inc., 25 First Street, Cambridge, MA 02141 USA. HubSpot is an integrated software solution that we use to cover various aspects of our online marketing. These include, among others, email marketing, social media publishing & reporting, contact management (e.g., user segmentation & CRM), landing pages, and contact forms.

When you fill out a form on our website, the data you enter (such as name, email address, telephone number, etc.) is stored on HubSpot's servers. This information may be used by us to get in touch with you, to send you marketing information, or to improve our services.

Note on Data Transfer: HubSpot provides appropriate safeguards for the transfer of data to the USA (e.g., through the use of Standard Contractual Clauses or other recognized mechanisms) to ensure that a level of data protection corresponding to European data protection law is maintained.

The use of HubSpot services is carried out in the interest of efficient and rapid processing of your inquiries and for the optimization of our marketing measures. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

Further information on data processing by HubSpot can be found in HubSpot's privacy policy: https://legal.hubspot.com/de/privacy-policy

Data protection provisions regarding the application and use of Google Ads (personalized advertising)

Please be advised that we may use Google Ads to promote our websites. Google Ads is an internet advertising service that allows advertisers to place ads in both Google's search engine results and the Google advertising network. Google Ads enables an advertiser to pre-define specific keywords, by means of which an ad is displayed in Google's search engine results only when the user retrieves a keyword-relevant search result using the search engine. In the Google advertising network, ads are distributed to topic-relevant websites using an automatic algorithm and taking the previously defined keywords into account.

If a data subject reaches our website via a Google ad, a so-called conversion cookie is stored on the data subject's information technology system by Google. A conversion cookie loses its validity after thirty days and is not used to identify the data subject.

Neither our company nor other advertising customers of Google Ads receive information from Google by means of which the data subject could be identified.

The data subject can prevent the setting of cookies by our website at any time by means of a corresponding setting of the internet browser used and thus permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Google from setting a conversion cookie on the data subject's information technology system. In addition, a cookie already set by Google Ads can be deleted at any time via the internet browser or other software programs.

Furthermore, the data subject has the option to object to personalized advertising by Google. To do this, the data subject must access the link www.google.de/settings/ads from each of the internet browsers they use and make the desired settings there.

Further information and the applicable data protection provisions of Google can be found at:https://www.google.de/intl/de/policies/privacy/ abgerufen werden.

Data protection provisions regarding the application and use of Google Analytics cookies

Where applicable, this website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"), which is operated by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google Analytics uses so-called "cookies," which are text files stored on your computer that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

However, if IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage to the website operator.

By using this website, you consent to the processing of data collected about you by Google in the manner and for the purposes described above.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by selecting the appropriate settings on your browser software; however, please note that if you do so, you may not be able to use the full functionality of this website. Furthermore, you can prevent Google’s collection of the data generated by the cookie and related to your use of the website (including your IP address), as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link:

http://tools.google.com/dlpage/gaoptout?hl=de“>http://tools.google.com/dlpage/gaoptout?hl=de

Use of Google Tag Manager

Where applicable, our website uses Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager provides a technical platform for efficiently managing website tags and code snippets used to track and analyze user interactions on websites. The service itself operates without the use of cookies and does not store any personal data.

Google Tag Manager merely implements tags and triggers other tags, which in turn may collect data. However, this data is not collected by Google Tag Manager itself. Instead, the tags serve to forward data to other services, such as Google Analytics or other marketing and analysis tools. These services may process personal data, such as IP addresses, and are subject to their own respective privacy policies.

Please note that Google Tag Manager does not have access to this data. If a deactivation has been made at the domain or cookie level, it remains in effect for all tracking tags implemented with Google Tag Manager.

Further information about data processing by Google and your rights and settings options for protecting your privacy can be found in Google's privacy policy: https://policies.google.com/privacy. You can view the terms of use for Google Tag Manager here: https://www.google.com/intl/de/tagmanager/use-policy.html.

Use of Meta Pixel (formerly Facebook Pixel)

Where applicable, our website uses the visitor action pixel from Meta Platforms, Inc. ("Meta"). This tool allows us to track the actions of users after they have seen or clicked on a Facebook advertisement. This enables us to record the effectiveness of Facebook advertisements for statistical and market research purposes. The data collected in this manner is anonymous and does not allow for conclusions to be drawn regarding the identity of the users. However, the data is stored and processed by Meta, making a connection to the respective user profile possible, and Meta can use the data in accordance with the Meta Data Use Policy. This enables Meta to facilitate the placement of advertisements on and off Facebook. As the website operator, we have no influence over this use of data.


