As of October 9, 2025

This privacy policy explains the nature, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within our online services and the associated websites, functions, and content, as well as external online presences such as our social media profiles (hereinafter collectively referred to as "online services"). Regarding the terms used, such as "personal data" or its "processing," we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Responsible

Deep Care GmbH

Königsallee 43

71638 Ludwigsburg

Email: info@deep-care.de

Represented by:

Dr. Milad Geravand

Register entry:

Registered in the commercial register

Register court: District Court 70190 Stuttgart

Registration number: HRB 769943

Types of data processed

• Inventory data (e.g. names, addresses)
• Contact details (e.g. email, phone numbers)
• Content data (e.g., text entries, photographs, videos)
• Contract data (e.g. subject matter of the contract, term, customer category)
• Payment details (e.g. bank details, payment history)
• Usage data (e.g. websites visited, interest in content, access times)
• Metadata/communication data (e.g., device information, IP addresses)

Processing of special categories of data (Art. 9 para. 1 GDPR)

As a general rule, no special categories of data are processed unless they are provided by the user for processing, e.g., entered into online forms.

Categories of persons affected by the processing

Customers, prospective customers, suppliers, visitors and users of the online service

(hereinafter, those affected will be collectively referred to as "users")

Purpose of processing

• Provision of the online service, its content and functions
• Provision of contractual services, service and customer support
• Responding to contact requests and communicating with users
• Marketing, advertising and market research
• Security measures

1. Relevant legal bases

In accordance with Article 13 of the GDPR, we inform you about the legal bases for our data processing. Unless otherwise stated in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the GDPR; the legal basis for processing data to fulfill our services and implement contractual measures, as well as to respond to inquiries, is Article 6(1)(b) of the GDPR; the legal basis for processing data to comply with our legal obligations is Article 6(1)(c) of the GDPR; and the legal basis for processing data to protect our legitimate interests is Article 6(1)(f) of the GDPR. In the event that processing personal data is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) of the GDPR serves as the legal basis.

2. Changes and updates to the privacy policy

We ask that you regularly review the content of our privacy policy. We will update the privacy policy as soon as changes to our data processing activities make this necessary. We will inform you if any changes require action on your part (e.g., consent) or any other individual notification.

3. Safety measures

In accordance with Article 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access to, input of, transfer of, and ensuring the availability and separation of the data. Furthermore, we have established procedures that guarantee the exercise of data subject rights, the deletion of data, and responses to data breaches. We also consider the protection of personal data during the development and selection of hardware, software, and processes, in accordance with the principles of data protection by design and by default (Article 25 GDPR).

The security measures include, in particular, the encrypted transmission of data between your browser and our server.

4. Cooperation with processors and third parties

If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this is done only on the basis of a legal permission (e.g., if the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR), if you have given your consent, if a legal obligation requires it, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).

If we commission third parties to process data on the basis of a so-called "data processing agreement", this is done on the basis of Art. 28 GDPR.

5. Transfers to third countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of using third-party services or disclosing or transferring data to third parties, this will only be done if it is necessary for the performance of our (pre-)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we will only process or have data processed in a third country if the special requirements of Articles 44 et seq. of the GDPR are met. This means, for example, that processing takes place on the basis of special guarantees, such as the officially recognized finding of a level of data protection equivalent to that of the EU (e.g., for the USA through the "Privacy Shield") or compliance with officially recognized specific contractual obligations (so-called "standard contractual clauses").

6. Rights of data subjects

You have the right to request confirmation as to whether data concerning you is being processed, and to access this data as well as further information and a copy of the data in accordance with Article 15 GDPR.

In accordance with Article 16 of the GDPR, you have the right to request the completion of your personal data or the rectification of inaccurate personal data concerning you.

In accordance with Article 17 GDPR, you have the right to request that the data in question be deleted without undue delay, or alternatively, in accordance with Article 18 GDPR, to request a restriction of the processing of the data.

You have the right to request access to the personal data concerning you that you have provided to us, in accordance with Article 20 GDPR, and to request its transmission to other controllers.

