Privacy notice - entrepreneurboat.com

The protection of personal data has a very high priority for us at entrepreneurboat. Therefore, we would like to disclose to you as a user of our online offer or our online presences on third-party platforms in our privacy notice in a comprehensible way what happens with your data when you use our websites or our services.

The use of our website or certain services may require the processing of personal data. If there is no legal or contractual basis for such processing, we will ask you for your consent. In any case, you can inform yourself here about the scope of processing, the legal basis, the purpose, duration of storage, and your rights as a data subject.

Contents

1. Definitions

Here we would like to briefly explain the most important data protection-related terms that occur repeatedly in the context of our data protection information.

1.1. Personal data

Personal data is any information that relates to a data subject. Personal data also represents various pieces of information that, together, are suitable for identifying a specific person.

Information that is not (no longer) suitable for identifying the data subject (e.g., after anonymization of the data) does not constitute personal data.

Examples of personal data are: First and last name, private address, private telephone number, email address that can be clearly assigned to a natural person, and IP address.

1.2. Processing

Processing includes various operations: collection, recording, organization, ordering, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, erasure or destruction of personal data.

The processing may be fully or partially automated, as well as non-automated.

1.3. Data subject

The data subject is an identified or identifiable natural person whose personal data are subject to processing by or on behalf of the data controller. As a rule, users of online services are data subjects.

1.4. Data controller

The data controller is a natural or legal person who (jointly) decides on the purpose and means of the processing of personal data. The actual processing may also be carried out by a processor.

1.5. Processor

A processor is a natural or legal person who processes personal data on behalf of the data controller. Processors are usually contracted service providers or providers of services and content that are integrated into a website or enable or improve the operation of websites or services (e.g., website hosting or payment service providers).

1.6. Recipient

A recipient is a natural or legal person, entity, or other body to whom personal data is disclosed. However, public authorities that may receive personal data in the context of a specific investigative task under EU or member state law are not considered recipients.

1.7. Profiling

Profiling is automated processing of personal data involving the evaluation of personal aspects relating to a natural person, in particular for the purpose of analyzing or predicting aspects relating to the data subject‘s performance at work, economic situation, health, personal preferences or interests, reliability or conduct, location or change of location, insofar as it produces legal effects concerning the data subject or similarly significantly affects him or her.

2. Name and address of the data controller

The address and contact information of the data controller for all websites with the domains entrepreneurboat.com, entrepreneurboat.net (including all subdomains), as well as co-responsible for the LinkedIn profile https://www.linkedin.com/company/entrepreneurboat are listed below:

entrepreneurboat / Bartolomaeus Kukla
Kämergasse 27
52349 Düren
Germany

Email: contact1@entrepreneurboat.net (Spam Protection Note: Our proper contact email address is the same as the one provided, but without the “1”.)
Phone: +49 2421 4806608

3. General information on data protection

3.1. Purpose and scope of the processing of personal data

As a matter of principle, we process personal data only insofar as this is necessary to provide functioning websites and our content and services. We follow the principle that only data required for the respective purpose is processed. Personal data is regularly processed only with the consent of the data subject. An exception exists in the event that processing is permitted or required by law.

3.2. Collection of data

Data is collected on the one hand by being provided by the data subject (e.g., name and email address in a form). On the other hand, data is collected automatically when visiting our websites or when using certain services (e.g., IP address).

3.3. Legal basis for the processing of personal data

a) Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) lit. a EU General Data Protection Regulation (“GDPR”) serves as the legal basis.

b) When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

c) Insofar as processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as the legal basis.

d) In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d GDPR serves as the legal basis.

e) If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) lit. f GDPR serves as the legal basis for the processing.

3.4. Storage period and data deletion

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply, or the data subject legitimately invokes the right to erasure or revokes consent to data processing. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws, or other provisions to which the data controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned norms expires, unless there is a necessity for the continued storage of the data for the conclusion or performance of a contract.

3.5. Necessity for the processing of personal data

The processing of certain personal data may be necessary if this is required by law (e.g., tax regulations) or results from contractual regulations (e.g., information on the contractual partner). In order to properly conclude a contract, it may be necessary for the data subject to provide us with the required personal data. Failure to provide such data or the provision of incorrect data may result in the contract with the data subject not being able to be concluded or being invalid. Before providing the required data, the data subject has the right to request clarification from us as to the extent to which the processing of such data is necessary to achieve the intended purpose, whether this requirement is justified by law or by contract, and what the consequences of not providing the personal data would be.

3.6. Transfer of personal data

Some personal data may be processed by processors. We conclude contracts (contract on commissioned processing) with all processors we use, which have as their content the protection of the personal data processed. Some processors offer a data processing addendum to the Terms of Use, which replaces a contract on processing.

3.7. Data processing in third countries

Some services we use or processors we commission may process data in countries outside the European Union (EU) as well as outside the European Economic Area (EEA) (third countries). We expressly point out that in such third countries no level of data protection comparable to that in the EU can be guaranteed, unless a third country has been expressly certified as having such a level of data protection. An up-to-date list of these states can be found at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.

Data processing in the USA and Canada is only considered secure if the respective company certifies itself as secure. A current list of these certified companies can be found at: https://www.dataprivacyframework.gov.

In the case of countries that do not meet these requirements, despite the existence of corresponding standard contractual clauses (SCC) or internal binding corporate rules (BCR), it cannot be ruled out that, for example, authorities in these countries will access, process, evaluate and permanently store data stored in their territory for monitoring purposes. We have no influence on these processing operations in third countries. Furthermore, the data subject has no legal possibility to assert the rights to which he or she is entitled pursuant to the GDPR in these third countries.

