The Prochorus GmbH (hereinafter referred to as 'Prochorus', 'we', 'our') appreciates your visit to our website, your use of our Prochorus Analytics application and your interest in our company and its services. We take the protection of your personal data very seriously, which enables us to offer you our services in the best possible way. Your personal data is processed exclusively within the framework of the statutory provisions of data protection law, in particular the General Data Protection Regulation (hereinafter 'GDPR'). In the following, we would like to inform you in detail about which data is collected when you visit our website, our offers there and use our software application 'Prochorus Analytics' and how it is processed or used by us in the following, as well as which accompanying protective measures we have also taken in technical and organisational terms. As the controller, we have implemented numerous technical and organisational measures to ensure that the personal data processed via this website is protected as completely as possible. Nevertheless, internet-based data transmissions can generally have security gaps, meaning that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

The entity that is responsible for the processing of your personal data and decides on the purposes and means of processing your personal data is deemed to be the controller. In this case, the controller is

If you have any questions or suggestions regarding data protection, please do not hesitate to contact us.

You can reach our data protection officer, Tobias Frick, using the contact details above.

Any data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

In order to be able to offer and provide you with our services, we also need to collect, process and store various personal data of our customers and even pass it on to various service providers as part of the archiving process. Below you can see which of your data we need for which purposes and under which circumstances we share your data with others.

Personal data is information from which we can directly or indirectly draw conclusions about your person, such as your first name and surname, address, telephone number, location data or e-mail address.

For your own protection and that of your data, we would like to ask you to only provide us with as much information as we need to provide our services. This also serves to simplify the processing of our services.

Below we would like to show you what data we collect from you and for what purpose, thus providing you with a transparent overview.

The scope and type of collection and use of your data differs significantly depending on whether you only visit our website to retrieve information or register in our Prochorus Analytics application and use it to manage your data.

1. Personal data that we collect when you visit our website

   When you open our website to obtain information, we collect the following personal data:

   • Device information (device ID, operating system and corresponding version or other device identifiers)
   • Connection data (time, date and duration of website use, origin, corresponding IP address and other log data such as number of users, session statistics, approximate location)

   This information is collected in order to show you the website you have visited. In doing so, we do our best to comply with the principle of data minimisation and limit ourselves to what is absolutely necessary.

2. Personal data that we collect when you visit our website, register with Prochorus Analytics and use this application.

   When you visit the website, register with 'Prochorus Analytics' and subsequently log in and use the application, we collect the following personal data:

   • Device information (device ID, operating system and corresponding version or other device identifiers)
   • Connection data (time, date and duration of website use and registration, origin, corresponding IP address and other log data)
   • Access data (user name, email address, password)
   • Communication data (email address, telephone number)
   • Information that you document, store, archive, analyse and use in any way in connection with acquired user rights in 'Prochorus Analytics'.
   • Other information that you have voluntarily provided to us
3. Personal data that we collect when you visit our website and use Prochorus Analytics.

   Depending on the scope of use of Prochorus Analytics, more data may be collected than is required for mere registration. As part of the management of hygiene data in your healthcare facility, data is actively and passively entered by you. Active input includes, for example, the recording of location data, QR code scans or the reading of PDF documents. Passive data includes values that are collected by sensors or automatically, e.g. time. Required fields are marked as mandatory fields. We cannot process your data without this information. All other information that is not marked as mandatory is optional. If you provide us with this information voluntarily, you will help us to improve our service for you. However, there are no negative consequences for you if you do not provide this information. Therefore, the scope of data processing ultimately depends largely on how much and what information you provide us with. Basically, however, it is the following:

   • Device information (device ID, operating system and corresponding version or other device identifiers)
   • Connection data (time, date and duration of website use and registration, origin, corresponding IP address and other log data)
   • Access data (user name, email address, password)
   • Communication data (email address, telephone number)
   • Information that you document, store, archive, analyse and use in any way in connection with acquired user rights in 'Prochorus Analytics'.
   • Other information that you have voluntarily provided to us

As already explained, we only process data to the extent that this is necessary and expedient.

