Logo

Privacy Policy

Last updated: 12/7/2025

1. Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.

Data Collection on this Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the 'Information on the responsible party' section of this privacy policy.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This can be, for example, data that you enter in a contact form. Other data is collected automatically or after your consent when you visit the website by our IT systems. This is mainly technical data (e.g. internet browser, operating system or time of page access). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior, but only after your explicit consent. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders or other service requests.

2. Hosting

We host the content of our website with the following provider:

External Hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the host(s). This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.

External hosting is carried out for the purpose of contract fulfillment towards our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG (German law), insofar as the consent includes the storage of cookies or access to information on the user's end device. The consent can be revoked at any time.

Our host(s) will only process your data to the extent necessary to fulfill their performance obligations and follow our instructions regarding this data.

We use the following host(s):

Namecheap, Inc. 4600 East Washington Street Suite 300 Phoenix, AZ 85034 USA

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources. The IP addresses are anonymized or deleted after 7 days at the latest, unless there is a security-relevant event that requires longer storage for evidence purposes.

The collection of this data takes place on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website – for this purpose, the server log files must be recorded.

3. General Information and Mandatory Information

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy. When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.

We point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.

Information on the responsible party

The responsible party for data processing on this website is:

Maurice Lichtenberg Am Kaiserkai 59 20457 Hamburg Phone: +49 (0) 15172041997 Email: hello@valteris.com

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

Storage Duration

Unless a more specific storage period is mentioned within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke consent for data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial law retention periods); in the latter case, deletion will take place after these reasons no longer apply.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Data Protection Officer

Due to the size and nature of our business operations, we are not required to appoint a Data Protection Officer under GDPR Article 37. However, data protection is taken very seriously at our company.

For all questions regarding data protection, please contact:

Email: hello@valteris.com

We are committed to protecting your personal data and ensuring compliance with all applicable data protection regulations.

Competent Supervisory Authority

The competent data protection supervisory authority for our company is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit

Ludwig-Erhard-Str. 22, 20459 Hamburg, Germany

Phone: +49 (0)40 428 54-4040

Email: mailbox@datenschutz.hamburg.de

Website: https://datenschutz-hamburg.de/

You have the right to lodge a complaint with this supervisory authority if you believe that the processing of your personal data violates the GDPR.

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you without undue delay. We will inform you about:

  • The nature of the personal data breach
  • The likely consequences of the breach
  • The measures taken or proposed to be taken to address the breach and mitigate its possible adverse effects
  • Contact point for more information and support

We will notify the competent supervisory authority within 72 hours of becoming aware of a breach, as required by Article 33 GDPR. If the notification is not made within 72 hours, we will provide reasons for the delay.

We have implemented appropriate technical and organizational measures to prevent data breaches and to detect them promptly should they occur.

Children's Privacy

Minimum Age Requirement

Our services are not directed to children under the age of 16. We do not knowingly collect personal data from children under 16 without parental or guardian consent.

Parental Consent

If you are under 16 years of age, you may only use our services with the explicit consent of your parent or legal guardian. Parents or guardians must provide consent for any personal data collection or processing.

No Knowing Collection

We do not knowingly collect, use, or disclose personal information from children under 16 without appropriate parental consent.

Deletion of Children's Data

If we become aware that we have collected personal data from a child under 16 without proper parental consent, we will take immediate steps to delete that information from our servers as quickly as possible.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at hello@valteris.com.

Records of Processing Activities (Article 30 GDPR)

We maintain detailed records of all processing activities under our control, as required by Article 30 GDPR. These records document:

  • Name and contact details of the controller and, where applicable, the joint controller and data protection officer
  • Purposes of the processing
  • Categories of data subjects and categories of personal data
  • Categories of recipients to whom personal data have been or will be disclosed
  • Where applicable, transfers of personal data to third countries or international organizations
  • Envisaged time limits for erasure of different categories of data
  • General description of technical and organizational security measures

These records are available for review by the supervisory authority upon request.

We regularly review and update our processing records to ensure they accurately reflect our current data processing activities.

Data Minimization Principle

We adhere strictly to the principle of data minimization as required by Article 5(1)(c) GDPR. This means:

  • We only collect personal data that is adequate, relevant, and limited to what is necessary for the specific purpose for which it is processed
  • We do not collect excessive or irrelevant data
  • We regularly review the data we hold to ensure it remains necessary for the intended purpose
  • Once data is no longer needed for its original purpose, it is either deleted or anonymized

Our commitment to data minimization helps protect your privacy and reduces the risk of data breaches.

Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Our website does not employ automated individual decision-making including profiling as defined in Article 22 GDPR.

While we use analytics tools (such as Google Analytics) to understand website usage patterns, these are used solely for aggregate statistical analysis and website improvement. They do not result in automated decisions that significantly affect individual users.

Any decisions that may affect you (such as responding to contact form inquiries or newsletter subscriptions) involve human review and are not made automatically by algorithms.

4. Data Collection on this Website

Cookies

Our website uses so-called "cookies". Cookies are small data packages and do not cause any damage to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or an automatic deletion by your web browser occurs. Cookies can come from us (first-party cookies) or from third-party companies (so-called third-party cookies). This website uses our proprietary consent management technology to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document this in compliance with data protection regulations.

Cookies that are required to carry out the electronic communication process, to provide certain functions you have requested (e.g. for the shopping cart function) or to optimize the website (e.g. cookies for measuring web traffic) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted. You can find out which cookies and services are used on this website in this privacy policy.

Contact Form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of this data takes place on the basis of Art. 6 para. 1 lit. b GDPR, insofar as your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time.

The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your inquiry has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.

Inquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The processing of this data takes place on the basis of Art. 6 para. 1 lit. b GDPR, insofar as your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

Newsletter Subscription

If you subscribe to our newsletter, we will process your email address and city information to send you regular updates about longevity events, articles, and insights.

Legal Basis for Processing

The processing of your personal data for newsletter purposes is based on your explicit consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time by clicking the unsubscribe link in any newsletter email or by contacting us directly.

We retain your personal data for as long as you remain subscribed to our newsletter. When you unsubscribe, we will delete your personal data within 30 days, except where we are legally required to retain certain information for longer periods.

Health Stack & Sensitive Data

If you use our 'Health Stack' feature to track supplements, devices, or interventions, you are processing health-related data (Article 9 GDPR). Note on Data Transfer to the USA: By using the Health Stack feature, you acknowledge that your data is stored on servers provided by our host Namecheap, Inc. in the United States. The USA is currently considered a country with an insufficient level of data protection according to EU standards (due to the risk of access by US authorities). By adding data to your Health Stack, you explicitly consent to this transfer in accordance with Art. 49 Para. 1 lit. a GDPR.

By adding items to your Health Stack, you explicitly consent to the processing of this health data for the purpose of providing your personal tracking dashboard.

You can revoke this consent at any time by deleting items from your Health Stack or deleting your account.

Biological Age Test

Our website provides a Biological Age Test that allows you to estimate your biological age based on lifestyle factors.

Local Processing

The calculation of your biological age takes place entirely locally in your browser. The health data you enter (e.g., weight, height, lifestyle habits) is NOT transmitted to our servers or stored by us.

Optional Newsletter Subscription

If you choose to subscribe to our newsletter via the Age Test, only your email address and opt-in status are transmitted to our email provider (Brevo). Your health data remains on your device and is not linked to your email subscription.

The processing of data for the calculation is based on your consent (Art. 9 para. 2 lit. a GDPR) which is implied by your active use of the tool. Since no data is stored by us, no further retention period applies.

Contributor Submissions

If you submit a story or article proposal via our 'Submit Your Story' form, we collect your name, email, role, social links, and proposal details.

Purpose: This data is used solely for reviewing your submission and contacting you regarding potential publication.

The processing is based on Art. 6 para. 1 lit. b GDPR (pre-contractual measures) or our legitimate interest in content curation (Art. 6 para. 1 lit. f GDPR).

If your proposal is not accepted, your data will be deleted after 6 months. If accepted, it will be retained as part of our content records.

Event Registration & Payments (Lu.ma)

We use the service Lu.ma for event management and ticketing.

Lu.ma Inc.

When you register for an event, data such as name, email, and payment information is processed directly by Lu.ma.