4. Rights of the data subject

As a data subject, you have the following rights:

4.1. Right of access

The data subject has the right to request confirmation from the data controller as to whether personal data concerning him or her are being processed. If this is the case, the data subject may request information from the data controller about the following:

a) the purposes for which the personal data are processed;

b) the categories of personal data which are processed;

c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations – in this context, the data subject may request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer;

d) the planned duration of the storage of the personal data or, if specific information on this is not possible, criteria for determining the storage period;

e) the existence of a right to rectification or erasure of the personal data, a right to restriction of processing by the data controller, or a right to object to such processing;

f) the existence of a right of appeal to a supervisory authority;

g) any available information on the origin of the data, if the personal data are not collected from the data subject;

h) the existence of automated decision-making, including profiling, pursuant to Article 22 (1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

4.2. Right to rectification

The data subject has the right to obtain from the data controller the rectification of inaccurate personal data without undue delay. Taking into account the purposes of the processing, he or she has the right to request that incomplete personal data be completed, including by means of a supplementary declaration.

4.3. Right to erasure

4.3.1. Obligation to erasure

The data subject may request the data controller to erase the personal data without undue delay, and the data controller shall be obliged to erase such data without undue delay, if one of the following reasons applies:

a) The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

b) The data subject revokes the consent on which the processing was based pursuant to Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR and there is no other legal basis for the processing.

c) The data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR.

d) The personal data have been processed unlawfully.

e) The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the data controller is subject.

f) The personal data has been collected in relation to information society services offered in accordance with Article 8 (1) of the GDPR.

4.3.2. Information to third parties

If the data controller has made the personal data public and is obliged to erase it pursuant to Article 17 (1) of the GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that the data subject has requested that they erase all links to or copies or replications of that personal data.

4.3.3. Exceptions

The right to erasure does not exist insofar as the processing is necessary for

a) for the exercise of the right to freedom of expression and information;

b) for compliance with a legal obligation which requires processing under Union or Member State law to which the data controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;

c) for reasons of public interest in the area of public health pursuant to Article 9 (2) lit. h and lit. i and Article 9 (3) of the GDPR;

d) for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Article 89 (1) of the GDPR, insofar as the right referred to in Section 4.3.1. is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or

e) for the assertion, exercise, or defense of legal claims.

4.4. Right to restriction of processing

Under the following conditions, the data subject may request the restriction of the processing of personal data:

a) if the data subject contests the accuracy of the personal data for a period enabling the data controller to verify the accuracy of the personal data;

b) the processing is unlawful, and the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data;

c) the data controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the establishment, exercise, or defense of legal claims; or

d) if the data subject has objected to the processing pursuant to Article 21 (1) of the GDPR and it is not yet clear whether the data controller’s legitimate grounds override your grounds.

If the processing of personal data has been restricted, such data may – apart from being stored – only be processed with the consent of the data subject or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction on processing has been imposed in accordance with the above conditions, the data subject shall be informed by the data controller before the restriction is lifted.

4.5. Right to information

If the data subject has asserted the right to rectification, erasure or restriction of processing against the data controller, the data controller is obliged to inform all recipients to whom the personal data have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

The data subject shall have the right against the data controller to be informed about these recipients.

4.6. Right to data portability

The data subject has the right to receive the personal data that he or she has provided to the data controller in a structured, common, and machine-readable format. In addition, he or she has the right to transmit this data to another data controller without hindrance by the data controller to whom the personal data have been provided, provided that

a) the processing is based on consent pursuant to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) lit. b GDPR and

b) the processing is carried out with the help of automated procedures.

In exercising this right, the data subject also has the right to obtain that the personal data be transferred directly from one data controller to another data controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.

The right to data portability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

4.7. Right to object

The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data carried out on the basis of Article 6 (1) lit. e or lit. f of the GDPR; this also applies to profiling based on these provisions.

The data controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.

If the personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, including for profiling purposes, insofar as it is related to such direct marketing.

If the data subject objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

The data subject shall have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise his right to object by means of automated procedures using technical specifications.

4.8. Automated decisions in individual cases, including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This does not apply if the decision

a) is necessary for the conclusion or performance of a contract between the data subject and the data controller,

b) is permitted by legal provisions of the Union or the Member States to which the data controller is subject, and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests; or

c) is made with the explicit consent of the data subject.

However, these decisions must not be based on special categories of personal data pursuant to Article 9 (1) of the GDPR, unless Article 9 (2) lit. a or lit. g of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases mentioned in a) and c), the data controller shall take reasonable steps to safeguard the data subject’s rights and freedoms and legitimate interests, which include at least the right to obtain the intervention of a data subject on the part of the data controller, to express his or her point of view and contest the decision.

4.9. Right to withdraw the declaration of consent under data protection law

The data subject has the right to revoke his declaration of consent under data protection law at any time. The revocation of the consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

4.10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, the data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her residence, place of work or the place of the alleged infringement, if he or she considers that the processing of personal data infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.

The supervisory authority responsible for us is:

State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen).
Bettina Gayk

Postal address:

Postfach 20 04 44
40102 Düsseldorf
Germany

Visiting address:

Kavalleriestraße 2-4
40213 Düsseldorf
Germany

Contact:

Phone: +49 211 384240
Email: poststelle@ldi.nrw.de
Website: https://www.ldi.nrw.de

5. Modification and update of the privacy notice

As soon as a change in the processing carried out by us or commissioned by us makes it necessary or relevant legal regulations change, we adapt our privacy notice accordingly. Therefore, we ask you to regularly check our privacy notice for updates so that you are always up to date regarding the processing of your personal data and your rights.

We will inform you as soon as a change requires your cooperation (e.g., consent) or if you should receive any other individual notification from us.

We regularly check the validity of the links and contact information contained in this privacy notice. Before contacting the providers that we use, please note that it is still possible that certain information may no longer be up to date.

6. Security measures

In order to increase the security of the users of our online offer and other services, we take appropriate, reasonable technical and organizational measures.

These measures include protecting the transmission of confidential content that you send to us, the provider of the online offer, and other services. Our website uses SSL or TLS encryption for this purpose, which prevents unauthorized reading (e.g. in a public WLAN). You can recognize a secure connection in the browser by a lock symbol and “https://” at the beginning of the address line.

