EN DE

Privacy policy

At nilo.health, we take the protection of the personal data of the users of our web application very seriously. We want you to feel secure when using our services and therefore inform you as per the below about what data we collect from you and when and for what purposes we process and use it.

This Privacy Policy applies to our web application (web app) for registered nilo.health users at app.nilohealth.com.

1. Responsible controller and contact details of the data protection officer

The controller pursuant to Art. 4 (7) of the European Data Protection Regulation (DS-GVO) for the processing of your personal data is nilo.health GmbH (hereinafter referred to as “We” or “nilo.health”) Oranienstraße 6, 10997 Berlin, Germany, email: support@nilohealth.com

Concerns about data protection in relation to our website can be addressed to our data protection officer at any time, e.g. by e-mail to support@nilohealth.com or to our postal address (with the addition “Attn. Data Protection Officer).

2. Your rights

You have the following rights with regard to personal data related to you:

  • Right of access (Art. 15 GDPR),
  • Right to rectification (Art. 16 GDPR),
  • Right to erasure (Art. 17 GDPR; “right to be forgotten”),
  • Right to restriction of processing (Art. 18 GDPR),
  • Right to object to processing (Art. 21 GDPR),
  • right to data portability (Art. 20 GDPR).

You also have the right to lodge a complaint about our processing of your personal data with a data protection supervisory authority in the Member State of your residence, workplace or the place of the alleged infringement if you consider that the processing of personal data relating to you is carried out unlawfully.

Insofar as you have given us consent to process your data, you may revoke this consent at any time with effect for the future. The legality of the processing of your data until the revocation remains unaffected.

To assert your rights or for other data protection concerns, you can contact us at any time via the contact channels listed in section 1 above and/or in our imprint.

3. Supplementary information on your right of objection

We would also like to point out that if your personal data is processed on the basis of legitimate interest within the framework of the balance of interests pursuant to Art. 6 para.1 sentence 1 f) DSGVO and/or your personal data is processed for direct marketing purposes, you have the right to object to the processing of your personal data at any time.

4. Processing of personal data, processing purposes and legal bases

a. Information transmitted by your browser

When using our website for information purposes only, we only collect the data that your browser transmits to our server. (For the use of cookies and similar technologies on our website, please see the separate information below in section 6).

Every time you use the Internet, your Internet browser automatically transmits certain information that is stored by us in so-called log files. This is the following data, which is necessary to display our website to you and to ensure stability and security: IP address (Internet Protocol address), date and time of the request, content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request comes, browser, operating system and its interface, language and version of the browser software. It is not possible for us to draw conclusions about individual persons on the basis of this data. We store this data for a maximum of seven days for reasons of technical security, e.g. to defend against attacks on our web server.

The legal basis for the aforementioned processing is Art. 6 (1) p. 1 lit. f) DSGVO (processing is necessary to protect the legitimate interests of the controller).

b. Contact form

When you contact us via the contact form provided on the website, by e-mail, mail or telephone to the contact channels listed in the imprint, the data you provide (e.g. your e-mail address and name as well as the content of your inquiry) will be stored by us in order to process and respond to your questions or request. When using our online contact form, we collect your e-mail address from you; providing your first and last name, your telephone number and your company name is optional and not mandatory.

We delete the data accruing in this context after storage is no longer necessary (usually after your request has been fully dealt with), or restrict processing if there are legal obligations to retain data. The legal basis for the processing described above is, depending on the content of your request, Art. 6 (1) sentence 1 lit. f DSGVO (processing is necessary to protect the legitimate interests of the controller) or Art. 6 (1) sentence 1 lit. b DS-GVO (processing in connection with a contractual relationship with the data subject). We have a legitimate interest in providing persons/companies interested in our company or our services with an easy way to contact us.

c.  Newsletter subscription

With your consent, you can subscribe to our newsletter on our website. As a newsletter subscriber, you will regularly receive offers, news and information about nilo and the topic of Mental Health by e-mail. To subscribe to the newsletter, we process your e-mail address and your first and last name for the purpose of sending the newsletter and to be able to address you personally in the newsletter.