Please refer to Lu.ma's privacy policy for details on their data processing: https://lu.ma/privacy

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place for all international transfers:

Google LLC (Google Analytics, Google Tag Manager, Google Fonts, Google Maps)

Country: United States

Safeguard: EU-US Data Privacy Framework + Standard Contractual Clauses (SCCs)

Google is certified under the EU-US Data Privacy Framework

Privacy Policy

IPinfo / ipapi.co (IP Geolocation Services)

Country: United States

Safeguard: Standard Contractual Clauses (SCCs) + Appropriate Technical and Organizational Measures

Purpose: IP-based location detection for map centering and location-based content

Privacy Policy

Namecheap, Inc. (Hosting Provider)

Country: United States

Safeguard: Standard Contractual Clauses (SCCs)

Purpose: Website hosting and infrastructure

Privacy Policy

Safeguards in Place

All transfers to countries outside the EEA are protected by one or more of the following safeguards:

  • EU-US Data Privacy Framework (for certified US companies)
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Appropriate technical and organizational security measures
  • Binding Corporate Rules (where applicable)

For transfers to countries that have been granted an adequacy decision by the European Commission, no additional safeguards are required.

You have the right to obtain information about the safeguards we have implemented for international transfers and to receive a copy of the Standard Contractual Clauses where applicable. Please contact us if you would like to exercise this right.

Affiliate Programs

We participate in affiliate partner programs. If you click on an affiliate link on our website and make a purchase, we receive a commission from the respective merchant. This does not change the price for you.

The storage of "affiliate cookies" or tracking measures is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in optimizing our affiliate revenues.

Amazon PartnerNet

We are participants in the Amazon EU Partner Program, which was designed to provide a medium for websites to earn reimbursement of advertising costs by placing advertisements and links to Amazon.de.

5. Social Media Profiles

Facebook / Instagram / LinkedIn / TikTok

We maintain profiles on social networks. Our website includes simple links to these profiles (not plugins). No data is transferred to these networks when you visit our website. Data transfer only occurs if you actively click on one of the links and are redirected to the respective network.

The operation of our social media profiles is based on our legitimate interest in an effective information and communication presence (Art. 6 para. 1 lit. f GDPR).

If you visit our profiles on these platforms, we may be jointly responsible with the platform operator for data processing. For details, please refer to the privacy policy of the respective platform.

6. Plugins and Tools

Google Fonts (local hosting)

This page uses so-called Google Fonts, provided by Google, for the uniform display of fonts. The Google Fonts are installed locally. A connection to Google servers does not take place. Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.

Map tiles (OpenStreetMap/CARTO)

This website displays maps using OpenStreetMap data rendered via the Leaflet library and CARTO basemap tiles (basemaps.cartocdn.com). When tiles are loaded, the tile providers receive your IP address and standard technical request data. We do not use cookies for these tiles.

The use of map tiles is based on our legitimate interest in providing a functional, user-friendly map (Art. 6(1)(f) GDPR).

Location Services

This website offers location-based services to help you find longevity-related spots near your location. We use different methods to determine your location, always prioritizing your privacy and requiring your explicit consent for precise location data.

What location data do we collect?

  • IP-based location: We may determine your approximate location based on your IP address to provide city-level location services without requiring permission.
  • Browser location: Only when you explicitly click the location button, we may request access to your device's GPS location for more precise positioning.
  • Local storage: We store your location preferences locally in your browser's localStorage to improve your experience on subsequent visits. This includes:

Legal basis for location data processing

Precise location access requires your explicit consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG). You can revoke this consent at any time by denying location access in your browser settings.

How we protect your location data

All location data is processed locally in your browser and never transmitted to our servers

Detailed Cookie Information

Below is specific information about the cookies used on our website, including their purpose, type, and lifespan:

NamePurposeTypeLifespan
__sessionAuthentication and session management - maintains your logged-in stateNecessary (Essential)Session cookie (deleted when browser closes)
cookie_consentStores your cookie consent preferencesNecessary (Essential)1 year
cookie_preferencesStores your granular cookie category preferences (analytics, marketing)Necessary (Essential)1 year
_gaGoogle Analytics - Distinguishes unique users and tracks website usageAnalytics (Requires Consent)2 years
_gidGoogle Analytics - Distinguishes users for 24-hour analyticsAnalytics (Requires Consent)24 hours
_gatGoogle Analytics - Used to throttle request rateAnalytics (Requires Consent)1 minute

localStorage: In addition to cookies, we use browser localStorage to store location preferences locally on your device. This data includes IP-detected location, manually selected city, precise GPS coordinates (if granted), notification dismissal status, and voting status for community spots (voted_{spotId}). This data is never transmitted to our servers and can be cleared through your browser settings.

You can manage cookie preferences through our cookie consent banner or through your browser settings. Note that disabling necessary cookies may affect website functionality.