– Processing operations in detail –

7. Websites and log files

For the provision of our online offer (website and other services), we use the services of a web hosting provider (website provider). The services include, among others, the provision of IT infrastructure and related services (esp. computing capacity, storage space, website servers, email servers, and administrative services).

Our web hosting provider is ALL-INKL.COM – Neue Medien Münnich, Owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany.

Website: https://all-inkl.com.

Privacy notice: https://all-inkl.com/datenschutzinformationen.

We have concluded an order processing contract with this provider.

Each time one of our websites or services with the domains entrepreneurboat.com or entrepreneurboat.com is called up, the server of our web hosting provider automatically collects data and information from the computer system of the calling computer. The following data is collected: Information about the browser type and version, the user’s operating system, the user’s Internet service provider, the user’s IP address, the country and approximate location of the user’s Internet access, the date and time of access, the website from which the user’s system arrives at our website (referrer), websites accessed by the user’s system via our website.

This data is also stored in the log files of the server. Storage of this data, together with other personal data of the user, does not take place.

The legal basis for the temporary storage of the data and the log files is legitimate interest according to Art. 6 (1) lit. f GDPR.

We have a legitimate interest in this: The temporary storage of the IP address by the IT system of the web hosting provider is necessary to provide the user’s terminal device (e.g., computer, tablet, or smartphone) with our online offer. For this purpose, the user’s IP address must remain stored for the duration of the session.

In these purposes also lies our legitimate interest in data processing by means of log files pursuant to Art. 6 (1) lit. f GDPR.

The storage in log files is done to ensure the functionality of the online offer. In addition, we use the data to optimize the online offer and to secure the IT systems we use. An evaluation of the data for marketing purposes does not take place in this context.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the online offer, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after 30 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment to the end device of the user or to the user is no longer possible. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.

The collection of data for the provision of the online offer and the storage of data in log files are mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

8. Cookies and consent management

Some of our services use cookies. Cookies are small data packages and are stored on the user’s terminal device by the browser. Numerous websites and web services use cookies. Cookies are primarily used to store a logic state or to recognize the user, in that the content of a cookie contains a unique value that allows the identification of the user’s browser or terminal device.

Cookies that are only needed for the duration of a session and are deleted following the session (session cookies), as well as cookies that remain stored in the browser beyond the session until they are deleted by the user himself or until their predefined “lifetime” (usually one year) is reached (permanent cookies) are among the most common types of cookies.

Cookies can also be deleted at any time by the user in the browser manually, or automatically after closing the browser (for this purpose, the settings in the respective browser may need to be adjusted). It is also possible to completely disable cookies in the browser. In this case, some services that rely on cookies may not function properly or at all.

In addition to cookies set by our website or services, cookies from third parties (third-party cookies) may also be stored in the browser on the user’s terminal device, especially if these third-party services are embedded in our websites. These cookies are necessary for the correct execution of these services.

Cookies can have different functions. Some cookies are technically necessary, as certain functions of the online offer will not work partially or completely without them. Other cookies are used to evaluate user behavior or to display advertising.

Cookies that are necessary for the correct provision of our online offer (Necessary cookies – e.g., to carry out the electronic communication process, to provide certain desired functions or to optimize the web pages) are stored on the basis of legitimate interest pursuant to Art. 6 (1) lit. f GDPR, unless another legal basis is specified. The same applies to cookies that are not suitable for identifying the user and only store the logic state of a service of our online offer. We have a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of our services.

Insofar as consent has been requested for the storage of cookies and comparable recognition technologies, processing is carried out exclusively on the basis of this consent (Art. 6 (1) lit. a GDPR).

Insofar as cookies are used by third parties or for analysis purposes, we indicate these separately and, if necessary, ask for consent. Consents can be revoked by the user at any time.

We use a consent management service under which user consents to the use of cookies and similar technologies (tracking pixels, web beacons, etc.), the automatic loading of embedded services or third-party content, or tracking for statistical or marketing purposes can be obtained, stored, managed by the user, and revoked. In this context, the user’s declarations of consent are stored in order not to have to repeat their request for a certain period of time and in order to be able to prove the consents in accordance with the legal obligation.

We use the “Real Cookie Banner” service for this purpose. Details on how “Real Cookie Banner” works can be found at https://devowl.io/knowledge-base/real-cookie-banner-data-processing. The service is operated exclusively on our own server or on a server of our website provider and managed by the data controller. The data is not passed on to third parties.

Legal bases for the processing of personal data in this context are Art. 6 (1) lit. c GDPR and Art. 6 (1) lit. f GDPR. Our legitimate interest is the management of cookies and similar technologies used and the related consents.

The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. The user is not obliged to provide the personal data. If the user does not provide the personal data, we cannot manage their consents.

The consent management service asks website visitors for consent to set cookies and process personal data. For this purpose, each website visitor is assigned a UUID (pseudonymous identification of the user), which is valid until the expiration of the cookie for storing consent. Cookies are used to test whether cookies can be set, to store reference to documented consent, to store which services (services) from which service groups the visitor has consented to, and, if consents are obtained under the Transparency & Consent Framework (TCF), to store consents in TCF Partners, Purposes, Special Purposes, Functions and Special Functions. As part of the GDPR’s duty of disclosure, the consent collected is fully documented. This includes, in addition to the services and service groups to which the visitor has consented, and if consent is obtained according to the TCF standard, to which TCF partners, purposes and functions the visitor has consented, all cookie banner settings at the time of consent as well as the technical circumstances (e.g. size of the viewing area at the time of consent) and the user interactions (e.g. clicking on buttons) that led to consent. Consent is collected once per language.

You can view, change, or revoke your current consent management service settings at any time here or on this page https://entrepreneurboat.com/privacy-settings:

Privacy settings history
Change privacy settings
Revoke consents

9. Security services

We use the “Wordfence” service provided by Defiant Inc, 1700 Westlake Ave N Ste 200, Seattle, WA 98109, USA.

Website: https://www.wordfence.com.

Privacy notices: https://www.wordfence.com/privacy-policy und https://www.wordfence.com/help/general-data-protection-regulation.