For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration we send you an e-mail to the specified e-mail address, in which we ask you to confirm that you wish to receive the newsletter. After your confirmation, we store your e-mail address for the purpose of sending the newsletter. The legal basis for the aforementioned processing for the purpose of sending the newsletter is Art. 6 (1) p. 1 lit. a) DSGVO (processing based on the consent of the data subject).

In addition, we store the times of registration and confirmation in each case. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. The legal basis for this is Art. 6 para. 1 p. 1 lit. f) DSGVO (processing is necessary to protect the legitimate interests of the controller).

When you subscribe to our newsletter, you simultaneously agree to the analysis and evaluation of the click and open rates of the newsletter. This enables us to track the success of our newsletter and which content the subscribers were particularly interested in (e.g. because they clicked on a link in the newsletter). With the analysis, we can better align our newsletter with the interests of our subscribers.

You can revoke your consent to the sending of the newsletter and the aforementioned evaluation/analysis of the click and opening rates at any time and unsubscribe from the newsletter. Please note that an isolated revocation of the analysis/evaluation is not possible, but the newsletter subscription as a whole must be cancelled. You can declare your revocation of the sending of the newsletter and the analysis e.g. by clicking on the unsubscribe link provided in every newsletter e-mail or e.g. by sending a message to the contact details provided in the imprint.


d. Request for materials / demo booking

On our website, you have the option of requesting information materials, booking a demonstration of our offer and carrying out similar actions. Insofar as you make use of this option, we collect the data from you in these cases that is necessary to be able to send you the requested materials or to carry out a booked demo with you. Depending on the offer, this usually involves information such as your e-mail address and your contact details, and in the case of booking a demo, also information about your company and your telephone number.

We process this data in order to be able to provide you with the requested service, i.e. to be able to send you the requested information material by e-mail or, in the case of booking a demo, to carry out the online demo on the date agreed with you. The legal basis for the aforementioned processing is Art. 6 para. 1 p. 1 lit b) DS-GVO (processing in the context of a pre-contractual or quasi-contractual relationship with the data subject).

e. Data collection/disclosure in case of registration/participation in (digital) events and webinars of nilo.health in cooperation with third parties

If you wish to participate directly with us (e.g. on our website) in a (digital) event, webinar or similar action organized by us, possibly in cooperation with third parties (e.g. cooperation partners/partner companies), prior registration/registration is required. In this context, we process the data provided in the respective registration form (name, e-mail address, company, etc.) to enable you to participate and to confirm your registration by e-mail. The legal basis for the aforementioned processing is Art. 6 para. 1 p. 1 lit. b DS-GVO (processing is necessary for the performance of a contract-like relationship with the data subject).

If, in the course of registering for a (digital) event or webinar, you have consented to our contacting you even after the (digital) event or webinar has taken place, e.g. in order to be able to send you information/materials about our offer by e-mail, we will process your data for the purpose of further contacting you. The legal basis for this is Art. 6 para. 1 p. 1 lit. a DS-GVO. You can revoke your consent at any time. Insofar as we organize a (digital) event or webinar together with a cooperation partner/partner company and you have consented in the course of registering with us that the cooperation partner/partner company may also contact you after the (digital) event or webinar has taken place, we will transmit your data (name, e-mail address, company) to the respective cooperation partner or partner company exclusively for this purpose. For the further processing of your personal data for the purpose of contacting you, the respective cooperation partner/partner company is the data controller under data protection law after transmission.

