The Longevity Practice GmbH Website
Created on behalf of
The Longevity Practice GmbH
Graefestraße 11
10967 Berlin
Created by
VORBERG.law
Große Elbstraße 42
22767 Hamburg
Version: 1.0.0
Date: 20.01.2026
We take the protection of your personal data seriously and comply with applicable data protection laws.
With this privacy policy, we fulfill our information obligations under Art. 12 et seq. of the GDPR. This is intended to provide you with an overview of how we handle your personal data processed within the scope of using our range of services.
The Longevity Practice GmbH provides a digital infrastructure for the mediation and coordination of medical services in the field of longevity medicine. The offering includes the organization of appointments, diagnostics, and supplementary educational offers. In this context, the company acts as a technical service provider and mediator, while the actual medical treatment is carried out by autonomous and independent cooperating physicians on the basis of separate treatment contracts.
Please read our privacy policy in conjunction with our General Terms of Use. You can access the current version of our General Terms of Use at any time at https://www.thelongevitypractice.com/.
The controller responsible for data processing within the meaning of Art. 4 No. 7 GDPR is:
The Longevity Practice GmbH
Graefestraße 11
10967 Berlin
represented by Dr. med. Emil Kendziorra.
The controller takes the protection of your personal data seriously and complies with applicable data protection laws.
For questions regarding the processing of your data or the exercise of your rights as a data subject within the meaning of the GDPR, we—as the controller—are available to you at any time via email at info@thelongevitypractice.com or by mail at the address provided above. This also applies if a term used in this privacy policy is unclear to you.
In case of questions about or technical problems with our platform, you can contact contact@thelongevitypractice.com via email.
Alternatively, you can contact our Data Protection Officer (DPO).
The DPO can be reached at the following contact details:
contact@thelongevitypractice.com
As a "data subject" within the meaning of Art. 4 No. 1 GDPR, you are entitled to certain indispensable rights (data subject rights). We are obligated to guarantee these data subject rights and must also contractually obligate any processors used to support us in the best possible way in implementing these rights.
In this regard, you are entitled to the following data subject rights:
Right of Access (Article 15 GDPR)
You have the right to obtain information from us as to whether we are processing personal data concerning you and, if so, which data these are and for what purpose the processing is taking place.
Right to Rectification (Article 16 GDPR)
You have the right to have inaccurate or incomplete personal data that we have stored about you corrected.
Right to Erasure (Article 17 GDPR)
Under certain circumstances, you have the right to demand that we erase your personal data. This right exists, for example, if the data are no longer necessary for the purposes for which they were collected or if you have withdrawn your consent.
Right to Restriction of Processing (Article 18 GDPR)
Under certain circumstances, you have the right to restrict the further processing of your personal data. This right exists, for example, if you contest the accuracy of the data or if the processing is unlawful.
Right to Data Portability (Article 20 GDPR)
You have the right to receive a copy of your personal data from us in a structured, commonly used, and machine-readable format. You may also have this data transmitted to another controller, provided this is technically feasible.
Right to Object (Article 21 GDPR)
You have the right to object to the processing of your personal data for reasons arising from your particular situation. We will then no longer process your data unless there are compelling legitimate grounds for the processing.
Right to Withdraw Consent (Article 7 Para. 3 GDPR)
If we process your personal data on the basis of your consent, you may withdraw this consent at any time. The lawfulness of the processing until the withdrawal remains unaffected by this.
Right to Lodge a Complaint with a Supervisory Authority (Article 77 GDPR)
You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection regulations.
The competent authority is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
(Berlin Commissioner for Data Protection and Freedom of Information)
Alt-Moabit 59-61
10555 Berlin
Phone: +49 (0) 30 13889-0
You may assert your data subject rights at any time by notifying us in writing or electronically using the contact details provided in the "Details of the Controller" or "Details of the Data Protection Officer" sections of this privacy policy. In this context, we reserve the right to verify your identity through a suitable procedure.