Standard Contractual Clauses: https://www.wordfence.com/standard-contractual-clauses.

We have concluded an order processing contract with this provider.

Wordfence secures our websites against attacks and errors of various kinds (esp. by means of a firewall and security and error detection functions).

Cookies are used to check user permissions before accessing WordPress, to notify administrators when a user logs in with a new device or location, and to bypass defined country restrictions through specially prepared links. IP addresses of users are compared to known IP addresses of endpoints flagged as malicious and blocked if necessary and stored by Wordfence on our server.

The functionality “Participate in the Real-Time Wordfence Security Network” is not activated, so no data is transmitted to third parties.

Wordfence is used on the basis of legitimate interest pursuant to Art. 6 (1) lit. f GDPR.

We have a legitimate interest in protecting our website or our services as effectively as possible against cyberattacks or other threats.

Cookies are stored for up to one year. IP addresses that have triggered a security-related event and were therefore stored are deleted after 30 days.

The use of the service to defend against attacks and maintain the security of the users of our online offer is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

10. Language services

We may provide our content in multiple languages. We use the “Polylang” service for this purpose. Polylang is a multi-language system to output the content in multiple languages. Details on how “Polylang” works can be found at https://polylang.pro/privacy-policy. The service is operated exclusively on our own server or on a server of our website provider and managed by the data controller. The data is not passed on to third parties.

Legal bases for the processing of personal data in this context are Art. 6 (1) lit. c GDPR and Art. 6 (1) lit. f GDPR. Our legitimate interest is the provision of our content in multiple languages, making it available to a larger number of users as well as to store the user’s language to deliver the content in the correct language.

A set cookie can store the chosen language of the user and can redirect the user to the version of the website that matches with the browser language. Cookies are stored for up to one year.

11. Analysis services

We use the open-source service “Matomo”. The service is operated exclusively on our own server or a server of our website provider and managed by the data controller. Data is not passed on to third parties.

Matomo is a service to create detailed statistics about user behavior on the website visited (web analysis). Cookies or fingerprinting (identification of the user’s terminal device without cookies) are used to distinguish users and to link data from multiple page views.

In addition to the IP address, the data processed includes data on which website a data subject came to a website from (referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. IP addresses are anonymized before storage.

The legal basis for the processing of the users’ personal data is legitimate interest according to Art. 6 (1) lit. f GDPR.

The processing of the users’ personal data enables us to analyze the surfing behavior of our users on our website. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. In these purposes also lies our legitimate interest in the processing of the data. By anonymizing the IP address, the interest of users in the protection of their personal data is sufficiently taken into account.

Stored data is deleted after 30 days at the latest.

Users of our websites have the option to turn off the analysis procedure with effect for the future:

12. Contact

Users have the option of contacting us in various ways, including by mail, telephone, email, contact form on our website, or via other messaging channels (e.g., social media messenger services). In doing so, personal data is transmitted to us (first and last name, postal address, telephone number, email address, message content, IP address, and possibly other data depending on the message channel). This data is only stored for the purpose of processing the user’s request and is not passed on to third parties without the user’s consent.

When a user contacts us via email, his or her personal data is stored on an email server provided by one of our email providers and managed by us alone.

For this purpose, we use the services of ALL-INKL.COM – Neue Medien Münnich, owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany.

Website: https://all-inkl.com.

Privacy notice: https://all-inkl.com/datenschutzinformationen.

We have concluded an order processing contract with this provider.

We also use (exclusively for sending emails) the services “Amazon AWS” of Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA.

Website: https://aws.amazon.com.

Privacy notice: https://aws.amazon.com/privacy/?nc1=h_ls.

We have concluded an order processing contract with this provider (data processing addendum).

We only use servers located in the European Union (EU). Amazon Web Services has joined the EU-U.S. Data Privacy Framework, which means that data transfers to the U.S. are also considered secure.

If a user contacts us via the contact form on our website, his personal data will additionally be stored on our website server.

The legal basis for the processing of the data is Art. 6 (1) lit. a GDPR if the user has given his consent.

The legal basis for the processing of data transmitted in the course of sending an email is legitimate interest pursuant to Art. 6 (1) lit. f GDPR. If the email contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR.

In the case of contact, this also constitutes the necessary legitimate interest in processing the data.

The data will be deleted by us no later than 30 days after the time at which it can be inferred from the circumstances that the matter concerned has been conclusively clarified.

Users have the right to request that we delete all personal data as a result of their contact and, if applicable, our conversation that has continued up to that point. In such a case, the conversation cannot be continued.

13. Promotional communication

We process personal data for the purposes of promotional communication (direct marketing), which may be carried out in various ways, including by mail, telephone, email, contact form on our website, or via other messaging channels (e.g., messenger services of social media) in accordance with legal requirements.

The processed data are, in particular, first and last name, postal address, telephone number, email address, message content, and possibly other data depending on the message channel.

Legal bases are consent (Art. 6 (1) p. 1 lit. a. GDPR) and legitimate interests (Art. 6 (1) p. 1 lit. f. GDPR). In this context, the performance of effective direct marketing is our legitimate interest.

Users have the right to revoke consent given or to object to promotional communication at any time.

In the case of communication by email, the revocation or objection can be initiated by clicking on the link “Unsubscribe from receiving emails” at the bottom of the email.

After revocation or objection, we store the data required to prove the previous authorization to contact or send for up to three years after the end of the year of revocation or objection on the basis of our legitimate interests pursuant to Art. 6 (1) p. 1 lit. f. GDPR. The processing of this data is limited to the purpose of a possible defense against claims. Based on the legitimate interest to permanently observe the revocation or objection of the users, we further store the data required to avoid a renewed contact according to message channel (e.g., name, address, telephone number, fax number, email address, messenger addresses).

14. Newsletter, downloads, webinars and conversations

We offer our users the possibility to subscribe to regular emails (newsletter subscription), to download files (downloads), to register for webinars, or to arrange conversations.

