With each access to this offer, information is automatically collected by mementor or the web space provider. This information, also known as server log files, is of a general nature and does not allow any conclusions about your person.

Among other things, the following information is recorded: Name of the website, if applicable, file or subpage, date, amount of data, web browser and web browser version, operating system, the domain name of your internet provider, the so-called referrer URL (the page from which you accessed our offer).

Without this data, it would be technically impossible to deliver and display all of the content of the website. In this respect, the collection of data is necessary. Furthermore, we use the anonymous information for statistical purposes. They help us to optimise our offer and technology. We also reserve the right to subsequently check the log files if we suspect an illegal use of our offer.

The legal basis for the temporary storage of the data or log files is Art. 6 (1)(f) GDPR.

If you contact mementor by e-mail or contact form, the information you provide (especially your e-mail address or phone number) will be stored in order to answer your inquiry and to be able to ask possible follow-up questions. Your data will be stored for as long as necessary for processing. If you contact us by form, you will find further information on data processing below.

In this case, your data will be processed on the basis of your (implied) consent in accordance with the first sentence of Art. 6 (1)(a) GDPR.

In order to inform and educate about our offer, we send information material by postal mail to professionals within the medical and psychotherapeutic services (e.g. sleep laboratories, physicians and psychotherapists). There is a legitimate interest of mementor in the form of marketing and providing information about the prescription and use of our products. For shipping purposes, the address is taken from publicly available sources. If you have objections to this shipment, you may assert them either by contacting our online support team or in writing, in which case we will remove you from our distribution list.

The legal basis for this is Art. 6 (1)(f) GDPR.

As a healthcare professional, you can request a trial account and flyers to distribute to your patients. To fulfill your request, we need your postal address to send the flyers or your email address to send the trial access. Your contact information will also be processed for feedback, questions, further advice, or information, if necessary. The basis for this is your consent to data processing, which you can revoke at any time without giving reasons.

Transactional emails will be sent as part of the processing. These are sent via Pipedrive from Pipedrive Inc. A transfer of data to a third country cannot be completely ruled out.

The legal basis for this is Art. 6(1), first sentence (a) GDPR. The legitimate interest here lies in tracking mailings and obtaining feedback, as well as providing advice and information on similar products.

You can find information about upcoming CME training courses (Continuing Medical Education) on relevant topics and register on our website. These CME training courses are usually conducted in collaboration with partners, who will be identified during the registration process. To register, we will collect your following data and forward it to the partner responsible for the course: We will need your name, email address, and specialization. After the training course has been completed, we may contact you again to send you slides or further information material.

The legal basis for this is Art. 6 (1) (a) GDPR. Your data will be stored until the event has been completed.

We use MailerLite, provided by MailerLite Inc., to send newsletters. A transfer of data to a third country cannot be completely ruled out.

The basis for sending the regular newsletter is your consent. You have the option to revoke your consent at any time without giving reasons.

The legal basis for this is Art. 6(1) first sentence (a) GDPR.

We offer you the option to upload your prescription with some additional information to us so that we can submit it to your health insurance company for you. The offer is voluntary and is only made on the basis of your consent, which you can revoke at any time without giving reasons. The following information is required to complete the form:

• Surname, first name,

• e-mail address,

• postal address,

• health insurance company,

• picture of the prescription.

Optionally, you can also enter your telephone number so that any queries can be clarified more quickly.

We store the data on a server hosted in Germany until the DiGA code is redeemed, but for a maximum of 30 days. We check the completeness of the data and then forward it to the relevant health insurance company.

The legal basis for this is Art. 6 (1), first sentence (a) GDPR and Art. 9(2), first sentence (a) GDPR.

You can watch webinars on our homepage. We use the services of Webinargeek, Chroomstraat 12, 2718 RR Zoetermeer, Netherlands, to host the webinars. Your email address, name, and institution will be recorded. These will be sent to Webinargeek for the purpose of issuing participation certificates and will also be used by mementor to evaluate participation and improve our services. Data will only be transferred with your consent; an AV contract has been concluded with Webinargeek.

The legal basis for this is Art. 6(1), first sentence (a) GDPR and Art. 6(1), first sentence (f) GDPR.