We and the processors we employ will generally only disclose your data to third parties within the meaning of Art. 4 No. 10 GDPR if:
Under certain circumstances, we employ service providers as processors who maintain their registered office in a third country or are part of an international organization that maintains its registered office in a third country. In the context of the GDPR, a third country is understood to be a country that is not a member of the European Union (EU) or the European Economic Area (EEA) and thus does not fall under the regulatory influence of the GDPR. These third countries share the fact that they sometimes have their own data protection laws, which, however, may be lower than the level of protection provided by the GDPR.
The transfer of data to third countries is only permissible under certain legal requirements pursuant to Art. 44 GDPR:
Adequacy Decision
The existence of an adequacy decision expresses that the data protection law applicable in the third country in question provides a level of protection for your personal data comparable to the GDPR. In this case, the data transfer is permissible without further authorization; this includes:
Standard Contractual Clauses
If no adequacy decision exists, data transfer may take place on the basis of Standard Contractual Clauses issued by the EU Commission (Art. 46 Para. 2 Point (c) GDPR). These contractual clauses provide a sufficient guarantee on the part of the respective service provider, also with regard to the enforceability of the data subject rights provided for by the GDPR.
You will be explicitly informed by us within this privacy policy if a service provider has such a third-country connection. In this case, by granting your consent, you agree that your personal data will be transmitted to such a company.
Our service providers with a third-country connection are processors within the meaning of Art. 4 No. 8 GDPR and are contractually obligated to comply with the privacy policy.
By giving your consent, you agree that your personal data may be transferred to companies in third countries under the conditions mentioned.
To ensure the best possible protection of your data, it is secured during transmission using Secure Socket Layer encryption (SSL encryption) in conjunction with Transport Layer Security encryption (TLS encryption). This form of encryption ensures that your data cannot be read, redirected, or modified by unauthorized third parties during transmission.
Insofar as your data is stored by us, storage takes place exclusively in appropriately security-certified data centers within the European Union (EU) within the scope of the GDPR. We expressly reserve the right to involve external service providers for the storage and processing of your data, who act exclusively on our behalf and according to our instructions (processors). The processors used are contractually obligated by us to implement technical and organizational measures (TOMs) that correspond to the current state of the art and ensure data protection-compliant processing of your data.
Under no circumstances will your data be passed on or sold to third parties by us or by processors used without a legal basis.
As soon as you access our web platform, the browser you use automatically transmits access data (so-called log files) to our hosting provider, on whose servers the The Longevity Practice web platform is operated. These log files contain, among other things, personal data.
Processed data:
Purposes of processing:
The log files are necessary to ensure the technical functionality of the The Longevity Practice web platform. In particular, the transmission of your IP address is required to enable the display of the The Longevity Practice web platform on your terminal device in the first place. The data stored in the log files are not merged by us with other data sources and are not used to identify individual users. An evaluation for marketing purposes also does not take place.
Lawfulness of processing:
The processing of this data is based on Art. 6 Para. 1 Point (f) GDPR. Our legitimate interest lies in enabling you to use our platform in a technically secure and trouble-free manner. Without the processing of this data, the use of our web platform would not be possible for you.
Recipients of the data:
The recipient of your personal data within the meaning of Art. 4 No. 9 GDPR is the hosting provider of our web platform. We have commissioned Webflow, Inc. (398 11th Street, 2nd Floor, San Francisco, CA 94103) with the hosting of our web platform.
Webflow acts as a processor within the meaning of Art. 4 No. 8 GDPR for us in this context. The company was obligated on the basis of a data processing agreement (DPA) to implement suitable technical and organizational measures (TOMs) that serve to protect your data.
Please note that the hosting provider Webflow, Inc. has its registered office in the USA. Although a data transfer to the USA is generally not planned, it cannot be completely ruled out, and the corresponding regulations for data transfer to third countries apply.
Storage period:
The log files are automatically deleted after one year at the latest or anonymized in such a way that an assignment to your person is no longer possible.
In addition to the aforementioned access data (log files), cookies may also be used within the scope of the The Longevity Practice web platform.
Cookies are small text files that are automatically saved by your browser and stored on your terminal device. They do not contain malware and do not cause any damage to your device.
It is important to know that certain cookies may be necessary for technical reasons—for example, to ensure the correct display and function of our platform on your terminal device.
