Back to Home

Privacy Policy

Last updated: December 21, 2024

1. Controller

supplement-check.eu

Stromberger Str. 22J, 55545 Bad Kreuznach, Germany

Email: [email protected]

2. Data Collection

2.1 Registration Data

  • Email address, Password (encrypted)
  • IP address, Geolocation (country/city)
  • Registration timestamp

2.2 Usage Data

  • Product data, Dosages, Target countries
  • Compliance reports, Analysis results
  • Session cookies (NextAuth)

2.3 Automatically Collected

  • IP address, Browser type, Operating system
  • Access timestamps, Referrer URL

3. Legal Basis

  • Art. 6(1)(b) GDPR: Contract performance (registration, service usage)
  • Art. 6(1)(f) GDPR: Legitimate interest (fraud prevention, website operation)
  • Art. 6(1)(a) GDPR: Consent (Google Analytics, cookies)

4. Data Sharing and Third Country Transfer

Servers in the USA

Our servers are located in the USA (Oregon, US-West-2) and operated by Abacus.AI. This constitutes a data transfer to a third country. The transfer is based on EU Standard Contractual Clauses.

Third-Party Service Providers

  • Stripe: Payment processing (EU-US Data Privacy Framework)
  • Google Analytics: Web analytics (IP anonymization enabled)
  • Abacus.AI: Hosting, LLM APIs (USA)
  • ipapi.co: IP geolocation

5. Cookies and Tracking

5.1 Essential Cookies

We use technically necessary session cookies for authentication and session management (NextAuth.js).

5.2 Google Analytics

We use Google Analytics to analyze user behavior. IP anonymization is enabled. You can prevent Google's data collection: Browser Add-on

6. Data Retention

  • User account: Until account deletion
  • Compliance reports: 30-365 days (depending on subscription tier)
  • Logfiles: 7 days
  • Payment data: Legal retention periods (10 years)

7. Your Rights

Access (Art. 15 GDPR)

You can request information about your stored data.

Rectification (Art. 16 GDPR)

You have the right to correction of inaccurate data.

Erasure (Art. 17 GDPR)

You can request deletion of your data.

Data Portability (Art. 20 GDPR)

You can receive your data in a structured format.

Complaint (Art. 77 GDPR)

You have the right to complain to a supervisory authority:

State Commissioner for Data Protection Rhineland-Palatinate
Hintere Bleiche 34, 55116 Mainz, Germany
www.datenschutz.rlp.de

8. Data Security

  • SSL/TLS encryption (HTTPS)
  • Password hashing with bcrypt
  • Secure session management
  • Regular security updates

9. Disclaimer

No Legal Advice: The compliance checks provided are for informational purposes only and do not constitute legal advice. Despite careful review, we assume no liability for the completeness and accuracy of regulatory data.

10. Contact

For privacy questions, please contact us at: [email protected]

ImprintTerms & Conditions