4.11 Raffles

We use Pipedrive, offered by the company

Pipedrive OÜ, Paldiski mnt 80, Tallinn 10617, Estonia

as our customer relationship management tool (“CRM tool”) to process and store contact data. When contacting us (via contact form), user data is collected and processed in Pipedrive. Pipedrive allows us to process and respond to requests and messages faster. For this purpose, data is transferred to Pipedrive and stored on the Pipedrive servers. We use the CRM system Pipedrive of the provider Pipedrive OÜ based on our legitimate interests (efficient and fast processing of user requests, existing customer management, new customer business). An order data processing contract has been concluded with Pipedrive. You can access Pipedrive’s privacy policy here: https://www.pipedrive.com/en/privacy . The legal basis for the use of Pipedrive is Art. 6(1)(f). GDPR, our legitimate interest is the fast and effective processing of contact requests and the organization of our CRM. For more information on data protection at Pipedrive, please also visit: https://support.pipedrive.com/en/article/pipedrive-and-gdpr .

We use Calendly by

Calendly, LLC, 3423 Piedmont Road NE, Atlanta, GA 30305-1754, United States

to organize our online seminars.

Your data from the form will be transferred to our appointment account at Calendly after pressing the “Book appointment” button.

You will then receive a confirmation email with a link to the event. Your data will be kept by Calendly until the purpose for storing it (appointment made) no longer applies or you send us a request to delete it.

A “Data Processing Addendum” has been concluded with Calendly. This obligates Calendly to protect the personal data collected by us and to process the data only in accordance with its data protection regulations on our behalf. Calendly undertakes not to disclose your data to third parties.

The legal basis for the use of Calendly is Art. 6(1)(f), our legitimate interest is the effective organization of our seminar dates.

For more information on data protection at Calendly, please visit https://calendly.com/pages/privacy .

We use Zoom for our online seminars, offered by

ZOOM Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113.

During a Zoom meeting, the following data is collected:

• Video data (if your camera is used),

• Audio data (if your microphone is used),

• Text data (if you use the chat feature),

• Phone number (if you dial in by phone),

• User details: user-selected name, IP address, other details in your Zoom account (if you have one).

Zoom requires this data in order to carry out the seminars, as far as it is provided for in the order data processing contract. We do not record the seminars. The legal basis for the use of Zoom is Art. 6(1)(f), our legitimate interest is the implementation of our seminar appointments. For more information on data protection at Zoom, please visit https://zoom.us/en-us/privacy.html .

If you have given your consent, Google Analytics 4, a web analysis service of Google LLC, is used on this website. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Nature and purpose of processing

We use Google Analytics 4 without the User ID and Google Signals functions.

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.during your website visit, your user behavior is recorded in the form of "events". Events can be

• Page views

• First visit to the website

• Start of the session

• Websites visited

• Your "click path", interaction with the website

• Scrolls (whenever a user scrolls to the end of the page (90%))

• Clicks on external links

• Internal search queries

• Interaction with videos

• file downloads

• Viewed / clicked ads

• language setting

Also recorded:

• Your approximate location (region)

• Date and time of your visit

• Your IP address (in abbreviated form)

• Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)

• your internet provider

• the referrer URL (via which website/advertising medium you came to this website)

Purposes of processing

On behalf of the operator of this website, Google will use this information to evaluate your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website.

Recipients

Recipients of the data are/may be

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)

• Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

• Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Third country transfer

For the USA, the European Commission adopted its adequacy decision on July 10, 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider.

Storage period

The data sent by us and linked to cookies is automatically deleted after 14 months. The maximum lifespan of Google Analytics cookies is 2 years. Data whose retention period has been reached is automatically deleted once a month.

Legal basis

Legal basis for this data processing is your consent in accordance with Art. 6(1), first sentence (a) GDPR and Section 25(1), first sentence TTDSG.

Revocation

You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by

a. Not giving your consent to the setting of cookies orb. Downloading and installing the browser add-on to deactivate Google Analytics HERE.

You can find more information on the terms of use of Google Analytics and on data protection at Google at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.

We use Typeform from the company TYPEFORM SL, Carrer de Pallars 108 (Aticco), 08018 Barcelona Spain to design our contact form and feedback forms.

When you use the contact form, your e-mail address, the content of your message and your name are transmitted to Typeform. The processing and transmission of data via the contact form only takes place if you accept the data protection provisions. The legal basis in this case is Art. 6 (1)(a) GDPR.

When using the feedback form, connection data in the form of IP address, time stamp and browser information is transmitted. The legal basis for this is Art. 6 (1)(a) GDPR; the legitimate interest lies in the secure and functioning operation of the website.

In any case, your data will only be stored for as long as is absolutely necessary for processing.