In the case of a newsletter subscription, we send the registered user regular emails on specific topics, including topic-related promotional offers. The frequency and topics are specified during registration. Unless otherwise specified, we send our newsletter emails weekly to quarterly on topics, including topic-related promotional offers that we address on our websites (e.g., in blog posts).

In the case of downloads, we provide users with downloadable files that they can save on their end device. Rights of use may be governed by a license agreement to which the user must consent before downloading. The content and purpose of use are specified during registration. If the download is provided free of charge to the user, there are no claims on the part of the user for error-free or intended usability of the files offered, especially in the event of compatibility problems with the user’s end devices.

We offer users the opportunity to participate in webinars. This involves a meeting by means of a video conference service between the organizer and the participants. The topics and event details (time, means of communication used, etc.) of the webinar are specified at or after registration. If the webinar takes place free of charge for the user, there are no claims on the part of the user for participation by the user, despite confirmed registration.

We offer users the opportunity to contact us and hold a conversation. The conversation takes place by means of a video conference service or by telephone between the participants. If the conversation takes place free of charge for the user, the user has no right to the execution of the conversation despite a confirmed appointment.

Furthermore, we send users who have requested one or more of these services emails from time to time with content that relates to the service in question or could interest users in this context (topic-related emails).

In order to use these services, registration is required, during which a valid email address must be provided. The indication of the name is optional and serves the personalization of the emails. It is necessary to confirm the registration via a link in a confirmation email (verification that the subscriber actually has the specified email address and the associated mailbox). Furthermore, both the IP address of the user’s terminal device and the time of registration are stored.

For the provision of registration forms and the confirmation procedure, we use the “Green Popups” service. The service is operated exclusively on our own server or on a server of our website provider and managed by the data controller. The data is not passed on to third parties. This service sets cookies to store the logic state.

For the storage of the user’s data as well as for the sending of emails, we use the service “FluentCRM”. The service is operated exclusively on our own server or on a server of our website provider and is managed by the data controller. The data is not passed on to third parties, unless it is an order processor. The processor may be, in particular, an email provider through which we send emails. We transmit the email address and (if available) the name of the user to this order processor.

With the help of these services, it is possible for us to analyze the receipt of emails sent by us. We can determine whether and when an email was opened, or which links were clicked. This information helps us to constantly improve our offer.

The legal basis for processing personal data and sending emails or contacting us by other means when using the above-mentioned services is consent (Art. 6 (1) p. 1 lit. a. GDPR).

Data is stored as long as it is required for the purpose (provision of the requested service). The cookies set to store the logic state have a lifetime of up to several weeks.

This consent can be revoked at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

The receipt of emails can be cancelled at any time via the link “Unsubscribe from receiving emails” in our emails or by sending us an informal message by email.

After revocation, the user’s data processed in connection with the respective service will be deleted. In the event of cancellation, we reserve the right to retain the email address as well as the time of subscription for a period of up to three years based on our legitimate interests before deleting it in order to be able to prove consent formerly given. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time.

It is not possible to use the services without email analysis.

15. Online meetings

To conduct audio or video conferences or webinars (online meeting), we use services that enable two or more participants to communicate directly with each other online by transmitting sound or sound and images and, if applicable, texts from and to the user’s terminal device.

15.1. Google Meet

For online meetings, we use the “Google Meet” service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Website: https://meet.google.com.

Privacy notice and data processing addendum: https://workspace.google.com/terms/dpa_terms.html.

Standard Contractual Clauses: https://cloud.google.com/terms/sccs.

Data may be transferred to servers located in an unsecure third country. We have entered into an order processing agreement with this provider (Data Processing Addendum). Google has joined the EU-U.S. Data Privacy Framework, which means that data transfers to the U.S. are also considered secure.

The scope of the data processed depends on what data the user provides before or during participation in an online meeting. As part of the use of Google Meet, data of the communication participants is processed and stored on Google servers. The actual communication during online meetings is encrypted. The processed data may include, in particular, user login data (name, email address, telephone number, profile picture, or password) and meeting data (topic, description, IP address of the user or terminal device information). When dialing in by telephone, the processed data includes the incoming or outgoing phone number, country name, time of the start and end of the call, and other connection data, if applicable. In addition, audio, image and voice or text contributions of the subscribers can be processed.

The user can prevent the transmission of audio, video, and text data by muting his microphone, deactivating his video camera for Google Meet, and not writing or dictating messages in the chat. In this case, the user’s participation in the online meeting is limited to passive reception of information, insofar as this is compatible with the purpose of the meeting and makes sense.

Statements made by the user during the online meeting will only be passed on to third parties outside the online meeting if this is expressly desired by the user (consent) or if the character of the online meeting clearly indicates that the contents of the conversation should not be subject to confidentiality (e.g. in the case of a public web seminar).

We reserve the right to record online meetings with a public character (web seminars) and to make them available to third parties outside the online meeting. Users will be explicitly informed of this at the beginning of the online meeting, and their consent will be obtained.

The legal basis for the processing of personal data in a pre-contractual context and for the fulfillment of a contract is Art. 6 (1) lit. b GDPR.

In the case of consent for the processing of data by the user, the processing is based on Art. 6 (1) lit. a GDPR. Otherwise, the legal basis for the processing of data when conducting online meetings is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in the effective conduct of the online meeting.

Personal data is stored as long as it is necessary for the purpose (provision of the online meeting). Legitimate recordings of public web seminars may be stored without a time limit. Log files, insofar as they are available to the person responsible, are deleted after 30 days at the latest. Any consent given can be revoked at any time with effect for the future. Processing of already recorded web seminars is not subject to any restriction, even in the event of revocation.

15.2. Microsoft Teams

For online meetings, we use the “Microsoft Teams” service as part of “Microsoft 365” from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, Ireland.

Website: https://www.microsoft.com/en-US/microsoft-teams/group-chat-software.

Privacy notice: https://privacy.microsoft.com/en-US/privacystatement.

Standard Contractual Clauses: https://learn.microsoft.com/en-US/compliance/regulatory/offering-eu-model-clauses.

Order Processing Addendum: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA?lang=1&year=2022.

