Privacy Policy (Kopie)
Privacy Policy
1. Data Protection at a Glance
General Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data are any data by which you can be personally identified. Detailed information on data protection can be found in our Privacy Policy set out below.
Data Collection on This Website
2. Hosting
We host the content of our website as well as the webshop with the following provider:
All-Inkl
The provider is ALL-INKL.COM – Neue Medien Münnich, proprietor René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany (hereinafter “All-Inkl”). For details, please refer to All-Inkl’s privacy information: https://all-inkl.com/datenschutzinformationen/.
All-Inkl is used on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website possible. Where consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Sec. 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
Processing
We have concluded a Data Processing Agreement (DPA) for the use of the above service. This is a data-protection-law-required agreement ensuring that All-Inkl processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
3. General Information and Mandatory Notices
Data Protection
These privacy notices apply to visits to this website, our webshop, and our social media profiles (LinkedIn, Instagram).
When you use this website, various personal data are collected. Personal data are data by which you can be personally identified. This Privacy Policy explains which data we collect and for what purposes we use them. It also explains how and for what purpose this is done.
Please note that data transmission over the Internet (e.g., communication by email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.
This site uses SSL and/or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the browser address line changing from “http://” to “https://” and by the lock symbol in your browser line.
If SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Notice Concerning the Controller
The controller responsible for data processing on this website is:
TimeTeller GmbH
Prof. Dr. Angela Moreira Borralho Relógio
Kanalstraße 52
22085 Hamburg
Germany
Phone: +49 15679 679409
Email: info@time-teller.eu
“Controller” means the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Contact Details of the Data Protection Officer
TimeTeller GmbH
Attn. Data Protection Officer
Kanalstraße 52
22085 Hamburg
Germany
E-Mail: datenschutz@timeteller-health.com
Storage Period
Unless a more specific storage period is stated within this Privacy Policy, your personal data will remain with us until the purpose for processing ceases to apply. If you assert a legitimate request for erasure or revoke your consent to processing, your data will be erased unless we have other legally permissible grounds for storing your personal data (e.g., statutory retention periods under tax or commercial law); in the latter case, erasure takes place after those grounds cease to apply.
General Information on Legal Bases for Processing
If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data under Art. 9(1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, processing is additionally based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your end device (e.g., via device fingerprinting), processing is additionally based on Sec. 25(1) TDDDG. Consent may be revoked at any time.
If your data are required for performance of a contract or for pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, we process your data if required to comply with a legal obligation on the basis of Art. 6(1)(c) GDPR. Processing may also be based on our legitimate interests pursuant to Art. 6(1)(f) GDPR. The relevant legal bases applicable in each individual case are described in the following sections.
Recipients of Personal Data
In the course of our business activities we cooperate with various external entities. In some cases, this requires the transfer of personal data to such external entities. We only transfer personal data to external entities if this is necessary for the performance of a contract, if we are legally obliged to do so (e.g., disclosure to tax authorities), if we have a legitimate interest in disclosure pursuant to Art. 6(1)(f) GDPR, or if another legal basis permits disclosure. Where we use processors, we transfer personal data of our customers only on the basis of a valid data processing agreement. In the case of joint controllership, a joint controllership agreement is concluded.
Revocation of Your Consent to Data Processing
Many processing operations are only possible with your explicit consent. You can revoke any consent you have already given at any time. If you gave consent via the Usercentrics consent management tool, you can revoke your consent there at any time. Otherwise, you can send us an email to info@time-teller.eu. The lawfulness of processing carried out up to the revocation remains unaffected.
Right to Object to Processing in Special Cases and to Direct Marketing (Art. 21 GDPR)
Where processing is based on Art. 6(1)(e) or (f) GDPR, you have the right at any time to object to processing of your personal data for reasons arising from your particular situation; this also applies to profiling based on these provisions. The relevant legal basis for processing can be found in this Privacy Policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds overriding your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims (objection pursuant to Art. 21(1) GDPR).
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for direct marketing purposes (objection pursuant to Art. 21(2) GDPR).