1. Device information and connection data

   We process device information and connection data on the basis of our own interest in being able to track who visits our website in order, among other things, to recognise any harmful parties and prevent risks. This also allows us to track who has read our privacy policy. We are legally obliged to protect your data appropriately (Art. 6 para. (1) lit. (c), fulfilment of a legal obligation) and the protection of our company is in our interest (Art. 6 para. (1) lit. (f), legitimate interest).

2. Access and communication data

   If you contact us to obtain information or provide us with information, we store the contact information you provide to us. In this way, we want to make communication with our customers faster and more satisfactory.

In the following section, we would like to inform you to whom and under what conditions we transfer your data.

We never pass on your data to unauthorised third parties. However, we use cooperation partners in the context of archiving and processing data in order to fulfil the individual services. These partners are dependent on the transfer of data by us in order to be able to fulfil their tasks.

Data is only transferred abroad (EU/EEA countries or third countries) if this is necessary or if the customer has given us their consent or if this is otherwise permitted by law. In this case, we take measures to ensure the protection of your data, for example through contractual regulations. We only transfer data to recipients who ensure the protection of the customer's data in accordance with the provisions of the GDPR for the transfer to third countries (Art. 44 to 49 GDPR).

In order to process your data, we may require consent to the processing of your data in accordance with Art. 6 para. 1 lit. (a) GDPR. We guarantee that we will only process and use the data for the purpose stated at the time of collection.

You can give your consent separately in connection with the respective data collection. You can subsequently revoke it at any time with effect for the future.

1. Definition and types of cookies

   Cookies are small text files that the web browser stores on the computer (either in the browser folder itself or under the program data). As soon as you access a website for the first time, a new cookie is created, which from then on collects the information that can be recorded by the website operator. Cookies are therefore data packets that are exchanged between computer programs. We use cookies to make our website attractive and to enable the use of certain functions. Technically necessary cookies are required so that you can move around a website and use its features. Without these cookies, functionalities cannot be guaranteed, for example that actions performed during a visit (e.g. text input) are retained, even when navigating between individual pages of the website. This includes the 'PA_SSO_ACCESS_TOKEN'. This is absolutely necessary for authentication and the function of the 'Prochorus Analytics' application. Functional cookies enable a website to save information that has already been entered (such as user name or the location you are in) and to offer the user improved, more personalised functions. These cookies collect anonymised information and cannot track your movements on other websites. Analysis cookies collect information about how a website is used - for example, which pages a visitor visits most often and whether they receive error messages from a page. These cookies store information that is processed in pseudonymized form. Through the analysis cookies, we learn how the website is used and can thus constantly optimise our offer.

2. Settings for cookies

   You can determine yourself whether cookies can be set and retrieved by changing the settings in your browser. For example, you can completely deactivate the storage of cookies in your browser, restrict it to certain websites or configure your browser so that it automatically notifies you as soon as a cookie is to be set and asks you for feedback. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. These can be found for the respective browsers under the following links:

   Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

   Opera: https://help.opera.com/de/latest/web-preferences/#cookies

   Safari: https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14

   Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en

   Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

   The legal basis for the use of necessary cookies is our legitimate interest in the proper provision of our online offer within the meaning of Art. 6 para. 1 lit. f) GDPR and - insofar as contracts are concluded or fulfilled via our online offer - the fulfilment of the contract within the meaning of Art. 6 para. 1 lit. b) GDPR. We do not offer the option of registering with us via a third-party service provider. In accordance with Art. 13 of the EU Data Protection Regulation, we will obtain your consent in advance for the use of cookies in accordance with Art. 6 para. 1 lit. a) GDPR.

3. Cookies from third parties that we use

   We use third-party cookies and similar technologies from Google for analytics and advertising purposes only if you have given your consent via our cookie banner (Art. 6 para. 1 lit. a GDPR, Section 25 para. 1 TTDSG).

