This privacy policy explains the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) in the context of the provision of our services and within our online offering and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”). With regard to the terms used, such as “processing” or “controller,” we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Types of data processed
Inventory data (e.g., personal master data, names, or addresses).
Contact data (e.g., email, telephone numbers).
Content data (e.g., text entries, photographs, videos).
Usage data (e.g., websites visited, interest in content, access times).
Meta/communication data (e.g., device information, IP addresses).
Categories of data subjects
Visitors and users of the online offering (hereinafter, we also refer to the data subjects collectively as “users”).
Purpose of processing
Provision of the online offering, its functions, and content.
Responding to contact requests and communicating with users.
Security measures.
Reach measurement/marketing
Privacy Policy: Terms and Legal Foundations
Terminology Used
“Personal Data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, ID number, location data, online identifier (e.g., cookie), or one or more specific factors specific to that person’s physical, physiological, genetic, mental, economic, cultural, or social identity.
“Processing” means any operation or set of operations performed on personal data, whether or not by automated means. This includes practically any handling of data.
“Pseudonymization” means processing personal data in such a way that it can no longer be attributed to a specific individual without additional information, which must be stored separately and be subject to technical and organizational safeguards.
“Profiling” refers to any form of automated processing of personal data to evaluate certain personal aspects related to a natural person, especially to analyze or predict aspects like job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
“Controller” means the person or organization that determines the purposes and means of the processing of personal data.
“Processor” means the person or organization that processes personal data on behalf of the controller.
Applicable Legal Bases
Under Article 13 GDPR, we inform you of the legal basis for our data processing. For users within the EU/EEA, unless otherwise stated, the following applies:
- Consent: Art. 6(1)(a) and Art. 7 GDPR
- Contract performance and inquiries: Art. 6(1)(b) GDPR
- Legal obligations: Art. 6(1)(c) GDPR
- Vital interests: Art. 6(1)(d) GDPR
- Public task: Art. 6(1)(e) GDPR
- Legitimate interests: Art. 6(1)(f) GDPR
- Other purposes (Art. 6(4) GDPR) and special categories (Art. 9 GDPR) apply where relevant
Security Measures
We implement technical and organizational measures to ensure an appropriate level of protection based on the risk. This includes access control, data availability, separation of data, and procedures for exercising data subject rights, deletion, and incident response. We follow the principles of privacy by design and default.
Cooperation with Processors, Joint Controllers, and Third Parties
We only share data with others if legally permitted, required for contract performance, based on consent, legal obligations, or legitimate interests (e.g., web hosting). Internal sharing within our corporate group is done for administrative reasons and based on valid legal grounds.
Data Transfers to Third Countries
If we process data outside the EU/EEA or Switzerland, this is only done based on your consent, legal obligations, or our legitimate interests, and only where adequate safeguards (e.g., adequacy decisions or standard contractual clauses) are in place.
Rights of Data Subjects
- Right to confirmation and access
- Right to rectification or completion
- Right to erasure or restriction
- Right to data portability
- Right to lodge a complaint with a supervisory authority
Right of Withdrawal
You have the right to revoke your consent at any time with future effect.
Right to Object
You may object to the future processing of your data at any time, especially for direct marketing purposes.
Cookies and Objection to Direct Marketing
Cookies are small files stored on users’ devices. We may use session (temporary) or persistent cookies, as well as first- or third-party cookies. You can disable cookies in your browser settings. Doing so may limit functionality.
You can opt out of many tracking cookies via:
Deletion of Data
Data is deleted in accordance with legal requirements when it is no longer needed. If deletion is not possible due to legal obligations, processing will be restricted (i.e., data will be blocked and not used for other purposes).
Changes and Updates to This Privacy Policy
Please check this privacy policy regularly. We will update it as necessary and inform you if your consent or individual notice is required.
Business-Related Data Processing
Contractual and Payment Data
We also process:
- Contract data (e.g., subject matter, duration, customer category)
- Payment data (e.g., bank details, payment history)
This applies to customers, prospects, and business partners for the purposes of providing contractual services, service and customer care, marketing, advertising, and market research.
Order Processing in the Online Shop and Customer Accounts
We process customer data in our online shop to allow product selection, ordering, payment, delivery, and fulfillment.
The data includes user profiles, communication data, contract data, and payment data. Affected persons include customers, prospects, and other business partners. Session cookies store cart contents, while persistent cookies store login status.
