DATA PRIVACY POLICY

Your Data, Your Rules. Our Promise.

Our data privacy policy outlines how we collect, use, and protect the personal information of our clients and individuals engaging with us.

We collect, use, and protect your info like a vault—because data privacy and security matters. ⬇️

DATA PRIVACY POLICY

Your Data, Your Rules. Our Promise.

We collect, use, and protect your info like a vault—because data privacy and security matters. ⬇️

refund returns allgemeine geschäftsbedingungen Company Details Disclaimer Impressum Melanie Wild-Schleiffelder Katrin Caldewei Team Company data privacy datenschutzerklärung
Lead magnet and upsell ideas Contact Decorative Diamond Graphic Client Testimonials Kunden Referenzen about us

Data Privacy Policy

Preamble

With the following privacy policy, we aim to inform you about the types of your personal data (referred to here as "data") that we process, the purposes for which we process it, and the scope of our processing activities. This privacy policy applies to all personal data processing activities carried out by us, both within the context of providing our services and, in particular, on our websites, mobile applications, and within external online presences such as our social media profiles (collectively referred to as the "Online Offer").

The terms used are not gender-specific.

As of: October 28, 2024

Table of Contents

Controller

iMellan GmbH
Melanie Wild-Schleiffelder
St. Sebastian 17
84405 Dorfen

Email address: connect@imellan.com

Imprint: www.mynuways.com/company-details/

Overview of Processing Activities

The following overview summarizes the types of data processed, the purposes of processing, and the categories of individuals concerned.

Types of Data Processed

  • Inventory data
  • Payment data
  • Location data
  • Contact data
  • Content data
  • Contract data
  • Usage data
  • Meta-, communication-, and procedural data
  • Image and/or video recordings
  • Audio recordings
  • Contact information (Facebook)
  • Event data (Facebook)
  • Log data
  • Creditworthiness data

Categories of Individuals Concerned

  • Service recipients and contractors
  • Employees
  • Interested parties
  • Communication partners
  • Users
  • Competition and contest participants
  • Members
  • Business and contractual partners
  • Education and course participants
  • Participants
  • Pictured individuals
  • Third parties
  • Customers

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations
  • Communication
  • Security measures
  • Direct marketing
  • Reach measurement
  • Tracking
  • Office and organizational procedures
  • Remarketing
  • Conversion measurement
  • Audience formation
  • Affiliate tracking
  • A/B testing
  • Organizational and administrative procedures
  • Execution of competitions and contests
  • Content Delivery Network (CDN)
  • Feedback
  • Heatmaps
  • Surveys and questionnaires
  • Marketing
  • Profile creation with user-related information
  • Provision of our online offer and user-friendliness
  • Assessment of creditworthiness and credit standing
  • Information technology infrastructure
  • Financial and payment management
  • Public relations
  • Sales promotion
  • Business processes and economic procedures

Relevant Legal Bases

Relevant Legal Bases under the GDPR: The following provides an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection requirements in your or our country of residence or domicile may apply. Should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR) - The data subject has given their consent to the processing of their personal data for one or more specific purposes.
  • Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that the interests or fundamental rights and freedoms of the data subject that require protection of personal data do not override these interests.

National Data Protection Regulations in Germany: In addition to the GDPR data protection regulations, national data protection regulations in Germany apply. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG). The BDSG includes specific provisions on the right to access, the right to deletion, the right to object, the processing of special categories of personal data, the processing for other purposes, and transmission as well as automated decision-making in individual cases, including profiling. Additionally, state data protection laws of individual federal states may apply.

Relevant Legal Bases under the Swiss Data Protection Act: If you are located in Switzerland, we process your data on the basis of the Federal Act on Data Protection (Swiss Data Protection Act, hereinafter "Swiss DPA"). Unlike the GDPR, the Swiss DPA generally does not require a legal basis to be named for data processing, and the processing of personal data is carried out in good faith, lawfully, and proportionally (Art. 6 Para. 1 and 2 of the Swiss DPA). Furthermore, we only collect personal data for a specific, identifiable purpose and process it only in a manner compatible with that purpose (Art. 6 Para. 3 of the Swiss DPA).

