Privacy Policy for [Your Business Name]

---

1. Introduction

We prioritize protecting your personal data and privacy. This Privacy Policy explains how [Your Business Name] collects, processes, and uses personal data when using our website and services.
Personal data refers to any information that relates to an identifiable person, such as names, IP addresses, and contact details.
This policy complies with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1.1 Contact Information

Responsible entity according to Art. 4 para. 7 GDPR is:

• [Your Business Name]
• Address: [Your Business Address]
• Email: [Your Support Email Address]

If you have questions about our privacy practices or this Privacy Policy, please contact us at the email above.

1.2 Scope of Data Processing, Processing Purposes, and Legal Basis

The legal basis for data processing depends on the purpose of processing, generally falling into the following categories:

• Consent: Art. 6 para. 1 lit. a GDPR for processing based on user consent.
• Contractual Obligation: Art. 6 para. 1 lit. b GDPR for processing required to fulfill a contract.
• Legal Obligation: Art. 6 para. 1 lit. c GDPR for processing required to comply with a legal obligation.
• Legitimate Interests: Art. 6 para. 1 lit. f GDPR for processing based on our legitimate interest, such as maintaining our website’s functionality.

1.3 Data Processing Outside the EEA

When data transfers to service providers outside the EEA are necessary, we ensure data security according to the GDPR through EU-approved Standard Contractual Clauses or based on EU Commission adequacy decisions.

1.4 Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected, subject to legal retention requirements. Once data retention is no longer required, data is deleted or restricted from further processing.

2. Data Subject Rights

Individuals have the following rights regarding their personal data:

• Right to Access: Obtain information on whether your data is being processed and request a copy of it.
• Right to Rectification: Request correction of incorrect or incomplete personal data.
• Right to Erasure: Request deletion of personal data if no longer needed for the original purpose.
• Right to Restriction of Processing: Request restriction of data processing under certain conditions.
• Right to Object: Object to data processing based on legitimate interests.
• Right to Data Portability: Request transfer of your data to another provider, if technically feasible.
• Right to Withdraw Consent: Withdraw consent at any time, which will not affect the legality of data processing done before the withdrawal.
• Right to File a Complaint: File a complaint with a data protection authority.

3. Data Processing on Our Website

3.1 Informational Website Use

For website visitors who do not provide specific information, we collect minimal data (e.g., IP address, browser details) for technical purposes, security, and optimization of our website. Legal basis: Art. 6 para. 1 lit. f GDPR.

3.2 Orders

When ordering through our platform, we collect the following data:

• First and last name
• Email address
• Billing and shipping address
• Phone number
• Date of birth
• Prescription data if required

This data is used to fulfill customer orders. Legal basis: Art. 6 para. 1 lit. b GDPR for contract performance.

3.3 Cookies and Tracking

Our website uses essential cookies to enhance the user experience, which may involve saving preferences or analyzing site usage. Users can control cookie settings through their browser preferences. The legal basis for necessary cookies is our legitimate interest (Art. 6 para. 1 lit. f GDPR).

3.4 Payment Providers

We use third-party payment processors like [PayPal, Credit Card Processor]. Your payment data is shared only as necessary to complete payment transactions and are processed in compliance with GDPR requirements. Legal basis: Art. 6 para. 1 lit. b GDPR.

3.5 Customer Support and Contact

We collect personal data (e.g., name, email address) when you contact us for support. This data is stored only for as long as needed to handle the inquiry. Legal basis: Art. 6 para. 1 lit. f GDPR.

4. Newsletter and Marketing Communications

With customer consent, we may send occasional newsletters or updates. Customers can unsubscribe at any time via the unsubscribe link in any email. Legal basis: Art. 6 para. 1 lit. a GDPR.

5. Data Processing for Social Media

We operate profiles on social media platforms, where user data may be processed based on the platform’s privacy policies. Data we process in response to direct contact through these channels is based on our legitimate interest in providing customer service. Legal basis: Art. 6 para. 1 lit. f GDPR.

6. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Updates will be posted on our website, and the date of the latest revision will be indicated.

For any questions or feedback on this Privacy Policy, please reach out to our support team via email.