Skip to Content
Privacy PolicyResponsible person: Scope of application Principles of Data Processing Legal foundations Hosting und Systembetrieb (Odoo)   Third country transfers Server-Logfiles  Registration and Customer Account Vertragsabwicklung und CRM Shipping processing and fulfillment service providerPayment Processing (Stripe) Kontaktformulare und Helpdesk Chatbot Cookies   Empfänger personenbezogener Daten  Data origin (Art. 14 GDPR) Technische und organisatorische Maßnahmen (TOMs)   Speicherdauer – Übersicht  Rechte der betroffenen Personen  Widerspruch nach Art. 21 DSGVO  Beschwerderecht   Obligation to Provide Automatisierte Entscheidungsfindung   Änderungen  

Privacy Policy

 

for pro.periotrap.com 

(B2B Shop / Customer Portal / Odoo 18)

As of: February 25, 2026

Responsible person:

 

PerioTrap Pharmaceuticals GmbH

Weinbergweg 22

06120, Halle (Saale)

Germany

E-Mail: info@periotrap.com

Telephone: [einfügen]

Scope of application

 

This privacy policy applies to:

  • our website pro.periotrap.com
  • the B2B online shop
  • the customer portal
  • CRM functions
  • Helpdesk System
  • Chatbot Function
  • other integrated services

The website is exclusively aimed at business customers (B2B).

Principles of Data Processing

 

We process personal data exclusively:

  • lawful, transparent, and purpose-bound
  • with consideration of data minimization
  • with appropriate technical and organizational measures
  • only as long as it is necessary for the respective purposes

Legal foundations

 

The processing is based on:

  • Art. 6 para. 1 lit. b GDPR – Contract execution / Contract initiation
  • Article 6(1)(c) GDPR – legal obligations
  • Article 6(1)(f) GDPR – legitimate interest
  • Article 6(1)(a) GDPR – Consent

Legitimate interests exist particularly in:

  • IT security
  • Abuse prevention
  • efficient customer communication
  • Optimization of internal business processes

Hosting and System Operations (Odoo)

 

Our platform is based on Odoo 18 and is provided through​ Odoo.sh betrieben.

Service provider:

Odoo S.A.

Rue du Lac 12

1348 Louvain-la-Neuve

Belgium

With Odoo, there is a data processing agreement in accordance with Article 28 of the GDPR.

Odoo processes in particular:

  • Hosting Data
  • CRM data
  • Contract data
  • Helpdesk Data
  • Portal login data

Odoo can engage subcontractors. An up-to-date list of subprocessors can be requested from us.

Third country transfers

 

In the context of using Odoo or Stripe, the transfer of personal data to third countries (e.g., the USA) may occur.

Such transmissions occur exclusively on the basis of:

  • EU Standard Contractual Clauses according to Art. 46 GDPR
  • if applicable, additional technical protective measures

Notice of Risks:

In Drittländern kann kein dem EU-Recht gleichwertiges Datenschutzniveau garantiert werden. Insbesondere können staatliche Zugriffe auf Daten erfolgen, ohne dass hiergegen effektive Rechtsbehelfe bestehen..

Server log files

 

When visiting our website, the following data is processed automatically:

  • IP address
  • Date and Time
  • Browser type and version
  • Operating system
  • Referrer URL
  • Hostname

Purpose:

  • Ensuring functionality
  • Ensuring IT Security
  • Defense against cyber attacks

Legal basis:

Article 6(1)(f) of the GDPR

Storage duration:

Maximum 30 days, provided there are no security-related incidents.

Registration and Customer Account

 

Registration is required to use the B2B shop.

Processed Data:

  • Company name
  • Contact person
  • business contact information
  • VAT ID
  • Login data
  • Order History

Purpose:

  • Contract execution
  • Provision of documents
  • Management of Offers

Legal basis:

Article 6(1)(b) GDPR

Storage duration:

  • Contract data: 6–10 years (Commercial Code, Tax Code)
  • Account data: until deletion + statutory retention periods

Contract processing and CRM

 

In the context of our business relationships, we process:

  • Offer data
  • Order data
  • Invoice data
  • Communication histories
  • Payment Information

Purpose:

  • Proposal creation
  • Contract execution
  • Accounting
  • regulatory documentation requirements

Legal Foundations:

Article 6(1)(b) and (c) GDPR

Shipping processing and fulfillment service provider

 

To carry out the delivery of ordered goods, we use external logistics and fulfillment service providers.

