NeckPainRelief.org

Privacy Policy

Who we are

Our website address is: https://neckpainrelief.org.

Introduction & general information

In this section, you will find details about how we handle your data collected from your use of our website. We will process your data according to data protection laws.

GDPR Representative Exemption (Art. 27(2)(a))

neckpainrelief.org is operated from the United States with no establishment in the EU/EEA. Any processing of personal data of EU/EEA individuals (e.g., via access logs) is occasional, does not involve large-scale processing of special categories of data under Art. 9 GDPR or data on criminal convictions under Art. 10 GDPR, and—considering the purely informational nature of the site, limited scope, and low-risk profile—is unlikely to result in a risk to the rights and freedoms of natural persons. Accordingly, no representative in the Union is required under Art. 27 GDPR.

Definition

Our privacy policy aims to be clear and easy to understand for everyone. It mainly uses the official terms from the General Data Protection Regulation (GDPR), with definitions found in Article 4 of the GDPR.

Web Hosting and Third-Party Processors

This website is hosted by WordPress.com (operated by Automattic Inc.), an external service provider based in the USA. Personal data collected here, such as IP addresses, contact form submissions, and website usage data, is stored on the provider’s servers.

We have concluded a Data Processing Agreement (DPA) with Automattic as required by Art. 28 GDPR, which ensures they process data only on our instructions, implement appropriate security measures, and do not share it with unauthorized third parties. Automattic acts as our processor for site-related data.

As personal data may be accessed or stored in the USA (a third country), we rely on appropriate safeguards for transfers, including the EU-U.S. Data Privacy Framework (DPF) certification where applicable, and EU-approved Standard Contractual Clauses (SCCs) under Art. 46(2)(c) GDPR incorporated into the DPA. Automattic has committed to these mechanisms, and we have assessed supplementary measures where needed to ensure compliance with European standards. If safeguards prove insufficient, we will implement additional protections or restrict transfers.

Additional Plugins and Services:

  • Smush Pro (Image Optimization & CDN): We use Smush Pro to compress, optimize, resize images, and convert them to formats like WebP/AVIF. This involves sending image files (and any embedded EXIF metadata, which may contain personal data such as location information) to WPMU DEV servers in the USA for processing. By default, EXIF data is stripped or not retained locally/server-side, and images are not stored long-term on their servers after optimization.When the integrated Image CDN feature is activated (powered by Bunny CDN), optimized images are served from a global CDN network with points of presence worldwide (including US-based infrastructure). This means image files pass through and are cached/delivered via WPMU DEV/Bunny servers for faster loading. No end-user visitor personal data (e.g., IP addresses or behavior) is collected or processed by Smush Pro or the CDN itself—only the image files are handled. WPMU DEV acts as our sub-processor under appropriate data processing agreements and safeguards (including DPF certification and/or SCCs for US transfers).
  • We may use additional WPMU DEV developer/maintenance tools for site management (admin-only). These generally do not process visitor personal data but may involve US-based servers for certain features.

For all third-party processors and sub-processors (including Automattic and WPMU DEV/Bunny), we ensure appropriate agreements and safeguards are in place. A full list of sub-processors (including those used by Automattic and WPMU DEV) is available in their respective privacy documentation (e.g., Automattic’s privacy policy at wordpress.com/support/privacy/ or WPMU DEV’s at wpmudev.com/privacy-policy/) or upon request.

Server log files

When you visit our website, your internet browser must send data to our web server. The following information is collected during this connection:

  • Date and time of the request
  • Access status
  • Access behavior
  • Web browser and operating system
  • IP address of the requesting computer
  • Amount of data transferred

We collect this data to ensure a smooth connection and comfortable user experience. The log file helps evaluate system security, stability, and for administrative purposes. The legal basis for temporarily storing this data is Art. 6 para. 1 lit. f DSGVO. For technical security reasons, especially to prevent attacks on our web server, we keep this data temporarily. We cannot identify individual users based on this data. After a maximum of 180 days, the data is anonymized by truncating the IP address at the domain level, making it impossible to link it to a specific user.

Cookies

Our website uses cookies, which are small text files stored on your device. There are session cookies, deleted after your visit, and permanent cookies, which stay until you remove them. Cookies are important for website functions like shopping carts and language settings. Some cookies are necessary for technical reasons, while others help analyze user behavior or show ads. We store necessary cookies based on our legitimate interest for optimal service. Other cookies need your consent, which can be withdrawn anytime. If cookies are used for analysis, we will notify you separately and ask for your agreement. You can adjust your browser settings to manage cookies, such as receiving alerts for cookie settings or blocking them. You can also visit specific links to manage cookie preferences for various browsers. Most browsers offer a “Do-Not-Track” feature to opt-out of tracking for targeted ads. You can find instructions on how to enable this feature for your browser. Additionally, blocking scripts with tools like “NoScript” can help control which scripts run on your device. Keep in mind that disabling cookies may limit our website’s functionality.

ile others help analyze user behavior or show ads. We store necessary cookies based on our legitimate interest for optimal service. Other cookies need your consent, which can be withdrawn anytime. If cookies are used for analysis, we will notify you separately and ask for your agreement. You can adjust your browser settings to manage cookies, such as receiving alerts for cookie settings or blocking them. You can also visit specific links to manage cookie preferences for various browsers. Most browsers offer a “Do-Not-Track” feature to opt-out of tracking for targeted ads. You can find instructions on how to enable this feature for your browser. Additionally, blocking scripts with tools like “NoScript” can help control which scripts run on your device. Keep in mind that disabling cookies may limit our website’s functionality.