Right to Lodge a Complaint with the Competent Supervisory Authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged violation. This right exists without prejudice to any other administrative or judicial remedies.
Right to Data Portability
Within the framework of applicable legal provisions, you have the right to receive data that we process automatically on the basis of your consent or in performance of a contract, in a commonly used, machine-readable format, or to have such data transmitted to a third party. If you request direct transmission to another controller, this will be done only insofar as technically feasible.
Right of Access, Rectification, and Erasure
Within the framework of applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, their origin and recipients, and the purpose of processing, and, where applicable, a right to rectification or erasure of such data. For this and further questions on personal data, you may contact us at any time.
Right to Restriction of Processing
Within the framework of applicable legal provisions, you have the right to request restriction of processing of your personal data. You may contact us at any time for this purpose. The right to restriction of processing applies in the following cases:
- If you contest the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request restriction of processing.
- If the processing of your personal data was/is unlawful, you may request restriction of processing instead of erasure.
- If we no longer need your personal data, but you need them for the establishment, exercise, or defense of legal claims, you have the right to request restriction instead of erasure.
- If you have lodged an objection pursuant to Art. 21(1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request restriction.
If processing has been restricted, such data may—apart from storage—be processed only with your consent or for the establishment, exercise, or defense of legal claims, for the protection of rights of another natural or legal person, or for reasons of important public interest of the EU or a Member State.
4. Data Collection on This Website
Cookies
Our websites use so-called “cookies.” Cookies are small data packets and do not damage your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or automatic deletion occurs via your web browser.
Cookies may originate from us (first-party cookies) or from third parties (third-party cookies). Third-party cookies allow the integration of certain services of third parties within websites (e.g., cookies for processing payment services).
Cookies serve different functions. Many cookies are technically necessary, since certain website functions would not work without them (e.g., shopping cart or video display functions). Other cookies may be used to evaluate user behavior or for advertising purposes.
Cookies that are necessary to carry out electronic communication, to provide certain functions requested by you (e.g., shopping cart function), or to optimize the website (e.g., to measure web audiences) (“necessary cookies”) are stored on the basis of Art. 6(1)(f) GDPR unless another legal basis is stated. We have a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of our services. Where consent to store cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of that consent (Art. 6(1)(a) GDPR and Sec. 25(1) TDDDG); consent may be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude cookies for certain cases or generally, and activate automatic deletion of cookies when closing the browser. If cookies are disabled, the functionality of this website may be limited.
The cookies and services used on this website can be found in this Privacy Policy.
Consent with Usercentrics
This website uses Usercentrics consent technology to obtain your consent for storing certain cookies on your end device or using certain technologies and to document this in compliance with data protection law. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany (“Usercentrics”).
When you enter our website, the following personal data are transmitted to Usercentrics:
- Your consent(s) or revocation of your consent(s)
- Your IP address
- Information about your browser
- Information about your end device
- Time of your visit to the website
- Geolocation
Usercentrics also stores a cookie in your browser to assign the consents given or their revocation to you. The data collected in this way are stored until you request deletion, delete the Usercentrics cookie yourself, or the purpose for storage ceases to apply. Mandatory statutory retention obligations remain unaffected.
The Usercentrics banner on this website was configured using eRecht24, which is recognizable by the eRecht24 logo appearing in the banner. To display the logo, a connection to the eRecht24 image server is established, whereby the IP address is transmitted. However, the IP address is stored only in anonymized form in server logs. The eRecht24 image server is located in Germany with a German provider. The banner itself is provided exclusively by Usercentrics.
Usercentrics is used to obtain the legally required consents for the use of certain technologies. The legal basis is Art. 6(1)(c) GDPR.
Processing
We have concluded a DPA for the use of the above service, ensuring that Usercentrics processes personal data only in accordance with our instructions and in compliance with the GDPR.
Server Log Files
The provider of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Time of server request
- IP address
These data are not merged with other data sources. Collection is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the technically error-free presentation and optimization of our website; for this purpose, log files must be collected.