Data may be transferred to servers located in an insecure third country. We have entered into an order processing agreement with this provider (Data Processing Addendum). The parent company, Microsoft Inc., has joined the EU-U.S. Data Privacy Framework, which means that data transfers to the U.S. are also considered secure.

The amount of data processed depends on what data the user provides before or during participation in an online meeting. As part of the use of Microsoft Teams, data of the communication participants is processed and stored on Microsoft servers. The actual communication during online meetings is encrypted. The processed data may include, in particular, user login data (name, e-mail address, telephone number, profile picture, or password) and meeting data (topic, description, IP address of the user or end device information). When dialing in by telephone, the processed data includes the incoming or outgoing phone number, country name, time of the start and end of the call, and other connection data, if applicable. In addition, audio, image, and voice or text contributions of the subscribers can be processed.

The user can prevent the transmission of audio, video, and text data by muting his microphone, deactivating his video camera for Microsoft Teams, and not writing or dictating messages in the chat. In this case, the user’s participation in the online meeting is limited to the passive reception of information, insofar as this is compatible with the purpose of the meeting and makes sense.

The legal basis for the processing of personal data in a pre-contractual context and for the fulfillment of a contract is Art. 6 (1) lit. b GDPR.

Personal data is stored as long as it is necessary for the purpose (provision of the online meeting). Legitimate recordings of public web seminars may be stored without a time limit. Log files, insofar as they are available to the person responsible, are deleted after 30 days at the latest. Any consent given can be revoked at any time with effect for the future. The processing of already recorded web seminars is not subject to any restriction, even in the case of revocation.

15.3. Zoom

For online meetings, we use the “Zoom” service of Zoom Video Communications, Inc., 55 Almaden Boulevard, Suite 600, San Jose, CA 95113, USA.

Website: https://www.zoom.us.

Privacy Notice, Standard Contractual Clauses and Data Processing Addendum: https://explore.zoom.us/en/privacy and https://explore.zoom.us/en/gdpr and https://zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf.

Data may be transferred to servers located in an unsecure third country. We have concluded a contract on commissioned processing with this provider (data processing addendum).

The scope of the data processed depends on what data the user communicates before or during participation in an online meeting. In the course of using Zoom, data of the communication participants is processed and stored on Zoom servers. The actual communication during online meetings is encrypted. Processed data may include, in particular, user login data (name, email address, phone number, profile picture, or password) and meeting data (topic, description, IP address of the user or end device information). When dialing in by telephone, the processed data includes the incoming or outgoing phone number, country name, time of the start and end of the call, and other connection data, if applicable. In addition, audio, image, and voice or text contributions of the subscribers can be processed.

The user can prevent the transmission of audio, video, and text data by muting his microphone, deactivating his video camera for Zoom, and not writing or dictating messages in the chat. In this case, the user’s participation in the online meeting is limited to passive reception of information, insofar as this is compatible with the purpose of the meeting and makes sense.

The legal basis for the processing of personal data in a pre-contractual context and for the fulfillment of a contract is Art. 6 (1) lit. b GDPR.

16. Appointments

Users can make appointments for conversations or online meetings with us. In doing so, users can select an appointment marked as available by our site that suits them best. In contrast to verbal or written arrangements, this procedure simplifies the appointment-making process considerably for both parties.

16.1. Microsoft Bookings

For appointment scheduling, we use the service “Microsoft Bookings” as part of “Microsoft 365” from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, Ireland.

Website: https://www.microsoft.com/en-US/microsoft-365/business/scheduling-and-booking-app.

Privacy notice: https://privacy.microsoft.com/en-US/privacystatement.

Standard Contractual Clauses: https://learn.microsoft.com/en-US/compliance/regulatory/offering-eu-model-clauses.

Order Processing Addendum: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA?lang=1&year=2022

Data may be transferred to servers located in an unsecure third country. The parent company, Microsoft Inc., has joined the EU-U.S. Data Privacy Framework, which means that data transfers to the U.S. are also considered secure.

In order to make an appointment, users are forwarded via a corresponding link to our external appointment scheduling page set up at Microsoft. In doing so, a connection to Microsoft’s servers is established. At this point, the IP address of the user’s terminal device is transmitted to Microsoft.

In order to make an appointment, personal data must be provided in accordance with the appointment form (e.g., name, e-mail address, desired means of communication, telephone number, and other supplementary information).

When booking an appointment via Microsoft Bookings, the data entered on the Microsoft website will be passed on to us by Microsoft, stored, and processed by us in order to carry out the appointment.

After the appointment is completed, we send the user a confirmation email with the relevant appointment data. If the user has selected Google Meet, Microsoft Teams, or Zoom as the means of communication, this email will also contain a dial-in link. If the user has selected the telephone as the means of communication, we will call the user at the telephone number provided.

The legal basis for the processing of personal data in a pre-contractual context, as well as for the performance of a contract, is Art. 6 (1) lit. b GDPR.

In the case of consent for the processing of data by the user, the processing is based on Art. 6 (1) lit. a GDPR. In all other respects, the legal basis for the processing of data when making online appointments is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in making appointments effectively and efficiently.

We delete appointment-related data 30 days after the appointment date. Consent can be revoked at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

17. Video content

As part of our blog posts or on our other web pages, we may include video content to provide an enhanced user experience. Further, we may make video content available in our online courses, among other media types.

17.1. YouTube

For the provision of video content, we use the “YouTube” service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Website: https://www.youtube.com.

Privacy notice: https://policies.google.com/privacy?hl=en.

Data may be transferred to servers located in an insecure third country. Google has joined the EU-U.S. Data Privacy Framework, which means that data transfers to the U.S. are also considered secure.

YouTube is a service that provides its own video content and that of its users. This video content can be played on the youtube.com website or embedded in other websites. In any case, a connection of the user’s end device to Google’s servers is established. In the process, the IP address of the user’s terminal device is transmitted to Google. If the user is logged into YouTube, further data may be transmitted to Google. Cookies can be set. Data can be forwarded to third parties. Furthermore, information can be transmitted to Google about when and which website the user has accessed, in which the played video is embedded. Beginning with the playback of a video from YouTube, further data processing operations may be triggered over which we have no control.

