Privacy Statement

Privacy Policy

1. Introduction

With the following information, we would like to provide you, as a „data subject,“ with an overview of how we process your personal data and your rights under data protection laws. In principle, you can use our website without providing personal data. However, if you wish to use special services offered by our company via our website, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal ba-sis for such processing, we will generally obtain your consent.

The processing of personal data, such as your name, address, or email address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to „.TEMPLATES and customers without GO DSM“. This privacy policy is intended to inform you about the scope and purpose of the personal data we collect, use, and process.

As the data controller, we have implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this website. How-ever, internet-based data transmissions can fundamentally have security vulnerabilities, meaning absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us via alternative means, such as by telephone or mail.

You, too, can take simple and easy-to-implement measures to protect yourself against unauthor-ized access to your data by third parties. Therefore, we would like to offer you some tips on how to handle your data securely:

Protect your account (login, user, or customer account) and your IT system (computer, laptop, tablet, or mobile device) with strong passwords.
Only you should have access to your passwords.
Make sure you only use your passwords for one account (login, user, or customer ac-count).
Do not use the same password for different websites, applications, or online services.
Especially when using publicly accessible IT systems or those shared with others: You should always log out after each login to a website, application, or online service.

Passwords should be at least 12 characters long and chosen so that they cannot be easily guessed. Therefore, they should not be common everyday words, your own name, or the names of relatives, but should contain uppercase and lowercase letters, numbers, and special characters.

2. Controller

The controller within the meaning of the GDPR is:

neoplas GmbH

Walther-Rathenau-Str. 49a, 17489 Greifswald

Phone: +49 3834 515 210

Email: contact@neoplas.eu

Representative of the controller: Ulrike Sailer

3. Data Protection Officer

You can reach the data protection officer as follows:

Great Oak Datenschutz GmbH & Co. KG

Ruhrstraße 16, 59955 Winterberg

Phone: +49 2985 / 99 99 69 0

Email: datenschutz@great-oak.de

You can contact our data protection officer directly at any time with any questions or sugges-tions regarding data protection.

4. Transfer of Data to Third Parties

Your personal data will not be transferred to third parties for purposes other than those de-scribed above.

Your personal data will not be processed for the purposes listed below.

We only share your personal data with third parties if:

you have given us your explicit consent to do so in accordance with Article 6(1)(a) GDPR,
the transfer is permissible under Article 6(1)(f) GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not having your data transferred,
there is a legal obligation to transfer the data in accordance with Article 6(1)(c) GDPR, and
this is legally permissible and necessary for the performance of a contract with you in accordance with Article 6(1)(b) GDPR.

Personal data may be transferred to the USA as part of the processing operations described in this privacy policy. Companies in the USA only have an adequate level of data protection if they have certified themselves under the EU-US Data Privacy Framework, and thus the European Commission’s adequacy decision pursuant to Article 45 GDPR applies. We have explicitly stat-ed this for the relevant service providers in our privacy policy. To protect your data in all other cases, we have concluded data processing agreements based on the European Commission’s Standard Contractual Clauses. If the Standard Contractual Clauses are insufficient to establish an adequate level of security, your consent pursuant to Article 49(1)(a) GDPR can serve as the legal basis for transfers to third countries. This does not apply, however, to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Article 45 GDPR.

To protect your data in all other cases, we have concluded data processing agreements based on the European Commission’s Standard Contractual Clauses.

5. Technical Information

5.1 SSL/TLS Encryption

This website uses SSL/TLS encryption to ensure the security of data processing and to protect the transmission of confidential information, such as orders, login data, or contact requests that you send to us as the operator. You can recognize an encrypted connection by the fact that „https://“ appears in the browser’s address bar instead of „http://“ and by the padlock icon in your browser’s address bar.

We use this technology to protect your transmitted data.

5.2 Data Collection When Visiting the Website

When you use our website for purely informational purposes, without registering, otherwise providing us with information, or consenting to processing that requires consent, we only col-lect data that is technically essential for providing the service. This is typically data that your browser transmits to our server („in so-called server log files“). Our website collects a range of general data and information each time a page is accessed by you or an automated system. This general data and information is stored in the server’s log files. The following may be recorded:

browser type and version used,
operating system used by the accessing system,
the website from which an accessing system reached our website (referrer),
the subpages accessed on our website by an accessing system,
the date and time of access to the website,
a shortened internet protocol address (anonymized IP address), and
the internet service provider of the accessing system.

We do not draw any conclusions about your identity from this general data and information. Rather, this information is needed to:

deliver the content of our website correctly,
optimize the content of our website and the advertising for it,
ensure the continued functionality of our IT systems and the technology of our website, and
provide law enforcement agencies with the information necessary for prosecution in the event of a cyberattack.