These so-called "technically necessary cookies" differ from cookies that serve other purposes—such as analyzing usage behavior or optimizing our offer. These are referred to as "technically non-necessary cookies."
The following section initially only deals with processing within the scope of technically necessary cookies. Should we use technically non-necessary cookies beyond this (e.g., for analysis purposes), you will be informed about this in separate sections of this privacy policy. If no such notes are included, it means that no technically non-necessary cookies are used.
Processed data:
Purposes of processing:
Through the use of cookies, we can recognize whether you have already visited certain areas or pages of the platform. This allows entries and settings you have already made to be saved so that you do not have to enter them again when you visit again.
Lawfulness of processing:
The processing of this data is based on Art. 6 Para. 1 Point (a) GDPR. Your consent to the use of cookies is obtained via a cookie banner that is displayed to you when you first visit our platform. Technically necessary cookies can be processed on the basis of Art. 6 Para. 1 Point (f) GDPR, as they are required for the operation of the website.
Recipients of the data:
The recipient of your personal data within the meaning of Art. 4 No. 9 GDPR is the hosting provider of our web platform. We have commissioned Webflow, Inc. (398 11th Street, 2nd Floor, San Francisco, CA 94103) with the hosting of our web platform.
Webflow acts as a processor within the meaning of Art. 4 No. 8 GDPR for us in this context. The company was obligated on the basis of a data processing agreement (DPA) to implement suitable technical and organizational measures (TOMs) that serve to protect your data.
Please note that the hosting provider Webflow, Inc. has its registered office in the USA. Although a data transfer to the USA is generally not planned, it cannot be completely ruled out, and the corresponding regulations for data transfer to third countries apply.
Storage period:
The storage period of cookies depends on their type and purpose.
You also have the option to prevent the use of cookies by switching off or restricting automatic cookie storage in your browser settings. Cookies that have already been saved can be manually deleted at any time. Please note, however, that deactivating cookies may result in the web platform no longer functioning fully or only to a limited extent.
We use the Google Analytics service within the scope of the web platform. This is a web analysis service provided by Google Ireland Limited.
Processed data:
By shortening your IP address through Google Analytics, your data is anonymized before the evaluation is carried out and can therefore no longer be assigned after collection.
Purposes of processing:
The processing of this data helps us to better understand user behavior on our web platform, to detect technical errors, and to make our content more user-friendly and relevant. Google Analytics uses cookies and similar technologies for this purpose, which enable an analysis of the use of the website.
Lawfulness of processing:
The processing is based on Art. 6 Para. 1 Point (a) GDPR, i.e., with your consent, which you grant via the cookie banner when you first visit our web platform. You can withdraw or adjust your consent at any time via the cookie settings on our website.
IP Anonymization:
We use Google Analytics with activated IP anonymization ("anonymizeIp"). As a result, your IP address is shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
Recipients of the data:
The recipient of the data collected by Google Analytics within the meaning of Art. 4 No. 9 GDPR is the provider of the Google Analytics service (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Google acts as a processor within the meaning of Art. 4 No. 8 GDPR for us and was obligated on the basis of a data processing agreement (DPA) to implement suitable technical and organizational measures (TOMs) that serve to protect your data.
It cannot be ruled out that Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as the parent company will receive access to personal data. In this context, please also note the section "Data Transfer to Third Countries."
Storage period:
The data collected by Google Analytics is generally stored for a period of 14 months and then automatically deleted or anonymized.
Withdrawal of your consent:
You can withdraw your consent to the use of Google Analytics at any time via the cookie banner on our website or through appropriate settings in your browser. Further information can be found in Google's privacy policy at: https://policies.google.com/privacy
In order to be able to integrate Google's tracking and analysis tools within the scope of the website, we use the Google Tag Manager (Google Ireland Ltd., Google Building, Gordon House, 4 Barrow St., Grand Canal Dock, Dublin 4, D04 V4X7, Ireland).
Processed data:
Purposes of processing:
The processing of the aforementioned data is required so that we can use the Google Tag Manager to integrate Google's tracking and analysis tools.