Processing is necessary for the fulfillment of our services and contractual obligations and, where required, for legal archiving (e.g., commercial and tax law). Required fields are essential for contract fulfillment. Data may be shared with third parties only for delivery, payment, legal obligations, or based on legitimate interests (e.g., with legal/tax advisors, banks, shipping services, or authorities).
Users can create optional user accounts to view their orders. During registration, required data is communicated. Accounts are private and not indexed by search engines. Upon account deletion, data is deleted unless retention is required for legal reasons. Data may be archived due to legal obligations or legitimate interests (e.g., legal disputes). Users must back up their data before cancellation.
During registration or login, we store the IP address and timestamp of user activity to prevent abuse. This data is not shared unless legally required or to assert legal claims.
Data is deleted after expiration of warranty or other contractual rights. Retention necessity is reviewed every three years. If required by law (e.g., for archiving), data is deleted after those periods.
Agency Services
We process client data in the course of our contractual services. These include strategic consulting, campaign planning, software/design development and maintenance, campaign implementation, server administration, analytics, and training services.
We process the following types of data:
- Master data (e.g., name, address)
- Contact data (e.g., email, phone)
- Content data (e.g., text, images, videos)
- Contract data (e.g., project scope, duration)
- Payment data (e.g., bank details, history)
- Usage and metadata (e.g., analytics)
We do not usually process special categories of personal data unless part of the assignment. Affected persons include clients, prospects, their customers or employees, and third parties. The purpose is contract fulfillment, billing, and customer support. Legal bases are Art. 6(1)(b) GDPR (contract), and Art. 6(1)(f) GDPR (analytics, optimization, security).
We disclose data only when necessary for the contract. For data provided as part of assignments, we act strictly under client instructions per Art. 28 GDPR and do not use the data for any other purpose.
Data is deleted after legal warranty and similar obligations expire. Retention is reviewed every three years. Legal retention: 6 years (§257 HGB), 10 years (§147 AO). Data disclosed under a contract is deleted after the contract ends.
Therapeutic Services and Coaching
We process data from clients, prospects, and other parties (“clients”) under Art. 6(1)(b) GDPR for fulfilling our (pre-)contractual services. Type, scope, and necessity of data depend on the specific agreement. We process:
- Master data (e.g., name, address)
- Contact data (e.g., email, phone)
- Contract data (e.g., services used, fees, contacts)
- Payment data (e.g., bank details, payment history)
We may also process special categories of data per Art. 9(1) GDPR, such as health data, sexual orientation, ethnic origin, or religious beliefs — based on explicit consent (Art. 6(1)(a), Art. 7, Art. 9(2)(a) GDPR) or for healthcare purposes (Art. 9(2)(h) GDPR, §22 BDSG).
Data may be disclosed if contractually or legally required, or in our or the client’s legitimate interest for efficient service provision (Art. 6(1)(b/c/f) GDPR), or to protect vital interests (Art. 6(1)(d) GDPR), or with consent (Art. 6(1)(a), Art. 7 GDPR). This includes communications with professionals, billing services, or involved third parties.
Data is deleted when no longer necessary for contractual, care, or legal obligations. Retention need is reviewed every three years. Legal archiving requirements apply otherwise.
Contractual Services
Processing of Contractual Data
We process data of our contractual partners, prospects, clients, customers, and other parties (“contractual partners”) under Art. 6(1)(b) GDPR to fulfill our contractual or pre-contractual obligations. The type, scope, purpose, and necessity of processing are based on the contractual relationship.
The processed data includes master data (e.g., names, addresses), contact details (e.g., emails, phone numbers), contract data (e.g., services used, contract content, communication, contact persons), and payment data (e.g., bank details, transaction history).
We do not process special categories of personal data unless part of the agreed processing.
We process only data necessary for contract fulfillment and inform users where required. Data is disclosed to third parties only when necessary for the contract. Data handed over under contract is processed strictly per client instructions and legal requirements.
We may store users’ IP addresses and timestamps when using our online services to prevent misuse and for legal protection (Art. 6(1)(f) GDPR). Disclosure only occurs if legally required (Art. 6(1)(c) GDPR) or to pursue claims (Art. 6(1)(f) GDPR).
Data is deleted once no longer needed for contractual/legal obligations. Retention is reviewed every 3 years unless otherwise required by law.
External Payment Providers
We use external payment providers through whose platforms users and we can conduct transactions. Providers include:
Usage is based on Art. 6(1)(b) GDPR for contract fulfillment and Art. 6(1)(f) GDPR for secure and efficient payment.
