Privacy policy

1. General Information and Mandatory Disclosures
Identification of the Data Controller The data controller responsible for data processing on this website is:
Onkodin GmbH
Prof. Dr. med. Hartmut Link
Finkenhain 8
67661 Kaiserslautern
Email: onkopti@onkodin.de
The controller decides, either alone or jointly with others, on the purposes and means of processing personal data (e.g., names, contact details, etc.).

2. Data Processing: External Hosting (IONOS),
Our website is hosted by an external service provider (host). The personal data collected on this website is stored on the host’s servers. This may primarily include IP addresses, contact requests, metadata and communication data, contract data, contact details, names, website visits, and other data generated via a website. The use of the host is for the purpose of fulfilling our contractual obligations to our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of providing our online services securely, quickly, and efficiently through a professional provider (Art. 6(1)(f) GDPR). Our hosting provider for www.onkodin.de is: IONOS SE, Elgendorfer Str. 57, 56410 Montabaur Our hosting provider for www.onkopti.de is: Fraunhofer Institute for Experimental Software Engineering IESE, Fraunhofer-Platz 1, 67663 Kaiserslautern We have entered into a data processing agreement (DPA) with both IONOS and the Fraunhofer Institute as respective data processors, which ensures that the personal data of our website visitors is processed there only in accordance with our instructions and in compliance with the GDPR.

3. Withdrawal of Your Consent to Data Processing
Many data processing operations are only possible with your explicit consent (Art. 6(1)(a) GDPR). You may withdraw any consent you have already given at any time. To do so, simply send us an informal email. The lawfulness of the data processing carried out prior to the withdrawal remains unaffected by the withdrawal.

4. Right to object to data collection in specific cases and to direct marketing (Art. 21 GDPR)
If data processing is based on Article 6(1)(e) or (f) of the GDPR, you have the right at any time to object to the processing of your personal data pursuant to Article 21(1) of the GDPR for reasons arising from your particular situation; this also applies to profiling based on these provisions. If you object, we will no longer process your personal data in question, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

5. Newsletter Information
If you would like to subscribe to the newsletter offered on the website, we need your email address as well as information that allows us to verify that you are the owner of the provided email address and that you consent to receiving the newsletter. To this end, you will first receive a confirmation link at the email address you provided to complete the actual subscription to the newsletter (so-called double opt-in procedure). Only after clicking this link will your email address be activated for the newsletter until you unsubscribe. The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6(1)(a) GDPR). You may revoke your consent to the storage of your data and email address, as well as their use for sending the newsletter, at any time, for example via the “Unsubscribe” link in the newsletter. The lawfulness of data processing operations that have already taken place remains unaffected by the revocation. The data you have provided to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter, and will be deleted from the newsletter distribution list after you unsubscribe.

6. Right to lodge a complaint with the competent supervisory authority
As a data subject, you have the right to lodge a complaint with the competent supervisory authority in the event of a data protection violation. The competent supervisory authority for data protection matters is the State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate:
The State Commissioner for Data Protection and Freedom of Information of Rhineland- Palatinate
Hintere Bleiche 34
55116 Mainz
Phone: +49 (0) 6131 8920-0
Email: poststelle@datenschutz.rlp.de
Website: rlp.de

7. Right to Data Portability
You have the right to have data that we process automatically based on your consent or in fulfillment of a contract provided to you or to a third party in a commonly used, machine- readable format. If you request the direct transfer of the data to another controller, this will only take place to the extent that it is technically feasible.

8. Right of access, rectification, restriction of processing, and erasure
Under applicable legal provisions, you have the right at any time to receive, free of charge, information about your stored personal data, its origin and recipients, and the purpose of data processing, as well as the right to have this data corrected or erased and to restrict its processing. You may contact us at any time regarding this matter or any other questions about personal data.

9. SSL or TLS Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential information, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address bar of your browser changes from “http://” to “https://” and by the lock icon in your browser bar.

10. Data Collection on This Website
a. Server Log Files
The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This information includes: • Browser type and version • Operating system used • Referrer URL As of April 2026 Privacy policy Page 2 of 4 • Hostname of the accessing computer • Time of the server request • IP address This data is not merged with other data sources. The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website—for this purpose, the server log files must be collected.
b. Registration on this website
You can register on this website to use additional features on the site. We use the data you provide for this purpose solely to enable you to use the specific offer or service for which you have registered. The processing of the data entered during registration is based on your consent (Art. 6(1)(a) GDPR). We store the collected data for as long as you are registered on this website and delete it thereafter. Statutory retention periods remain unaffected.
c. Contact Form
If you submit inquiries to us via the contact form, we will store the information you provide in the form—including the contact details you enter there—for the purpose of processing your inquiry and in case we have follow-up questions. We will not share this data without your consent. The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries addressed to us (Article 6(1)(f) of the GDPR) or on your consent (Article 6(1)(a) of the GDPR), provided that such consent has been requested.

11. Payment Service Provider: Stripe
We use payment services provided by Stripe (Stripe Payments Europe, Ltd., Ireland, One Wilton Park, Wilton Place, Dublin 2, D02 FX04 Ireland). When you make a payment via Stripe, your payment data is transmitted to Stripe. Payment service providers process customer data as independent data controllers, not acting on behalf of the online merchant. Purpose of transferring your data to Stripe Data processing: The transfer of data (name, address, bank details, credit card number, invoice amount, currency, transaction number) is carried out for the purpose of payment processing in accordance with Art. 6(1)(b) GDPR (performance of a contract). Stripe reserves the right to obtain a credit check or use cookies to protect legitimate interests (fraud prevention) (Art. 6(1)(f) GDPR).
To the extent that data is transferred to the United States, such transfers are based on the European Commission’s Standard Contractual Clauses and Stripe’s certification under the EU-U.S. Data Privacy Framework. Stripe complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework, as set forth by the U.S. Department of Commerce and to the extent applicable. For more information, please refer to Stripe’s Privacy Policy at https://stripe.com/de/privacy

12. Cookies
a. This website uses cookies. These are small text files that are stored on your device. We use technically necessary cookies: These are essential for the operation of the website (e.g., language selection) and functions such as the login area for professionals. Legal basis: Art. 6(1)(f) GDPR).

b. Analytics Cookies Analytics Tool: Matomo This website uses the open-source web analytics service Matomo. The information is not shared with third parties. Under no circumstances is the IP address linked to other data relating to the user. IP addresses are anonymized so that they cannot be traced back to an individual (IP masking). We use the Matomo program for usage statistics. Cookies are not set. Tracking is disabled. Legal basis: Art. 6(1)(f) GDPR