Insofar as YouTube videos are necessary components of an online course offered by us, which users take advantage of, the legal basis is Art. 6 (1) lit. b GDPR, as we thereby fulfill a contractual obligation.

Furthermore, the legal basis is a legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Our legitimate interest is the improved user experience through the use of video content. If a corresponding consent has been obtained, the processing is based on Art. 6 (1) lit. a GDPR.

The consent can be revoked at any time. Cookies can be deleted at any time.

A reduction in data transmission to Google can be achieved by the user logging out of YouTube before playing the videos embedded with us, provided that he is registered and logged in as a user there.

17.2. Vimeo

For the provision of video content, we use the service “Vimeo” of Vimeo.com, Inc., 330 West 34th Street, 10th Floor, New York, New York 10001, USA.

Website: https://vimeo.com.

Privacy notice: https://vimeo.com/privacy.

Data may be transferred to servers located in an unsecure third country.

Vimeo is a service that provides its own video content and that of its users. This video content can be played on the vimeo.com website or embedded in other websites. In any case, a connection of the user’s end device to the servers of Vimeo is established. In the process, the IP address of the user’s terminal device is transmitted to Vimeo. If the user is logged into Vimeo, further data may be transmitted to Vimeo. Cookies may be set. Data may be transmitted to third parties. Furthermore, information may be transmitted to Vimeo about when and which website the user has accessed, in which the played video is embedded. Beginning with the playback of a video from Vimeo, further data processing operations may be triggered over which we have no control.

Insofar as Vimeo videos are necessary components of an online course offered by us, which users take advantage of, the legal basis is Art. 6 (1) lit. b GDPR, as we thereby fulfill a contractual obligation.

The consent can be revoked at any time. Cookies can be deleted at any time.

A reduction of data transmission to Vimeo can be achieved by the user logging out of Vimeo before playing the videos embedded with us, provided that he is registered and logged in as a user there.

18. Social media

We use third-party services (especially social media) to maintain online presences on their platforms. We may process user data in this context to offer our own information or to communicate with users active there. Depending on the service, data may be forwarded to servers located in an insecure third country. Data may also be transmitted to third parties.

The providers of these services may process users’ personal data for market research and advertising purposes, analyze their usage behavior and create usage profiles, and place advertisements within and outside their own websites, which may be individualized according to the respective usage profile. Cookies may be stored in order to clearly identify users within and outside of the company’s own websites. In particular, if users are registered with the respective services, they can store the user’s behavior and link it to the registered profile.

Detailed information on processing and on the options for objection can be found on the respective websites of the operators of the services or in their data protection guidelines.

In the case of requests for information and the assertion of data subject rights, we would like to point out that these can be asserted most effectively with the respective service providers, as they, as the operators of the services, have access to the (stored) data of the users, while we cannot access or process user data or can do so only to a limited extent.

When visiting some of our online presences (e.g. Facebook), we are jointly responsible with the provider of the respective platform for the data processing operations triggered during this visit. Users can generally assert rights (information, correction, deletion, restriction of processing, data portability, and complaint) both against us and against the provider of the respective platform (e.g., Meta Platform). Despite the joint responsibility with these providers, we do not have full influence on the data processing operations of the respective platforms. Our options are specified by the providers in each case.

The legal basis of our online presences is legitimate interest (Art. 6 (1) lit. f GDPR). Our legitimate interest is to ensure the most comprehensive presence possible on the Internet. The analysis measures initiated and carried out by the social networks may be based on different legal bases, which are to be specified by the respective providers of the platforms (e.g., consent pursuant to Art. 6 (1) lit. a GDPR).

We delete the data collected directly by us via the online presences from our systems as soon as the user requests us to delete it, revokes his consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on the user’s terminal device until they expire or are deleted by the user. Mandatory legal provisions (e.g., retention periods) remain unaffected.

We have no influence on the duration of storage of user data that is stored by the platform providers for their own purposes. Details on this can be found in the privacy notices of the respective providers.

18.1. Shariff

We use the “Shariff” service. The service is operated exclusively on our own server or on a server of our website provider and managed by the data controller.

By using Shariff, we offer users the possibility to forward our blog posts or other components of our online offer to third parties, especially on social media.

When clicking on a button, which is marked according to the respective service, an external link to the server of the selected service is called up with parameters of the element to be shared. After the connection to the platforms of the respective providers has been established, personal data may be transferred. It may be necessary for the user to be registered and logged in to the relevant service in order to use the functionality.

As long as the buttons are not clicked, no data is transmitted to these services.

18.2. LinkedIn

We operate an online presence on the “LinkedIn” platform of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

Website: https://linkedin.com.

Privacy notice: https://www.linkedin.com/legal/privacy-policy.

Data may be forwarded to servers located in an insecure third country. Data may be forwarded to third parties. Cookies may be set.

19. Advertising

As part of our online offering, we may use services that display (personalized) advertisements of third parties within our online offering, for which we are remunerated.

Furthermore, we may advertise our own products or services, whereby these advertisements are displayed in particular outside of our online offering within the framework of third-party platforms.

Furthermore, we may cooperate with partners, whereby we receive remuneration for recommendations of products or services if we contribute significantly to the fact that users who have informed themselves about these products or services on our online offer ultimately purchase them from the respective provider (affiliate services). The procedures may include, in particular, references (links to affiliate offers, discount codes, or similar).

In order to determine whether users have taken advantage of these offers through the procedures provided by us, it is necessary for the providers to know that the users have followed such a reference within our online offer. The assignment of the referrals to the respective business transactions or other actions serves only the purpose of remuneration accounting. For this purpose, references can be supplemented with parameters, or cookies can be used. On our websites, such references are marked accordingly as affiliate services. If the user follows such a link and a contract is concluded via the link used, we receive remuneration from the provider concerned. This does not change the price for the user.

