Status: April 2025
Thank you very much for your interest in our website. Protecting your personal data is a very important concern for us. Below you will find information on how we handle your data processed through the use of our website. The processing of your data is carried out in accordance with the statutory provisions on data protection.
Our website may contain links to websites of other providers, to which this data protection information does not extend. To the extent that the use of the internet pages of other providers is associated with the collection, processing, or use of personal data, please refer to the data protection notices of the respective providers.
We reserve the right to amend this data protection declaration at any time in compliance with applicable data protection laws. The current version is April 2025.
Definitions
Our data protection information is intended to be simple and understandable for everyone. The term “personal data” is defined in the General Data Protection Regulation (hereinafter “GDPR”). According to this, “personal data” is any information relating to an identified or identifiable natural person. This includes data such as your IP address or information about how you use this website.
In these data protection notices, the official terms of the GDPR are generally used. The official definitions are explained in Article 4 GDPR.
Controller, Data Protection Officer
The controller pursuant to Art. 4 No. 7 GDPR is:
VisionHealth GmbH
Landsberger Str. 72
80339 Munich
Germany
Phone: +49 89 6142 429 00
Email: info@visionhealth.gmbh
You may reach the data protection officer as follows:
Proliance GmbH
www.datenschutzexperte.de
– Data Protection Officer –
Leopoldstr. 21
80802 Munich
Email: datenschutzbeauftragter@datenschutzexperte.de
When contacting the data protection officer, please mention the company to which your inquiry relates. Please refrain from attaching sensitive information to your request, such as a copy of your ID.
Data Processing in Operating the Website
Web Hosting
This website is hosted by an external service provider (host). Personal data collected on this website is stored on the host’s servers. This may include IP addresses, contact inquiries, meta and communication data, website access details, and other data generated via a website.
We collect the listed data to ensure the smooth establishment of a connection to the website and the technical error-free provision of our services. The processing of this data is absolutely necessary to provide you with the website. The legal basis for data processing is our legitimate interest in a correct presentation and functionality of our website pursuant to Art. 6 (1) (f) GDPR.
We have concluded a contract for order data processing with the provider in accordance with Art. 28 GDPR, in which we oblige them to protect our customers’ data and not to share it with third parties.
Usage Data and Server Log Files
When you access our website, it is technically necessary that data be transmitted from your browser to our web server. The following data is logged during an active connection to facilitate communication between your browser and our web server:
We collect this data to ensure the smooth establishment of a connection to the website and the technical error-free provision of our services. The processing of this data is absolutely necessary to provide you with the website. The log files serve to evaluate system security and stability as well as for administrative purposes. The legal basis for data processing is our legitimate interest in protecting and ensuring functionality of our website pursuant to Art. 6 (1) 1st sentence (f) GDPR.
For technical security reasons, in particular to repel attacks on our web server, we temporarily store this data. After no more than 7 [days], the data is anonymized by truncating the IP address to the domain level, making it impossible to relate the data to a single user.
In anonymized form, the data may also be processed for statistical purposes. The data is never stored together with other personal data of the user, nor is it compared with other data sets or passed on to third parties.
Access to and Storage of Information in Terminal Devices
By using our website, access to information (e.g., IP address) or storage of information (e.g., cookies) in your terminal devices may occur. Such access or storage may involve further processing of personal data within the meaning of the GDPR.
Where access or storage is strictly necessary for the technically error-free provision of our services, it is carried out on the basis of § 25 (1) 1st sentence, (2) No. 2 TDDDG.
Where such access or storage serves other purposes (e.g., the needs-based design of our website), it is carried out on the basis of § 25 (1) TDDDG only with your consent pursuant to Art. 6 (1) (a) GDPR. Consent can be revoked at any time for the future. The GDPR and the Federal Data Protection Act (BDSG) apply to the processing of your personal data.
More information on the processing of your personal data and the legal bases involved can be found in the following sections regarding specific processing activities on our website.
General Information
On this website, we use services that employ cookies and similar technologies to store data in your browser and read already stored data. These may include cookies, local browser storage, pixels, and so‑called tags.
Cookies are small text files that can be stored and read on your device.
A distinction is made between session cookies, which are deleted when the browser is closed, and permanent cookies, which remain stored for a specified period beyond a single session.