Conversely, if you have registered with a cooperation partner/partner company for a (digital) event or webinar organized in cooperation with nilo, the cooperation partner/partner company will provide us with your personal data if you have consented to the cooperation partner/partner company contacting you after your participation and the cooperation partner/partner company may provide us with your contact data for this purpose. You may revoke your consent to us at any time. For the further processing of your contact data for the purpose of contacting you, we will then be the data controller and the information in this privacy policy will apply. 

f. Processing of your data for the purpose of direct advertising

If you request free information material from us (e.g. brochures, guidelines), participate in a free webinar or book a free demo, request information material, book a demo or in connection with participation in an event/webinar) we process your e-mail address , also for the purpose of advertising and informing you about our offer and services:

You can object to the future use of your data at any time. In the case of advertising sent via e-mail, for example, you can declare your consent at any time by clicking on the unsubscribe link contained in each e-mail. Otherwise, you can revoke your consent at any time by contacting us using the contact details provided in section 1 above.

The legal basis for the aforementioned processing is Art. 6 para. 1 sentence 1 f. DSGVO in conjunction with Art. 7 (3) UWG. We have a legitimate interest in informing people who are already interested in our offer or have participated in our free webinars or have requested demos/materials about our own offers by e-mail.

g. Obligation to provide personal data

For the informative use of our website, the provision of personal data is neither legally nor contractually prescribed.

If you wish to contact us (e.g. via our contact form), you must provide the personal data required to respond to your request.

A possible failure to provide the required data could result in us not being able to answer your request.

h. Non-existence of automated decision making including profiling

We would like to point out that in the course of using our website, you will not be subject to any decision based solely on automated processing – including profiling – which produces legal effects vis-à-vis you or similarly significantly affects you.

5. Data transfer to third parties/recipients, use of service providers

Your personal data will only be disclosed or transferred to third parties by us if this is necessary for the performance of the contract with you, if there is a legitimate interest on our part, if you have given your consent and/or if we are obliged to do so by law or by official or court order. Your personal data will be transmitted by us to third parties in the cases and for the purposes described below.

Like any company, we use service providers to provide web hosting services for us and also use third-party cloud or web-based software solutions that enable us to manage and host personal data in the cloud with external service providers in order to reduce the load on our own servers and to work effectively with new software solutions. 

In this context, we use, among other things, the services of the provider HubSpot (HubSpot Ireland Ltd, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland) within the scope of order processing.e.g. storing contact details in our CRM system for contacting you), the provision of online forms, calendar functions (e.g. for arranging demos/meetings with you) and for web analytics and statistics purposes (e.g. on our advertisements that we place on other websites/platforms). 

We also use service providers who perform services for us in connection with the provision of secure video conferencing solutions (e.g., for holding our webinars), the storage of feedback from webinar participants, as well as for the creation/development of landing pages and the related integration of analytics tools (see in detail the section on cookies below).

We have concluded order processing agreements with the respective service providers, which ensure that the respective service providers do not process the data for their own purposes, but only within the scope of our instructions and on our behalf. The legal basis for the use of the service providers is Art. 6 para. 1 p. 1 lit. f) DSGVO (processing is necessary to protect the legitimate interests of the controller) in conjunction with Art. 28 DSGVO (order processing).

Some of the service providers we use, who process personal data for us on our behalf and within the scope of our instructions as so-called processors pursuant to Article 28 of the GDPR, are located outside the EU/EEA. Before transferring data to processors outside the EU/EEA, we ensure that the processor has an adequate level of data protection. This results, for example, for processors in countries such as Canada and Israel from an adequacy decision of the EU Commission (so-called safe third countries) and for other processors by concluding the EU standard contractual clauses before the start of processing by the respective processor.

Our website is currently hosted by Amazon Web Services with exclusive storage on servers in Frankfurt, Germany as part of an order processing pursuant to the foregoing.

6. use of cookies and similar technologies

a. What are cookies?

When you use our website, cookies are stored on your computer. Cookies are text files containing information about the use of our website (web pages visited, number of visits, visiting times, time spent on individual pages, browser used, operating system used, etc.), which are stored on your hard drive if you allow this via the settings of your browser. Cookies cannot execute programs or transfer viruses to your computer. The cookies we use do not store any personal data and do not allow any conclusions to be drawn about your person.

