Legal
Privacy Policy
We take the protection of your personal data seriously. In accordance with Article 13 GDPR, this policy explains which personal data we process when you visit this website and use our services.
Last updated: 10 July 2026
Controller
The controller responsible for data processing on this website is:
Veres Health UG (haftungsbeschränkt) i.G. Franziskanerstraße 28 81669 München Germany E-Mail: support@veres-health.com
We have not appointed a data protection officer, as there is no legal obligation to do so. For any data-protection questions, please contact the address above.
Your rights
With regard to your personal data you have the right to: access (Article 15 GDPR), rectification (Article 16), erasure (Article 17), restriction of processing (Article 18), data portability (Article 20) and to object to processing (Article 21 GDPR).
You can withdraw any consent you have given at any time with effect for the future (Article 7(3) GDPR).
You also have the right to lodge a complaint with a data-protection supervisory authority (Article 77 GDPR). The authority responsible for us is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany.
Accessing the site, server log files and hosting
When you access this website, your browser automatically sends information to our hosting provider’s server, where it is temporarily stored in so-called server log files: IP address, date and time of access, the name and URL of the page accessed, the browser used and, where applicable, the operating system, as well as the previously visited page (referrer).
This processing serves the purpose of a smooth connection, convenient use of the site, and the security and stability of our systems. The legal basis is our legitimate interest pursuant to Article 6(1)(f) GDPR.
Our website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Vercel processes the above data on our behalf under a data processing agreement (Article 28 GDPR). This may involve a transfer to the USA, which is safeguarded by the EU Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework.
Cookies
We use only one strictly necessary cookie: “NEXT_LOCALE” stores your chosen language (lifetime up to 12 months) so the site appears in the correct language.
This cookie is strictly necessary for the operation of the website; it is stored on the basis of Section 25(2) TDDDG and does not require consent. The legal basis for the processing is Article 6(1)(f) GDPR.
We do not use any analytics, tracking, advertising or social-media cookies. To serve the appropriate language, the country derived from your IP address by the hosting provider is evaluated once when a page is loaded; we do not store it permanently.
Contact form
When you send us a message via the contact form, we process the data you provide (name, email address, subject and message text) in order to handle and respond to your enquiry.
The legal basis is Article 6(1)(b) GDPR where your enquiry relates to a contract, otherwise our legitimate interest in responding to enquiries pursuant to Article 6(1)(f) GDPR.
To receive and store form submissions we use services from Google (Google Apps Script and Google Sheets), provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google processes the data on our behalf (Article 28 GDPR); any transfer to the USA is safeguarded by the EU Standard Contractual Clauses or the EU-US Data Privacy Framework.
We store the data until your enquiry has been fully dealt with and then delete it, unless statutory retention obligations apply.
Orders and payment processing
When you place an order, we process the data required to perform the contract (e.g. name, delivery and billing address, email address and payment data). The legal basis is Article 6(1)(b) GDPR (performance of the contract).
Payments are processed by the payment service provider Stripe (Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland). You enter your payment details (e.g. card number) directly with Stripe; we do not receive them in plain text, only the confirmation information needed to process the order.
Stripe processes some of the data as an independent controller. Details can be found in Stripe’s privacy policy.
Retention period
We process personal data only for as long as necessary for the stated purposes. The data is then deleted, unless statutory retention obligations (e.g. under commercial or tax law) require us to store it for longer.
Disclosure of data
Your data is disclosed to third parties only to the service providers named in this policy and only to the extent described. No automated decision-making, including profiling, within the meaning of Article 22 GDPR takes place.
Changes to this privacy policy
We update this privacy policy whenever changes to our data processing make it necessary. The current version published on this page always applies.