In addition to cookies, we may use local browser storage to place and read data. We also embed pixels—which are small individualized image files loaded during page rendering and used to track user activity.
Furthermore, we may use tags on our websites. Tags are tiny HTML or JavaScript code fragments or markers that enable services for web analysis or user tracking and allow differentiation or identification of users and the tracking of specific user actions.
Further details on the cookies and similar techniques used by us can be found later in the descriptions of cookie categories as well as in our consent management platform displayed when you visit our website. You can reopen our “cookie banner” via the “cookie settings” link at the bottom of the website to change your preferences.
Please note that without certain cookies and similar technologies, our websites may not display correctly and some functions may no longer be available technically.
Category: Necessary Cookies
Services in this category may use cookies and similar technologies to store and read information on your device. We use these:
To enable website display and basic functions, especially navigation and access to secure areas
To enable the giving and revoking of consent
To protect our forms from misuse
To protect our website from cyberattacks and fraud attempts
Some employed cookies/techniques contain only information about certain settings and are not personally identifiable. We do not use them to track your interactions, measure usage, or for advertising.
Use of services and corresponding cookies/techniques in this category is based on § 25 (2) Nos. 1 & 2 TDDDG. Subsequent data processing is based on Art. 6 (1) (f) GDPR.
Category: User Preferences
Services in this category may use cookies and similar technologies to store and read information on your device. We use these:
Use of the services and corresponding technologies in this category is based on your consent under § 25 (1) TDDDG. Subsequent processing is based on your consent under Art. 6 (1) (a) GDPR.
Category: Analytical Cookies
Services in this category may use cookies and similar technologies to store and read information on your device. We use these:
These use pseudonymous identifiers in cookies (recognition markers) placed during visits and read on return visits. Pseudonymization allows distinguishing and re-recognizing users, but not direct identification without additional data. Further techniques like browser/device fingerprinting may also be used.
Use of services and technologies in this category is based on your consent under § 25 (1) TDDDG. Subsequent processing is based on your consent under Art. 6 (1) (a) GDPR.
Category: Marketing Cookies
Services in this category may use cookies and similar technologies to store and read information on your device. We use these:
This uses pseudonymous identifiers in cookies and may involve browser/device fingerprinting. These identifiers may be exchanged between providers (ID Matching/Syncing), enabling device- and platform-spanning recognition and advertising.
If you identify via personal data (name, email) or sign in via social or third-party services, pseudonymous identifiers may be linked with your personal data, enabling creation and analysis of pseudonymous or non‑pseudonymous profiles used for targeted advertising.
Use of services and technologies in this category is based on your consent under § 25 (1) TDDDG. Subsequent processing is based on your consent under Art. 6 (1) (a) GDPR.
Consent Management via Complianz GDPR
We use the Complianz GDPR consent management tool on our websites to manage your consents for the use of cookies and similar techniques.
Description of Data Processing and Purpose
We use the service to manage your consents to cookie use and related data processes.
If you submit consents via our consent banner, the service processes:
This data is logged on the provider’s servers. Cookies are used to store your consent status on your device, to read and match it on subsequent visits.
This enables us to verify your consent status and to activate or deactivate cookies/technologies accordingly on future visits.
Our purpose and legitimate interest are to deploy cookies and similar technologies in a data‑protection‑compliant way on our websites and enable you to revoke your consents easily.
Legal Basis for Processing
Where we deploy cookies and similar technologies or store/read data on your device through this service, it is based on § 25 (2) TDDDG. Subsequent processing is based on Art. 6 (1)(f) GDPR.
Recipients
Using the platform, the data collected via our websites is transmitted to:
Complianz BV
Kalmarweg 14-5
9723 JG, Groningen, Netherlands
Storage Duration
Data is stored by the provider for 12 months after transmission from our websites.
Google Analytics
On our websites, we integrate “Google Analytics” by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Within the EU/EEA, the service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Description of Data Processing and Purpose
Google Analytics generates usage profiles based on pseudonyms (cookie and device IDs, browser fingerprint) and usage data (requested page names/URLs, referral links, browser and OS description, IP address).
It also collects:
This allows Google to pseudonymously recognize visitors and categorize them demographically. Users logged in to Google can be recognized across devices.