We therefore use this collected data and information for statistical analysis and to improve data protection and data security within our company, ultimately ensuring an optimal level of protec-tion for the personal data we process. The anonymous data from the server log files is stored separately from any personal data provided by a data subject.

The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the purposes of data collection listed above.

5.3 Hosting by Host Europe

We host our website with Host Europe GmbH, Hansestraße 111, 51149 Cologne (hereinafter referred to as Host Europe).

When you visit our website, your personal data (e.g., name, address, email address, browser type, operating system, referrer URL, host name, IP address, browser type, operating system, and time of the server request) is transmitted to Host Europe GmbH, Hansestraße 111, 51149 Cologne, Germany.

B. IP addresses in log files) are processed on Host Europe’s servers.

The use of Host Europe is based on Article 6(1)(f) GDPR. We have a legitimate interest in en-suring the most reliable presentation, provision, and security of our website.

We have concluded a data processing agreement (DPA) with Host Europe in accordance with Article 28 GDPR. This is a legally required contract under data protection law, which guaran-tees that Host Europe processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Further information on Host Europe’s data protection policy can be found at: https://www.hosteurope.de/AGB/Datenschutzerklaerung/

5.4 ShortPixel (ID SCOUT SRL)

This website uses the ShortPixel Content Delivery Network (CDN) from ID SCOUT SRL (Bucharest, Str. Transilvaniei Nr.2, Kamera 5, Bl.5, Ap.19, Sektor 1, 010798 – Bulgaria).

This is an image compression and delivery algorithm provided to optimize loading times (ShortPixel CDN).

The purpose is to optimize image delivery and improve the loading times of our pages through regionally distributed servers. User data is processed exclusively for this purpose and to ensure the security and functionality of the CDN.

This processing is based on a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, namely the interest in the secure and efficient delivery of our content.

This processing is based on a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. When you access a page, your browser loads the relevant images into its cache. For this to happen, your browser must establish a connection to ShortPixel’s servers, which informs ShortPixel that your IP address has accessed our website. The use of ShortPixel Image Optimization serves the purpose of a consistent and appealing presentation of our online content and is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

Data Retention Period: The data processed within the CDN is stored for a maximum of 90 days or processed according to ShortPixel’s specifications.

Further information can be found at: ShortPixel: https://shortpixel.com/ and on ShortPixel’s pri-vacy policy: https://shortpixel.com/privacy.

6. Cookies

6.1 Usercentrics (Consent Management Tool)

We use the „Usercentrics“ consent management tool from Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. This service allows us to obtain and manage the consent of website users for data processing.

Usercentrics collects data generated by end users who use our website. When an end user gives their consent, the following data is automatically logged by Usercentrics:

Browser information.
Date and time of access.
Device information.
The URL of the visited page.
Geographic location.
Page path of the website.
The end user’s consent status, which serves as proof of consent.

The consent status is also stored in the end user’s browser, allowing the website to automatically read and respect the end user’s consent for all subsequent page requests and future end user ses-sions for up to 12 months. The consent data (consent and withdrawal of consent) is stored for three years. This retention period corresponds to the regular limitation period according to § 195 of the German Civil Code (BGB). The data is then deleted immediately or, upon request, trans-ferred to the responsible party in the form of a data export.

The functionality of the website cannot be guaranteed without the processing described above. Users have no right to object as long as there is a legal obligation to obtain their consent for cer-tain data processing operations (Art. 7 para. 1, 6 para. 1 sentence 1 lit. c) GDPR).

Usercentrics is the recipient of your personal data and acts as a data processor for us.

Detailed information on the use of Usercentrics can be found at: https://usercentrics.com/privacy-policy/.

6.2 CleanTalk Anti-Spam Service

Use of CleanTalk for Spam Prevention This website uses the CleanTalk anti-spam service from CleanTalk Inc. (711 S Carson Street, Suite 4, Carson City, NV 89701, USA) to prevent spam comments and other unwanted activity.

CleanTalk processes data such as IP address, email address, nickname, browser/device infor-mation, timestamps, and the content of comments or forms to detect spam patterns. This data may be stored on CleanTalk servers in the EU and retained in log files for up to 31 days; after that, it is deleted. The legal basis for this processing is Article 6(1)(f) GDPR (legitimate interest in the security and functionality of the website).

If you have given your consent, this also applies.

Additionally, this is based on Article 6 Paragraph 1 Letter a of the GDPR and the German Tele-communications and Telemedia Act (TTDSG); you can withdraw your consent at any time.

The transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. CleanTalk is certified under the EU-US Data Privacy Framework; further information can be found in CleanTalk’s privacy policy: https://cleantalk.org/publicoffer#privacy and, if applicable, https://www.dataprivacyframework.gov/s/participant-detail?contact=true&id=a2zt00000008SzYAAU&status=Active.