Processed data:

  • Information indicating that you have visited our website
  • Your IP address
  • Browser information
  • Date and time of the visit


Purpose of processing:

  • Measuring the success of advertising campaigns
  • Optimizing future advertising measures
  • Delivery of advertisements tailored to target groups


Legal basis:

The processing of your data is based on your consent pursuant to Art. 6 (1) (a) GDPR, provided you have granted it to us.


Storage duration:

The data is stored for as long as it is necessary for the purpose of its collection.


Withdrawal of consent:

You can withdraw your consent to the use of the Meta Pixel at any time. To do so, you can adjust the corresponding settings in your Facebook account or change the cookie settings on our website.

Further information on data processing by Meta can be found in Meta's privacy policy: https://www.facebook.com/about/privacy/.

Use of X Pixel (formerly Twitter Pixel)

Where applicable, our website uses the conversion tracking of X, Inc. (formerly Twitter, Inc.). This tool allows us to track the actions of users after they have seen or clicked on an X advertisement. This enables us to record the effectiveness of X advertisements for statistical and market research purposes. The data collected in this manner is anonymous and does not allow for conclusions to be drawn regarding the identity of the users. However, the data is stored and processed by X, making a connection to the respective user profile possible, and X can use the data in accordance with the X Data Use Policy. This enables X to facilitate the placement of advertisements on and off X. As the website operator, we have no influence over this use of data.


Processed data:

  • Information indicating that you have visited our website
  • Your IP address
  • Browser information
  • Date and time of the visit


Purpose of processing:

  • Measuring the success of advertising campaigns
  • Optimizing future advertising measures
  • Delivery of advertisements tailored to target groups


Legal basis:

  • The processing of your data is based on your consent pursuant to Art. 6 (1) (a) GDPR, provided you have granted it to us.


Storage duration:

  • The data is stored for as long as it is necessary for the purpose of its collection.


Withdrawal of consent:

  • You can withdraw your consent to the use of the X Pixel at any time. To do so, you can adjust the corresponding settings in your X account or change the cookie settings on our website.

Further information on data processing by X can be found in X's privacy policy:

https://x.com/de/privacy

Optional use of the AI Voice Agent

Where applicable, our website offers the innovative feature of an AI Voice Agent to provide you with an interactive and user-friendly experience. Before using this service, you must agree to the Terms of Use governing your interactions with the AI Voice Agent. These include your consent to the recording, storage, and transfer of your communication to third-party providers, as described in our privacy policy.

By using the AI Voice Agent, you consent to the recording of your conversations as well as the storage and transfer of your data to third-party providers. This data helps us to continuously improve the quality of our service and to offer you personalized experiences. If you do not wish for your conversations to be recorded, we ask that you refrain from using the AI Voice Agent. Your privacy is important to us, and we are committed to protecting your personal data and treating it confidentially.


Newsletter

Where applicable, the website offers a newsletter. If this is the case, providing your email address is required to receive the newsletter. Before the newsletter is sent, you must explicitly confirm that the newsletter service should be activated for you as part of the so-called double opt-in process. In the course of this, you will receive a confirmation and authorization email, in which we ask you to click the link contained in that email to confirm that you wish to receive the newsletter. You can unsubscribe from the newsletter at any time. A corresponding link can be found in every newsletter sent. Your email address will be used exclusively by us and will not be passed on to third parties.


Legal basis for processing

The processing operations for this website are based on Art. 6 (1) (f) GDPR. This legal basis applies to processing operations necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not override such interests.

The use of certain cookies on the website is based on your prior explicit consent pursuant to Art. 6 (1) (a) GDPR. You may revoke this consent at any time for the future by adjusting your cookie settings. A revocation of your consent does not affect the lawfulness of the processing carried out on the basis of your consent up until the time of revocation.


Period for which personal data will be stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. After this period has expired, the corresponding data is routinely deleted, provided it is no longer required for the fulfillment or initiation of a contract.


Existence of automated decision-making

As a responsible company, we refrain from automated decision-making or profiling.

23.04.2026