Lawfulness of processing:
We base the lawfulness of this data processing on Art. 6 Para. 1 Point (a) GDPR. You grant your consent by agreeing to the use of technically non-necessary cookies in connection with the Google Tag Manager within the framework of the cookie banner when you first access the website (or at a later point in time).
Recipients of the data:
The recipient of your personal data within the meaning of Art. 4 No. 9 GDPR is the Google Analytics service (Google Ireland Ltd., Google Building, Gordon House, 4 Barrow St., Grand Canal Dock, Dublin 4, D04 V4X7, Ireland). The provider of Google Analytics acts as a processor for us in this context and has been accordingly obligated on the basis of a data processing agreement to establish and maintain suitable technical and organizational measures (TOMs) that serve to protect your data.
Please note in this context that Google Ireland Ltd. is a subsidiary of Google LLC, which has its registered office in the USA. A data transfer to the USA is generally not intended, but cannot be conclusively ruled out. The statements in the section "Data Transfer to Third Countries" apply in this regard.
Storage period:
The data processed in this context of the processing activity is stored by us at most until you withdraw your consent to the use of technically non-necessary cookies in connection with the Google Tag Manager. You can adjust the settings you have made regarding the use of technically non-necessary cookies in connection with the Google Tag Manager at any time thereafter within the framework of the cookie banner on the website.
You can also prevent the use of technically non-necessary cookies by deactivating or gradually restricting the automatic setting of cookies in the settings of the browser you are using. Cookies already stored on the terminal device you are using can also be manually deleted by you in this context. Please note, however, that partial or complete deactivation of cookies in your browser settings may result in you no longer being able to use the website or no longer being able to use it to its full extent.
To analyze user behavior and adapt our marketing activities within the framework of the web platform, we use the remarketing function "Google Ads" (Google Ireland Ltd., Google Building, Gordon House, 4 Barrow St., Grand Canal Dock, Dublin 4, D04 V4X7, Ireland). Within the scope of the usage analysis, anonymous usage data is collected, stored, and evaluated. This data is collected via one or more technically non-essential cookies, provided you were redirected to our platform via a Google advertisement.
We can only recognize that someone clicked on one of our ads, was subsequently redirected to our platform, and reached a previously defined target page of the web platform (conversion page). In doing so, we only see the total number of users who clicked on our Google ad. Personal data is not processed in this process.
You can prevent the usage analysis described above by not clicking on our placed advertisements or by preventing the setting of technically non-essential cookies. You can do this by deactivating or restricting the automatic setting of cookies in your browser settings. You can also manually delete cookies already stored on your device at any time. Please note that the partial or complete deactivation of cookies may result in you being unable to use the web platform or being able to use it only to a limited extent.
To analyze the use of our web platform and for the technical optimization of our web presence, we use the Google Search Console, a web analysis service provided by Google Ireland Ltd., Google Building, Gordon House, 4 Barrow St., Grand Canal Dock, Dublin 4, D04 V4X7, Ireland.
The Google Search Console serves exclusively to monitor and improve the technical performance of our website in Google Search. Here, we receive aggregated evaluations of how often our website appears in Google search results, which search queries users use to reach our website, and information on possible technical problems (e.g., loading times or indexing errors).
In the context of using the Google Search Console, no personal data of individual users is processed or stored. In particular, we do not receive access to IP addresses, specific user profiles, or other information that would allow the identification of individual persons. The data provided is anonymized and serves statistical and technical purposes only.
The Google Search Console does not set cookies on your terminal device and does not access cookies already stored. It is not possible for us to assign the collected data to individual users. Further information on data processing by Google can be found in Google’s privacy notices.
To analyze user behavior and optimize our marketing activities, we use the visitor action pixel ("Facebook Pixel") of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, within the framework of the platform. The Facebook Pixel records user behavior after you have been redirected to our platform via a Facebook advertisement.
This allows us to track whether you have performed certain actions on our platform after clicking on one of our Facebook ads, such as visiting a specific page. This information helps us evaluate the effectiveness of our advertisements and improve our marketing measures. The processing of data is carried out exclusively on the basis of your consent pursuant to Art. 6 Para. 1 Point (a) GDPR. Personal data is processed only within the scope of your consent.