Note on the Applicability of the GDPR and Swiss DPA: These data protection notices serve to provide information under both the Swiss DPA and the GDPR. For clarity and broader territorial applicability, we use the terminology of the GDPR. Therefore, instead of terms used in the Swiss DPA, such as "data processing," "overriding interest," and "particularly sensitive personal data," we use GDPR terms such as "processing of personal data," "legitimate interest," and "special categories of data." However, the legal meaning of the terms remains determined by the Swiss DPA where applicable.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the different likelihoods and severity of risks to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access to, input, transfer, ensuring availability, and separation of the data. Furthermore, we have procedures in place to ensure the exercise of data subjects’ rights, the deletion of data, and responses to data compromise risks. We also consider the protection of personal data during the development or selection of hardware, software, and processes based on the principle of data protection through technology design and data protection-friendly default settings.

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect the data transmitted by users via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission over the internet. These technologies encrypt the information transferred between the website or app and the user's browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. A website secured by an SSL/TLS certificate is indicated by HTTPS in the URL, which signals to users that their data is being transmitted securely and in encrypted form.

Transfer of Personal Data

As part of our processing of personal data, it may happen that such data is transmitted to other entities, companies, legally independent organizational units, or individuals, or disclosed to them. The recipients of this data may include service providers tasked with IT duties or providers of services and content that are integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude contracts or agreements with the recipients of your data to ensure its protection.

International Data Transfers

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)), or if data processing occurs in the context of the use of services provided by third parties, or the disclosure or transmission of data to other persons, entities, or companies takes place, this will only occur in compliance with legal requirements. If the level of data protection in the third country has been recognized by an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers take place only if the data protection level is otherwise safeguarded, specifically through standard contractual clauses (Art. 46 Para. 2 lit. c GDPR), explicit consent, or in cases of contractual or legally required transfer (Art. 49 Para. 1 GDPR). In other cases, we inform you about the basis of the third-country transfer for each provider from the third country, with priority given to adequacy decisions. Information on third-country transfers and existing adequacy decisions can be found on the EU Commission's website: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de. As part of the "Data Privacy Framework" (DPF), the EU Commission also recognized the data protection level of certain companies from the USA as secure in its adequacy decision of 10.07.2023. The list of certified companies and further information on the DPF can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/. We inform you within the scope of our privacy notices which of our service providers are certified under the Data Privacy Framework.

Disclosure of Personal Data Abroad: According to the Swiss DPA, we only disclose personal data abroad if adequate protection for the data subjects is guaranteed (Art. 16 Swiss DPA). If the Federal Council has not determined adequate protection (list: https://www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung-staaten.html), we take alternative security measures. These may include international treaties, specific guarantees, data protection clauses in contracts, standard data protection clauses approved by the Federal Data Protection and Information Commissioner (FDPIC) or binding corporate rules recognized in advance by the FDPIC or another competent data protection authority of another country. According to Art. 16 of the Swiss DPA, exceptions for data disclosure abroad may be granted if certain conditions are met, including the consent of the data subject, contract processing, public interest, protection of life or physical integrity, publicly available data, or data from a legally specified register. These disclosures are always made in compliance with legal requirements. Within the framework of the "Data Privacy Framework" (DPF), Switzerland has also recognized the data protection level of certain companies from the USA as secure in its adequacy decision of 07.06.2024. The list of certified companies and further information on the DPF can be found on the U.S. Department of Commerce's website at https://www.dataprivacyframework.gov/. We inform you within our privacy notices which of our service providers are certified under the Data Privacy Framework.

General Information on Data Storage and Deletion

We delete personal data processed by us in accordance with the legal requirements as soon as the consents underlying the processing are revoked, or other legal bases for processing cease to apply (e.g., if the purpose of processing ceases, or the data is no longer needed). Exceptions to this rule exist if statutory obligations or other interests require longer storage or archiving of the data.

Data that must be retained for commercial or tax law reasons or whose storage is necessary for legal prosecution or the protection of the rights of other natural or legal persons must be archived accordingly.

Our privacy notices include additional information on the retention and deletion of data specifically applicable to certain processing activities.

If multiple retention or deletion periods are indicated for certain data, the longest period shall always apply.

If a period does not expressly start on a specific date and is at least one year, it will automatically start at the end of the calendar year in which the triggering event occurred. For ongoing contractual relationships where data is stored, the triggering event is the effective date of termination or other end of the legal relationship.

Data that is retained for legal reasons or other justifiable reasons, rather than for the original intended purpose, will only be processed for the purposes that justify its retention.

