Legal
The controller responsible for data processing on this website within the meaning of the EU General Data Protection Regulation (GDPR) is:
Leonard Rinser
Keltenstr. 8
86934 Reichling
Germany
Phone: +49 1573 7261900
Email: info@thehealthduo.com
Due to the size and nature of our data processing, we are not legally required to appoint a Data Protection Officer.
When you visit our website for informational purposes only, without registering or otherwise transmitting information to us, we collect only the data your browser transmits to our server ("server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:
Processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in the stability and security of our website. Server log files are generally retained for up to 30 days and then deleted, unless a specific security incident requires longer retention for investigation.
This website is hosted by Lovable.dev (Lovable Labs AB, Regeringsgatan 25, 111 53 Stockholm, Sweden). When you visit our site, the technical data described in Section 2, including your IP address, is processed by Lovable in order to deliver the website to you. We have concluded a data processing agreement with Lovable pursuant to Art. 28 GDPR.
For its hosting and back-end services, Lovable uses sub-processors, in particular Supabase and the underlying AWS infrastructure on which Supabase runs. Our project is configured to a region within the European Union, so data is primarily processed within the EU. Where data is exceptionally processed outside the EU, such transfers are based either on an adequacy decision of the European Commission (Art. 45 GDPR) or on Standard Contractual Clauses pursuant to Art. 46 GDPR.
For details on Lovable's data processing, see: https://lovable.dev/privacy
Legal basis: Art. 6 (1) lit. f GDPR.
To make visiting our website attractive and to enable the use of certain functions, we use cookies on various pages. Cookies are small text files stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (session cookies). Other cookies remain on your device and allow us to recognise your browser on your next visit (persistent cookies).
The storage of cookies that are strictly necessary for the provision of functions expressly requested by you is based on § 25 (2) No. 2 TDDDG. For all other cookies, we obtain your consent via our cookie banner (§ 25 (1) TDDDG in conjunction with Art. 6 (1) lit. a GDPR).
You can configure your browser to inform you about the setting of cookies and decide individually whether to accept them, or to exclude the acceptance of cookies for specific cases or generally. If cookies are not accepted, the functionality of our website may be limited.
When you contact us (e.g. via our contact form or by email), we collect personal data. The data collected in a contact form is shown in the form itself. This data is used exclusively to handle your request and for the associated communication.
Legal basis is Art. 6 (1) lit. f GDPR (our legitimate interest in responding to your inquiry). If your contact relates to the conclusion of a contract, additional legal basis is Art. 6 (1) lit. b GDPR.
Retention: We retain your data for the duration of our communication and any resulting business relationship. After the matter is concluded, we retain related correspondence for up to 6 years where required by statutory retention obligations (in particular § 257 HGB for business correspondence). After that period, the data is deleted. You may request earlier deletion at any time, provided no statutory retention obligation applies.
We offer forms for B2B inquiries (workshop, keynote, and programme requests) as well as for signing up for the waitlist for individual platform access. When you use these forms, we collect the following data:
This data is processed exclusively to handle your inquiry or to add you to the waitlist.
Legal basis: Art. 6 (1) lit. b GDPR (initiation of contractual measures) for B2B inquiries, and Art. 6 (1) lit. a GDPR (your consent) for the waitlist.
The data is stored in a database via our hosting provider Lovable and its sub-processor Supabase (see Section 3). Our Supabase project is configured to an EU region, so the data is processed within the European Union. Data processing agreements pursuant to Art. 28 GDPR are in place with Lovable and, indirectly, with Supabase.
Retention: B2B inquiries are handled as described in Section 5. Waitlist data is retained until you are admitted into the respective programme or until you withdraw your consent. You can request deletion at any time at info@thehealthduo.com.
Our newsletter "The Health Upgrade" is provided through Substack Inc., 548 Market St PMB 72296, San Francisco, CA 94104, USA. When you subscribe to our newsletter, your subscription data (email address and any additional information you provide) is transferred directly to Substack and stored there.
Substack uses a double opt-in process: you will first receive a confirmation email before being added to our list. You may unsubscribe at any time via the unsubscribe link in any newsletter.
Substack is certified under the EU-U.S. Data Privacy Framework. The transfer to the United States is therefore based on the European Commission's adequacy decision of 10 July 2023 pursuant to Art. 45 GDPR.
For details on Substack's data processing, see: https://substack.com/privacy
Legal basis: Art. 6 (1) lit. a GDPR (your consent).
Our website also displays previews of articles from our Substack newsletter. Publicly available newsletter content is loaded automatically. The mere display of the article overview does not transfer any personal data to Substack. When you click "READ ON SUBSTACK", you are redirected to the external Substack website, where Substack's own privacy terms apply.
Under the GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, please contact us at info@thehealthduo.com.
The supervisory authority competent for us is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
This privacy policy is currently valid. As our website evolves or due to changes in legal or regulatory requirements, it may become necessary to update this policy. The current version is always available on this page.
Last updated: 29 May 2026