For this purpose, we only transmit the personal data required for order processing, in particular:

  • Company name
  • Contact person
  • Delivery address
  • if applicable, phone number for delivery coordination
  • order-related reference data

The processing is carried out exclusively for the purpose of fulfilling the contract in accordance with Art. 6 para. 1 lit. b GDPR.

There is a contract for data processing in accordance with Art. 28 of the GDPR with the fulfillment and logistics service providers used. The service providers are bound by instructions and process personal data solely on our behalf.

There is no further use of the data by the service providers.

Payment Processing (Stripe)

 

Stripe Payments Europe Ltd.

1 Grand Canal Street Lower

Dublin 2, Irland

Stripe processes payment data independently.

Legal basis:

Article 6(1)(b) GDPR

More information:

https://stripe.com/de/privacy

Contact forms and helpdesk

 

Processed Data:

  • Name
  • Company
  • E-Mail
  • Communication content

Purpose:

Processing of inquiries.

Legal basis:

Art. 6 Abs. 1 lit. b oder lit. f DSGVO

Storage duration:

12 months after the completion of the request, unless there is a legal obligation for longer storage.

Chatbot

 

We use a chatbot for the structured processing of inquiries.

Processed Data:

  • Chat histories
  • voluntarily provided contact information

Purposes:

  • Response to inquiries
  • Creation of support tickets
  • Service optimization

Legal Foundations:

Article 6(1)(b) GDPR

Article 6(1)(f) of the GDPR

An automated decision-making process within the meaning of Article 22 of the GDPR does not take place.

A profiling for the assessment of personal aspects does not take place.

Storage duration: Maximum 12 months.

Cookies  

 

We use:

Technically necessary cookies

Purpose:

  • Login
  • Shopping cart
  • Security

Legal basis:

Article 6(1)(f) of the GDPR

§ 25 Abs. 2 TTDSG

Optional Cookies

(e.g. statistics)

Only with consent.

Legal basis:

Art. 6 Abs. 1 lit. a DSGVO

Recipient of personal data

 

Recipients can be:

  • Hosting Service Provider (Odoo)
  • Payment service provider (Stripe)
  • Logistics and fulfillment service providers for shipping processing
  • IT service provider
  • tax advisor
  • auditor
  • Authorities in case of legal obligation

All processors are contractually bound in accordance with Article 28 of the GDPR.

Data origin (Art. 14 GDPR)

 

As far as personal data is not collected directly from the affected person, it comes from:

  • publicly accessible sources (e.g. commercial register)
  • business contacts
  • Trade fairs and professional events

Technical and organizational measures (TOMs)

 

We implement appropriate measures, including:

  • TLS encryption
  • role-based access concepts
  • Two-Factor Authentication
  • Logging of Accesses
  • regular security updates
  • Data backups
  • Access restriction based on the need-to-know principle

Storage Duration – Overview

 

Logfiles

30 days

Inquiries

12 months

Chat data

12 months

Contract data

6-10 years

Accounting data

10 years


Rights of the affected persons

 

You have:

  • Right of access
  • Right of rectification
  • Right to deletion
  • Right to Restriction
  • Right to data portability
  • Right of objection

Objection under Article 21 GDPR

 

As far as data is processed on the basis of Article 6(1)(f) of the GDPR, you can object at any time.

Right to complain

 

You have the right to complain to a data protection authority.

Competent Authority:

  • State Commissioner for Data Protection Saxony-Anhalt

Obligation to Provide

 

The provision of personal data is necessary for the conclusion and execution of B2B contracts. Without this data, the use of our shop is not possible.

Automated decision-making

 

An automated decision-making process within the meaning of Article 22 of the GDPR does not take place.

Changes

 

We reserve the right to adjust this privacy policy in the event of legal or technical changes.