Contact Form
If you send us inquiries via the contact form, your information from the inquiry form, including the contact details provided there, will be stored for the purpose of processing the inquiry and in case of follow-up questions. We do not share these data without your consent.
Processing is based on Art. 6(1)(b) GDPR if the inquiry is related to contract performance or pre-contractual measures. In all other cases, processing is based on our legitimate interest in communicating with interested parties and efficiently processing inquiries (Art. 6(1)(f) GDPR).
The data you enter in the contact form remain with us until you request deletion, revoke consent to storage, or the purpose for storage ceases to apply (e.g., after your inquiry has been processed). Mandatory statutory provisions, in particular retention periods, remain unaffected.
Pre-registration for Test Kits via CleverReach
Upon request, we will send you an email once TimeTeller tests for creating a personal circadian profile and optimizing health become available to further user groups.
For market-research purposes, we collect name and email address, gender, age group, and the reason for interest (aging processes, women’s health and menopause, exercise and physical performance, sleep, nutrition, shift work and regular working hours, maintaining good health, a specific health issue / I am a patient). Processing is based on your consent pursuant to Art. 6(1)(a) GDPR. Consent may be revoked at any time.
The data you enter remain with us until you request deletion, revoke consent to storage, or the purpose ceases to apply. Mandatory statutory provisions remain unaffected.
We use the CleverReach tool for sending notifications. Provider: CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany. CleverReach stores the data you enter (e.g., email address) on servers in Germany and/or Ireland.
Notifications sent via CleverReach allow us to analyze recipient behavior, including e.g. how many recipients opened a notification and which links were clicked. With conversion tracking, it can additionally be analyzed whether a predefined action (e.g., purchasing a product) took place after clicking a link. More information on CleverReach analysis is available at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.
Processing takes place on the basis of your consent (Art. 6(1)(a) GDPR). You can revoke consent by unsubscribing from notifications. The lawfulness of processing prior to revocation remains unaffected.
If you do not want analysis by CleverReach, you must unsubscribe; every message contains an unsubscribe link.
Data stored for notification purposes are retained until you unsubscribe with us or the provider and are deleted after unsubscribing or after completion of notifications. Data stored for other purposes remain unaffected.
Please refer to CleverReach’s privacy policy at: https://www.cleverreach.com/de/datenschutz/.
Processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required under data protection law, ensuring that the service provider processes the personal data of our website visitors solely on our instructions and in compliance with the GDPR.
Inquiries by Email or Telephone
If you contact us by email or telephone, your inquiry and all resulting personal data (name, inquiry) are stored and processed for the purpose of handling your request. We do not pass these data on without your consent.
Processing is based on Art. 6(1)(b) GDPR if the inquiry relates to contract performance or pre-contractual measures. In all other cases, processing is based on our legitimate interest in efficiently handling inquiries (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a), Art. 9(2)(a) GDPR) where such consent was requested. Consent may be revoked at any time.
Data transmitted through contact inquiries remain stored until you request deletion, revoke consent, or the purpose ceases to apply. Mandatory statutory provisions, in particular retention periods, remain unaffected.
5. Analysis Tools and Advertising
Google Tag Manager
We use Google Tag Manager. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that enables us to integrate tracking or statistics tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It merely serves to manage and deliver the tools integrated through it. However, Google Tag Manager does record your IP address, which may also be transmitted to Google’s parent company in the United States.
Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in the quick and uncomplicated integration and management of various tools. Where consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Sec. 25(1) TDDDG; consent may be revoked at any time.
Google is certified under the EU-US Data Privacy Framework (DPF). More information is available at: https://www.dataprivacyframework.gov/participant/5780.
Google Analytics
This website uses functions of the web analytics service Google Analytics. Provider: Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables us to analyze the behavior of website visitors. We receive usage data such as page views, dwell time, operating systems used, and user origin. These data are assigned to the user’s end device; no assignment to a user ID takes place.
We may also record mouse and scroll movements and clicks. Google Analytics uses modeling approaches and machine-learning technologies to supplement captured data records.
