Privacy Policy

[Company Name] [Street, Number] [Postal Code City] Germany Email: [Email] (hereinafter "we" or "Controller")

We process personal data in connection with our web-based platform for myopia management and vision training. Processing is based on the following legal grounds: - Art. 6(1)(b) GDPR: Performance of contract (provision of the platform for registered practices) - Art. 6(1)(f) GDPR: Legitimate interest (security and stability of the platform) - Art. 9(2)(h) GDPR: Processing of health data for preventive medicine purposes (clinical measurement data is collected and processed exclusively by medical professionals)

We process the following categories of personal data: - Account data: Email address, practice name, specialty - Clinical measurement data: Refraction values, biometry, keratometry and other ophthalmological measurements (stored in pseudonymized form) - Usage data: Time of access, features used (no tracking cookies, no third-party analytics)

Your data is hosted exclusively on servers in Germany. Recipients are: - Our hosting provider (data center in Germany, data processing agreement pursuant to Art. 28 GDPR) - No disclosure to third parties - No transfer to third countries

Account data is stored for the duration of use and deleted within 30 days after termination. Clinical measurement data is deleted after termination, unless statutory retention obligations apply. You can request deletion of your data at any time.

You have the following rights regarding your personal data: - Right of access (Art. 15 GDPR) - Right to rectification (Art. 16 GDPR) - Right to erasure (Art. 17 GDPR) - Right to restriction of processing (Art. 18 GDPR) - Right to data portability (Art. 20 GDPR) - Right to object (Art. 21 GDPR) To exercise your rights, please contact: [Email]

You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data. Competent supervisory authority: [Name of competent state authority] [Address of supervisory authority]

We implement comprehensive technical and organizational measures to protect your data: - Encryption of all data in transit (TLS/HTTPS) - Encryption of sensitive data at rest (AES-256) - Role-based access control - Regular security updates - Hosting exclusively in German data centers

We only use technically necessary session cookies for authentication. No tracking cookies, no third-party analytics tools, and no advertising cookies are used. A cookie banner is therefore not required, as no consent-dependent cookies are used.