Privacy policy

1) Information about the collection of personal data and contact details of the controller

1.1 We are delighted that you are visiting our website and thank you for your interest. Below, we provide information about how we handle your personal data when you use our website. The term “personal data” comprises all data that can be used to personally identify you.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is CallistoHealth GmbH (Erika-Mann-Straße 62-66, 80636 München, Email: businesscase@callistohealth.de). The controller is the natural person or legal entity that single-handedly or jointly with others makes decisions as to the purposes of and resources for the processing of personal data (e.g., names, e-mail addresses, etc.).

1.3 For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line. If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

2) Data recording on this website

Processing of data is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used for any other purpose. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

2.1. Hosting and Web Analytics

This website is hosted by Squarespace. As we are located outside of the US, Squarespace products and services to us are provided by: Squarespace Ireland Limited, Squarespace House, Ship Street Great, Dublin 8, Ireland, D08 N12C.

This website collects personal information to power our site analytics, including:

  • Information about your browser, network, and device

  • Web pages you visited prior to coming to this website

  • Web pages you view while on this website

  • Your IP address

This information may also include details about your use of this website, including:

  • Internal links

  • Pages visited

  • Scrolling

  • Searches

  • Timestamps

We provide this information to Squarespace, our website analytics provider, to learn about site traffic and activity.
Squarespace needs the data to run this website, and to protect and improve its platform and services. You can read more about how Squarespace uses your data (site usage information of end users) for its own purposes in their Privacy Policy.

In accordance with Art. 28 GDPR, a Data Processing Agreement (DPA) has been concluded with Squarespace, ensuring that Squarespace processes personal data exclusively on our instructions and in compliance with applicable data protection law.

2.2. Cookies

This website uses cookies and similar technologies, which are small files or pieces of text that download to a device when a visitor accesses a website or app. For information about viewing the cookies dropped on your device, visit The cookies Squarespace uses.

3) Contact

When you contact us (e.g. via the emails stated in the footer of this website), personal data will be processed solely for the purpose of processing and responding to your enquiry and only to the extent necessary for this purpose. The legal basis for the processing of this data is our legitimate interest in responding to your enquiry in accordance with Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no legal retention obligations to the contrary.

4) Rights of the data subject

4.1 The applicable data protection law grants you the following rights as a data subject vis-à-vis the controller with regard to the processing of your personal data (rights of access and intervention), whereby reference is made to the legal basis cited for the respective conditions for exercising these rights:

  • Right of access pursuant to Art. 15 GDPR;

  • Right to rectification pursuant to Art. 16 GDPR;

  • Right to erasure pursuant to Art. 17 GDPR;

  • Right to restriction of processing pursuant to Art. 18 GDPR;

  • Right to be informed pursuant to Art. 19 GDPR;

  • Right to data portability pursuant to Art. 20 GDPR;

  • Right to withdraw consent pursuant to Art. 7(3) GDPR;

  • Right to lodge a complaint pursuant to Art. 77 GDPR.

4.2 IN THE EVENT THAT DATA ARE PROCESSED ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS, ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS DATA PROTECTION DECLARATION.

IF YOU LOG AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING PROTECTION WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA, THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PURPOSE OF THE PROCESSING IS THE CLAIMING, EXERCISING OR DEFENCE OF LEGAL ENTITLEMENTS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS BEING PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING.

IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

4.3. The competent supervisory authority for CallistoHealth GmbH is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany (www.lda.bayern.de). You have the right to lodge a complaint with this authority if you believe that the processing of your personal data infringes the GDPR.

5) Duration of storage of personal data

The duration of storage of personal data is determined by the respective legal basis, the purpose of processing and, where relevant, additionally by the respective statutory retention period (e.g. commercial and tax law retention periods).

When processing personal data on the basis of express consent in accordance with Art. 6 (1) (a) GDPR, this data is stored until the data subject revokes their consent.

If there are statutory retention periods for data that is processed within the framework of legal transactions or legal obligations on the basis of Art. 6 (1) (b) GDPR, this data will be routinely deleted after the expiry of the retention periods, provided that it is no longer necessary for the fulfilment or initiation of a contract and/or we have no legitimate interest in its continued storage.

When processing personal data on the basis of Art. 6 (1) lit. f GDPR, this data is stored until the data subject exercises their right to object under Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until the data subject exercises their right to object under Art. 21 para. 2 GDPR.

Unless otherwise specified in the other information in this statement on specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.