Privacy Policy

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

OJAS Hormonal Health for Women
Maria Therese Priczkat
Stubenrauchstr. 31, 12161 Berlin
Email: [email protected]
Website: https://myojas.de/

This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter "data") within our online offering and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering").

As a matter of principle, we only process personal data of our users to the extent necessary for the provision of a functional website as well as our content and services. The processing of personal data of our users regularly takes place only with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by statutory provisions.

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6(1)(a) GDPR serves as the legal basis. When processing personal data necessary for the performance of a contract to which the data subject is a party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary for carrying out pre-contractual measures. Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis. If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, Art. 6(1)(f) GDPR serves as the legal basis for the processing.

The personal data of the data subject will be erased or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for further storage of the data for the conclusion or performance of a contract.

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected: browser type and browser version, operating system used, referrer URL, hostname of the accessing computer, time of the server request, IP address. This data is stored in log files to ensure the functionality of the website. In addition, the data serves to optimize the website and to ensure the security of our information technology systems. Firebase Hosting, which we use to host our website (see section 9), logs IP addresses for security and diagnostic purposes. These logs are typically retained for a limited period (e.g., for Firebase Hosting, audit logs containing IP addresses are generally kept for around 30-90 days, but you should verify Google's current data retention policies for Firebase services). We also utilize IP anonymization features where available, such as for Google Analytics (see section 4). An evaluation of the data for marketing purposes does not take place in this context beyond aggregated analytics. The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR, based on our legitimate interest in maintaining the security and functionality of our website.

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. Some cookies are technically necessary (essential cookies) to ensure the basic functions of the website (legal basis Art. 6(1)(f) GDPR or § 25 (2) TTDSG). Other cookies, such as those for analysis, are only set with your express consent (Art. 6(1)(a) GDPR or § 25 (1) TTDSG).

You can revoke your consent at any time with effect for the future or adjust your cookie settings via our cookie consent banner. You can also set your browser to inform you about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or generally, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

If you subscribe to our newsletter, we process your email address for the purpose of sending the newsletter on the basis of your consent (Art. 6(1)(a) GDPR). Providing your email address is necessary to receive the newsletter. Optionally, further data (e.g., name) may be collected for personalization. Subscription to our newsletter is done using a so-called double opt-in procedure. This means that after subscribing, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent anyone from subscribing with someone else's email address. Newsletter subscriptions are logged in order to be able to prove the subscription process in accordance with legal requirements. This includes storing the time of subscription and confirmation, as well as the IP address.

You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter email, by email to [email protected], or by sending a message to the contact details provided above.

When you contact us (e.g., via contact form or email), the data you provide (your email address, possibly your name and telephone number, and the content of your inquiry) will be stored by us to answer your questions and process your request. The legal basis for processing data transmitted in the course of sending an email or using a contact form is Art. 6(1)(f) GDPR (our legitimate interest in responding to your inquiry). If the contact aims at concluding a contract, an additional legal basis for processing is Art. 6(1)(b) GDPR. We delete the data arising in this context after storage is no longer necessary, or restrict processing if statutory retention obligations exist.

Your personal data will generally not be transferred to third parties for purposes other than those listed in this policy, unless: you consent (Art. 6(1)(a) GDPR); it's necessary for legal claims (Art. 6(1)(f) GDPR); there's a legal obligation (Art. 6(1)(c) GDPR); or it's necessary for contract processing (Art. 6(1)(b) GDPR, e.g., to payment providers via Ticket Tailor, Ticket Tailor, Calendly). We use processors like Firebase, Cloudinary, Ticket Tailor under DPAs (Art. 28 GDPR).

If we process data or use third-party services (like Google Firebase/Analytics/Fonts, Cloudinary, Calendly, Meta) involving data transfer outside the EU/EEA, it's based on (pre)contractual obligations, consent, legal obligation, or legitimate interests, and only if Art. 44 ff. GDPR requirements are met. This includes:
The EU-U.S. Data Privacy Framework for certified U.S. providers like Google (for Firebase, Analytics, Fonts) and Calendly.
Standard Contractual Clauses (SCCs) for providers not (or not yet) DPF certified for the specific service, or as an alternative safeguard. This applies to Cloudinary, and potentially to sub-processors used by Ticket Tailor or payment providers if they transfer data to the U.S. without DPF certification. Transfers related to Meta platforms (Instagram, WhatsApp) also rely on DPF certification or SCCs.

You have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), withdraw consent (Art. 7(3)), object (Art. 21), and lodge a complaint (Art. 77 GDPR) with a supervisory authority.

To exercise your rights, email [email protected] or write to our address in Section 1.

We use SSL encryption on https://myojas.de/ and employ technical and organizational security measures (TOMs) to protect your data. Our security measures are continuously improved.

This privacy policy is current as of August 7, 2024. It may be amended due to website development or changed legal/official requirements.