In the course of using the Facebook Pixel, data may also be stored or processed by Meta in the USA. We are jointly responsible with Meta Platforms Ireland Limited for the data processing (Art. 26 GDPR). For this purpose, a corresponding agreement on joint responsibility exists. Further information on data processing can be found in Facebook’s privacy notices.
You can object to the use of the Facebook Pixel and the associated personalized advertising by adjusting your ad preferences on Facebook or by making corresponding settings via the European Interactive Digital Advertising Alliance.
We use the online appointment scheduling tool Calendly of Calendly LLC (115 E. Main Street, Suite A1B PMB 123, Buford, Georgia, 30518, USA) for arranging and organizing appointments (e.g., for phone calls or virtual meetings). Calendly enables us to find and organize appointments easily and efficiently.
Processed data:
Purposes of processing:
The processing of the aforementioned data enables us to handle the arrangement and organization quickly and efficiently and to provide you with the necessary information to participate in the respective appointment.
Lawfulness of processing:
We base the lawfulness of this data processing on Art. 6 Para. 1 Point (a) GDPR. You grant your consent within the framework of the appointment booking process, or alternatively by actively arranging an appointment via the tool.
Recipients of the data:
The recipient of your personal data within the meaning of Art. 4 No. 9 GDPR is the provider of the Calendly service (Calendly LLC, 115 E. Main Street, Suite A1B PMB 123, Buford, Georgia, 30518, USA). The provider of Calendly acts as a processor for us in this context and has been obligated by us on the basis of a data processing agreement to establish and maintain suitable technical and organizational measures (TOMs) that serve to protect your data.
Please note in this context that Calendly LLC has its registered office in the USA. A data transfer to the USA is generally not intended but cannot be conclusively ruled out. The statements in the section "Data Transfer to Third Countries" apply in this regard.
Storage period:
The processed personal data will be deleted at the latest 60 days after the respective appointment has taken place.
As part of our range of services, we offer you the opportunity to subscribe to our newsletter. For the creation, dispatch, and evaluation of our newsletters, it is necessary for us to process certain personal data from you.
Processed data:
Purposes of processing:
We process this data to send you personalized newsletters and information about our services, products, and current topics. Furthermore, we use anonymized usage data (e.g., open and click rates) to analyze the success of our newsletters and continuously improve our content.
Lawfulness of processing:
The processing of your data is based on Art. 6 Para. 1 Point (a) GDPR, i.e., with your consent. You grant your consent directly when registering for the newsletter via our website. The entire registration process is logged in order to be able to prove compliance with legal requirements.
Recipients of the data:
The recipient of your personal data within the meaning of Art. 4 No. 9 GDPR is the service Brevo (Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany). Brevo acts as a processor within the meaning of Art. 4 No. 8 GDPR for us in this context. The company was obligated on the basis of a data processing agreement (DPA) to implement suitable technical and organizational measures (TOMs) to protect your data.
Storage period:
Your personal data will be stored until you withdraw your consent to receive our newsletter. You can withdraw your consent at any time via the unsubscribe link in the footer of every newsletter or by email to info@thelongevitypractice.com.
Notes on your data subject rights:
You may withdraw your consent pursuant to Art. 7 Para. 3 GDPR at any time with effect for the future. The withdrawal does not affect the lawfulness of the processing of your data carried out until the withdrawal.
In certain areas of the web platform, content from third-party providers may be integrated, for example, videos, graphics, or other multimedia elements. We may also provide links to external third-party websites.
For integrated content to be displayed correctly, it is technically necessary for your device to transmit your IP address to the respective third-party provider when accessed. Without this transmission, the content cannot be displayed.
We select third-party providers carefully and ensure that we only integrate services and content that use your data exclusively for the purposes stated in each case. Should we become aware of any further use, we will inform you within the scope of this privacy policy.
In the case of links to external websites, data is only transmitted to the third-party provider once you actively click on the link. In this case, further personal data may be processed by the third-party provider (e.g., IP address, device information, usage data). We have no influence over this processing and refer you to the privacy policies of the respective providers.