Furthermore, pursuant to Article 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.

7. Right of withdrawal

You have the right to withdraw your consent pursuant to Art. 7 para. 3 GDPR with effect for the future.

8. Right to object

You can object to the future processing of your personal data at any time in accordance with Article 21 of the GDPR. This objection can be made, in particular, against processing for direct marketing purposes.

9. Cookies and the right to object to direct marketing

Cookies are small files that are stored on users' devices. We use temporary and persistent cookies (non-essential cookies only if you have actively consented to them during the cookie selection process). Some cookies are used for security purposes or are necessary for the operation of our online services (e.g., for displaying the website) or to save the user's decision when confirming the cookie banner. In addition, we or our technology partners use cookies for audience measurement and marketing purposes, about which users are informed in the course of the privacy policy.

You can generally object to the use of cookies for online marketing purposes with many services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, you can prevent the storage of cookies by disabling them in your browser settings. Please note that this may prevent you from using all the features of this website.

10. Deletion of data

The data we process will be erased or its processing restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated otherwise in this privacy policy, the data stored by us will be erased as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it. If the data is not erased because it is required for other legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

According to legal requirements, records must be retained for 6 years in accordance with Section 257 Paragraph 1 of the German Commercial Code (HGB) (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with Section 147 Paragraph 1 of the German Fiscal Code (AO) (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).

11. Performance of contractual services

We process inventory data (e.g., names, addresses, and contact details of users) and contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and providing services in accordance with Article 6(1)(b) GDPR. Entries marked as mandatory in online forms are required for the conclusion of the contract.

Users can optionally create a user account, in which they can, in particular, view their orders. During registration, users are informed of the required mandatory information. User accounts are not public and cannot be indexed by search engines. If users terminate their user account, their data relating to the user account will be deleted, unless its retention is necessary for commercial or tax law reasons pursuant to Art. 6 para. 1 lit. c GDPR. It is the users' responsibility to back up their data before the end of the contract if they have terminated their account. We are entitled to irretrievably delete all user data stored during the contract period.

As part of the registration and login processes, as well as the use of our online services, we store the IP address and the time of each user action. This storage is based on our legitimate interests and the users' interest in protection against misuse and other unauthorized use. This data is generally not shared with third parties, unless it is necessary for pursuing our claims or there is a legal obligation to do so pursuant to Article 6(1)(c) GDPR.

We process usage data (e.g., the websites visited within our online service, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile, in order to show users, for example, product recommendations based on their previously used services.

Data is deleted after the expiry of statutory warranty periods and similar obligations; the necessity of retaining the data is reviewed every three years; in the case of statutory archiving obligations, deletion occurs after their expiry (end of the commercial (6 years) and tax (10 years) retention periods); information in the customer account remains until the account is deleted.

12. Booking portal and questionnaire

If a user (or an employee of our customer) wishes to book an ISA device for the agreed period, we ask the user to enter the following data in a booking portal: user's email address, desired start date of use, desired ISA color, delivery address with recipient's name.

This data is stored and used solely for planning and shipping ISA to the user, as well as for communicating with the user via email. We share the delivery address with our logistics partner DHL to create shipping and return labels.

At the end of the ISA usage, we send the user an email so that they can fill out an anonymous questionnaire.

Users can request changes to or deletion of their data via the contact email address provided to them.

13. Making contact

When you contact us (via contact form or email), the information provided by the user will be processed in accordance with Art. 6 para. 1 lit. b GDPR for the purpose of processing and handling the contact request.

User data may be stored in our Customer Relationship Management system (“CRM system”) or a comparable system for managing inquiries.

We delete inquiries when they are no longer needed. We review the necessity of retaining inquiries every two years; inquiries from customers with a customer account are stored permanently, and customers are directed to their account information for deletion instructions. In the case of statutory archiving obligations, deletion occurs after these obligations expire (end of the commercial (6 years) and tax-related (10 years) retention periods).

14. Comments and Contributions

When users leave comments or other contributions, their IP addresses are stored for 7 days based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR.