Google Analytics uses technologies that enable user recognition (e.g., cookies or device fingerprinting). Information collected by Google about your use of this website is generally transmitted to and stored on a Google LLC server in the USA.
Use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and Sec. 25(1) TDDDG. Consent can be revoked at any time via the consent management tool.
Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details: https://privacy.google.com/businesses/controllerterms/mccs/.
Google LLC is certified under the DPF: https://www.dataprivacyframework.gov/participant/5780.
IP Anonymization
Google Analytics IP anonymization is enabled. Your IP address is shortened by Google within the EU/EEA before transmission to the USA. Only in exceptional cases is the full IP address transmitted and shortened there. On our behalf, Google uses this information to evaluate your use of the website, compile reports, and provide further services related to website and internet use. The IP address transmitted by your browser is not merged with other data held by Google.
Browser Plugin
You can prevent collection and processing of your data by Google by downloading and installing the browser plugin at: https://tools.google.com/dlpage/gaoptout?hl=de.
Further information on handling user data by Google Analytics: https://support.google.com/analytics/answer/6004245?hl=de.
Processing
We have concluded a DPA with Google and fully implement the strict requirements of German data protection authorities for Google Analytics.
6. Plugins und Tools
Google Fonts (Local Hosting)
This site uses Google Fonts to display fonts uniformly. The fonts are installed locally; no connection to Google servers occurs.
Further information: https://developers.google.com/fonts/faq and Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Google reCAPTCHA
We use Google reCAPTCHA (“reCAPTCHA”) on this website. Provider: Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
reCAPTCHA is intended to verify whether data entry on this website (e.g., in a contact form) is made by a human or by an automated program. reCAPTCHA analyzes visitor behavior based on various characteristics. This analysis starts automatically as soon as the visitor enters the website. For analysis, reCAPTCHA evaluates information such as IP address, time spent on the website, or mouse movements. The data collected are forwarded to Google.
The analyses run entirely in the background. Visitors are not informed that such analysis is taking place.
Storage and analysis are based on Art. 6(1)(f) GDPR. We have a legitimate interest in protecting our web offerings from abusive automated espionage and spam. Where consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Sec. 25(1) TDDDG; consent may be revoked at any time.
Further information: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.
The company is certified under the “EU–US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the United States. Each company certified under the DPF commits to adhere to these data protection standards. Further information is available from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
7. Processing Activities in Connection with Contract Performance and Service Provisiong
Customer Account Registration and Orders
Orders are only possible by creating a customer account. For this purpose, we process name, email address, postal address, and payment data. We use the email address for account creation and for communication related to the contract, such as order confirmation, shipping tracking number, and notification when the report is available. Legal basis: Art. 6(1)(b) GDPR.
In connection with orders, disclosure to service providers takes place only insofar as necessary for contract performance. Personal data provided for contract initiation, performance, and processing (e.g., name, email address, address, payment data, tracking numbers) are used confidentially and are not passed to third parties not involved in service provision (e.g., ordering, shipping, payment).
The webshop is hosted by All-Inkl (address above). We have concluded a DPA with the provider pursuant to Art. 28 GDPR.
Disclosure of Your Email Address to Shipping Companies
We disclose your email address to the shipping company so that it can inform you by email about shipment processing and status—only if you expressly consented during the ordering process.
Processing is based on your consent pursuant to Art. 6(1)(a) GDPR. You may revoke consent at any time by notifying us or the shipping company. Lawfulness prior to revocation remains unaffected.
Test Kit Registration and Optional Research Data
After receiving the test kit, you may register it in your customer account. We collect the following information: name, first name, date of birth, date of sample collection, insurance number or KVNR. Without these data, we cannot create an analysis report.
We also collect name, first name, gender, date of birth, date of sampling, insurance number or KVNR for billing purposes and transmit these data to the health insurance fund to perform your insurance contract.
If you consent, we will remind you once per year by email to reassess your status via a new test. Consent may be revoked at any time by emailing info@time-teller.eu. Lawfulness prior to revocation remains unaffected.