Processed data may include names, addresses, bank data, passwords, TANs, checksums, and transaction-related details. We don’t receive account/card numbers — only confirmation or decline of payment. Payment providers may conduct identity or credit checks. Their privacy policies apply.
For transactions, the respective terms and privacy policies of the payment providers apply. We refer to them for further information and rights.
Administration, Accounting, Office Organization, Contact Management
We process data for administration, finance, office organization, and legal compliance (e.g., archiving). This includes the same data used for contract fulfillment.
Legal basis: Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. Affected parties: customers, prospects, business partners, and website visitors. The purpose is to maintain business operations, fulfill obligations, and provide services.
Data may be disclosed to tax authorities, advisors (e.g., accountants, auditors), and payment providers.
We also store contact information of suppliers, event organizers, and business partners for future communication. This mostly company-related data is stored indefinitely.
Business Analysis and Market Research
We analyze data (e.g., transactions, contracts, inquiries) to manage our business, understand market trends, and user preferences. This includes master data, communication data, contract data, payment data, usage data, and metadata (Art. 6(1)(f) GDPR).
Affected parties include contractual partners, prospects, customers, and users. These evaluations serve internal use (marketing, business optimization, UX). No personal data is shared externally unless aggregated or anonymized.
Personal profiles are deleted or anonymized upon account termination, or after two years. General business data and trend analytics are anonymized where possible.
Participation in Affiliate Programs
We use industry-standard tracking technologies for affiliate programs based on Art. 6(1)(f) GDPR (business interests in analysis and optimization).
Affiliate links may be embedded in other websites. If users click such links and convert (e.g., make a purchase), the website owner earns a commission.
Tracking involves values stored in links or cookies, such as referrer URLs, timestamps, campaign IDs, user IDs, and advertiser IDs. These help determine whether a user followed a link and converted.
User IDs are pseudonymous — they don’t directly identify the user (e.g., no names or emails), but can be combined with other data by us or the partner to confirm conversions and enable rewards.
Affiliate Programs and Data Privacy
Amazon Affiliate Program
We participate in the Amazon EU affiliate program based on our legitimate interests (economic operation of our online offering, Art. 6(1)(f) GDPR). This program is designed to provide a medium for websites to earn advertising fees through links to Amazon.de. We earn commission on qualified purchases.
Amazon uses cookies to trace the origin of orders. Amazon can detect that you clicked a partner link on our website and later purchased a product on Amazon.
For more details, see Amazon’s privacy policy: Amazon Privacy Policy.
Note: Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.
Digistore24 Affiliate Program
We participate in the Digistore24 affiliate program based on our legitimate interests (Art. 6(1)(f) GDPR). This system allows us to earn advertising commissions through links to Digistore24. Cookies are used to track transactions.
Digistore24 can detect that you clicked a partner link on our site and concluded a transaction on or via Digistore24.
Details: Digistore24 Privacy Policy.
Applicant Data Protection
Applicant data is processed in compliance with legal requirements. This includes (pre-)contractual obligations (Art. 6(1)(b) GDPR), and where necessary, for legal defense (Art. 6(1)(f) GDPR). In Germany, §26 BDSG also applies.
Required applicant data includes personal info, contact details, and application documents. Additional data may be provided voluntarily. By submitting an application, applicants consent to processing under the terms described here.
If special categories of data (Art. 9(1) GDPR) are voluntarily provided (e.g., disability, ethnicity), processing is based on Art. 9(2)(b) GDPR. If specifically requested, processing is based on Art. 9(2)(a) GDPR.
Applications can be submitted via secure online forms or email (note: email is unencrypted unless the applicant ensures encryption). Alternatively, postal applications are accepted.
If an application is successful, data may be used in the employment context. Otherwise, data is deleted after six months unless retention is required. Reimbursement invoices are archived as required by tax law.
User Registration
Users can register for an account. Required information is communicated during signup and processed under Art. 6(1)(b) GDPR. This includes name, password, and email address.
Users may receive email notifications about important changes. On account termination, user data is deleted unless legally required to retain it. Users should back up their data before cancellation.
IP address and timestamps are stored to prevent misuse (Art. 6(1)(f) GDPR). These are anonymized or deleted within 7 days unless legally required.
Contact
When contacting us (e.g., via form, email, phone, or social media), your data is processed to respond to your inquiry per Art. 6(1)(b) or (f) GDPR. Data may be stored in a CRM system.
Inquiries are deleted when no longer necessary. We check every two years. Legal archiving duties apply.