Additional Information on Processing Procedures, Methods, and Services:

  • Data Retention and Deletion: The following general periods apply for retention and archiving under German law:
    • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, and all documents necessary for their understanding, such as work instructions and other organizational documents, booking records, and invoices (§ 147 Para. 3 in conjunction with Para. 1 Nos. 1, 4, and 4a of the German Fiscal Code (AO), § 14b Para. 1 VAT Act, § 257 Para. 1 Nos. 1 and 4, Para. 4 HGB).
    • 6 years – Other business records: received business letters, copies of sent business letters, other documents of significance for taxation, such as time sheets, operational costing sheets, calculation documents, price listings, as well as payroll records, provided they are not already booking records and cash receipts (§ 147 Para. 3 in conjunction with Para. 1 Nos. 2, 3, 5 AO, § 257 Para. 1 Nos. 2 and 3, Para. 4 HGB).
    • 3 years – Data required to account for potential warranty and damage claims or similar contractual claims and rights, including inquiries related to these, stored for the duration of the standard statutory limitation period of three years (§§ 195, 199 BGB).
  • Data Retention and Deletion: The following general periods apply for retention and archiving under Swiss law:
    • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, booking records, invoices, and all necessary work instructions and other organizational documents (Art. 958f of the Swiss Code of Obligations (OR)).
    • 10 years – Data necessary for considering potential claims for damages or similar contractual claims and rights, as well as for processing related inquiries, based on past business experiences and standard industry practices, stored for the statutory limitation period of ten years, unless a shorter period of five years applies, which is applicable in certain cases (Art. 127, 130 OR). After five years, claims for rent, lease, and interest as well as other periodic services, for the delivery of food, for catering, and for inn debts, as well as for handicraft work, small goods sales, medical care, professional services by lawyers, legal agents, proxies, and notaries, and for employment relationships with employees expire (Art. 128 OR).

Rights of Data Subjects

Rights of Data Subjects under the GDPR: As a data subject, you have various rights under the GDPR, primarily from Art. 15 to 21 GDPR:

  • Right to Object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data, which is based on Art. 6 Para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw consent you have given at any time.
  • Right of Access: You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data as well as further details and a copy of the data in accordance with the legal requirements.
  • Right to Rectification: You have the right to request the completion of data concerning you or the correction of inaccurate data concerning you, in accordance with the legal requirements.
  • Right to Erasure and Restriction of Processing: You have the right to request that data concerning you be erased immediately, or alternatively to request a restriction of the processing of the data, in accordance with legal requirements.
  • Right to Data Portability: You have the right to receive data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, or to request the transmission of this data to another controller, as provided by law.
  • Right to Lodge a Complaint with a Supervisory Authority: You have the right, in accordance with the legal requirements and without prejudice to any other administrative or judicial remedy, to lodge a complaint with a data protection supervisory authority, in particular in the member state of your habitual residence, your place of work, or the location of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.

Rights of Data Subjects under the Swiss DPA:

As a data subject, you have the following rights under the Swiss DPA:

  • Right of Access: You have the right to request confirmation of whether personal data concerning you is being processed and to receive the information necessary to exercise your rights under this law and to ensure transparent data processing.
  • Right to Data Provision or Transmission: You have the right to request the provision of your personal data that you have disclosed to us in a commonly used electronic format.
  • Right to Rectification: You have the right to request the correction of inaccurate personal data concerning you.
  • Right to Object, Erasure, and Destruction: You have the right to object to the processing of your data and to request the erasure or destruction of personal data concerning you.

We appreciate your interest in our website and thank you for visiting our website.

We place great importance on handling your personal data (also referred to here as "data") securely. Therefore, we would like to inform you in detail about the use of your data.

Your personal data is treated by us in accordance with the applicable legal data protection provisions and this privacy policy.

Business Services

We process data of our contractual and business partners, such as customers and interested parties (collectively referred to as “contractual partners”), within the framework of contractual and comparable legal relationships as well as associated measures and for communication with the contractual partners (or pre-contractually), such as to respond to inquiries.

We use this data to fulfill our contractual obligations, including providing agreed-upon services, meeting update requirements, and remedying any warranty and other service issues. Furthermore, we use the data to protect our rights and for the administrative tasks associated with these obligations and organizational tasks within our company. Additionally, we process the data based on our legitimate interests in proper and economically efficient business management as well as in security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information, and rights (e.g., involving telecommunications, transport, and other support services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). In accordance with applicable law, we only share contractual partners’ data with third parties as necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed of other forms of processing, such as for marketing purposes, within the context of this privacy policy.

The data necessary for these purposes is disclosed to the contractual partners before or during data collection, such as in online forms, by special labeling (e.g., colors) or symbols (e.g., asterisks), or communicated directly.

