top of page
Happy Girl Texting_edited.jpg

Privacy Policy

General Information

Compliance with data protection laws is not only a legal obligation for Number42 GmbH but also an important factor in building trust. With the following data protection provisions, we aim to transparently inform you about the nature, scope, and purpose of the personal data collected and processed from you within this website, as well as your rights.

 

Controller for Data Processing

The controller pursuant to Art. 4 No. 7 of the EU General Data Protection Regulation (GDPR) is:

Number42 GmbH
Untere Bachgasse 15
93047 Regensburg
(Hereinafter: "We")

If you have any questions, you can contact us at: info@num42.de

 

Data Protection Officer

Our appointed Data Protection Officer is:

Süddeutsche Datenschutzgesellschaft mbH
Contact person: Maximilian Mayer
Von-Brettreich-Straße 4
93049 Regensburg
Phone: +49 (0) 941 - 38177070
Email: verwaltung@sddsg.de

 

Rights of Data Subjects

As a data subject, you have the following rights regarding your personal data:

  • Right of access to information about the categories of data processed, processing purposes, storage duration, and potential recipients, pursuant to Art. 15 GDPR and § 34 BDSG.

  • Right to rectification or deletion of inaccurate or incomplete data pursuant to Art. 16 and 17 GDPR and § 35 BDSG.

  • Right to restriction of processing under the conditions of Art. 18 GDPR or § 35 (1) sentence 2 BDSG.

  • Right to object to processing under Art. 21 (1) GDPR, provided the processing is based on legitimate interest.

  • Right to withdraw consent given to us, with effect for the future, pursuant to Art. 7 (3) GDPR.

  • Right to data portability in a commonly used format pursuant to Art. 20 GDPR.

  • Right not to be subject to automated decision-making, including profiling, which produces legal effects or significantly affects you, pursuant to Art. 22 GDPR.

  • Right to lodge a complaint with a supervisory authority, especially in your country of residence, workplace, or where the alleged infringement took place (Art. 77 GDPR).

Procedures

If you assert your rights under the GDPR or the BDSG, we will process the data you provide in order to fulfill your request.

We will then store the data exchanged for documentation purposes until the end of the limitation period for regulatory offenses (3 years).

The legal basis for processing and storing this data is Art. 6 (1) sentence 1 lit. f) GDPR (legitimate interest in data processing). Our legitimate interest lies in our duty to respond to your request and our need to be able to prove compliance in the event of potential fines.

You may object to the processing of your data based on our legitimate interests at any time under the conditions of Art. 21 GDPR. Please use the contact details provided in our legal notice. However, we would like to point out that such processing is mandatory within the meaning of Art. 21 (1) GDPR, as no equally suitable alternatives exist to prove compliance.

 

Data Protection Measures

We protect our website and systems—including your data—through technical and organizational measures against loss, destruction, unauthorized access, alteration, or disclosure. In particular, your personal data is transmitted over the internet in encrypted form using the TLS (Transport Layer Security) protocol.

However, please note that the transmission of information via the internet is never entirely secure. We cannot guarantee 100% protection of data transmitted to or from our website.

 

Data Processing Practices

Sources and Categories of Personal Data

We process your personal data only to the extent necessary to establish, define the content of, or modify a contractual relationship (inventory data). This may include: name, salutation, contact details (address, phone, email), date of birth, etc.

We also process usage data—information related to your use of our website and services, especially your IP address, session start and end time, and information about the content accessed.

This data is either collected directly from you (e.g., through your visit to the site) or, where permitted by law, obtained from third parties or public sources (e.g., commercial registers, media, or the internet).

 

Data Transfers to Non-EU Countries

In principle, all personal data we receive or collect is processed on servers located within the European Union. We only transfer your data to countries outside the EU without your explicit consent if such a transfer is legally permitted and an adequate level of data protection is ensured in the third country.

Disclosure of Data and Commissioned Processing

We do not disclose your personal data to unauthorized third parties. However, we may share your data:

  • if you have given your consent,

  • if required by law,

  • or if we are legally permitted or obliged by administrative or court orders.

This includes, for example, disclosures for law enforcement purposes, threat prevention, or to enforce intellectual property rights.

We may also share your data with external service providers (processors) who process data on our behalf in accordance with Art. 28 GDPR. These processors are contractually obligated to implement appropriate technical and organizational measures and ensure GDPR compliance. Despite using processors, we remain responsible for data processing as the controller under data protection law.

Purpose of Data Processing

 

We only use your data for the purposes for which it was collected. Further processing is only permitted if the new purpose is compatible with the original one (Art. 5 (1) lit. c) GDPR).

Data Retention

Unless otherwise stated, we store your data only for as long as necessary to achieve the respective processing purpose—unless legal retention obligations (e.g., under commercial or tax law) prevent deletion.

Specific Processing Activities

Below we explain in detail what data we process, under what circumstances, and for what purpose.

Server Log Files

Whenever a webpage is accessed or content is retrieved, general information is automatically transmitted to the server. This automatic exchange is fundamental to how the internet works.

The standard information includes:

  • Your IP address

  • Browser and OS information (user agent)

  • Referring website (referrer)

  • Date and time of access (timestamp)

  • HTTP status and data volume transmitted

These are stored as server log files. We use them to detect and fix errors, monitor website usage patterns, and ensure server security (e.g., detect attacks by IP).

Your IP address is stored only for the duration of your session and is either deleted or anonymized immediately after. The remaining data is stored for a limited period, usually 7 days.

Legal basis: Art. 6 (1) sentence 1 lit. f) GDPR (legitimate interest). Our legitimate interest lies in operating and maintaining a secure website. You may object to this processing at any time under Art. 21 GDPR by contacting us using the details in the legal notice. However, please note that storing server logs is essential for operating the website and is therefore mandatory within the meaning of Art. 21 (1) GDPR.

 

Status of This Privacy Policy: August 11, 2020

Source: Süddeutsche Datenschutzgesellschaft mbH

Font_Logo_Clinic App.png

Imprint | Data Protection | Accessibility

© 2025 by Clinic App
Number 42 GmbH

Try the app for free

bottom of page