In addition to cookies, so-called pixels (also called tracking pixels or web beacons) are used. Pixels are small, invisible graphics that are embedded on the website and can also be used to evaluate information on the use of our website by website visitors.

b. Consent and revocation

The cookies listed below for analysis and marketing purposes are only used on our website with your express consent (legal basis Art. 25. para. 1 p. 1 TTDSG and – insofar as personal data, e.g. in the form of pseudonymized data, is processed – Art. 6 para. 1 sentence 1 lit. a DSGVO), insofar as you clicked on the “Accept” button in the corresponding cookie window during your first visit to our website. By clicking on “Decline”, no cookies will be set on your computer/end device for which your consent is required. Alternatively, you can also make individual settings and select and deselect individual categories.

We would like to inform you that some of the third-party providers we use (see listing below) are based in the USA. The USA does not have a level of data protection comparable to the EU, as it cannot be prevented with certainty that US authorities can demand access to your data/information from the US providers under certain circumstances and use it for monitoring and control purposes, e.g. in the context of counter-terrorism. You can prevent a transfer of information/data to the US that is collected via cookies by clicking on “Decline” in the cookie banner. 

You can revoke your consent at any time with effect for the future by calling up the link to our cookie banner integrated in our footer on the website again and clicking on “Decline” or making the desired individual settings . Alternatively, you can follow the respective opt-out link at the service in question in the listing below or delete existing cookies in your browser.

The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Please note that cookies that are absolutely necessary for the provision of services (see description of this in the cookie banner) are used on the basis of of § 25 para. 2 No. TTDSG can be set without prior consent. In the case of mandatory cookies, the processing of your personal data is based on Art. 6 (1) lit. f DSGVO and follows from our overriding legitimate interest in ensuring the optimal functionality of the website as well as a user-friendly and effective design of our offer.

c. For what purposes are cookies used?

Cookies are used to make our website more user-friendly and effective overall. Cookies also serve to analyze the use of our offer and the success of our advertisements on other websites/platforms and to evaluate them in aggregated form, which allows us to optimize the design of our offers and advertising.Cookies are used to make our website more user-friendly and effective overall. Cookies also serve to analyze the use of our offer and the success of our advertisements on other websites/platforms and to evaluate them in aggregated form, which allows us to optimize the design of our offers and advertising.

d. What categories and types of cookies are used?

Our website uses the following types of cookies, the scope and functionality of which are explained below.

-Use of Google Analytics and Google Signals

On our website, we use Google Analytics, a web analytics service provided by Google Inc (“Google”), with your consent. Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are processed in a shortened form, thus excluding the possibility of personal references.

As part of the use of Google Analytics, we have also activated the “Google Signals” function. If you have activated personalized advertising on Google, Google analyzes your activities across devices in order to show you personalized advertising/advertisements on the Google network based on your interests and surfing behavior and to define target groups for advertising. Google links this information to your Google account and can provide us with summarized and anonymized advertising reports on this basis, which are enriched with further details such as age, language, place of residence, gender and, if applicable, occupation, marital status and income, although we cannot trace who you are via this. According to Google, Google stores the information collected about you for a period of 26 months. With Google Signals, Google can recognize, for example, whether you visited our website on your laptop, but then later registered on your smartphone, for example, for one of our B2B events/B2B webinars (so-called remarketing). The advertising reports that we receive from Google help us to track on which channels interested parties contact us or perform an action, so that we can optimize our advertising based on this and better tailor it to our target groups. The above only affects you if you have activated personalized advertising on Google, otherwise we do not receive any information in this regard.

Revocation: You can prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) to Google, as well as the processing of this data by Google, by revisiting the cookie banner on our website and clicking on “Decline” or by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

With regard to Google Signals (see above), you can disable personalized advertising at any time by using the slider under Advertising Settings (google.com).

