Privacy Policy

Responsible Party

CT Healthcare GmbH
Columbiadamm 33
10965 Berlin
Email: info@ct-healthcare.de

CT Healthcare is the data controller for personal data.

Scope

These privacy notices apply to all online offerings and when referenced from other services, regardless of access method.

Third-Party Services and Content

The offering includes content and services from other providers. Transmission of IP addresses to third-party providers is technically necessary. While efforts are made to use providers who only need IP addresses for content delivery, we cannot control whether IP addresses are stored for statistical purposes.

Data Transfers to Third Countries

Data transfers to countries outside the EU occur only under legally regulated permissible conditions. Transfers without contract fulfilment, consent, or legal necessity require either an adequacy decision under Article 45 GDPR or appropriate safeguards under Article 46 GDPR. The "Data Privacy Framework (DPF)" provides adequacy for the USA (effective July 2023). EU Standard Contractual Clauses create appropriate guarantees.

Data Sharing with Third Parties

Unauthorised transmission to third parties does not occur. External service providers must implement appropriate technical and organisational measures and comply with applicable data protection regulations.

Third-Party Websites and Links

Our services may provide links to third-party operated websites. We are not responsible for their privacy, security, or content accuracy. Link inclusion does not constitute endorsement unless explicitly stated.

Data Minimisation

Personal data is stored only as long as required or legally mandated. When purposes end or storage periods expire, data is blocked or deleted.

Data Security and Retention

No security measures are perfect or impenetrable. We cannot guarantee "perfect security." Sensitive information transmission through unsecure channels is not recommended. Data retention depends on factors including account management needs, service provision, legal compliance, dispute resolution, and contract enforcement.

Personal Data Categories

Depending on interaction, location, and applicable law, we may process the following personal data categories:

• Contact information: name, addresses, phone, email
• Financial data: card numbers, payment details, transaction information
• Account information: username, password, security questions, settings
• Transaction information: viewed items, cart contents, purchases, returns
• Communication: customer support enquiries
• Device information: browser type, IP address, unique identifiers
• Usage information: interaction patterns with services

Data Collection on Website Visit

For informational website use without registration, we collect only data technically necessary for display and security (legal basis: Article 6(1)(f) GDPR, legitimate interest):

• IP address
• Hostname
• Request date/time
• GMT time zone difference
• Request content (specific page)
• Access status / HTTP status code
• Data volume transferred
• Referring website
• Browser type, version, language
• Operating system

Cookies

The website uses cookies — text files stored on your computer by the server, containing information about browser, IP address, operating system, and internet connection. Data is not shared with third parties or linked with personal data without consent. Cookies facilitate navigation and ensure correct webpage display. They are not used for virus distribution or program launching. You may access offerings without cookies by adjusting browser settings, though some functions may be impaired.

Essential Cookies

Essential cookies do not require consent and are processed under Article 6(1)(f) GDPR based on legitimate interests in smooth, optimal website usage and display.

Cookie Consent

The website uses a cookie-consent tool to request consent for technically non-required cookies and document consent per applicable regulations. Legal basis: Article 6(1)(c) GDPR — legal obligation per CJEU judgment October 1, 2019, Case C-673/17, requiring prior consent for technically non-required cookies.

Shopify

Shopify is the software creating our online shop, providing services. Provider: Shopify International Ltd. (Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, XN32, Ireland). Shopify collects and processes personal data regarding your service access and use to provide and improve services. Legal basis: Article 6(1)(b) GDPR (pre-contractual measures/contract fulfilment). Data storage duration corresponds to purpose requirements and business reasons or applicable legal retention periods. We work with Shopify under a Data Processing Agreement per Article 28 GDPR.

Contact Requests

Contact information submitted via email or phone is stored for processing and follow-up questions. Disclosure is entirely voluntary. Processing legal basis: Article 6(1)(b) GDPR if related to contract fulfilment or pre-contractual measures. Otherwise: Article 6(1)(f) GDPR (legitimate interest in effective request handling). You may object at any time. Data remains until deletion is requested, processing is opposed, or storage purposes end.

Your Rights

Under applicable law, you have the perpetual right to free information about stored personal data, its origin, recipients, processing purpose, and the right to correction, blocking, or deletion.

Consent Withdrawal: Previously granted consent may be withdrawn at any time through informal notice to us via email. Pre-withdrawal processing legality remains unaffected.

Right to Object (Article 21 GDPR): When processing occurs under Article 6(1)(a) or (f) GDPR, you have the right to object at any time based on circumstances specific to your situation; this includes profiling.

Right to Lodge a Complaint: GDPR violations grant affected parties complaint rights with supervisory authorities. Our supervising authority: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Alt-Moabit 59-61, Phone: +49 30 138890, Email: mailbox@datenschutz-berlin.de.

Data Portability: You have the right to receive data processed automatically based on your consent or contract fulfilment in a standard, machine-readable format from us or another party. Direct transfer to another controller occurs only where technically feasible.