Privacy Policy

With this privacy policy, we aim to provide transparent information about the type, scope, and purpose of the personal data we collect, use, and process, and to inform you of your rights. The processing of personal data is governed by the General Data Protection Regulation (GDPR) and the provisions of the Federal Data Protection Act (BDSG).

Contents:

• General Information
• Data processing on my website
• Further data processing
• Data processing on our social media presences

General Information

Name and contact details of the controller

DELP Investment Freezone Company
Dubai Silicon Oasis, DDP, Building A1
Dubai, United Arab Emirates
Represented by: Lee Paulina Pape (General Manager) & Lisa Emmer (Secretary Manager)
Email: lee@hormonic.de , lisa@hormonic.de

Types of personal data processed

Personal data is information that can be directly or indirectly attributed to you. In this respect, we process, for example, the following data:

• Inventory data (e.g. names, addresses)
• Applicant data (e.g. personal details, postal and contact addresses, as well as the application documents such as cover letter, CV, certificates)
• Content data (e.g. text entries, photographs, videos)
• Contact details (e.g. email, telephone numbers)
• Meta/communication data (e.g. device information, IP addresses)
• Usage data (e.g. websites visited, interest in content, access times)
• Location data (data indicating the location of an end user's device)
• Contract data (e.g. subject matter, term, customer category)
• Payment data (e.g. bank details, invoices, payment history)

Categories of data subjects

In the course of our activities, we process personal data of various categories of data subjects:

• Business and contractual partners
• Interested parties
• Communication partner
• Customers
• Users (e.g. website visitors, users of online services)
• suppliers
• Employees (e.g. employees, applicants, former employees)

Purposes of processing

We process personal data for various purposes in order to provide you with our services in the best possible way. As a general rule, we process your data only to the extent necessary to achieve the stated purposes and in compliance with the principles of data minimization and purpose limitation. Below you will find an overview of the purposes of processing:

• Provision of contractual services
• Customer service
• Contact requests and communication
• Office and organizational procedures
• Marketing and conversion measurement
• Provision of our online services and user-friendliness
• Visit action analysis
• Application procedure (justification, possible implementation and termination of the employment relationship)
• Cross-device tracking (cross-device processing of user data for marketing purposes)
• Remarketing
• Reach measurement (e.g. access statistics, recognition of recurring visitors)
• Security measures
• Tracking (e.g. interest/behavior-based profiling, use of cookies)
• Server monitoring and error detection

Legal basis

We process this personal data only on the basis of legal permission in accordance with the General Data Protection Regulation. This is the case, for example, if:

• You have expressly given us your consent to do so in accordance with Art. 6 (1) (a) GDPR.
• Processing pursuant to Art. 6 (1) (b) GDPR is necessary to fulfil a contract to which you are a contractual partner or to carry out pre-contractual measures.
• To fulfill a legal obligation according to Art. 6 (1) (c) GDPR.
• The processing is necessary to protect our legitimate interests or the interests of a third party pursuant to Art. 6 (1) (f) GDPR.

Data storage period

How long we store your personal data depends on the type of data in question. Generally, we only store your data for as long as necessary to fulfill our contractual or legal obligations, or until you have withdrawn your consent.

Sharing of data

We will only share your personal information with third parties under the following conditions:

• You have expressly given your consent to this in accordance with Art. 6 (1) (a) GDPR.
• The transfer takes place in accordance with Art. 6 (1) (f) GDPR to protect our legitimate interests.
• There is a legal obligation to pass on data according to Art. 6 (1) (c) GDPR.
• The transfer is necessary for the processing of contractual relationships in accordance with Art. 6 (1) (b) GDPR.

Data processing on my website

Provision of the website

When you visit our website, the browser used on your device automatically sends information, including personal data, to our website server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatically deleted:

• IP address of the requesting computer
• Date and time of access
• Name and URL of the retrieved file
• Website from which access is made (referrer URL)
• Browser used and, if applicable, the operating system of your computer as well as the name of your access provider

The legal basis for the temporary storage of data and log files is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. We process the aforementioned data for the following purposes:

• Ensuring a smooth connection to the website
• Ensuring comfortable use of our website
• Evaluation of system security and stability
• For further administrative purposes

The data will be deleted or blocked as soon as it is no longer required to achieve the purpose for which it was collected. Your IP address will no longer be processed once the respective session (visiting our website) has ended.