Data Processors (Article 28 GDPR)

We engage the following data processors who process personal data on our behalf. All processors are bound by written data processing agreements compliant with Article 28 GDPR:

Google LLC

Services: Google Analytics, Google Tag Manager, Google Fonts, Google Maps

Location: United States

DPA: We have concluded a data processing agreement with Google pursuant to Article 28 GDPR

Standard Contractual Clauses are incorporated into Google's data processing terms

Processing Terms

Namecheap, Inc.

Services: Web hosting and infrastructure

Location: United States (Phoenix, Arizona)

DPA: Service terms include processor obligations under Article 28 GDPR

Processing Terms | Privacy

IPinfo / ipapi.co

Services: IP geolocation services

Location: United States

DPA: Service terms include processor obligations and data protection clauses

Purpose: IP-based location detection for map centering only

Processing Terms

Brevo (formerly Sendinblue)

Services: Newsletter and email delivery services

Location: France (EU) / United States

DPA: Data Processing Agreement (DPA) included in Terms of Service

Purpose: Processing of newsletter subscriptions and email delivery

Processing Terms

ImageKit

Services: Image CDN and optimization

Location: United States / Global CDN

DPA: Service terms include data processing provisions

Purpose: Optimized delivery of user-uploaded images

Processing Terms

You have the right to request information about our data processing agreements and the safeguards we have implemented. Contact us at hello@valteris.com.

Our processors may engage sub-processors. We ensure that all sub-processors are bound by equivalent data protection obligations.

Data Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Specific retention periods are:

Data CategoryRetention PeriodLegal Basis
User account dataDuration of account existence plus 30 days after account deletion for clean-up processingContract fulfillment (Art. 6(1)(b) GDPR)
Newsletter subscription dataUntil unsubscription plus 30 days for processing the unsubscription requestConsent (Art. 6(1)(a) GDPR)
Contact form inquiries and email correspondence6 months after conclusion of correspondence, or 3 years if related to a contractual relationshipLegitimate interest (Art. 6(1)(f) GDPR) or Contract (Art. 6(1)(b) GDPR)
Analytics data (Google Analytics)26 months from the date of collection (Google Analytics default retention period)Consent (Art. 6(1)(a) GDPR)
Server logs and IP addresses7 days for security and fraud prevention purposesLegitimate interest in IT security (Art. 6(1)(f) GDPR)
Contract and billing data (if applicable)10 years in accordance with German commercial and tax law requirementsLegal obligation (Art. 6(1)(c) GDPR per § 147 AO, § 257 HGB)
Cookie consent records1 year or until consent is withdrawnLegal obligation to maintain proof of consent (Art. 7(1) GDPR)

After expiry of the applicable retention period, personal data will be deleted automatically unless deletion is prevented by mandatory legal retention obligations. You can request earlier deletion where permissible by law.

How to Exercise Your Data Protection Rights

To exercise any of your rights under the GDPR (access, rectification, deletion, restriction, portability, objection), please follow this procedure:

Special Note on Your Right to Object (Art. 21 GDPR)

IF WE PROCESS DATA ON THE BASIS OF A LEGITIMATE INTEREST (ART. 6 PARA. 1 LIT. F GDPR), YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS.

IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN PROVE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING.

Step-by-Step Procedure

  1. Send an email to hello@valteris.com with the subject line: 'GDPR Rights Request'
  2. Clearly state which specific right(s) you wish to exercise (e.g., 'Request for Access to Personal Data' or 'Request for Deletion')
  3. Provide sufficient information for us to identify you: your name, email address, and (if applicable) your username or account details
  4. If acting on behalf of someone else, provide proof of authorization

Identity Verification

For security reasons and to prevent unauthorized disclosure of personal data, we may need to verify your identity before processing your request. This may involve:

  • Requesting proof of identity (e.g., copy of ID document with sensitive data redacted)
  • Sending a verification email to the registered email address
  • Asking security questions related to your account

Response Timeline

  • Initial Response: We will acknowledge receipt of your request within 3 business days
  • Full Response: We will provide a full response without undue delay and in any event within one month of receipt of your request
  • Extension: If your request is complex or we receive multiple requests, we may extend this period by two further months. We will inform you of any extension within one month of receiving your request, together with the reasons for the delay

Exercising your rights is free of charge. However, if your requests are manifestly unfounded or excessive (particularly if repetitive), we may charge a reasonable administrative fee or refuse to act on the request, in accordance with Article 12(5) GDPR.

For complex requests, particularly data portability requests or requests involving large volumes of data, we may contact you to clarify the exact scope of information you require and the preferred format for delivery.

This privacy policy was last updated on 12/7/2025.