   • Google Analytics: We use this service to analyze usage behavior on our website (for example page views, interactions, session duration, technical information, and rough location data derived from IP). This helps us evaluate and optimize our pages and services.
   • Google Ads: We use this service to measure campaign performance and conversion events and to improve the efficiency of our advertising activities.

   Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data may be processed on servers in third countries (including the USA). We only use these services based on your consent.

   The information collected by Google may be used by Google to generate reports for us about website usage and campaign performance and to provide related services. More information about how Google processes data in connection with partner services is available at: https://www.google.com/intl/de/policies/privacy/partners

   You can also limit Google Analytics tracking with Google's browser add-on: https://tools.google.com/dlpage/gaoptout?hl=de

   You can withdraw your consent at any time with effect for the future by changing your cookie preferences. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

We also use technical and organisational security measures to protect personal data that is generated or collected, in particular against accidental or intentional manipulation, loss, destruction or attack by unauthorised persons. Our security measures are continuously improved in line with technological developments.

We provide you with an online form that you can use to send us personal data. This form is protected against unauthorised access by third parties through the use of TLS encryption. The data that you enter or send to us as a file may be stored by us and processed by agreement. If the use and processing requires the consent of the user or third parties, the consent can be revoked at any time without giving reasons. In this case, however, the fulfilment of the contract by us may be impaired.

We only store personal data until the purpose of the data storage no longer applies. This does not apply if the user has voluntarily consented to a longer processing of the data or if statutory retention periods or the possible pursuit of legal claims within limitation periods that have not yet expired prevent the deletion (in the case of conflicting retention or limitation periods, it may be necessary to restrict the processing of the data in accordance with Art. 18 GDPR).

According to the applicable laws, you have various rights with regard to your personal data. If you would like to assert these rights, please send your request by e-mail or by post, clearly identifying yourself, to the above address of the controller. Below you will find an overview of your rights.

1. Right to confirmation and information

   You have the right to obtain confirmation from us at any time as to whether or not personal data concerning you is being processed. If this is the case, you have the right to obtain information from us free of charge about the personal data stored about you together with a copy of this data. You also have the right to the following information:

   1. the purposes of the processing;
   2. the categories of personal data that are processed;
   3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
   4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
   5. the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by the controller or a right to object to such processing;
   6. the existence of a right to lodge a complaint with a supervisory authority;
   7. if the personal data is not collected from you, all available information about the origin of the data;
   8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

   Where personal data are transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

2. Right to rectification

   You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the data processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.

3. Right to erasure ('right to be forgotten')

   You have the right to obtain from us the erasure of personal data concerning you without undue delay and we are obliged to erase personal data without undue delay where one of the following grounds applies:

   1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
   2. You withdraw your consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
   3. You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
   4. The personal data have been processed unlawfully.
   5. The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.
   6. The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR

   7. The right to erasure does not exist if the processing is necessary

      1. for exercising the right of freedom of expression and information
      2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
      3. for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. (h) and i and Art. 9 para. 3 GDPR;
      4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
      5. for the establishment, exercise or defence of legal claims. Where we have made the personal data public and are obliged pursuant to Art. 17 GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

   Where personal data are transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

4. Right to restriction of processing

   You have the right to obtain from us restriction of processing where one of the following applies:

   1. The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data.
   2. The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead.
   3. The personal data are no longer necessary for the purposes of the processing, but they are required for the establishment, exercise or defence of legal claims, or
   4. You have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of our company override yours.

   If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

5. Right to data portability

   You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us, where

   1. the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR, and
   2. the processing is carried out by automated means.

   In exercising your right to data portability, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.

   The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

6. Right to object

   You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

   If we process personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

7. Right to withdraw consent under data protection law

   Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

8. Right to lodge a complaint with a supervisory authority

   You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you is unlawful.

9. Right to information

   If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right vis-à-vis the controller to be informed about these recipients.

This privacy policy is dated 17 March 2026. Due to the further development of our website and applications or due to changes in legal or official requirements, it may become necessary to amend this privacy policy. You can access and print out the current privacy policy at any time on the website at www.prochorus.de.