We use Google Analytics (provided by Google LLC) to understand how visitors interact with our Site, such as pages viewed, time spent, and traffic sources. Google Analytics collects data including:

  • IP address (anonymized),
  • Browser/device type,
  • Approximate location,
  • Usage behavior (e.g., clicks, scrolls).

Google acts as our data processor; data may transfer to the US under standard contractual clauses.

Contact by e-mail

If you contact us through e-mail, we will store your information, including personal data, for processing your inquiry and any follow-up questions. Providing your e-mail address is necessary to reach us, while your first and last name and telephone number are optional. We will not share this data without your consent. The legal basis for processing your data is our legitimate interest in responding to your request under Art. 6 (1) lit. f DSGVO, and if your request is about concluding a contract, under Art. 6 (1) lit. b DSGVO. We will delete your data after completing your request, unless legal obligations require us to keep it. You can object to the processing of your personal data at any time under Art. 6 para. 1 lit. f DSGVO.

Google Web Fonts

This site uses web fonts from Google Ireland Limited to display fonts uniformly. We host these web fonts on our server locally.

Since personal data is transferred to the USA, we implement protective measures to comply with GDPR standards. We have established standard data protection clauses with Google, which require that data processing in the USA meets European protection levels. If this cannot be guaranteed, we seek additional assurances from the U.S. recipient.

We use Google Web Fonts to enhance the website’s performance and user experience, which aligns with our legitimate interests under Art. 6 para. 1 lit. f DSGVO.

For more information on data protection, visit Google’s privacy policy: http://www.google.de/intl/de/policies/privacy. Additionally, information on Google Web Fonts is available at http://www.google.com/webfonts/ and https://developers.google.com/fonts/faq?hl=de-DE&csw=1.

External links

Social networks and Stores (Facebook, Instagram, LinkedIn, Twitter, Amazon) are connected to our website. Clicking any link will direct you to the provider’s page, and your information is shared only after this. Please review the providers’ data protection policies for details on how they handle your personal data.

Data sharing & recipients

A transfer of your personal data to third parties will not occur, except if we have explicitly mentioned it in the data processing description, if you have given your clear consent as per Art. 6 (1) p. 1 lit. a DSGVO, if the disclosure is necessary to assert, exercise, or defend legal claims under Art. 6 (1) p. 1 lit. f DSGVO and there’s no overriding interest in keeping your data private, if there is a legal obligation to disclose it according to Art. 6 (1) p. 1 lit. c DSGVO, or if it’s necessary for processing contractual relationships with you according to Art. 6 para. 1 p. 1 lit. b DSGVO. We also utilize carefully selected external service providers for our services, who are contracted in writing and bound by our instructions, with regular monitoring. These providers handle web hosting, email sending, and IT system maintenance, among others, and will not share your data with third parties.

Data security

We implement suitable technical and organizational measures in line with Article 32 of the GDPR, considering current technology, costs, and the nature of the data being processed, along with the potential risks to individuals’ rights. This website uses SSL encryption to secure and protect confidential information during transmission.

Duration of the storage of personal data

The duration of personal data storage is based on legal retention periods (like commercial and tax laws). Once this period ends, the data is usually deleted. If we need the data to fulfill a contract or have a legitimate reason to keep it, it will be deleted when it’s no longer needed or if you exercise your right to revoke or object.

Your rights

In the following, you will find information on your rights regarding the processing of your personal data under applicable data protection law:

You have the right to request information about your personal data we process, including its purpose, type, recipients, storage duration, and any rights related to your data, such as rectification, erasure, and objection, as well as details on automated decision-making, according to Art. 15 DSGVO.

You can demand immediate correction or completion of your incorrect personal data stored with us under Art. 16 DSGVO.

You can request the erasure of your personal data under Art. 17 DSGVO, unless it is needed for legal obligations or claims.

You have the right to request restriction of processing your personal data under Art. 18 DSGVO if you dispute the accuracy of the data or if the processing is unlawful but you object to erasure.

You can receive your personal data in a structured, commonly used, and machine-readable format or request its transfer to another controller according to Art. 20 DSGVO.

You can complain to a supervisory authority under Art. 77 DSGVO, typically in your state of residence or workplace.

You have the right to revoke consent under Art. 7 (3) DSGVO at any time, resulting in the deletion of your data unless processing without consent is legally justified. Revocation does not affect the legality of prior processing based on your consent.

Right of objection

If we process your personal data based on legitimate interests according to Art. 6 (1) p. 1 lit. f DSGVO, you can object to this processing under Art. 21 DSGVO for reasons related to your specific situation. If your objection is about direct marketing, you can object without needing to provide a specific reason. If you want to withdraw or object, simply send an email to info@neckpainrelief.org.

Legal obligations

The provision of personal data for deciding on a contract, fulfilling a contract, or taking pre-contractual actions is voluntary. However, we can only proceed if you provide the necessary personal data required for the contract, its fulfillment, or pre-contractual actions.

Automated decision making

Automated decision making or profiling according to Art. 22 DSGVO does not take place.

Subject to change

We might update this data protection declaration to follow data protection laws, ensuring we meet legal requirements and adapt our services, including adding new offerings. The most recent version is applicable to your visit.

Status of this data protection declaration: 2026-02-14