-Use of the Google Ad Manager:

The Google Ad Manager service of the provider Google Inc. (Google) is used to deliver, handle, control, evaluate and optimize advertising based on your interests from advertisers on third-party websites if you have given your consent to this. Cookies are set for this purpose with your consent.
Revocation: You can revoke your consent at any time by calling up the cookie banner on our website again and clicking on “Decline”. Alternatively, you can deactivate Google’s interest-based ads in your browser by clicking on the link “deactivate” in the sub-item “deactivation settings” at http://www.google.de/settings/ads or -if you use the browser Google Chrome, Firefox or Internet Explorer- deactivate the cookie by installing the extension for your browser offered on http://www.google.de/settings/ads.

-Use of Google Ads Conversion Tracking/Remarketing:

We use the Google Ads service, an online advertising program of the third-party provider Google. With the remarketing function, we can present you as a user of our website/our app with your consent on other websites within the Google display network (on Google itself, so-called “Google Ads” or on other websites) with advertisements based on your interests. For this purpose, the interaction of the users is analyzed, e.g. which offers the user was interested in and which ads the user clicked on, in order to be able to display interest-based advertising to the users. 

In the context of so-called conversion tracking, when you click on an ad placed by Google, a cookie is stored on your computer/end device. These cookies lose their validity after 30 days, do not contain any personal data and are therefore not used for personal identification.
Revocation: You can revoke your consent once given at any time by changing your privacy settings with effect for the future by calling up the cookie banner on our website again and clicking on “Decline”. You can further deactivate interest-based ads on Google as well as interest-based Google ads on the web (within the Google display network) in your browser by activating the “Off” button atwww.google.de/settings/ads.

-Use of lead feeders:

In conjunction with the Google Analytics tool, Leadfeeder is a tool we use to understand the nature of visitor traffic to our website. Leadfeeder enriches the data from Google Analytics by placing a pixel on our website and allows us to track which businesses have shown interest in our website, how they got to our website and for which parts of the website . This allows us to ensure that we provide interested companies with relevant support and advice on our offerings and services. For this purpose, only data such as the company name is stored in Leadfeeder, but no data of natural persons.
Opt-out: You can opt-out of Leadfeeder’s collection by revisiting the cookie banner on our website and clicking opt-out.

-Using Hubspot Analytics:

On our website, we use the analysis service of the provider HubSpot, Inc., 25 First Street, Cambridge, MA 02141 USA with your consent. HubSpot analyzes the page views by users/visitors of our website by means of cookies on our behalf and on the basis of an order processing agreement. Specifically, the following information is processed via the cookie: Domain, user token, first timestamp (of the first visit), last timestamp (of the last visit), current timestamp (for the current visit) and the session number (increases with each subsequent session). The cookie has a lifetime of 13 months, unless you delete it before then or revoke your consent (see below). In addition, a session cookie is set, which is only set for the time of your current visit and is used to determine whether the above cookie needs to increase the session number and timestamp. Apart from that, this cookie only records the domain, the number of page views in a session and the session start date. With the help of the information drawn from the cookies, reporting is created, through which we can understand which parts/areas of our website are of interest to users and how/how often users interact with our website. With the knowledge gained, we can continuously improve our website and optimize it for the benefit of our users. The data collected via Hubspot’s cookies is stored exclusively on servers within the European Union.

Opt-out: You can opt-out of the collection of data related to Hubspot Analytics by revisiting the cookie banner on our website and clicking “Opt-out”.