Data processing agreement: We have concluded a data processing agreement with CleanTalk to ensure that the personal data of our website visitors is processed only according to our instruc-tions and in compliance with the GDPR.

Data retention period: The data is stored for as long as necessary for analyzing and combating spam (often up to approximately 7 days) and is then anonymized or deleted. Further details can be found in CleanTalk’s privacy policy; https://cleantalk.org/publicoffer#privacy

7. Content of our website

7.1 Contacting us / Contact form

When you contact us (e.g., via contact form or email), personal data is collected. The specific data collected when using a contact form is indicated on the respective form. This data is stored and used exclusively for the purpose of responding to your inquiry, contacting you, and the associated technical administration. The legal basis for processing this data is our legitimate in-terest in responding to your inquiry pursuant to Art. 6 para. 1 lit. f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b) GDPR. Your data will be deleted after your request has been fully processed. This is the case when it can be inferred from the circumstances that the matter has been conclusively resolved and no statutory retention obligations prevent deletion.

7.2 Inquiries via Email, Telephone, or Fax

If you contact us via email, telephone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of handling your request. We will not share this data without your consent.

The processing of this data is based on Article 6(1)(b) GDPR if your inquiry relates to the per-formance of a contract or is necessary for taking steps prior to entering into a contract. In all other cases, the processing is based on your consent (Article 6(1)(a) GDPR) and/or on our le-gitimate interests (Article 6(1)(f) GDPR), as we have a legitimate interest in the efficient pro-cessing of inquiries addressed to us.

The data you send us via contact requests will remain with us until you request its deletion, re-voke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – in particular, statutory retention periods – remain unaffected.

8. Our Activities on Social Networks

To enable us to communicate with you on social networks and inform you about our services, we maintain our own pages there. When you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform for the processing opera-tions triggered by your visit, in accordance with Article 26 of the GDPR.

We are not the original provider of these pages, but merely use them within the framework of the options offered to us by the respective providers.

Therefore, we would like to point out that your data may also be processed outside the European Union or the European Economic Area. Using these services may therefore involve data privacy risks for you, as exercising your rights, such as the right to information, erasure, and objection, could be more difficult. Furthermore, processing on social networks is often carried out directly by the providers for advertising purposes or to analyze user behavior, without our being able to influence this. If the provider creates user profiles, cookies are frequently used, or the user be-havior is assigned to your own social network profile.

The described processing of personal data is carried out in accordance with Article 6(1)(f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to communicate with you in a modern manner and to inform you about our services.

If you give your consent to data processing as a user with the respective providers, the legal basis is Art. 6 para. 1 lit. a) GDPR in conjunction with Art. 7 GDPR.

Since we have no access to the providers‘ data, we advise you to assert your rights (e.g., to in-formation, rectification, erasure, etc.) directly with the respective provider. Further information on the processing of your data on social networks is listed below for each social network pro-vider we use:

8.1 Facebook

(Joint) controller for data processing in Europe:

Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Meta (Facebook) may, unless you object, process content from adult users in the EU, e.g., pho-tos, posts, or comments, for the training of its own AI models. The legal basis for this pro-cessing is a legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. As a company, we have no influence over this specific data processing by Meta. Users can object to this processing via an online form on the Meta platforms.

8.2 Instagram

(Joint) Controller for data processing in Germany:

Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

If no objection is raised, Meta (Instagram) may process content from adult users in the EU, e.g., photos, posts, or comments, for the training of its own AI models. As a company, we have no influence over this specific data processing by Meta. The legal basis for this processing is a le-gitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. Users can object to this processing via an online form on the Meta platforms.

8.3 LinkedIn

(Joint) Controller for data processing in Europe:

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

8.4 XING (New Work SE)

(Joint) Controller for data processing in Germany:

New Work SE, Am Strandkai 1, 20457 Hamburg, Germany

Information requests for XING members:

https://www.xing.com/settings/privacy/data/disclosure

9. Plugins and other services

9.1 Google reCAPTCHA

We use the reCAPTCHA function on this website. The operator of Google reCAPTCHA is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Lim-ited is part of the Google group of companies, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The reCAPTCHA function primarily serves to distinguish whether an entry is made by a natural person or is being misused through automated processing. The service also involves sending the IP address and, if applicable, other data required by Google for the reCAPTCHA service to Google.

This processing only occurs with explicit consent in accordance with Article 6(1)(a) GDPR.

The parent company, Google LLC, is certified under the EU-US Data Privacy Framework as a US company. This constitutes an adequacy decision pursuant to Article 45 GDPR, meaning that the transfer of personal data may take place without further safeguards or additional measures.

