top of page

PRIVACY POLICY

We are very pleased that you have shown interest in our company. Data protection is of particularly high importance to the management of Loopus Health GmbH. The use of the websites of Loopus Health GmbH is generally possible without providing any personal data; however, the processing of personal data may become necessary if an individual wishes to use specific company services via our website. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain the consent of the data subject.

​

The processing of personal data, such as the name, address, email address, or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to Loopus Health GmbH. Through this privacy policy, our company aims to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, this privacy policy informs data subjects of their rights.

​

Loopus Health GmbH, as the responsible party, has implemented numerous technical and organizational measures to ensure the most comprehensive protection of personal data processed via this website. However, internet-based data transmissions can generally have security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us via alternative means, for example by telephone.

​​

1. Definitions

The privacy policy of Loopus Health GmbH is based on the terms used by the European legislators when enacting the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily readable and understandable for the public, our customers, and business partners. To ensure this, we would like to explain the terms used in advance.

In this privacy policy, we use, among others, the following terms:

​

a) Personal data
Personal data is any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

 

b) Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

 

c) Processing
Processing is any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

 

d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

 

e) Profiling
Profiling is any form of automated processing of personal data that involves using personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

 

f) Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures that ensure the personal data are not attributed to an identified or identifiable natural person.

 

g) Controller or responsible party
The controller or responsible party is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided by Union or Member State law.

 

h) Processor
A processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

 

i) Recipient
A recipient is a natural or legal person, public authority, agency, or another body to which personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the context of a particular inquiry under Union or Member State law are not considered recipients; the processing of such data by these authorities is in accordance with applicable data protection regulations for the purposes of the processing.

 

j) Third party
A third party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

 

k) Consent
Consent is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

 

2. Name and Address of the Controller

The controller within the meaning of the GDPR, other data protection laws applicable in the Member States of the European Union, and other regulations with a data protection character is:

Loopus Health GmbH
Reusrather Straße 32
42799 Leichlingen (Rheinland)
Germany

Phone: +49 2175 1889278
Email: info@loopus-health.de
Website: http://www.loopus-health.de

​

3. Collection of General Data and Information

 

The website of Loopus Health GmbH collects a range of general data and information when a data subject or an automated system accesses the website. This general data and information is stored in the server log files. This may include:

​

  1. The browser types and versions used,

  2. The operating system of the accessing system,

  3. The website from which the accessing system reached our website (referrer),

  4. The sub-pages accessed,

  5. The date and time of access to the website,

  6. An Internet Protocol (IP) address,

  7. The Internet service provider of the accessing system, and

  8. Other similar data and information used for the defense against attacks on our information technology systems.

  9. ​

Loopus Health GmbH does not draw any conclusions about the data subject from the use of this general data and information.

​

Rather, this information is required to:

  1. Correctly deliver the content of our website,

  2. Optimize the content of our website and advertising for it,

  3. Ensure the permanent functionality of our IT systems and website technology, and

  4. Provide law enforcement authorities with the necessary information in the event of a cyberattack.

These anonymized data and information are therefore evaluated by Loopus Health GmbH, both statistically and with the aim of increasing data protection and data security within our company to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data in the server log files are stored separately from all personal data provided by a data subject.

4. Routine Deletion and Blocking of Personal Data

The controller processes and stores personal data of the data subject only for the period necessary to achieve the storage purpose or if this is provided for by the European legislators or other lawmakers in laws or regulations.

If the storage purpose ceases to apply or a legal storage period expires, the personal data are routinely blocked or deleted in accordance with legal requirements.

​

5. Rights of the Data Subject

 

a) Right to confirmation
Every data subject has the right, granted by the European legislators, to obtain confirmation from the controller as to whether personal data concerning them are being processed.

 

b) Right to access
Every data subject has the right to obtain, at any time and free of charge, information about the personal data stored about them and a copy of this information. This includes:

  • Purposes of processing,

  • Categories of personal data,

  • Recipients to whom the data have been or will be disclosed,

  • Planned storage duration or criteria for determining this duration,

  • The existence of a right to rectification, deletion, restriction of processing, or objection,

  • The existence of a right to lodge a complaint with a supervisory authority,

  • Information on the source of the data, if not collected from the data subject,

  • Existence of automated decision-making including profiling.

 

c) Right to rectification
The data subject can request the immediate correction of inaccurate personal data and the completion of incomplete personal data.

 

d) Right to erasure (Right to be forgotten)
The data subject can request that their data be deleted immediately if:

  • They are no longer necessary for the original purpose,

  • They withdraw their consent and no other legal basis exists,

  • They object and there are no overriding grounds for processing,

  • The processing is unlawful,

  • Deletion is legally required,

  • Data concerning children have been collected in connection with information society services.

 

6. Legal Basis of Processing

  • Art. 6(1)(a) GDPR – Consent

  • Art. 6(1)(b) GDPR – Performance of a contract

  • Art. 6(1)(c) GDPR – Legal obligation

  • Art. 6(1)(d) GDPR – Vital interests

  • Art. 6(1)(f) GDPR – Legitimate interests of our company or a third party

 

7. Legitimate Interests in Processing

Our legitimate interest lies in conducting our business activities for the benefit of our employees and shareholders.

​

8. Duration of Storage of Personal Data

The criterion for storage duration is the respective statutory retention period. After the expiration of the period, data are routinely deleted unless they are still required for contract performance or contract initiation.

 

9. Legal or Contractual Requirement to Provide Data

We inform you that the provision of personal data may be partly required by law or necessary for entering into a contract. Without such data, a contract may not be concluded.

 

10. Existence of Automated Decision-Making

A s a responsible company, Loopus Health GmbH refrains from any automated decision-making or profiling.

​

bottom of page