Privacy policy
1. General Information and Mandatory Disclosures
Identification of the Data Controller
The data controller responsible for data processing on this website is:
Onkodin GmbH
Prof. Dr. med. Hartmut Link
Finkenhain 8
67661 Kaiserslautern
Email: onkopti@onkodin.de
The controller decides, either alone or jointly with others, on the purposes and means of
processing personal data (e.g., names, contact details, etc.).
2. Data Processing: External Hosting (IONOS),
Our website is hosted by an external service provider (host). The personal data collected on
this website is stored on the host’s servers. This may primarily include IP addresses, contact
requests, metadata and communication data, contract data, contact details, names, website
visits, and other data generated via a website.
The use of the host is for the purpose of fulfilling our contractual obligations to our potential
and existing customers (Art. 6(1)(b) GDPR) and in the interest of providing our online
services securely, quickly, and efficiently through a professional provider (Art. 6(1)(f)
GDPR).
Our hosting provider for www.onkodin.de is:
IONOS SE, Elgendorfer Str. 57, 56410 Montabaur
Our hosting provider for www.onkopti.de is:
Fraunhofer Institute for Experimental Software Engineering IESE, Fraunhofer-Platz 1,
67663 Kaiserslautern
We have entered into a data processing agreement (DPA) with both IONOS and the
Fraunhofer Institute as respective data processors, which ensures that the personal data of our
website visitors is processed there only in accordance with our instructions and in compliance
with the GDPR.
Our website is hosted by an external service provider (host). The personal data collected on
this website is stored on the host’s servers. This may primarily include IP addresses, contact
requests, metadata and communication data, contract data, contact details, names, website
visits, and other data generated via a website.
The use of the host is for the purpose of fulfilling our contractual obligations to our potential
and existing customers (Art. 6(1)(b) GDPR) and in the interest of providing our online
services securely, quickly, and efficiently through a professional provider (Art. 6(1)(f)
GDPR).
Our hosting provider for www.onkodin.de is:
IONOS SE, Elgendorfer Str. 57, 56410 Montabaur
Our hosting provider for www.onkopti.de is:
Fraunhofer Institute for Experimental Software Engineering IESE, Fraunhofer-Platz 1,
67663 Kaiserslautern
We have entered into a data processing agreement (DPA) with both IONOS and the
Fraunhofer Institute as respective data processors, which ensures that the personal data of our
website visitors is processed there only in accordance with our instructions and in compliance
with the GDPR.
3. Withdrawal of Your Consent to Data Processing
Many data processing operations are only possible with your explicit consent (Art. 6(1)(a)
GDPR). You may withdraw any consent you have already given at any time. To do so, simply
send us an informal email. The lawfulness of the data processing carried out prior to the
withdrawal remains unaffected by the withdrawal.
Many data processing operations are only possible with your explicit consent (Art. 6(1)(a)
GDPR). You may withdraw any consent you have already given at any time. To do so, simply
send us an informal email. The lawfulness of the data processing carried out prior to the
withdrawal remains unaffected by the withdrawal.
4. Right to object to data collection in specific cases and to direct marketing (Art. 21
GDPR)
If data processing is based on Article 6(1)(e) or (f) of the GDPR, you have the right at any
time to object to the processing of your personal data pursuant to Article 21(1) of the GDPR
for reasons arising from your particular situation; this also applies to profiling based on these
provisions. If you object, we will no longer process your personal data in question, unless we
can demonstrate compelling legitimate grounds for the processing that override your interests,
rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
GDPR)
If data processing is based on Article 6(1)(e) or (f) of the GDPR, you have the right at any
time to object to the processing of your personal data pursuant to Article 21(1) of the GDPR
for reasons arising from your particular situation; this also applies to profiling based on these
provisions. If you object, we will no longer process your personal data in question, unless we
can demonstrate compelling legitimate grounds for the processing that override your interests,
rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
5. Newsletter Information
If you would like to subscribe to the newsletter offered on the website, we need your email address as well as information that allows us to verify that you are the owner of the provided email address and that you consent to receiving the newsletter. To this end, you will first receive a confirmation link at the email address you provided to complete the actual subscription to the newsletter (so-called double opt-in procedure). Only after clicking this link will your email address be activated for the newsletter until you unsubscribe.
The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6(1)(a) GDPR). You may revoke your consent to the storage of your data and email address, as well as their use for sending the newsletter, at any time, for example via the “Unsubscribe” link in the newsletter. The lawfulness of data processing operations that have already taken place remains unaffected by the revocation.
The data you have provided to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter, and will be deleted from the newsletter distribution list after you unsubscribe.