To improve the presentation of the web platform, we use locally hosted webfonts (fonts) from Google (so-called "Google Webfonts").
In order for these fonts to be displayed correctly, your browser transmits certain technical information to our hosting provider, on whose servers the web platform is operated, when you access our web platform. Personal data may also be processed in this process.
Processed data:
Purposes of processing:
The processing of this data is necessary to display the content of our web platform uniformly, correctly, and technically error-free on different terminal devices and in different browsers using the locally hosted Google Webfonts.
Since the fonts are integrated locally on our own servers, no connection is established to Google's servers. Therefore, no transmission of personal data to Google or other third parties takes place.
Lawfulness of processing:
The processing of your data is based on Art. 6 Para. 1 Point (f) GDPR. Our legitimate interest lies in enabling you to use our web platform in a secure, technically stable, and visually appealing manner.
Recipients of the data:
The recipient of your personal data within the meaning of Art. 4 No. 9 GDPR is the hosting provider of our web platform. We have commissioned Webflow, Inc. (398 11th Street, 2nd Floor, San Francisco, CA 94103) with the hosting of our web platform. Webflow acts as a processor within the meaning of Art. 4 No. 8 GDPR for us in this context.
Please note that the hosting provider Webflow, Inc. has its registered office in the USA. Although a data transfer to the USA is generally not planned, it cannot be completely ruled out, and the corresponding regulations for data transfer to third countries apply.
Storage period:
The data generated in the context of accessing our web platform is deleted immediately after the end of your session.
You can contact us via the contact form, by email, or via a consultation (online/on-site). For conducting online consultations and simplifying appointment and patient management, we use the services of Patientify.io (0x0 Marketing GmbH, Am Alten Bahnhof 1, 82377 Penzberg).
We explicitly point out that video-based conversations are not recorded, and accordingly, no storage takes place.
Processed data:
Purposes of processing:
The processing of the data you transmit when contacting us is carried out by us exclusively for the purpose of recording, processing, and answering your inquiry. Within the scope of the service, your personal data will be transmitted to the respective cooperating physician. Please note that product-related complaints may be used by us as part of market monitoring to evaluate the quality and safety of the services offered (feedback management).
Lawfulness of processing:
We base the lawfulness of this data processing on Art. 6 Para. 1 Point (a) and/or Art. 9 Para. 2 Point (a) GDPR. If your inquiry takes place within the framework of an existing or initiated contractual relationship, we additionally base the processing on Art. 6 Para. 1 Point (b) GDPR. If you use the contact form, the processing is based on your consent according to Art. 6 Para. 1 Point (a) GDPR.
Recipients of the data:
Recipients of your personal data within the meaning of Art. 4 No. 9 GDPR are the providers of the email software, the contact form, and the patient management tool used by us to receive and process your inquiries. These are providers of the tool Doctolib GmbH (Mehringdamm 51, 10961 Berlin), and Patientify.io (0x0 Marketing GmbH, Am Alten Bahnhof 1, 82377 Penzberg). All aforementioned service providers act as processors for us in this context and have been accordingly obligated on the basis of a data processing agreement.
Storage period:
Your data will only be stored for as long as is necessary to process your request. We will then delete it, provided there are no statutory retention obligations to the contrary.
Notes on your data subject rights:
You have the right to object at any time to the processing of your personal data pursuant to Art. 21 GDPR for reasons arising from your particular situation. If we cannot demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims, we will cease processing your data. However, this right of objection only applies if the processing is based on Art. 6 Para. 1 Point (f) GDPR (legitimate interest).
You have the option to voluntarily request contact with a physician through the platform. Within the scope of the services of The Longevity Practice GmbH, it cooperates with autonomous and independent physicians to enable you to receive comprehensive advice and treatment. For these medical services, separate treatment contracts are concluded directly between the patients and the respective physicians. The medical service is expressly not provided by Longevity Practice itself, but is merely mediated. Within the scope of the service, your personal data will be transmitted to and processed by the respective cooperating physician.
Processed data:
Purpose of processing:
The transfer of this data takes place exclusively for the purpose of consultation and treatment by the physicians. The transfer of data takes place solely for the purpose of enabling professional medical advice and treatment.