Data collection is via cookies and JavaScript loaded in your browser. This code stores cookies and reads information from your device and cookies. Details are above under “Data Processing in Connection with Cookies and Similar Techniques” and in our consent management tool.
We receive aggregated statistics from Google, which let us understand user interests and site usage. We receive only aggregated data from Google Ads customers without identifying individuals.
We use these insights for targeted online advertising and marketing campaigns in ad networks, especially Google ad services.
Legal Basis
Integration and use are based on your consent via the consent management platform.
Cookie and technology use is under § 25 (1) TDDDG; subsequent processing is under Art. 6 (1)(a) GDPR.
Your consent is voluntary and can be withdrawn at any time for the future. To withdraw consent for analytics, please use the data protection settings link at the bottom of the website to reopen the consent tool and adjust settings.
Recipients
Data is transmitted to:
We have no influence over further processing by third parties.
Further information on handling personal data by Google is available on Google’s privacy policy website.
Data Processing in Third Countries
Data processing may occur outside the EU/EEA, particularly in the USA.
For data transfers to the USA, Google LLC is certified under the EU‑US Data Privacy Framework in accordance with Art. 45 (1) GDPR.
Google LLC commits to adequate data protection standards under this certification per public listing.
Storage Duration
Data is stored by the aforementioned providers for 12 months. We do not store vendor-processed or provided data beyond this in our own systems.
Google Tag Manager
We integrate “Google Tag Manager” by Google LLC, same addresses as above.
Within the EU/EEA, it is provided by Google Ireland Limited.
Description of Data Processing and Purpose
This is a tag‑management system allowing us to embed and manage additional website code in JavaScript or HTML, especially tags like web‑beacons or tracking pixels used by analytics or tracking services.
Google Tag Manager itself does not analyze traffic or track users; it merely embeds and manages code needed by services like Google Analytics.
Because Google Tag Manager is provided by Google and loaded from their servers, usage data is transmitted to Google when pages load. Google thereby receives your IP, which is technically necessary for content retrieval.
Legal Basis
Integration and use are based on your consent via the consent management platform. Cookie and technology use is under § 25 (1) TDDDG; subsequent processing is under Art. 6 (1)(a) GDPR.
Your consent is voluntary and can be revoked anytime. To revoke consent related to analytics, use the data protection settings link at the bottom of the site to reopen the consent management platform.
Recipients
Data is transmitted to:
We have no influence over further processing by third parties.
Further information on Google’s data handling is on their privacy policy website.
Data Processing in Third Countries
Same as above: may occur outside the EU/EEA, particularly in the USA.
Google LLC is certified under the EU‑US Data Privacy Framework; additional safeguards like Standard Contractual Clauses apply for other countries.
Storage Duration
Data is stored by the provider only as long as needed for stated purposes. We do not store it further in our own systems.
We embed Google advertising services and features from Google LLC, same addresses.
Within the EU/EEA, provided by Google Ireland Limited.
Description of Data Processing and Purpose
We use Google’s marketing services to display and manage targeted ads for our products and services, and to measure their effectiveness.
Data collection and processing on our site is via cookies and JavaScript loaded in your browser. Cookies are stored and read by code when pages are loaded; details are under “Data Processing in Connection…” and accessible via the Complianz tool.
This enables Google to pseudonymously identify visitors and, if they are logged in, recognize them across devices.
When you click an ad placed by Google, third-party cookies for conversion tracking are set and read when you visit our site. Data is processed about search terms you used, the ad or ad group clicked, and which campaign the ad belonged to.
We then record how you interact with our site (pages visited, clicks, forms used). A “conversion” is when an ad click corresponds to a specific action.
With Google Analytics used concurrently, ad and analytics data can be combined for more precise analysis.
Google provides us aggregated statistics about ad performance; no conclusions about individuals are possible.
These statistics help us optimize campaign effectiveness and manage strategy via Google ad services.
Legal Basis
Integration/use is based on your consent via the Complianz platform. Cookie/technology use is under § 25 (1) TDDDG; subsequent processing is under Art. 6 (1)(a) GDPR.
Consent is voluntary and revocable at any time via the data protection settings link at the bottom of the website.
Recipients
Data is transmitted to:
We have no influence over further processing by third parties.