If you would like to subscribe to the newsletter offered on the website, we need your email address as well as information that allows us to verify that you are the owner of the provided email address and that you consent to receiving the newsletter. To this end, you will first receive a confirmation link at the email address you provided to complete the actual subscription to the newsletter (so-called double opt-in procedure). Only after clicking this link will your email address be activated for the newsletter until you unsubscribe.
The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6(1)(a) GDPR). You may revoke your consent to the storage of your data and email address, as well as their use for sending the newsletter, at any time, for example via the “Unsubscribe” link in the newsletter. The lawfulness of data processing operations that have already taken place remains unaffected by the revocation.
The data you have provided to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter, and will be deleted from the newsletter distribution list after you unsubscribe.
6. Right to lodge a complaint with the competent supervisory authority
As a data subject, you have the right to lodge a complaint with the competent supervisory
authority in the event of a data protection violation. The competent supervisory authority for
data protection matters is the State Commissioner for Data Protection and Freedom of
Information of Rhineland-Palatinate:
The State Commissioner for Data Protection and Freedom of Information of Rhineland-
Palatinate
Hintere Bleiche 34
55116 Mainz
Phone: +49 (0) 6131 8920-0
Email: poststelle@datenschutz.rlp.de
Website: rlp.de
As a data subject, you have the right to lodge a complaint with the competent supervisory
authority in the event of a data protection violation. The competent supervisory authority for
data protection matters is the State Commissioner for Data Protection and Freedom of
Information of Rhineland-Palatinate:
The State Commissioner for Data Protection and Freedom of Information of Rhineland-
Palatinate
Hintere Bleiche 34
55116 Mainz
Phone: +49 (0) 6131 8920-0
Email: poststelle@datenschutz.rlp.de
Website: rlp.de
7. Right to Data Portability
You have the right to have data that we process automatically based on your consent or in
fulfillment of a contract provided to you or to a third party in a commonly used, machine-
readable format. If you request the direct transfer of the data to another controller, this will
only take place to the extent that it is technically feasible.
You have the right to have data that we process automatically based on your consent or in
fulfillment of a contract provided to you or to a third party in a commonly used, machine-
readable format. If you request the direct transfer of the data to another controller, this will
only take place to the extent that it is technically feasible.
8. Right of access, rectification, restriction of processing, and erasure
Under applicable legal provisions, you have the right at any time to receive, free of charge,
information about your stored personal data, its origin and recipients, and the purpose of data
processing, as well as the right to have this data corrected or erased and to restrict its
processing. You may contact us at any time regarding this matter or any other questions about
personal data.
9. SSL or TLS Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of
confidential information, such as orders or inquiries that you send to us as the site operator.
You can recognize an encrypted connection by the fact that the address bar of your browser
changes from “http://” to “https://” and by the lock icon in your browser bar.
This site uses SSL or TLS encryption for security reasons and to protect the transmission of
confidential information, such as orders or inquiries that you send to us as the site operator.
You can recognize an encrypted connection by the fact that the address bar of your browser
changes from “http://” to “https://” and by the lock icon in your browser bar.
10. Data Collection on This Website
a. Server Log Files
The website provider automatically collects and stores information in so-called server log
files, which your browser automatically transmits to us. This information includes:
• Browser type and version
• Operating system used
• Referrer URL
As of April 2026
Privacy policy Page 2 of 4
• Hostname of the accessing computer
• Time of the server request
• IP address
This data is not merged with other data sources. The collection of this data is based on Art.
6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free
presentation and optimization of its website—for this purpose, the server log files must be
collected.
b. Registration on this website
You can register on this website to use additional features on the site. We use the data you
provide for this purpose solely to enable you to use the specific offer or service for which you
have registered. The processing of the data entered during registration is based on your
consent (Art. 6(1)(a) GDPR). We store the collected data for as long as you are registered on
this website and delete it thereafter. Statutory retention periods remain unaffected.
c. Contact Form
If you submit inquiries to us via the contact form, we will store the information you provide in
the form—including the contact details you enter there—for the purpose of processing your
inquiry and in case we have follow-up questions. We will not share this data without your
consent.
The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your
inquiry is related to the performance of a contract or is necessary for the implementation of
pre-contractual measures. In all other cases, processing is based on our legitimate interest in
the effective handling of inquiries addressed to us (Article 6(1)(f) of the GDPR) or on your
consent (Article 6(1)(a) of the GDPR), provided that such consent has been requested.
a. Server Log Files
The website provider automatically collects and stores information in so-called server log
files, which your browser automatically transmits to us. This information includes:
• Browser type and version
• Operating system used
• Referrer URL
As of April 2026
Privacy policy Page 2 of 4
• Hostname of the accessing computer
• Time of the server request
• IP address
This data is not merged with other data sources. The collection of this data is based on Art.
