shield Privacy

Privacy Policy

Information on the processing of personal data pursuant to Art. 13 and 14 GDPR.

Last updated: June 2026 — This privacy policy applies to the website at e-health.software and all related sub-pages. The German version at datenschutz.html is the legally binding original; this English translation is provided for convenience.

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws is:

Company
Haedge Consulting GmbH
Address
Grossbeerenstrasse 10, 28211 Bremen, Germany
P.O. Box
Postfach 10 06 15, 28006 Bremen, Germany
Phone
+49 421 40885636
Email
info@e-health.software
Website
e-health.software
Court register
Local Court (Amtsgericht) Bremen · HRB 39352 HB
Managing Director
Florian Haedge

2. Data Protection Officer

For data protection enquiries and to exercise your rights, please contact:

Postal address
e-health.software — Data Protection —
Postfach 10 06 15
28006 Bremen, Germany
Email
datenschutz@e-health.software

3. Which data is processed?

As part of operating this website we process the following categories of personal data:

  • Technical connection data (automatic): IP address, date and time of the request, requested URL, transferred data volume, HTTP status code, referrer URL, browser and operating system.
  • Contact data (when actively transmitted): name, email address, phone number and the content of your message when you contact us via the contact form or by email.
  • Technical usage data via external services: when icon fonts are loaded, the visitor’s IP address is transmitted to the respective CDN provider (see section 6).

We do not process any special categories of personal data within the meaning of Art. 9 GDPR.

4. Server logfiles

When this website is accessed, our hosting provider automatically stores information in so-called server logfiles. This is technically necessary data without which proper operation of the website would not be possible:

  • IP address of the requesting device (where applicable in anonymised form)
  • Date and time of the request
  • Requested URL and transferred data volume
  • HTTP status code and referrer URL
  • Name and version of the browser and operating system used

This data is processed exclusively to ensure trouble-free operation and to defend against attacks. No merging with other data sources takes place.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and stable operation).

5. Contacting us

If you contact us via the contact form, by email or by phone, we process the data you provide (name, email address, phone number, message content) exclusively to handle your enquiry.

When the contact form is submitted, the entered data is forwarded directly to us as an email. No server-side storage of the content takes place. Server logs contain only metadata (timestamp, IP address, response code), not the content of the enquiry. The server infrastructure is hosted by Hetzner Online GmbH; a data processing agreement (DPA) is in place.

This data is not passed on to third parties unless this is necessary to handle your enquiry or you have expressly consented.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures or contract performance) or Art. 6(1)(f) GDPR (legitimate interest in answering customer enquiries).

6. External services (CDN)

Bunny Fonts (Inter typeface)

This website loads the Inter typeface via the service Bunny Fonts (BunnyCDN, Bunny Way d.o.o., Dunajska cesta 165, 1000 Ljubljana, Slovenia). Bunny Fonts is an EU-compliant service and does not transfer IP addresses to third countries outside the EU/EEA. No cookies are set and no user profiles are created.

Further information: fonts.bunny.net/about

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in consistent and reliable presentation of the website).

Google Material Symbols (icon font)

For symbols and icons this website uses the service Google Material Symbols, provided via the Content Delivery Network of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When the icons are loaded, your IP address is transmitted to Google servers and thereby transferred to the United States. Google LLC is certified under the EU-US Data Privacy Framework (DPF), so an adequate level of data protection exists.

If you do not want icons to be transmitted by Google, you can prevent the loading of the icons in your browser using suitable extensions (e.g. a content blocker). The functionality of the website is preserved.

Google privacy policy: policies.google.com/privacy

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in consistent presentation). For US transfers: adequacy decision of the EU Commission on the EU-US Data Privacy Framework (Art. 45 GDPR).

7. Cookies & tracking

This website does not use any cookies of its own and does not engage in remarketing or profiling. No user profiles are created, no session data is stored persistently and no data is processed for advertising purposes. A cookieless, data-minimising reach measurement is performed via the service Plausible Analytics — see the Web Analytics section below for details.

Technical connection data may occur via external services (cf. section 6); such data is required exclusively to deliver the respective resource.

8. Web Analytics — Plausible Analytics

For the statistical analysis of the use of this website we use the web analytics tool Plausible Analytics. The provider is Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia.

Plausible collects aggregated usage data such as the number of visitors, pages accessed, referrers and approximate geographic region, as well as aggregated event counters (in particular form submissions, file downloads, outbound clicks and requests to non-existent pages). For this purpose, the IP address and user agent of your device are processed temporarily and combined with a daily rotating salt into a non-reversible hash value that is used solely to recognise returning visitors within a single day. Neither the IP address nor the user agent is stored permanently; no cookies are set and no information is stored on or read from your device (§ 25 TDDDG remains unaffected). No profiling or cross-site recognition takes place.

The recipient of the data is solely Plausible Insights OÜ as data processor within the meaning of Art. 28 GDPR; a data processing agreement is in place. The servers are located exclusively within the European Union (Estonia and Germany); no transfer to third countries takes place.

Legal basis: Art. 6(1)(f) GDPR; our legitimate interest is the needs-based optimisation of our online offering on the basis of aggregated usage figures. You may object to this processing at any time pursuant to Art. 21 GDPR; one easy way to do so is the “Do Not Track” setting of your browser, which Plausible respects.

Further information on data processing by Plausible: plausible.io/data-policy.

Where we obtain consent for processing operations of personal data, Art. 6(1)(a) GDPR serves as the legal basis. For the processing of personal data necessary for the performance of a contract to which the data subject is party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary to take pre-contractual steps. Where processing is necessary for compliance with a legal obligation, Art. 6(1)(c) GDPR serves as the legal basis. In the event that vital interests of the data subject or of another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis. If processing is necessary to safeguard a legitimate interest pursued by our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6(1)(f) GDPR serves as the legal basis for the processing.

10. Storage duration

Personal data is deleted or blocked as soon as the purpose of storage no longer applies. Storage beyond that may take place if this is provided for by statutory provisions (e.g. tax and commercial retention obligations). In this case, deletion takes place after expiry of the respective period.

  • Server logfiles: typically 7–30 days, depending on the hosting provider’s configuration
  • Contact enquiries: until final processing, thereafter until expiry of tax retention periods (max. 10 years) if a business relationship results

11. Your rights as a data subject

You have the following rights vis-à-vis us regarding personal data concerning you:

Art. 15 GDPR
Right of access
You may request information about the data we have stored about you.
Art. 16 GDPR
Right to rectification
You may request correction of inaccurate data.
Art. 17 GDPR
Right to erasure
You may request deletion of your data unless statutory retention obligations apply.
Art. 18 GDPR
Restriction of processing
You may request restriction of the processing of your data.
Art. 20 GDPR
Data portability
You may request to receive your data in a machine-readable format.
Art. 21 GDPR
Right to object
You may object at any time to processing based on legitimate interests.
Art. 7(3) GDPR
Withdrawal of consent
You may withdraw a given consent at any time with future effect.
Art. 22 GDPR
Automated decision-making
You have the right not to be subject to a decision based solely on automated processing.

To exercise your rights please contact: datenschutz@e-health.software

12. Right to lodge a complaint with a supervisory authority

If you are of the opinion that the processing of personal data concerning you violates the GDPR, you have the right to lodge a complaint with a data protection supervisory authority.

The competent supervisory authority for us is:

Authority
Die Landesbeauftragte für Datenschutz und Informationsfreiheit Bremen
Address
Arndtstrasse 1, 27570 Bremerhaven, Germany
Phone
+49 421 361-2010
Email
office@datenschutz.bremen.de
Website
www.datenschutz.bremen.de