This is done for our protection in case someone posts illegal content in comments or posts (insults, prohibited political propaganda, etc.). In such cases, we ourselves could be held liable for the comment or post and are therefore interested in the author's identity.

15. Collection of access data and log files

Based on our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, we collect data about every access to the server on which this service is located (so-called server log files). Access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

Log file information is stored for a maximum of seven days for security reasons (e.g., to investigate misuse or fraud) and then deleted. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident has been fully resolved.

16. Online social media presence

We maintain an online presence on social networks and platforms to communicate with customers, prospects, and users active there and to inform them about our services. When accessing these networks and platforms, the terms and conditions and data processing policies of their respective operators apply.

Unless otherwise stated in our privacy policy, we process user data when users communicate with us within social networks and platforms, e.g. by posting on our online presences or sending us messages.

17. Cookies & Audience Measurement

Cookies are pieces of information that are transferred from our web server or third-party web servers to users' web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.

We use "session cookies," which are only stored for the duration of your current visit to our website (e.g., to save your login status or shopping cart contents, thus enabling you to use our online services). A session cookie contains a randomly generated, unique identification number, a so-called session ID. It also contains information about its origin and its expiration date. These cookies cannot store any other data. Session cookies are deleted when you finish using our website, for example, by logging out or closing your browser.

Users are informed about the use of cookies for pseudonymous audience measurement within the framework of this privacy policy.

If users do not wish to have cookies stored on their computer, they are asked to deactivate the corresponding option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. Disabling cookies may lead to functional limitations of this online service.

A general objection to the use of cookies for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

18. Integration of third-party services and content

Within our online services, we use content or service offerings from third-party providers based on our legitimate interests (i.e., our interest in analyzing, optimizing, and operating our online services economically, in accordance with Article 6(1)(f) GDPR) to integrate their content and services, such as videos or fonts (hereinafter referred to collectively as "Content"). This always requires that the third-party providers of this Content are aware of the users' IP addresses, as they cannot send the Content to their browsers without the IP address. The IP address is therefore necessary for displaying this Content. We strive to use only Content from providers who use the IP address solely for delivering the Content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. These pixel tags allow information such as visitor traffic on the pages of this website to be analyzed. The pseudonymous information can also be stored in cookies on the user's device and may include, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online service, as well as be combined with such information from other sources.

The following overview lists third-party providers and their content, along with links to their privacy policies, which contain further information on data processing and, in some cases, the opt-out options already mentioned here:

PayPal: If our customers use third-party payment services (e.g., PayPal or Sofortüberweisung), the terms and conditions and privacy policies of the respective third-party providers apply, which can be accessed within the respective websites or transaction applications.

Google Fonts: External fonts from Google, LLC, https://www.google.com/fonts ("Google Fonts"). Google Fonts are integrated by making a server request to Google (usually in the USA). Privacy policy: https://policies.google.com/privacy, Opt-out: https://adssettings.google.com/authenticated.

Tidio Live Chat: This website uses technology from Tidio Ltd., 220C Blythe Road, W14 0HH, London, United Kingdom (www.tidiochat.com). Anonymized data is collected and stored for web analytics purposes and to operate the live chat system for answering live support requests. Usage profiles can be created from this anonymized data under a pseudonym. Cookies may be used for this purpose. Cookies are small text files that are stored locally in the cache of the website visitor's internet browser. The cookies enable the internet browser to be recognized. The data collected using TidioChat technologies is not used to personally identify the visitor to this website and is not merged with personal data about the holder of the pseudonym without the separately granted consent of the data subject. To prevent the storage of TidioChat cookies, you can configure your internet browser so that no more cookies can be stored on your computer in the future or so that cookies that have already been stored are deleted. However, disabling all cookies may prevent some functions on our website from working properly. You can object to the collection and storage of data for the purpose of creating a pseudonymized user profile at any time with effect for the future by sending us your objection informally via email to the email address provided in the legal notice. Privacy policy: https://www.tidiochat.com/en/privacy-policy

19. Use of Google Analytics

Based on our legitimate interests (analysis, optimization and economic operation of our online service within the meaning of Art. 6 para. 1 lit. f GDPR), we use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google uses cookies. The information generated by the cookie about users' use of the online service is generally transmitted to and stored on a Google server in the USA. Google is certified under the EU-US Data Privacy Framework and therefore offers an adequate level of data protection.