-Using the LinkedIn Insight Tag:

On our website, with your consent, we use the so-called Insight Tag of the platform LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The LinkedIn Insight Tag is a small JavaScript code snippet on our website that creates a browser cookie and allows us, with your consent, to collect data about visits to our website, including URL, referrer URL, IP address, device and browser properties (user agent), and timestamp. The IP addresses are shortened so that we cannot draw any conclusions about your person. We also do not receive any personal data about you from LinkedIn, but only receive evaluations in the form of reports about our website target group and the performance/success of our advertisements on LinkedIn, if you are logged into your LinkedIn account at the same time as visiting this website. With the insights gained, we can better evaluate the success of our ads and optimize them in the future and receive non-personal, aggregated information about our website visitors.

Revocation: You can revoke your consent to the collection of data in connection with the LinkedIn Insight Tag at any time by revisiting the cookie banner on our website and clicking on “Decline “You can further prevent the collection of data by LinkedIn (regardless of whether you are a LinkedIn member or not) at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

-Use of Facebook Ads/ Conversions:

In order to be able to track whether our Facebook ads were successful, we use “Facebook Conversions”. The Facebook Conversions service is offered by the social network Facebook (Facebook Ireland Limited,4 Grand Canal Square, Dublin 2, Ireland). Facebook uses pixels for this purpose. If you have consented to this, we will only receive statistical data from Facebook without reference to a specific person. 

If you have reached our website through a Facebook ad, Facebook will set a so-called conversion cookie on your system. The conversion cookie is used to create and analyze visit statistics for. The conversion cookie is used to create and analyze visit statistics.
The conversion cookie stores the IP address when visiting the website. This data is stored in the USA. It is possible that Facebook also passes this data on to third parties. Regarding the further
privacy policy of Facebook, please refer to: https://www.facebook.com/about/privacy/.

Revocation: You can revoke your consent to the collection of data at any time by revisiting the cookie banner on our website and clicking on “Decline”. More information on Facebook Ads is available via https://de-de.facebook.com/business/ads. You can also object to the collection of data by Facebook at any time by adjusting your advertising preferences at https://www.facebook.com/settings/?tab=ads.

-Use of Facebook Website Custom Audiences:

Our website uses the retargeting technology “Website Custom Audience” of the social network Facebook (Facebook Ireland Ltd. Hanover Ranch, 5-7 Hanover Quay, Dublin 2, Ireland), which enables us to display relevant advertisements and offers to our website visitors who are already interested in our website and our services and are Facebook members, also on Facebook via the Facebook ad network, provided that you have consented to this.

For this purpose, so-called Facebook retargeting pixels are integrated on our websites, which enable Facebook to record you as a visitor to our websites using a pseudonym and to use the data as the basis for our Facebook Ads on Facebook. Personal data is not collected from you or stored and you are therefore not identifiable to us. According to its own information, Facebook does not link the data collected via the retargeting pixel with the user data stored about you on Facebook. However, we would like to point out that the aforementioned tracking procedure may enable Facebook to identify a user via numerous websites.

Revocation: You can revoke your consent to the collection of data at any time by revisiting the cookie banner on our website and clicking on “Decline”. Alternatively, you can object to the use of Facebook Website Custom Audiences for the future via https://www.facebook.com/settings/?tab=ads and http://www.youronlinechoices.com/de/praferenzmanagement/. For more information on data protection and your settings options in this regard, please visit https://www.facebook.com/settings/?tab=ads and https://www.facebook.com/about/privacy/.

-Use of Hotjar:

We use the analysis and feedback tool Hotjar of the provider Hotjar Ltd, Level 2, St Julians Business Centre 3, Elia Zammit Street, St. Julians, Malta, with the help of which the online behavior and feedback of website visitors can be analyzed and evaluated in order to improve the user experience and performance of our website. Cookies are set for this purpose. IP addresses of users are only collected and stored in anonymized format.Revocation: You can revoke your consent to the collection of data at any time by revisiting the cookie banner on our website and clicking on “Decline”. Alternatively, you can object to the collection and storage of data for the purpose of web analysis at any time with effect for the future by performing the opt-out on the https://www.hotjar.com/legal/compliance/opt-out page.