Contact us

Our website offers you various ways to contact us and use various services (e.g., scheduling appointments for our telehealth services). This is possible via:

• The contact form
• Schedule a telemedicine consultation (via Calendly)
• By email
• By phone

If you use one of these contact options, we will store and process the data you voluntarily provide to us. This may include, but is not limited to, the following:

• Surname/first name and address
• E-mail address
• Telephone number
• Content of the message
• Account details
• Health data

The legal basis for processing is our legitimate interest in responding to your contact request in accordance with Art. 6 (1) (f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

Newsletter

We offer you the opportunity to subscribe to a newsletter on our website. We would like to use the newsletter to regularly inform you about new products and news. We use the external service provider Klaviyo to send the newsletter in order to offer you an efficient and secure delivery system.

To subscribe to the newsletter, you must provide an email address. Further data is collected only on a voluntary basis. To verify your email address, you will first receive a registration email, which you must confirm via a link. We use this data exclusively to send the requested information and do not share it with third parties.

The legal basis for this is Art. 6 (1) (a) GDPR. You can revoke your consent to the storage of your data at any time, e.g., via the "unsubscribe" link in the newsletter. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent until the revocation. Further details on the Klaviyo privacy policy can be found here: https://www.klaviyo.com/legal/privacy-notice .

Use of cookies

Our website uses cookies in several places. These are small text files that your browser automatically creates and stores on your device when you visit our website. This identifies the browser you are using and allows our web server to recognize it.

Provision of website

Most cookies on our website are session cookies. These serve to ensure the functionality and security of our website. They are automatically deleted as soon as you leave our site. If personal data is processed and stored in this process, this is done on the basis of Art. 6 (1) (f) GDPR to protect our legitimate interests.

Cookie Consent Manager

We also use cookies to statistically record and evaluate the use of our website. The basis for the storage and processing of personal data is your consent in accordance with Art. 6 (1) (a) GDPR. In this context, we use the Pandectes consent manager. Details on Pandectes' privacy policy can be found here: Privacy Policy – ​​Pandectes .

Online payment services

For cashless payment of our goods and services, we offer you the option of processing the payment transaction via Stripe or PayPal. Data processing is carried out in accordance with Art. 6 (1) (b) GDPR. Details can be found here:

• Stripe Privacy Policy
• PayPal Privacy Policy

Further data processing

Other contractual relationships

We process personal data of individuals with whom we enter into contractual or business relationships. Personal data such as name, address, telephone number, email address, and contract details are provided to us to process inquiries or orders.

The legal basis is Art. 6 (1) (b) and (f) GDPR. Further information on data transfer and storage periods can be found under "General Information."

Data processing on our social media presences

We maintain online presences on the following social networks:

• YouTube
• Instagram
• Facebook
• TikTok

The privacy policies of the respective platforms can be found here:

• Facebook Privacy Policy
• Instagram Privacy Policy
• YouTube Privacy Policy
• TikTok Privacy Policy

Details on processing operations and your rights can be found in the respective data protection declarations of the platforms.

Data security

We exercise the utmost care and implement appropriate technical and organizational security measures to protect your data against unauthorized access by third parties or data loss. Our security measures are continuously improved in line with technological developments. However, please note that data transmission over the Internet (e.g., when communicating via email) always poses a security risk, as complete protection is not possible.

Changes to this privacy policy

This privacy policy is currently valid. Due to the ongoing development of our website or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. In this case, the privacy notices on this website will be adjusted accordingly.

Your rights

Under certain circumstances, you have the following rights with respect to us:

• Right to information: You have the right, in accordance with Art. 15 GDPR, to request information from us as to whether and to what extent we store or process your personal data.
• Right to rectification: According to Art. 16 GDPR, you have the right to have your data rectified and/or completed if the personal data concerning you that are processed are incorrect or incomplete.
• Right to erasure: You can request that the personal data concerning you be erased in accordance with Art. 17 GDPR, provided that other legal regulations or an overriding interest on our part do not conflict with this.
• Right to restriction of processing: Taking into account the requirements of Art. 18 GDPR, you can request that we restrict the processing of your data.
• Right to data portability: You have the right to receive your personal data in a structured, common and machine-readable format under the conditions of Art. 20 GDPR.
• Right to withdraw consent: Some data processing operations are only possible with your express consent. You have the right to withdraw your consent at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent until the withdrawal.
• Right of objection: You have the right under Art. 21 GDPR to object to the processing of personal data if there are reasons arising from your particular situation.

If you would like to exercise your rights, simply send an email to lee@hormonic.de or lisa@hormonic.de .

Data protection information for our social media presences

We maintain online presences on the following social networks:

• YouTube: https://www.youtube.com/@hormonicgermany
• Instagram: https://www.instagram.com/hormonic.de
• Facebook: https://www.facebook.com/hormonic.de
• TikTok: https://www.tiktok.com/@hormonic.de

In this context, we process user data in order to communicate with the users active there or to offer information about us.

