Privacy Policy

Scope/Responsible

Cross4Channel — Society for Digital Healthcare Marketing mbH
Prinzessinnenstr. 19/20
10969 Berlin, Germany
Commercial Register No.: HRB 164531 B
Management: Petra Dökel
+49 (0)30–74689509
info@cross4channel.de

Contact details of the external data protection officer

PROLIANCE GmbH / www.datenschutzexperte.de
Data Protection Officer
Leopoldstrasse 21
80802 Munich
datenschutzbeauftragter@datenschutzexperte.de

www.datenschutzexperte.de

Status: August 1, 2025

This privacy policy informs users about the nature, scope and purpose of the collection and use of personal data by the responsible provider Cross4Channel — Gesellschaft für digitales Healthcare Marketing mbH (hereinafter "provider") on this website. 

The term "user" encompasses all categories of individuals affected by data processing. These include our business partners, customers, prospective customers, and other visitors to our online offering. Terms used, such as "user," are gender-neutral. 

The legal basis for data protection can be found in the Federal Data Protection Act (BDSG-NEU), the EU General Data Protection Regulation (GDPR) and the Digital Services Act (DDG).  

Basic information on data processing and legal bases

This privacy policy explains the nature, scope, and purpose of the processing of personal data within our online offering and the associated websites, functions, and content (hereinafter collectively referred to as the "online offering" or "website"). This privacy policy applies regardless of the domains, systems, platforms, and devices (e.g., desktop or mobile) on which the online offering is executed. 

For the terms used, such as “personal data” or their “processing,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR). 

Visit the website 

The personal data of users processed within the scope of this online offering includes inventory data (e.g. names and addresses of customers), contract data (e.g. services used, names of clerks, payment information), usage data (e.g. the websites visited on our online offering, interest in our products) and content data (e.g. entries in the contact form). 

We only process users' personal data in compliance with the relevant data protection regulations. This means that user data is only processed if there is legal permission. This means, in particular, if data processing is necessary to provide our contractual services (e.g., processing orders) and online services, or is required by law, if the user's consent has been obtained, or if it is based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation and security of our online offering within the meaning of Art. 6 (1) (f) GDPR, particularly in the measurement of reach, creation of profiles for advertising and marketing purposes, as well as the collection of access data and use of third-party services). 

We would like to point out that the legal basis for consent is Art. 6 (1) (a) and Art. 7 GDPR, the legal basis for processing to fulfill our services and implement contractual measures is Art. 6 (1) (b) GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 (1) (c) GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 (1) (f) GDPR. 

Security measures

We take organizational, contractual and technical security measures in accordance with the state of the art to ensure compliance with the provisions of data protection laws and to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. 

To increase the security of our website and prevent automated abuse by bots, we use so-called honeypot technologies. A honeypot is a method used to detect automated access by setting a trap that is invisible to human users but can be triggered by automated scripts. The purpose of this technology is solely to ensure the security of our website. Honeypot technology helps us identify and block spam, fraud attempts, and other types of automated abuse. The use of this technology is based on our legitimate interest in the security of our website in accordance with Article 6 (1) (f) of the GDPR. The information collected by honeypots is only stored for as long as necessary for the purpose for which it was collected and is then deleted. No personal data is collected. 

Contact us

When you contact us (via contact form or email), the user's information will be processed to process the contact request and its handling in accordance with Art. 6 (1) (b) GDPR. 

User information may be stored in our Customer Relationship Management System (“CRM System”) or similar inquiry organization. 

Collection of access data and log files

Based on our legitimate interests pursuant to Art. 6 (1) (f) GDPR, we collect data about every access to the server on which this service is located (so-called server log files). This access data includes the name of the accessed website, the file, the date and time of access, the amount of data transferred, the notification of successful access, the browser type and version, the user's operating system, the referrer URL (the previously visited page), the IP address, and the requesting provider. 

Log file information is stored for security reasons (e.g., to investigate misuse or fraud) for a maximum of seven days and then deleted. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident has been finally resolved. 

Cookies & reach measurement

Cookies are pieces of information transferred from our web server or third-party web servers to users' web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage. 

The following cookies are used on our site: 

• _pk_id – Stores some details about the user such as the unique visitor ID (13 months) 
• _pk_ref – Stores the attribution information, the referrer originally used to visit the website (6 months) 
• _pk_ses, _pk_cvar, _pk_hsr – Short-lived cookies used to temporarily store data for the visit (30 minutes) 
• borlabs cookie –Saves settings made in the cookie banner (essential) 

If users do not wish to have cookies stored on their computer, they are asked to deactivate the corresponding option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. Excluding cookies may lead to functional limitations of this website. 

You can object to the use of cookies for reach measurement and advertising purposes via the Network Advertising Initiative deactivation page (http://optout.networkadvertising.org/) and additionally via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/). 