-Integration of YouTube videos:

On our website we have embedded YouTube videos that are stored on https://www.YouTube.com and can be played directly from our website. These are embedded in “extended data protection mode”, i.e. no cookies are set by YouTube if you do not play the videos. Only when you play the videos will the data mentioned in the following paragraph be transferred. We embed YouTube videos on our website to make the use of our website as user-friendly as possible by allowing you to watch videos without having to leave our website. The legal basis is Art. 6 para. 1 sentence 1 f) DSGVO (processing is necessary to protect the legitimate interests of the controller).

Even if videos are embedded in the “extended data protection mode ” have been embedded in a website, however, we would like to point out that calling up the website leads to a connection being established with YouTube and YouTube receives the information that the user has called up the corresponding subpage of our website. We would also like to point out that when you play the video, YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of the YouTube website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

Revocation: You can revoke your consent to the collection of data at any time by revisiting the cookie banner on our website and clicking on “Decline”. For more information on the purpose and scope of data collection and its processing by YouTube, please refer to Google’s privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy.

-Use of the Google Tag Manager

We use the Google Tag Manager of the provider Google Inc., which enables us to integrate and manage so-called website tags or markers on our website surface (via this, we can e.g. integrate the above-described services Google Analytics and Leadfeeder in our website). Website tags themselves are small code elements that can be used, for example, to measure traffic to our website and user behavior. The Tag Manager itself (which implements the tags) is a cookie-less domain and does not process any user data.

Imprint / Privacy Policy for the Social Media Channels of nilo.health GmbH

Imprint

This imprint applies to the social media channels of nilo.health GmbH on the social networks Facebook, Instagram, Twitter and LinkedIn:

nilo.health GmbH

Oranienstraße 6

10997 Berlin

Managing Director: Ines Räth, Jonas Keil

Tel.: +49 176 41664678

E-mail: support@nilohealth.de

Website: www.nilohealth.com

Technical Support: +49 157 51369721

Register Court: Charlottenburg Local Court (Berlin)

Registration number: HRB 216878

Data protection information on data processing within the scope of our presence on social media platforms

We maintain presences on the social networks Facebook, Instagram, Twitter and LinkedIn in order to also provide you with information and interesting facts about our company within social networks, to place advertisements and to offer you further ways to contact us and to inform yourself about our company and, for example, job vacancies. In the following, we will inform you about which data we or the respective social network process from you in connection with calling up and using our presences on social media channels.

a) Person responsible and contact data protection officer

The controller pursuant to Art. 4 (7) of the European Data Protection Regulation (DS-GVO) for the processing of your personal data is nilo.health GmbH (hereinafter referred to as “We” or “nilo.health”) Oranienstraße 6, 10997 Berlin, Germany, email: support@nilohealth.com

Concerns about data protection in relation to our website can be addressed to our data protection officer at any time, e.g. by e-mail to support@nilohealth.com or to our postal address (with the addition “Attn. Data Protection Officer).

b) Your rights

You have the following rights with respect to us regarding personal data concerning you (for personal data processed by social networks, please see the information in d) below):

– Right of access (Art. 15 GDPR),

– Right to rectification (Art. 16 GDPR),

– Right to erasure (Art. 17 DSGVO; “right to be forgotten”),

– Right to restriction of processing (Art. 18 GDPR),

– Right to object to processing (Art. 21 GDPR),

– Right to data portability (Art. 20 GDPR).

You also have the right to lodge a complaint about our processing of your personal data with a data protection supervisory authority in the Member State of your residence, workplace or the place of the alleged infringement if you consider that the processing of personal data relating to you is carried out unlawfully.

Insofar as you have given us consent to process your data, you may revoke this consent at any time with effect for the future. The legality of the processing of your data until the revocation remains unaffected.

