Privacy Policy – HealthResearch.pro

Last updated: June 2026

1. Privacy at a Glance

General Information

The following provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. For detailed information on data protection, please refer to the full privacy policy below.

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator:

Stefan Schuster Lindenstrasse 5 87787 Wolfertschwenden Germany

Email: privacy@healthresearch.pro Phone: +49 (0) 151 5630 9871

How do we collect your data?

Your data is collected in two ways. First, data you provide to us directly – for example, data you enter into a contact form or provide during an order. Second, data collected automatically by our IT systems when you visit the website, primarily technical data such as your browser type, operating system, or the time of your page request.

What do we use your data for?

Some data is collected to ensure the proper functioning of the website. Other data may be used to analyze visitor behavior. If contracts are initiated or concluded through the website, the transmitted data is also processed for order fulfillment.

What rights do you have regarding your data?

You have the right at any time to obtain free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of processing of your personal data under certain circumstances. You also have the right to lodge a complaint with the competent supervisory authority.

2. Hosting

This website is hosted externally. Personal data collected on this website is stored on the servers of the hosting provider. This may include IP addresses, contact requests, metadata, contract data, contact information, names, website access, and other data generated through a website.

External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of the secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR).

We use the following hosting provider:

united-domains GmbH Gautinger Strasse 10 82319 Starnberg Germany

We have concluded a Data Processing Agreement (DPA) with this provider to ensure that personal data of our website visitors is processed only in accordance with our instructions and in compliance with the GDPR.

3. General Information and Mandatory Disclosures

Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with applicable data protection regulations and this privacy policy.

We note that data transmission over the Internet (e.g., communication by email) may have security vulnerabilities. Complete protection of data against third-party access is not possible.

Storage Duration

Unless a more specific storage period has been stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods).

Legal Bases for Data Processing

Where we obtain consent for processing personal data, Art. 6(1)(a) GDPR serves as the legal basis. For data processing necessary for the performance of a contract, Art. 6(1)(b) GDPR serves as the legal basis. For processing necessary to comply with a legal obligation, Art. 6(1)(c) GDPR applies. Processing based on our legitimate interest is covered by Art. 6(1)(f) GDPR.

Recipients of Personal Data

In the course of our business activities, we work with various external parties. In some cases, the transfer of personal data to these external parties is necessary. We only disclose personal data to external parties if it is required for contract fulfillment, if we are legally obligated to do so, if we have a legitimate interest under Art. 6(1)(f) GDPR, or if another legal basis permits the disclosure.

Your Rights

Right to revoke consent: You can revoke any consent you have given at any time. The lawfulness of processing carried out prior to the revocation remains unaffected.

Right to object (Art. 21 GDPR): If data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

Right to lodge a complaint: In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged infringement.

Right to data portability: You have the right to receive data that we process automatically on the basis of your consent or in fulfillment of a contract in a commonly used, machine-readable format.

Right to information, correction, and deletion: You have the right at any time to obtain free information about your stored personal data, its origin and recipients, and the purpose of data processing, and, where applicable, a right to correction or deletion of this data.

SSL/TLS Encryption

This site uses SSL/TLS encryption for security purposes. An encrypted connection is indicated by the browser address bar changing from “http://” to “https://” and by the lock icon in your browser bar.

4. Data Collection on This Website

Cookies

Our website uses cookies. Cookies are small data packets that are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Persistent cookies remain on your device until you delete them or they are automatically deleted by your browser.

Cookies that are necessary for the electronic communication process, for providing certain functions you have requested, or for optimizing the website are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified.

You can configure your browser to inform you about the setting of cookies, to allow cookies only in individual cases, to exclude cookies in general, and to activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

Contact by Email

If you contact us by email, your inquiry including all personal data arising from it (name, inquiry) will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.

This processing is based on Art. 6(1)(b) GDPR if your inquiry is related to contract fulfillment or pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if obtained.

Data sent to us via contact requests will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies.