Further information on Google reCAPTCHA and Google’s privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/.

9.2 Google Web Fonts

Our website uses web fonts for the uniform display of fonts. Google Web Fonts are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies, headquartered at 1600 Amphitheatre Park-way, Mountain View, CA 94043, USA.

This processing is carried out exclusively with your explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.

The parent company, Google LLC, is certified under the EU-US Data Privacy Framework as a US company. An adequacy decision pursuant to Art. 45 GDPR is therefore in place, meaning that the transfer of personal data may take place without further guarantees or additional measures.

Further information about Google Web Fonts and Google’s privacy policy can be found at: https://developers.google.com/fonts/faq ; https://www.google.com/policies/privacy/.

9.3 Image Visualization with Gravatar

We use the image visualization function of Gravatar, provided by AUTH O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland.

We use this tool to create and provide our avatars. This is how you can always find us online.

Data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw this consent at any time. The lawfulness of the data processing operations already carried out re-mains unaffected by the withdrawal.

If you would like to learn more about data protection at Automattic, click on the following link: https://automattic.com/de/privacy/

10. Your rights as a data subject

10.1 Right to confirmation

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

10.2 Right of access (Art. 15 GDPR)

You have the right to obtain from us, at any time and free of charge, information about the per-sonal data stored about you and a copy of this data in accordance with the legal provisions.

10.3 Right to rectification (Article 16 GDPR)

You have the right to request the rectification of inaccurate personal data concerning you. Fur-thermore, taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.

10.4 Right to erasure (Article 17 GDPR)

You have the right to request that we erase personal data concerning you without undue delay, provided one of the legally stipulated grounds applies and the processing or storage is not nec-essary.

10.5 Right to restriction of processing (Article 18 GDPR)

You have the right to request that we restrict the processing of your personal data if one of the legal requirements is met.

10.6 Right to data portability (Article 20 GDPR)

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to trans-mit this data to another controller without hindrance from us, the controller to whom the person-al data was provided, provided that the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR, and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Article 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and free-doms of others.

10.7 Right to Object (Article 21 GDPR)

YOU HAVE THE RIGHT TO OBJECT, ON GROUNDS RELATING TO YOUR PAR-TICULAR SITUATION, AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU WHICH IS BASED ON POINT (E) OF ARTICLE 6(1) (PRO-CESSING NECESSARY FOR THE PERFORMANCE OF A TASK CARRIED OUT IN THE PUBLIC INTEREST) OR POINT (F) OF ARTICLE 6(1) (PROCESSING NECES-SARY FOR THE PURPOSES OF THE LEGITIMATE INTERESTS PURSUED BY THE CONTROLLER OR BY A THIRD PARTY) OF THE GDPR.

This also applies to profiling based on these provisions within the meaning of Article 4(4) GDPR.

You have the right to object, on grounds relating to your particular situation, at any time to pro-cessing of personal data concerning you which is based on point (e) of Article 6(1) (processing necessary for the purposes of the legitimate interests pursued by the controller or by a third par-ty) of the GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defend-ing legal claims.

In certain cases, we process personal data for direct marketing purposes. You can object to the processing of your personal data for such marketing at any time. This also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

Furthermore, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, unless such pro-cessing is necessary for the performance of a task carried out in the public interest.

You are free to exercise your right to object to the processing of your personal data in connec-tion with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

10.8 Withdrawal of consent under data protection law

You have the right to withdraw your consent to the processing of personal data at any time. To revoke this consent at any time with effect for the future.

10.9 Complaint to a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority responsible for data protec-tion regarding our processing of your personal data.

11. Routine Storage, Deletion, and Blocking of Personal Data

We process and store your personal data only for the period necessary to achieve the purpose of storage or as required by the legal provisions to which our company is subject.

If the purpose of storage ceases to apply or a prescribed retention period expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.

12. Duration of Storage of Personal Data

The criterion for the duration of storage of personal data is the respective statutory retention pe-riod. After this period expires, the corresponding data will be routinely deleted, unless it is still required for the performance of a contract or for taking steps prior to entering into a contract.

13. Updates and Changes to the Privacy Policy

This Privacy Policy is currently valid and was last updated in January 2026.

Due to the ongoing development of our website and services, or due to changes in legal or regu-latory requirements, it may become necessary to amend this Privacy Policy. The current version of the Privacy Policy can be accessed and printed at any time on our website at „https://www.neoplas-vet.com/privacy-statement/“.

14. Current List of Supervisory Authorities

A list of supervisory authorities can be found at https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html.

This Privacy Policy was created by Great Oak Datenschutz GmbH & Co. KG with the support of the data protection software: GO DSM.