Finally, upon test kit registration, we request your consent to process your information (diet and general health status, gender, height in cm, date of birth, weight in kg) pseudonymously for research and validation purposes in connection with our products and services. Processing is based on your consent pursuant to Art. 6(1)(a) and Art. 9(2)(a) GDPR. Consent may be revoked at any time. Lawfulness prior to revocation remains unaffected.
Special Campaigns by Health Insurance Funds
If health insurance funds cover costs for shipping, return, and analysis of samples, the insurance number and date of birth of the insured person are transmitted to the health insurance fund for automatic verification before webshop registration and during test kit registration. TimeTeller does not store these data during customer account registration unless required to prevent inadmissible multiple participation within a defined period. The insurance number is deleted at the end of that period.
Analysis and Report
Samples taken with your test kit are analyzed pseudonymously by our laboratory. For this purpose, you receive a test ID. After analysis, a report is made available in a user portal. We notify you about the report via the email address used to register the kit in the webshop.
In connection with sample analysis, the following data are processed in the TimeTeller data platform, which manages application-based interactions and access to reports: pseudonymized participant identifiers (test IDs); report metadata (timestamps, version information, processing status); consents with metadata, authentication data, and access logs (user login tokens, hashed [salted and encrypted] passwords, technical security monitoring logs); temporary analysis files generated during automated report creation, which are automatically deleted no later than after successful completion of the process (≤ 7 days).
The TimeTeller data platform is hosted on servers of OVHcloud (OVH GmbH, Christophstraße 19, 50670 Cologne, Germany). We have concluded a DPA with OVHcloud pursuant to Art. 28 GDPR. OVHcloud is certified to ISO 27001, 27017, 27018, 27701, and HDS (health data hosting).
8. Social Media Presences
We maintain social media presences on LinkedIn and Instagram in order to communicate with interested users and provide information about our services. When you visit our presence on LinkedIn or Instagram, we process, depending on your interaction, the following categories of data:
- Reactions (“likes”) on our posts or profile
- Username and profile picture
- Content of comments or direct messages
- Photos of individuals shown in posts on our social media pages
- Names and photos of employees
The provider of the LinkedIn company page (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) and the provider of our Instagram profile (Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland) may provide us with aggregated usage statistics. These may include demographic and employment-related information as well as interaction data indicating interests and relevance of topics. We may use these statistics to optimize our company page (legitimate interest pursuant to Art. 6(1)(f) GDPR). With respect to the collection and use of these statistics, we act as joint controllers with the social network operator. We have no influence on data processed by LinkedIn or Meta under their own responsibility and terms.
More information:
LinkedIn: LinkedIn Page Insights Joint Controller Addendum and LinkedIn privacy policy (https://www.linkedin.com/legal/privacy-policy).
Instagram: Meta privacy policy (https://www.facebook.com/privacy/policy/) and Page Controller Addendum (https://www.facebook.com/legal/terms/page_controller_addendum).
Legal basis: Art. 6(1)(b) GDPR (where communication concerns entering into or performing a contract with a natural person) or Art. 6(1)(f) GDPR (where communication concerns employees of customers or purely informational contact).
9. Is There an Obligation to Provide Personal Data?
There is no legal obligation to provide us with your personal data.
If you omit information or technically prevent us from processing personal data necessary for use of our website, you may only be able to use our services to a limited extent.
Providing data when contacting us via our contact form or one of our contacts is voluntary; however, without required information—especially a means of contact—we cannot process your request.
Providing the mandatory information required during test registration is a prerequisite for conducting analysis. Without it, we cannot create an analysis report. Once the report has been created, consent to processing these data can no longer be revoked.
10. Automated Decision-Making Including Profiling (Art. 22 GDPR)
We do not process your personal data for automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR. Should such processing be introduced, we will provide meaningful information regarding the logic involved, scope, and intended effects on the data subject.
11. Currency and Amendments of These Privacy Notices
These privacy notices are currently valid and dated November 2025.