Google will use this information on our behalf to evaluate users' use of our online services, to compile reports on activity within these online services, and to provide us with other services related to the use of these online services and internet usage. Pseudonymous user profiles may be created from the processed data.

We only use Google Analytics with IP anonymization enabled. This means that Google shortens the IP address of users within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

Users can prevent the storage of cookies by adjusting their browser settings accordingly; users can also prevent Google from collecting and processing data generated by the cookie and related to their use of the online service by downloading and installing the browser plugin available at the following link:

👉 https://tools.google.com/dlpage/gaoptout

Privacy policy: https://policies.google.com/privacy

Opt-Out: https://adssettings.google.com/authenticated

20. Use of Google Ads & Conversion Tracking

We use the online advertising program "Google Ads" and, within the framework of Google Ads, the conversion tracking service of Google Ireland Limited. If you access our website via a Google ad, Google Ads will store a cookie on your device.

Each Google Ads customer receives a different cookie. These cookies cannot therefore be tracked across the websites of different Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Ads customers who have opted in to conversion tracking.

We do not receive any personally identifiable information. If you do not wish to participate in tracking, you can opt out by disabling the Google conversion tracking cookie in your internet browser's user settings.

Privacy policy: https://policies.google.com/privacy

Opt-Out: https://adssettings.google.com/authenticated

21. Meta (Facebook) Pixel and Custom Audiences

Within our online service, the so-called “Meta-Pixel” of Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is used.

With the help of the Meta pixel, Meta can identify visitors to our website as a target audience for displaying advertisements (so-called "Facebook ads"). Accordingly, we use the Meta pixel to ensure that the Facebook ads we place are only shown to Facebook users who have demonstrated an interest in our website or who exhibit certain characteristics (e.g., interests in specific topics, determined based on the websites they visit) that we transmit to Meta.

Meta processes the data in accordance with Meta's data usage policy:

https://www.facebook.com/policy

You can object to the collection of your data by the meta-pixel and the use of your data for displaying Facebook ads here:

https://www.facebook.com/settings?tab=ads

22. Newsletters and email marketing

With your consent, we will only send newsletters, emails and other electronic notifications containing promotional information (hereinafter "newsletters") with the consent of the recipients or where legally permitted.

Subscription to our newsletter uses a double opt-in process. After registering, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent anyone from subscribing using someone else's email address.

The registration process is logged on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) to prove that the registration was lawful.

The newsletter contains a tracking pixel that enables statistical analysis. We can see whether newsletters are opened and which links are clicked. This data is used to improve the newsletter service and tailor it to users' interests.

Unsubscribe option: At the end of each newsletter or by sending a request to info@deep-care.de.

23. Payment service providers

We integrate payment services from third-party companies into our website. When you make a purchase with us, your payment data (e.g., name, payment amount, bank details, credit card information) is processed by the payment service provider for the purpose of payment processing.

The following payment services are used on our website:

Shopify Payments (Stripe) – Privacy Policy: https://www.shopify.com/legal/privacy / https://stripe.com/privacy

PayPal – Privacy Policy: https://www.paypal.com/webapps/mpp/ua/privacy-full

Klarna (if activated) – Privacy Policy: https://www.klarna.com/international/privacy-policy/

The legal basis for the transfer is Art. 6 para. 1 lit. b GDPR (performance of a contract) and partly Art. 6 para. 1 lit. f GDPR (legitimate interest in smooth payment processes).

24. Shopify platform

Our online shop is hosted by Shopify International Ltd., Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Shopify provides us with the e-commerce platform that allows us to sell our products.

Your data is stored through Shopify's data storage, databases, and the general Shopify application. They store your data on a secure server behind a firewall.

For more information, please see Shopify's privacy policy:

https://www.shopify.com/legal/privacy