Privacy Policy

1) Introduction and Contact Details of the Controller

We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is any data with which you can be personally identified.

The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Michael Wellhöfer, Dr. Michael Wellhöfer, Toftstraße 1, 25917 Leck, Germany, Tel.: +49 (0)176 416 499 32, Email: mail@dr-wellhoefer.de. The controller responsible for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

When using our website purely for information purposes, i.e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to the page server (so-called "server log files"). When you access our website, we collect the following data that is technically necessary for us to display the website to you:

• Our visited website
• Date and time at the time of access
• Amount of data sent in bytes
• Source/reference from which you reached the page
• Browser used
• Operating system used
• IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used for any other purpose. However, we reserve the right to subsequently check the server log files if there are concrete indications of unlawful use.

For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

For hosting our website and displaying the page content, we use a provider who provides its services itself or through selected subcontractors exclusively on servers within the European Union.

All data collected on our website is processed on these servers.

We have concluded a data processing agreement with the provider that ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

4) Contact

4.1 Calendly

To provide an online appointment booking function, we use the services of the following provider: Calendly, LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA

For the purpose of scheduling appointments, first and last name as well as email address (and if applicable, telephone number if a telephone appointment is desired) are collected in accordance with Art. 6 para. 1 lit. b GDPR and transmitted to the provider in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in effective customer management and efficient appointment management and stored there for appointment organization.

After the appointment has been held or after the agreed appointment period has expired, your data will be deleted by the provider.

We have concluded a data processing agreement with the provider that ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level on the basis of an adequacy decision by the European Commission.

4.2 WhatsApp Business

You have the option of contacting us via the WhatsApp messaging service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called "Business version" of WhatsApp.

If you contact us via WhatsApp in connection with a specific transaction (for example, an order placed), we store and use the mobile phone number you use on WhatsApp and – if provided – your first and last name in accordance with Art. 6 para. 1 lit. b GDPR to process and respond to your request. On the basis of the same legal basis, we may ask you via WhatsApp to provide additional data (order number, customer number, address or email address) in order to be able to assign your inquiry to a specific process.

If you use our WhatsApp contact for general inquiries (for example, about our range of services, availability or our website), we store and use the mobile phone number you use on WhatsApp and – if provided – your first and last name in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the efficient and timely provision of the requested information.

Your data is only ever used to respond to your request via WhatsApp. No disclosure to third parties takes place.

Please note that WhatsApp Business has access to the address book of the mobile device we use for this purpose and automatically transfers phone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. To operate our WhatsApp Business account, we use a mobile device in whose address book only the WhatsApp contact details of users who have also contacted us via WhatsApp are stored.

This ensures that every person whose WhatsApp contact details are stored in our address book has already consented to the transmission of their WhatsApp phone number from the address books of their chat contacts in accordance with Art. 6 para. 1 lit. a GDPR when first using the app on their device by accepting the WhatsApp terms of use. A transmission of data from users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.

Please refer to WhatsApp's privacy policy for the purpose and scope of data collection and the further processing and use of data by WhatsApp, as well as your related rights and setting options to protect your privacy: https://www.whatsapp.com/legal/?eea=1#privacy-policy

We have concluded a data processing agreement with the provider that protects the data of our site visitors and prohibits disclosure to third parties.

Within the scope of the above-mentioned processing, data may be transferred to servers of Meta Platforms Inc. in the USA.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level on the basis of an adequacy decision by the European Commission.

4.3 General Contact

When contacting us (e.g. via contact form or email), personal data is collected. Which data is collected when using a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for establishing contact and the associated technical administration.

The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after final processing of your request. This is the case when it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no legal retention obligations to the contrary.

4.4 Use of AI-Supported Tools

To support my professional work, I use AI-supported tools in individual cases, in particular for structuring content, linguistic revision, and reflection on professional questions.

Personal data is processed exclusively in anonymized or abstracted form. Processing of particularly sensitive personal data does not occur or only in highly generalized, non-traceable form.

No automated decision-making within the meaning of Art. 22 GDPR takes place. The content-related, professional, and ethical responsibility for all services lies at all times entirely with the controller.

5) Accounting and Invoicing

For accounting and invoice creation, we use the service provider sevDesk GmbH, Hauptstraße 115, 77652 Offenburg, Germany.

In the context of using sevDesk, personal data (e.g. name, address, invoice data) is processed insofar as this is necessary for contract fulfillment and to fulfill legal retention obligations.

The processing is based on Art. 6 para. 1 lit. b GDPR (contract fulfillment) as well as Art. 6 para. 1 lit. c GDPR (legal obligation).

sevDesk processes the data as a processor. Processing takes place on servers within the European Union.

6) Rights of the Data Subject

The applicable data protection law grants you the following data subject rights (information and intervention rights) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the cited legal basis for the respective exercise requirements:

• Right of access according to Art. 15 GDPR
• Right to rectification according to Art. 16 GDPR
• Right to erasure according to Art. 17 GDPR
• Right to restriction of processing according to Art. 18 GDPR
• Right to notification according to Art. 19 GDPR
• Right to data portability according to Art. 20 GDPR
• Right to withdraw consents given according to Art. 7 para. 3 GDPR
• Right to lodge a complaint according to Art. 77 GDPR

RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCING OF INTERESTS DUE TO OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

7) Duration of Storage of Personal Data

The duration of storage of personal data is based on the respective legal basis, the processing purpose and – if applicable – additionally on the respective statutory retention period (e.g. commercial and tax retention periods).

When processing personal data on the basis of express consent in accordance with Art. 6 para. 1 lit. a GDPR, this data is stored until you revoke your consent.

If there are statutory retention periods for data that is processed within the framework of legal or quasi-legal obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data is routinely deleted after the retention periods have expired, provided that it is no longer required for contract fulfillment or contract initiation and/or we have no legitimate interest in continued storage.

When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until you exercise your right to object according to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until you exercise your right to object according to Art. 21 para. 2 GDPR.

Unless otherwise indicated in the other information in this declaration regarding specific processing situations, stored personal data is otherwise deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

Last updated: January 3, 2026