Lawfulness of processing:
We base the lawfulness of this data processing on your express consent (cf. Art. 9 Para. 2 Point (a) GDPR). You grant your express consent during the registration process. You have the right to withdraw your consent at any time.
Recipients of the data:
Recipients of your personal data within the meaning of Art. 4 No. 9 GDPR are the cooperating physicians and the providers of the patient management tool used by us to receive and process your inquiries. This includes the provider Patientify.io (0x0 Marketing GmbH, Am Alten Bahnhof 1, 82377 Penzberg). All aforementioned service providers act as processors for us in this context and have been accordingly obligated on the basis of a data processing agreement.
Storage period:
The transmitted data will only be stored for as long as is necessary for the purpose of consultation and treatment by the physicians. After the conclusion of the consultation, your data will be deleted or anonymized in accordance with legal regulations, provided there are no further legal retention obligations.
Within the scope of our advisory services, you have the option to contact us, The Longevity Practice GmbH, via WhatsApp Business. The use of WhatsApp Business for communication between you and The Longevity Practice is voluntary.
Please note that WhatsApp Business is an external service that is not under our direct control. Therefore, we cannot guarantee the complete security of information transmitted via WhatsApp Business. It is possible that WhatsApp Business collects personal data and processes it for its own purposes.
We therefore point out that the use of WhatsApp Business for the transmission of sensitive health data may be associated with risks, as WhatsApp's data protection standards may not meet the requirements of the healthcare sector.
The use of WhatsApp Business is subject to the privacy policy and terms of use of WhatsApp, over which we have no influence. We therefore recommend that you inform yourself about the privacy policies of WhatsApp Business and be aware that by using WhatsApp Business, you may be disclosing personal data.
If you have concerns regarding the use of WhatsApp Business for communication with us or prefer an alternative contact method, other communication channels are available to you to get in touch with us.
Processed data:
Contact data:
Health data:
Communication content:
Device information:
Location data: * Location information may be collected if enabled in the device settings.
Purpose of processing:
The purpose of the processing is to enable communication between you and The Longevity Practice via WhatsApp to offer support. Please note that product-related complaints may be used by us as part of market monitoring to evaluate the quality and safety of the services offered (feedback management).
This includes, among other things:
Lawfulness of processing:
We base the lawfulness of this data processing on your express consent (cf. Art. 9 Para. 2 Point (a) GDPR). You grant your express consent by checking the box provided for this purpose during the registration process. By using WhatsApp Business to communicate with us, you declare your agreement with the processing of your health data.
Recipients of the data:
The data exchanged via WhatsApp is intended for communication between The Longevity Practice and you. In addition, WhatsApp, as an external service provider, also gains access to the transmitted data.
WhatsApp provider:
[Insert Provider Details, e.g., WhatsApp Ireland Limited / Meta]
Storage period:
The storage period of the data exchanged via WhatsApp is based on the applicable legal requirements as well as the requirements for medical documentation. As a rule, the data is only stored for as long as is necessary to fulfill the purpose of the consultation and as long as statutory retention periods must be observed. After the consultation is completed and provided there are no legal obligations for longer storage, the data will be deleted or anonymized to protect your privacy.
Within the scope of the services offered, it may be necessary to assert invoices on behalf of the treating physician or the practice address. This is conducted similarly to a private medical billing office for physicians. In this process, your personal data is processed.
Processed data:
Purpose of processing:
The processing of your data is for the purpose of invoicing on behalf of the treating physician or the practice address. This is similar to the process of a private medical billing office for physicians. Your personal data is processed in order to issue invoices.
Lawfulness of processing:
We base the lawfulness of this data processing on your express consent (cf. Art. 9 Para. 2 Point (a) GDPR). You grant your express consent within the framework of the treatment contract between you and your treating physician, on the basis of which the medical services are provided. The treating physician has concluded a separate contract with The Longevity Practice GmbH regarding the creation and processing of invoices.
Recipients of the data:
Recipients of your personal data within the meaning of Art. 4 No. 9 GDPR are exclusively the relevant departments responsible for the processing and handling of invoices. This includes the accounting department of The Longevity Practice GmbH, as well as that of the treating physician.