In all advertising measures, personal data may be processed by us or by the providers of the services we use. The categories and scope of this personal data depend on the respective advertising measures and the provider or cooperation partner.

The legal basis is legitimate interest (Art. 6 (1) lit. f GDPR). Our legitimate interest is the effective marketing of our products or services as well as the economic provision of our online offer. In the case of contract performance and pre-contractual inquiries, the legal basis is Art. 6 (1) p. 1 lit. b. GDPR. Insofar as consent is given, the legal basis is Art. 6 (1) lit. a GDPR.

We have no influence on the duration of storage of user data stored by the service providers for their own purposes. Details of this can be found in the privacy notices of the respective providers.

Users have the right to object, with the consequence that their personal data will no longer be processed for advertising purposes. Users can revoke their consent. Cookies can be deleted by the user.

19.1. Google Ads

To place ads in the Google advertising network, esp. on external pages (e.g. in search results, in videos or on web pages), so that they are displayed to users who have a presumed interest in the advertised services (determined by the creation of user profiles by Google), we use the “Google Ads” service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Website: https://ads.google.com/home.

Privacy notice: https://policies.google.com/privacy?hl=en.

Data processing conditions and standard contractual clauses: https://business.safety.google/adsservices and https://business.safety.google/adscontrollerterms

Data may be transferred to servers located in an insecure third country. Data may be forwarded to third parties. Cookies may be set to identify the user, or similar methods (e.g., fingerprinting) may be used. Google has joined the EU-U.S. Data Privacy Framework, which means that data transfers to the USA are also considered secure.

If a user accesses one of our websites via a Google advertisement, a Google Ads cookie is stored on the user’s terminal device. Google provides us with key figures for which ads and how many customers have clicked on these ads or purchased the advertised products or services. We do not receive any information that allows us to identify users.

Furthermore, we may use the remarketing function within Google Ads, whereby users of our website are presented with advertised services on other websites within the Google advertising network based on their interests. This interest is also determined based on interaction with our websites using cookies from Google.

Users can object to the use of Google Ads by adjusting the settings of the consent management service.

20. Reviews and surveys

In order to be able to improve our products and services and to advertise our services, we use survey and evaluation procedures. If users rate us via the rating services used or give feedback in other ways (e.g., surveys), the terms of use and data protection information of the providers of these services also apply. It may be necessary to register with the respective provider in order to be able to make a review or to participate in a survey.

In order to ensure that the evaluators have actually used our services, we transmit (further) personal data to the respective service (e.g., name, e-mail address, reference of the service used, or time of service provision) with the consent of the users, together with the actual survey or review information. This data is only used for the purpose of ensuring the authenticity of the user.

The legal basis is legitimate interest pursuant to Art. 6 (1) lit. f. GDPR. Our legitimate interest is the assessment, improvement and appealing presentation of our online offer. In case of consent, the legal basis is Art. 6 (1) lit. a. GDPR.

Survey and review data are pseudonymized immediately after collection, unless the user has consented not to be pseudonymized.

Users can revoke their consent at any time with effect for the future.

21. Member area

Within the scope of our online offer, we can offer users the possibility to register on our websites by providing personal data in order to gain access to an area restricted to registered users (member area), which may contain certain content or services (e.g., online courses). The data is entered in a registration form and transmitted to us and stored by us. The data is not passed on to third parties, except in the case of an order processor. Personal data may be collected as part of the registration process (e.g., IP address of the user’s terminal device, time of registration, name or pseudonym, e-mail address, password for access to the member area). As part of the registration process, the user’s consent to the processing of this data is obtained.

Registration of the user is necessary for the fulfillment of a contract with the user or for the implementation of pre-contractual measures. In particular, this involves services against payment, which we offer exclusively to users who have purchased the respective product or service.

The legal basis for the processing of the data is Art. 6 (1) lit. a GDPR, if the user has given his consent. If the registration serves the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) lit. b GDPR.

The storage is based on our legitimate interests according to Art. 6 (1) lit. f GDPR as well as those of the users in protection against misuse and other unauthorized use.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for data collected during the registration process for the fulfillment of a contract or for the implementation of pre-contractual measures, when the data is no longer required for the implementation of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations.

Users have the option to cancel their registration at any time. They can have the data stored about them changed at any time.

If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

In all other respects, it is the responsibility of the users to save their data prior to the end of the contract in the event of termination. We are entitled to irretrievably delete all user data stored during the term of the contract.

22. Sales service providers

We offer some of our services for a fee. For this purpose, we use providers to offer our products or services to customers on their online platforms.

In this context, the terms of use and data protection notices of the respective providers also apply. This applies in particular with regard to the execution of payment transactions and the procedures used by the providers to analyze user behavior and marketing.

The processed data includes, for example, IP address, name, address, e-mail address, telephone number, credit card number, bank details, invoices, payment history, subject of the contract, websites visited, and time of purchase of a service. Providers may share this data with us (e.g., to provide customer service on our part). Data may be forwarded to servers located in an insecure third country. Data may be forwarded to additional order processors (e.g., payment service providers).

The legal basis is contract performance and pre-contractual measures (Art. 6 (1) p. 1 lit. b. GDPR) and legitimate interests (Art. 6 (1) p. 1 lit. f. GDPR). Our legitimate interest is to provide a secure and simple distribution process.

We store the data transmitted to us by the providers as long as it is necessary for the fulfillment of the purpose (provision of the service or after-sales service). As a rule, this data or parts of it are subject to legal regulations for storage.

An objection to the use of the data stored by us is possible at any time, provided that legal regulations or justified legal defense claims are not opposed.

22.1. Stripe

We use the service provider “Stripe” from Stripe Payments Europe, Limited (SPEL), 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland.

Website: https://stripe.com.

Privacy notice: https://stripe.com/privacy.

For fee-based services, we use Stripe as a payment service provider for processing online payments. Personal data (in particular IP addresses, e-mail addresses, names, addresses, telephone numbers, and payment data – in particular credit card data, purchase history) is collected and forwarded to third parties.

Cookies may be set that are required to guarantee payment functionality.