Further info on Google’s personal data handling is at Google’s privacy policy.
Data Processing for Advertising Purposes
We process your personal data to contact you by post, telephone, or email for direct advertising, as well as to evaluate prospect data, conduct market research, and carry out customer satisfaction surveys.
Postal or Telephonic Advertising B2B
Description: We process your personal data (title, first name, last name, business address, phone number) to contact you or your company personally by mail or phone about our products, goods, services, and offers, in our legitimate interest.
Legal Basis: Art. 6 (1)(f) GDPR. We process only business-related personal data, and no overriding interests of yours oppose this.
You may object to processing at any time for future effect. To exercise objection rights, please use the contact data above.
Recipients: VisionHealth employees.
Storage Duration: We store data as long as needed for the stated purpose or until you object. Afterward, data is deleted unless another legal basis allows continued storage (e.g., legal retention obligations).
Email Advertising—Existing Customers
Description: We process your personal data (title, first name, last name, business email) received in connection with a contract to send personalized direct advertising about similar products, goods, and services related to the prior contract.
Legal Basis: Art. 6 (1)(f) GDPR. We comply with provisions of § 7 (3) UWG and process only business‑relevant personal data, so no overriding interests on your part conflict as long as you have not objected.
You can object at any time for the future without incurring more than basic transmission costs. To object, use unsubscribe link in emails or the contact data above.
Recipients: VisionHealth employees.
Storage Duration: We store data as long as needed or until you object. After that, data is deleted unless another legal basis allows continued storage.
Further Data Processing
Documentation of Compliance with Data Protection
Description: If you give consent, we process your personal data on the circumstances and timing of the consent (possibly signature, email, phone/fax number, IP) to evidence that you consented, per our accountability under Art. 5 (2) GDPR.
If you exercise rights under GDPR, we process your data to document compliance with GDPR in handling your request.
Legal Basis: Art. 6 (1)(c) or (f) GDPR. Our legitimate interest is documenting GDPR compliance per accountability.
Recipients: Your data may also be forwarded to our external data protection officer who assists with GDPR compliance.
Storage Duration: We store data as long as needed. Consent data is usually kept until 3 years after the end of the year in which it was last used. Data processed in connection with exercising rights is kept for 3 years after the end of the year in which you exercised your rights. Then we delete data unless another legal basis or obligation allows continued storage.
Exercise or Defense of Legal Claims
Description: We also process your data in individual cases to assert legal claims, e.g., for unpaid invoices, where your data is relevant.
We also process data to defend against legal claims in cases like warranty claims, where your data is relevant.
Legal Basis: Art. 6 (1)(f) GDPR.
Recipients: If necessary, data is passed to tax advisors, auditors, financial or judicial authorities, lawyers, experts, or courts.
Storage Duration: We store data in individual cases as long as necessary. Then delete, unless another legal basis or obligation allows continued storage.
Fulfillment of Other Legal Obligations
Description: We process personal data when required to fulfill a legal obligation. The extent of data depends on the obligation.
Legal Basis: Art. 6 (1)(c) GDPR in conjunction with applicable laws (e.g., Abgabenordnung § 147, HGB § 257, StPO).
Recipients: Data may be passed to tax advisors, auditors, financial or judicial authorities, lawyers, experts, or courts.
Storage Duration: We store data as required. Retention periods can be up to 10 years per specific laws. The start of retention depends on the specific law.
Then data is deleted unless another basis allows continued retention.
Email or Telephone Inquiries
Description: If you contact us via email or phone, your inquiry and all resulting personal data (name, request) are stored and processed for the purpose of handling your concern. This data is not shared without your consent.
Legal Basis: Art. 6 (1)(b) GDPR if your inquiry relates to contract fulfillment or pre‑contractual steps. In all other cases, processing is based on our legitimate interest in effective handling (Art. 6 (1)(f)) or your consent (Art. 6 (1)(a)) if required.
Storage Duration: Your contact data remains until you request deletion, revoke consent, or the purpose ends (e.g., after handling your request). Mandatory legal retention periods remain unaffected.
Your Rights
Below is an overview of the rights you have under current data protection law against the controller regarding personal data processing:
To exercise your withdrawal or objection rights, an email to info@visionhealth.gmbh is sufficient.