Person responsible

DELP Investment Freezone Company
Dubai Silicon Oasis, DDP, Building A1
Dubai, United Arab Emirates
Represented by: Lee Paulina Pape (General Manager) & Lisa Emmer (Secretary Manager)
Email: hello@hormonic.de

General information

If you visit our page on a social media platform, personal data may be processed. The company providing the service is solely responsible for the processing of personal data within the online presence. You therefore use our social media pages and their functions at your own risk.

We would like to point out that user data may be processed outside the European Union. This could pose risks for users, for example, because it could make it more difficult to enforce their rights.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on user behavior and the resulting interests of users. These user profiles can then be used, for example, to place advertisements within and outside the networks that presumably correspond to the users' interests.

Joint responsibility

With regard to the operation of social media plugins and the associated processing of personal data, we and the respective social network providers are jointly responsible pursuant to Art. 26 GDPR. The social networks are solely responsible for further processing after forwarding to the respective server. Further information on data protection can be found in the respective providers' privacy policies.

Facebook and Instagram

Facebook and Instagram are services provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta"). Meta is solely responsible for the processing of personal data within its online presence. You therefore use interactive functions such as commenting, sharing, liking, or rating at your own risk.

When you visit our Facebook or Instagram page, Meta records, among other things, your IP address and other information that is present in the form of cookies on your device (PC, tablet, smartphone).

We, as the site operator, have no influence on the use of this data. You can find out how Meta uses data from visits to Facebook or Instagram for its own purposes, to what extent activities are assigned to individual users, how long the data is stored, and whether data from a visit to the online presence is shared with third parties here: https://www.facebook.com/privacy/policy .

The personal data collected when you visit our online presence may be transferred by Meta to countries outside the European Union, for example, to the USA. For data transfers to the USA, the EU-US Data Privacy Framework adequacy decision ensures an appropriate level of protection for certified companies for personal data. Meta is DPF-certified.

When users use our Facebook page, Meta provides us with statistical information and insights about how users use our online presence. Meta and we act as joint controllers for this processing of personal data in accordance with Art. 26 (1) GDPR. Meta and we have defined our data protection obligations through a joint controller agreement.

Due to joint controllership, you can assert your data subject rights against both us and Meta. Further information can be found in Meta's privacy policy: https://www.facebook.com/privacy/explanation .

YouTube

YouTube is a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google is solely responsible for the processing of personal data. You use interactive features, such as commenting or rating, at your own risk.

When you visit our YouTube page, Google records, among other things, your IP address and other information that is stored on your device in the form of cookies.

We, as the site operator, have no influence on the use of this data. You can find out how Google uses the data from your visit to the site for its own purposes, the extent to which activities are attributed to individual users, how long the data is stored, and whether data from a visit to the online presence is shared with third parties here: https://policies.google.com/privacy .

The personal data collected when you visit our online presence may be transferred by Google to countries outside the European Union, for example, to the USA. For data transfers to the USA, the EU-US Data Privacy Framework adequacy decision ensures an appropriate level of protection for certified companies for personal data. Google is DPF-certified.

TikTok

TikTok is a service provided by Beijing Bytedance Technology Ltd. The Irish company TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, is responsible for the European region. TikTok is solely responsible for the processing of personal data. You use the interactive features, such as duets and reactions, at your own risk.

When you visit our TikTok page, your IP address and other information stored on your device in the form of cookies are recorded.

We, as the site operator, have no influence on how the data is used. You can find out how TikTok uses the data from your visit to the site for its own purposes, to what extent activities are assigned to individual users, how long the data is stored, and whether data from a visit to the online presence is shared with third parties here: https://www.tiktok.com/legal/page/global/privacy-policy-eea-archive/de .

The personal data collected when you visit TikTok's online presence may be transferred by TikTok to countries outside the European Union, for example, to China. There is currently no adequacy decision for data transfer to China, which is why data transfer here may be risky.

Contacting, commenting, etc.

The data you voluntarily enter on our online presence, e.g., as part of a comment or message to us, in particular your user name and the published or shared content, may be processed by us in such a way that we can respond to or share the posts and messages. We do this processing in order to contact you and communicate with you. The legal basis for processing the data is Art. 6 (1) (f) GDPR.

We reserve the right to delete comments or posts in individual cases, for example, in the case of infringing or illegal posts, hate speech, or offensive comments. We have no influence over the deletion of your data by the operator themselves.