To assert your rights or for other data protection concerns, you can contact us at any time via the contact channels listed in section a above and/or in our imprint.

c) Supplementary information on your right of objection

We would also like to point out that if your personal data is processed on the basis of legitimate interest within the framework of the balance of interests pursuant to Art. 6 para.1 sentence 1 f) DSGVO and/or your personal data is processed for direct marketing purposes, you have the right to object to the processing of your personal data at any time.

d) Data that we process from you

aa) Contact via Messenger/ Direct Message

If you wish to contact us via Messenger or via Direct Message via the respective network, we generally process your user name via which you contact us and, if applicable, store further data provided by you (e.g. your name/address), insofar as this is necessary to process/respond to your request. The legal basis is Art. 6 para. 1 sentence 1 f) DSGVO (processing is necessary to protect the legitimate interests of the controller). We have a legitimate interest in offering persons interested in our company simple and convenient ways to contact us, including on our social media presences.

bb) (Static) usage data that we receive from the social networks

Via the functionalities Facebook Insights, Instagram Insights and LinkedIn Insights, we automatically receive regularly provided statistics regarding our social media presences. The statistics include, among other things, the total number of page views, likes, information on page activities and post interactions, reach, video views, information on the proportion of men/women among our followers, and statistics/measurement data on the reach and success of our advertisements placed on the social networks.

The statistics only contain aggregated data that cannot be related to individual persons. You are not identifiable to us through this.

e) What data the social networks process from you / your rights vis-à-vis the social networks

In order to view the content of our social media presences, you do not have to be a member of the respective social network and, in this respect, no user account for the respective social network is required.

Please note, however, that the social networks also collect and store data from website visitors without a user account when the respective social network is called up (e.g. technical data in order to be able to display the website to you) and use cookies and similar technologies, over which we have no control. For details, please refer to the privacy policy of the respective social network (see the corresponding links below at the end of this section)

Insofar as you wish to interact with the content on our social media presences, e.g. comment on, share or like our postings/contributions and/or contact us via messenger functions, prior registration with the respective social network and the provision of personal data is required.

We have no influence on the data processing by the social networks within the scope of their use by you.

To our knowledge, your data is stored and processed in particular in connection with the provision of the services of the respective social network, furthermore for the analysis of user behavior (using cookies, pixels/web beacons and similar technologies) on the basis of which advertising based on your interests is played both within and outside the respective social network as well as for advertising and marketing purposes. It cannot be ruled out that your data will be stored by the social networks outside the EU/EEA and passed on to third parties.

Information on, among other things, the exact scope and purposes of the processing of your personal data, the storage period/deletion, as well as guidelines on the use of cookies and similar technologies in the context of registration and use of the social networks can be found in the privacy policy/cookie policy of the social networks, where you will also find information on your rights and objection options.

We recommend that you assert your rights under data protection law to information, correction, deletion, restriction of processing, objection and data transfer directly against the respective social network, insofar as data processing by the social networks is involved:

-Facebook: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; Privacy information: https://www.facebook.com/privacy/explanation/Informationen about cookies: https://www.facebook.com/policies/cookies/; Please note that in relation to the insights provided by Facebook, there is a joint responsibility between us and Facebook, the agreement on this between us and Facebook can be found here: https://www.facebook.com/legal/terms/page_controller_addendum

-Instagram: Instagram Inc, 181 South Park Street, Suite 2, San Francisco, CA 94107, USA; Privacy Information https://help.instagram.com/519522125107875/ Cookies Information: https://www.facebook.com/policies/cookies/

-LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Privacy Information: https://www.linkedin.com/legal/privacy-policy?trk=content_footer-privacy-policy / Cookies Information:https://www.linkedin.com/legal/cookie-policy?trk=content_footer-cookie-policy

-Twitter: Twitter Inc.,1355 Market Street Suite 900 San Francisco, CA 94103, USA; Information on data protection https://twitter.com/privacy /Information on cookies: https://help.twitter.com/de/rules-and-policies/twitter-cookies