Storage period:
The storage period of the data is based on the statutory retention periods for medical records and billing data. As a rule, the data is kept for a period of up to ten years to comply with any legal requirements and to ensure traceability in the event of billing or treatment errors.
The Longevity Practice GmbH offers you the opportunity to participate in a moderated community area. There, you can exchange information and share experiences anonymously with other users. Participation in the community is voluntary. The exchange serves the purpose of support, information, and the promotion of the community and does not constitute medical treatment. It replaces neither individual medical advice nor a medical examination or therapy.
Processed data:
Purposes of processing:
The processing of this data is necessary to technically provide you with the community function and to ensure the secure operation and moderation of the community area on our website. The content of community posts is not evaluated and is not permanently stored.
Lawfulness of processing:
We base the lawfulness of this data processing on your voluntary consent pursuant to Art. 6 Para. 1 Point (a) and/or Art. 9 Para. 2 Point (a) GDPR. You grant your consent by actively clicking on a corresponding button as well as by subsequent active use of the community function.
Recipients of the data:
The recipient of your personal data within the meaning of Art. 4 No. 9 GDPR is primarily our hosting service provider <Provider>, <Address>. Furthermore, Webflow, Inc. (398 11th Street, 2nd Floor, San Francisco, CA 94103), as the technical development and maintenance partner of the website, receives access to the data, but exclusively within the framework of necessary maintenance or support measures. Both companies act as processors within the meaning of Art. 4 No. 8 GDPR for us and are contractually obligated to implement suitable technical and organizational measures (TOMs) to protect your data.
Storage period:
Your community data is stored for the duration of your active access and deleted after use is terminated, provided there are no statutory retention obligations to the contrary.
"Controller" pursuant to Art. 4 No. 7 GDPR is the person who decides on the purposes and means of the processing of personal data. They determine, above all, what is processed, how, and for what purpose. They are responsible for the processing and must ensure that data protection regulations are complied with.
"Processor" pursuant to Art. 4 No. 8 GDPR is the person who acts for the controller and processes personal data on their behalf.
"Personal data" pursuant to Art. 4 No. 1 GDPR means any information relating to an identified or identifiable natural person ("data subject").
"Processing" pursuant to Art. 4 No. 2 GDPR means any type of operation performed on data. This includes, in particular, collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, transmission, dissemination, alignment, combination, restriction, erasure, or destruction of personal data.
"Data subject" pursuant to Art. 4 No. 1 GDPR is the natural person to whom the data processed by the controller can be directly or indirectly assigned.
"Recipient" pursuant to Art. 4 No. 9 GDPR is the person to whom personal data is disclosed, regardless of whether it is a third party or not.
"Third party" pursuant to Art. 4 No. 10 GDPR is anyone except the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.
"Special categories of personal data" pursuant to Art. 9 Para. 1 GDPR specifically include health data of the data subject. This data requires a higher level of protection.
"Health data" pursuant to Art. 4 No. 15 GDPR are personal data relating to the physical or mental health of the data subject, which reveal information about their health status.
"Consent" pursuant to Art. 4 No. 11 GDPR means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action (e.g., checking a box provided for this purpose), signify agreement to the processing of personal data relating to them.
"Pseudonymization" pursuant to Art. 4 No. 5 GDPR means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information. This additional information must be kept separately and measures must be taken to ensure that the data is no longer attributed to an identified or identifiable person.
"Anonymization" according to DIN EN ISO 25237 describes the process by which personal data is irreversibly altered by the controller alone or in cooperation with another party so that the data subject can no longer be identified, either directly or indirectly.
We reserve the right to update this privacy policy in the future—for example, if legal requirements change, new legal assessments are available, or we further develop our offering. If we make changes to this privacy policy, we will inform you in good time. Don’t worry: your rights as a data subject under the GDPR will never be restricted by a change to this privacy policy.
As of: 20.01.2026
Disclaimer: This document is a non-binding English translation of the original German "Datenschutzerklärung." In the event of any discrepancies or disputes, the German version shall prevail.
