Privacy Policy

pursuant to Art. 13, 14 GDPR (EU General Data Protection Regulation) · Last updated: May 2025

1. Privacy at a Glance

The following provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you.

Data processing on this website is carried out by the website operator, Columbus Health Products GmbH. Your data is collected, on the one hand, when you provide it to us (e.g. when booking an appointment or registering for a seminar). Other data is collected automatically, or after your consent, when you visit the website — in particular technical data (IP address, browser, operating system, time of the page visit).

Analytics and marketing data is processed exclusively after your explicit consent.

2. Data Controller

Columbus Health Products GmbH
Kasernenstr. 1b
40213 Düsseldorf, Germany
Represented by: Prof. PD Dr. med. Albrecht Molsberger, Dr. med. Gabriele Böwing
Email: info@chp-gmbh.com · Privacy: datenschutz@axomera.com

3. Legal Bases for Processing

We process personal data on the following legal bases:

The processing of data via tracking technologies is also subject to § 25 TTDSG.

4. Hosting & Content Delivery Network

This website is hosted by an external cloud infrastructure provider. The personal data is stored on their servers in the USA. A data processing agreement (DPA) pursuant to Art. 28 GDPR is in place with the provider; data transfer is secured by EU Standard Contractual Clauses (SCCs).

We use Cloudflare, Inc. as a CDN and as a Web Application Firewall (WAF). We also operate media storage via Cloudflare R2 at cdn.axomera.com. Legal basis: Art. 6(1)(f) GDPR.

5. Data Collection on This Website

Server log files

The hosting provider automatically collects information in server log files: browser type, operating system, referrer URL, hostname, IP address and time of the server request. This data is deleted after a maximum of 30 days. Legal basis: Art. 6(1)(f) GDPR.

Appointment booking (Calendly)

For online appointment booking we use Calendly LLC (Atlanta, USA). When booking, name, email address, phone number, specialty, selected appointment and time zone are transmitted to Calendly via a server-side API integration. Legal basis: Art. 6(1)(b) GDPR.

Seminar registrations (Pipedrive)

For seminar registrations, name, email address, phone number, practice name, specialty and interest profile are collected and transmitted server-side to Pipedrive OÜ (Tallinn, Estonia) as a CRM lead. Legal basis: Art. 6(1)(b) GDPR.

6. Cookies & Consent Management

This website uses cookies and comparable storage technologies (localStorage). A cookie banner is displayed on your first visit. Consent is voluntary and can be revoked at any time via the "Cookie & Advertising Compliance Settings" link in the footer.

Cookie categories:

7. Analytics & Marketing Tools

After consent, we use the following services: Google Analytics 4 (page analytics), Microsoft Clarity (heatmaps/session recordings), Meta Pixel / Meta Conversions API (conversion tracking), LinkedIn Insight Tag (marketing tracking) and Google Tag Manager (tag management). All analytics and marketing tools are activated exclusively after explicit consent via the cookie banner.

8. Third-Party Services

We use the following third parties: cloud infrastructure (hosting, USA/SCCs), Cloudflare Inc. (CDN/WAF, USA/SCCs), Google Ireland Ltd. (GTM, GA4), Meta Platforms Ireland Ltd. (Pixel, CAPI), Vimeo Inc. (video embedding, USA/SCCs), Calendly LLC (appointment booking, USA/SCCs), Pipedrive OÜ (CRM, USA-EU/SCCs), LinkedIn Ireland Unlimited Company (Insight Tag, USA/SCCs), Microsoft Ireland Operations Ltd. (Clarity, USA/SCCs).

9. Your Rights

You have the following rights regarding your stored personal data: access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection (Art. 21). Any consent given can be withdrawn at any time without giving reasons.

Contact for privacy inquiries: datenschutz@axomera.com

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the member state of your habitual residence, place of work, or place of the alleged infringement.

10. Data Security

For security reasons, this website uses SSL/TLS encryption (HTTPS). All data transfers between your browser and our servers are encrypted. Cloudflare also protects the website with a Web Application Firewall (WAF) and DDoS mitigation.

11. Retention Periods

Server log files are deleted after a maximum of 30 days. Booking and seminar registration data is stored in accordance with commercial and tax law retention requirements (generally 10 years). Consent logs are retained until revocation plus 3 years. Marketing cookies expire after 90 days. Analytics data (GA4) is deleted after 14 months.

12. Changes to This Privacy Policy

We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to implement changes to our services. The current privacy policy applies to your next visit. Last updated: May 2025.