Newsletter
We inform you about our newsletter contents, subscription process, tracking, and opt-out rights. By subscribing, you agree to these terms.
Newsletters are sent only with consent or legal permission and may include service updates or promotions. Subscription uses a double-opt-in process with logging (IP, time).
Required data: email (optional: name for personalization).
Legal basis: Art. 6(1)(a), Art. 7 GDPR, §7(2)(3) UWG; or Art. 6(1)(f) GDPR, §7(3) UWG if no consent required. Logging is based on Art. 6(1)(f) GDPR for compliance purposes.
You can unsubscribe anytime via the link in each newsletter. We may retain unsubscribed emails for up to 3 years for legal proof unless deletion is requested.
Newsletter Service Provider
Newsletters are sent using [NAME, ADDRESS, COUNTRY]. Privacy policy: [LINK]. The provider acts under Art. 28(3) sentence 1 GDPR.
They may use pseudonymized data to optimize delivery, not for third-party use or direct contact.
Newsletter Tracking
Newsletters include a web beacon (1px image) that tracks opens, IPs, browser/system info, and interaction times. This data helps improve technical services and personalize content.
Tracking is linked to individuals for technical reasons, but is not used to personally monitor them. Separate opt-out is not possible — you must unsubscribe fully.
Hosting and Email Services
Our hosting services include infrastructure, storage, databases, email, security, and technical maintenance. These are provided under Art. 6(1)(f) GDPR in connection with Art. 28 GDPR.
Data processed includes personal, contact, contract, usage, and metadata from users, customers, and prospects.
Access Data and Log Files
We (or our host) collect data on every server access based on our legitimate interests (Art. 6(1)(f) GDPR). This includes page name, file, date/time, data volume, success message, browser, OS, referrer URL, IP address, and provider.
Log files are kept for a maximum of 7 days for security (e.g., abuse detection) and then deleted. Data required for evidence is excluded until the issue is resolved.
Google Analytics
Based on our legitimate interests (i.e., interest in analysis, optimization, and economic operation of our online offering in accordance with Art. 6 para. 1 lit. f GDPR), we use Google Analytics, a web analytics service provided by Google LLC (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offering is generally transmitted to a Google server in the USA and stored there.
Google is certified under the Privacy Shield agreement and thus guarantees compliance with European data protection law (link).
Google will use this information on our behalf to evaluate the use of our online offering, compile reports on the activities within our online offering, and provide us with further services related to the use of this online offering and internet usage. Pseudonymous usage profiles of users may be created from the processed data.
We use Google Analytics with IP anonymization enabled. This means that the IP address of users within the European Union or other parties to the Agreement on the European Economic Area is shortened. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user’s browser will not be merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly. You can also prevent Google from collecting and processing the data generated by the cookie related to your use of the website by downloading and installing the browser plugin available at: http://tools.google.com/dlpage/gaoptout?hl=en.
For more information on Google’s use of data, settings, and opt-out options, visit the Google Privacy Policy (link) and Ad Settings (link).
User data is deleted or anonymized after 14 months.
Google AdSense with Personalized Ads
We use Google AdSense (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) based on our legitimate interests. Google is certified under the Privacy Shield agreement (link).
Through AdSense, ads are displayed on our website, and we receive compensation for their display or interaction. For this purpose, usage data such as IP addresses and ad clicks are processed. IP addresses are anonymized by truncating the last two digits.
We use AdSense with personalized ads. Google uses data from websites visited and apps used to create user profiles and tailor ads to user interests. This includes previous search queries, activity, demographics, location data, and more.
For detailed information, refer to Google’s advertising policy: https://policies.google.com/technologies/ads and Ad Settings.
Facebook Pixel, Custom Audiences & Conversions
We use the Facebook Pixel from Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or for EU residents, Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. This is based on our legitimate interests in analyzing, optimizing, and economically operating our online presence.
Facebook is certified under the Privacy Shield Agreement (link).
The Facebook Pixel allows Facebook to determine visitors of our website as a target group for ads. This enables us to show Facebook Ads to users likely interested in our content (Custom Audiences). We can also measure the effectiveness of Facebook Ads for statistical and market research purposes (Conversions).
Data processing is subject to Facebook’s data policy: https://www.facebook.com/policy. For details on the pixel, visit: Facebook Help.
You can opt-out of Facebook Pixel tracking and personalized ads by adjusting ad settings on Facebook: Facebook Ad Preferences.
You can also disable cookies used for measurement and advertising purposes via the Network Advertising Initiative (link), About Ads (US), or Your Online Choices (EU).