Some cookies are used to simplify website processes by saving settings (e.g., by retaining previously selected options). If individual cookies implemented by us also process personal data, the processing is carried out in accordance with Art. 6 (1) (b) GDPR either for the performance of the contract or in accordance with Art. 6 (1) (f) GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit. 

You can change your cookie settings for this website by clicking on the “Cookie Settings” button below.

Integration of third-party services and content 

Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 (1) (f) GDPR), we use content or service offerings from third parties in order to integrate their content and services such as videos or fonts (hereinafter collectively referred to as "content"). This always presupposes that the third-party providers of this content perceive the IP address of the user, since without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third parties may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online service, as well as be linked to such information from other sources. 

Matomo Analytics 

We use the Matomo analytics tool. This is an open-source tool provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. We only use this tool with the user's consent. 

With Matomo, data is transmitted exclusively to servers operated by us (AWS), and the information generated is not shared with third parties. A shortened IP address is stored in the log files, but the IP address is retained for a maximum of six months. Personal data is processed anonymously. 

We collect this data to improve the website and analyze user behavior. 

In particular, the following data is collected: Abbreviated IP address, IP address in the log files, visit to the website, length of stay on the website 

The legal basis for the aforementioned data processing is Art. 6 (1) (a) GDPR. 

Further details on the privacy policy can be found at 

https://matomo.org/privacy-policy/ 

Users' rights 

Users have the right to receive, upon request and free of charge, information about the personal data we have stored about them. 

In addition, users have the right to rectification of inaccurate data, restriction of processing and erasure of their personal data, where applicable, to exercise their rights to data portability and to lodge a complaint with the competent supervisory authority in the event of suspected unlawful data processing. 

Users can also revoke their consent, generally with effect for the future. 

Deletion of data 

The data we store will be deleted as soon as it is no longer required for its intended purpose and there are no legal retention periods that prevent deletion. If user data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax law reasons. 

According to legal requirements, records must be retained for 6 years in accordance with Section 257 Para. 1 of the German Commercial Code (HGB) (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with Section 147 Para. 1 of the German Fiscal Code (AO) (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.). 

Right of objection 

Users may object to the future processing of their personal data at any time in accordance with legal requirements. In particular, they may object to processing for direct marketing purposes. 

 

Contact via WhatsApp 

Users have the option of contacting us via WhatsApp. For this purpose, we use the WhatsApp Business API, a service provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a subsidiary of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. 

Legal basis 

Communication via WhatsApp, as well as the sending of broadcast messages and the associated processing of personal data, takes place exclusively on the basis of the express consent of the user in accordance with Art. 6 (1) (a) GDPR. Consent can be revoked at any time with future effect, e.g., by sending a message with the text "Stop" or "Stopp" to our WhatsApp channel. 

Processed data 

Following the opt-in procedure and consent granted, the following personal data will be processed: 

• Metadata (e.g. timestamp, meta ID, telephone number, technical data for transmission), 
• Message content and histories, 
• Response to the opt-in procedure (data protection notice). 

Processing purposes 

We use WhatsApp to process support requests and send broadcast messages. Whether you receive broadcast messages depends on your individual WhatsApp settings, over which we have no control. By giving your consent, you also consent to your messages being answered by our support team or the expert system. Only trained and authorized employees are granted access to the system; the content is not shared with third parties. 

Data processing by WhatsApp 

With your consent, WhatsApp's privacy policy continues to apply. We have no influence on how WhatsApp processes your data. Further information on how WhatsApp processes personal data can be found in WhatsApp's privacy policy: https://www.whatsapp.com/privacy. 

Hosting and technical implementation 

The content of the communication (messages, history), the phone number in pseudonymized form (without the last digits), and the confirmation of the privacy policy are stored on Amazon Web Services (AWS) servers in Frankfurt am Main. The address book is not synchronized via the WhatsApp Business API. We do not receive any information about other contacts or message content.  

Data transmission is SSL-encrypted. Messages are cached on the servers until they are sent and deleted shortly after sending.  

The data, i.e., metadata and message content or chat histories, are stored for a maximum of 365 days, with the telephone number being stored only in pseudonymized form. The response to the privacy policy is stored for three years.  

The user has the right to information about the data being processed, the right to withdraw consent, and the right to request the deletion of the data. Upon request to delete the data, the chat history and all other data will be deleted within three business days. It may happen that messages are sent during this time, i.e., between the deletion request and the deletion itself. You will not receive confirmation of successful deletion from us.  

Changes to the privacy policy 

We reserve the right to amend this privacy policy to adapt it to changes in the legal situation, or to changes in the service or data processing. However, this only applies to statements regarding data processing. If user consent is required or if parts of the privacy policy contain provisions of the contractual relationship with users, changes will only be made with the user's consent. 

Users are asked to inform themselves regularly about the content of the data protection declaration.