5. Third-Party Services

Google reCAPTCHA

This website uses Google reCAPTCHA to protect forms and interactions against automated abuse. Provider: Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA analyzes the behavior of the website visitor using various characteristics (e.g., IP address, time spent on the website, mouse movements). The data collected during the analysis is forwarded to Google. reCAPTCHA may use cookies. More information about Google reCAPTCHA can be found in the Google Privacy Policy: https://policies.google.com/privacy and the Terms of Service: https://policies.google.com/terms.

This service is used on the basis of our legitimate interest in protecting our website against automated abuse and spam (Art. 6(1)(f) GDPR). Data may be transferred to the USA. Google is certified under the EU-US Data Privacy Framework (DPF). More information: https://www.dataprivacyframework.gov/participant/5780.

6. eCommerce and Payment Providers

Processing of Customer and Contract Data

We collect, process, and use personal customer and contract data for the purpose of establishing, structuring, and modifying our contractual relationships. We collect, process, and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill the user. The legal basis is Art. 6(1)(b) GDPR.

Collected customer data is deleted after completion of the order or termination of the business relationship and expiry of any applicable statutory retention periods.

Stripe

We use Stripe as our payment processor. Provider: Stripe, Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, USA (for customers outside the US, Stripe is also represented by Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland).

When you make a payment, the following data may be transmitted to Stripe: payment amount, credit card or payment method details, billing address, email address, IP address, and browser/device information. Stripe processes this data to execute the payment transaction and for fraud prevention purposes.

This processing is based on Art. 6(1)(b) GDPR (contract fulfillment). Stripe may transfer data to the USA. Stripe is certified under the EU-US Data Privacy Framework (DPF). In addition, Standard Contractual Clauses (SCCs) are in place as a supplementary safeguard in the event that the DPF is invalidated. More information: https://stripe.com/privacy.

Order Processing and Data Flow

When you place an order, we retrieve your email address and research topic from Stripe to generate and deliver your report. During processing, this data is stored in our internal systems (order database) alongside technical parameters required for report generation. Your delivered report is sent to the email address provided during checkout. The sent email is retained as proof of delivery. Stripe retains transaction data according to its own data retention policies.

Geo-Restriction

This product is available to US customers only. To enforce this restriction, we check the country of origin of the payment method. Payments from outside the United States are automatically declined. This processing is based on our legitimate interest in legal compliance and market restriction (Art. 6(1)(f) GDPR). No personal data beyond the country-level check is stored for this purpose.

7. Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

Categories of Personal Information We Collect

Identifiers (e.g., email address, IP address) – collected for order fulfillment, communication, and fraud prevention.

Commercial information (e.g., purchase history, order details, research topic) – collected for order processing and delivery.

Internet and network activity (e.g., browser type, operating system, page interactions) – collected for website functionality and security.

Payment data (e.g., credit card details, processed by Stripe and not stored by us) – collected for payment processing.

Retention

Order-related data is retained for the duration of the business relationship and any applicable statutory retention periods (typically 6–10 years under German tax law). Technical data (server logs) is deleted after 30 days. Contact inquiries are retained until the purpose no longer applies or you request deletion.

Your Rights

As a California resident, you have the right to:

Know what personal information we collect, use, and disclose
Delete your personal information, subject to certain exceptions
Correct inaccurate personal information we hold about you
Opt out of sale or sharing of your personal information
Limit use of sensitive personal information to what is necessary
Non-discrimination for exercising any of your privacy rights

Sale of Personal Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.

How to Exercise Your Rights

Submit your request by emailing privacy@healthresearch.pro. We will acknowledge your request within 10 days and respond within 45 days. If we need more time, we will notify you of the extension and the reason (up to an additional 45 days). You will not be required to create an account to submit a request.

8. Children’s Privacy (COPPA)

This website and its products are not directed at children. We do not knowingly collect personal information from anyone under the age of 16. If you are under 16, please do not use this website or submit any personal data. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe we may have collected information from a child under 16, please contact us at privacy@healthresearch.pro.