6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free
presentation and optimization of its website—for this purpose, the server log files must be
collected.
b. Registration on this website
You can register on this website to use additional features on the site. We use the data you
provide for this purpose solely to enable you to use the specific offer or service for which you
have registered. The processing of the data entered during registration is based on your
consent (Art. 6(1)(a) GDPR). We store the collected data for as long as you are registered on
this website and delete it thereafter. Statutory retention periods remain unaffected.
c. Contact Form
If you submit inquiries to us via the contact form, we will store the information you provide in
the form—including the contact details you enter there—for the purpose of processing your
inquiry and in case we have follow-up questions. We will not share this data without your
consent.
The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your
inquiry is related to the performance of a contract or is necessary for the implementation of
pre-contractual measures. In all other cases, processing is based on our legitimate interest in
the effective handling of inquiries addressed to us (Article 6(1)(f) of the GDPR) or on your
consent (Article 6(1)(a) of the GDPR), provided that such consent has been requested.
11. Payment Service Provider: Stripe
We use payment services provided by Stripe (Stripe Payments Europe, Ltd., Ireland, One
Wilton Park, Wilton Place, Dublin 2, D02 FX04 Ireland). When you make a payment via
Stripe, your payment data is transmitted to Stripe. Payment service providers process
customer data as independent data controllers, not acting on behalf of the online merchant.
Purpose of transferring your data to Stripe Data processing: The transfer of data (name,
address, bank details, credit card number, invoice amount, currency, transaction number) is
carried out for the purpose of payment processing in accordance with Art. 6(1)(b) GDPR
(performance of a contract). Stripe reserves the right to obtain a credit check or use cookies to
protect legitimate interests (fraud prevention) (Art. 6(1)(f) GDPR).
To the extent that data is transferred to the United States, such transfers are based on the
European Commission’s Standard Contractual Clauses and Stripe’s certification under the
EU-U.S. Data Privacy Framework. Stripe complies with the EU-U.S. Data Privacy
Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S.
Data Privacy Framework, as set forth by the U.S. Department of Commerce and to the extent
applicable. For more information, please refer to Stripe’s Privacy Policy at
https://stripe.com/de/privacy
We use payment services provided by Stripe (Stripe Payments Europe, Ltd., Ireland, One
Wilton Park, Wilton Place, Dublin 2, D02 FX04 Ireland). When you make a payment via
Stripe, your payment data is transmitted to Stripe. Payment service providers process
customer data as independent data controllers, not acting on behalf of the online merchant.
Purpose of transferring your data to Stripe Data processing: The transfer of data (name,
address, bank details, credit card number, invoice amount, currency, transaction number) is
carried out for the purpose of payment processing in accordance with Art. 6(1)(b) GDPR
(performance of a contract). Stripe reserves the right to obtain a credit check or use cookies to
protect legitimate interests (fraud prevention) (Art. 6(1)(f) GDPR).
To the extent that data is transferred to the United States, such transfers are based on the
European Commission’s Standard Contractual Clauses and Stripe’s certification under the
EU-U.S. Data Privacy Framework. Stripe complies with the EU-U.S. Data Privacy
Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S.
Data Privacy Framework, as set forth by the U.S. Department of Commerce and to the extent
applicable. For more information, please refer to Stripe’s Privacy Policy at
https://stripe.com/de/privacy
12. Cookies
a. This website uses cookies.
These are small text files that are stored on your device.
We use technically necessary cookies: These are essential for the operation of the website
(e.g., language selection) and functions such as the login area for professionals. Legal basis:
Art. 6(1)(f) GDPR).
b. Analytics Cookies
Analytics Tool: Matomo
This website uses the open-source web analytics service Matomo.
The information is not shared with third parties. Under no circumstances is the IP address
linked to other data relating to the user. IP addresses are anonymized so that they cannot be
traced back to an individual (IP masking). We use the Matomo program for usage statistics.
Cookies are not set. Tracking is disabled. Legal basis: Art. 6(1)(f) GDPR
a. This website uses cookies.
These are small text files that are stored on your device.
We use technically necessary cookies: These are essential for the operation of the website
(e.g., language selection) and functions such as the login area for professionals. Legal basis:
Art. 6(1)(f) GDPR).
b. Analytics Cookies
Analytics Tool: Matomo
This website uses the open-source web analytics service Matomo.
The information is not shared with third parties. Under no circumstances is the IP address
linked to other data relating to the user. IP addresses are anonymized so that they cannot be
traced back to an individual (IP masking). We use the Matomo program for usage statistics.
Cookies are not set. Tracking is disabled. Legal basis: Art. 6(1)(f) GDPR
You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.