We delete the data after the expiration of statutory warranty and similar obligations, i.e., generally after four years, unless the data is stored in a customer account, e.g., as long as it must be retained for statutory archival reasons (typically ten years for tax purposes). Data disclosed to us by the contractual partner within the scope of an order is deleted according to the specifications and generally upon completion of the order.

  • Types of Data Processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses or telephone numbers); contract data (e.g., subject of the contract, duration, customer category); usage data (e.g., page views and duration, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions); meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Individuals Concerned: Service recipients and contractors; interested parties; business and contractual partners; education and course participants.
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; security measures; communication; office and organizational procedures; organizational and administrative procedures; business processes and economic procedures.
  • Data Retention and Deletion: Deletion as specified in the section "General Information on Data Storage and Deletion".
  • Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR); legal obligation (Art. 6 Para. 1 S. 1 lit. c GDPR); legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • Online Shop, Order Forms, E-Commerce, and Delivery: We process our customers’ data to enable them to select, purchase, or order the chosen products, goods, and associated services, as well as their payment and delivery. Where necessary to fulfill an order, we use service providers, particularly post, freight, and shipping companies, to deliver or perform services for our customers. We use banks and payment service providers to process payment transactions. Required details are marked accordingly in the course of the order or similar purchase process and include information necessary for delivery or provision and invoicing as well as contact details for possible inquiries; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR).
  • Education and Training Services: We process the data of participants in our educational and training programs (referred to as “trainees”) to provide our training services to them. The data processed, as well as the type, scope, purpose, and necessity of its processing, depend on the underlying contractual and training relationship. The forms of processing include performance assessment and evaluation of our services as well as those of instructors. In the course of our activities, we may also process special categories of data, particularly health information about the trainees and data revealing ethnic origin, political opinions, religious or philosophical beliefs, for which we obtain explicit consent if necessary and otherwise only process where required for the provision of training services, health care, social protection, or the protection of the trainees’ vital interests; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR).
  • Coaching: We process the data of our clients, as well as potential clients and other principals or contractual partners (collectively referred to as "clients"), to provide our services to them. Procedures within and for the purposes of coaching include contacting and communicating with clients, needs analysis to determine appropriate coaching measures, planning and conducting coaching sessions, documenting coaching progress, recording and managing client-specific information and data, scheduling and organizing appointments, providing coaching materials and resources, billing and payment management, follow-up and review of coaching sessions, quality assurance, and feedback processes.
    The data processed, as well as the type, scope, purpose, and necessity of its processing, depend on the underlying contractual and client relationship.
    If it is necessary for our contractual fulfillment, for the protection of vital interests, or legally required, or if client consent has been obtained, we disclose or transmit clients' data in compliance with professional legal requirements to third parties or contractors, such as authorities, billing offices, as well as IT, office, or comparable services; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR).
  • Consulting: We process the data of our clients, as well as potential clients and other principals or contractual partners (collectively referred to as "clients"), to provide our services to them. Procedures within and for the purposes of consulting include contacting and communicating with clients, conducting needs and requirements analyses, planning and implementing consulting projects, documenting project progress and results, recording and managing client-specific information and data, scheduling and organizing appointments, providing consulting resources and materials, billing and payment management, post-project review and follow-up, quality assurance, and feedback processes. The data processed, as well as the type, scope, purpose, and necessity of its processing, depend on the underlying contractual and client relationship.

    If it is necessary for our contractual fulfillment, for the protection of vital interests, or legally required, or if client consent has been obtained, we disclose or transmit clients' data in compliance with professional legal requirements to third parties or contractors, such as authorities, subcontractors, or in IT, office, or comparable services; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR).
  • IT Services: We process the data of our customers and principals to enable them to plan, implement, and support IT solutions and related services. Required information is indicated as such during the order, project, or similar contract process and includes information necessary for providing services and billing, as well as contact details for inquiries. If we gain access to information about end customers, employees, or other persons, we process this information in compliance with legal and contractual requirements.
    Processing procedures include project management and documentation, covering all phases from initial requirements analysis to project completion. This includes creating and managing project schedules, budgets, and resource allocations. Data processing also supports change management, in which changes in project workflow are documented and tracked to ensure compliance and transparency.

    Another process is customer relationship management (CRM), which includes recording and analyzing customer interactions and feedback to improve service quality and efficiently address individual customer needs. Additionally, the processing involves technical support and troubleshooting, which includes recording and handling support requests, error resolution, and routine maintenance.

    Furthermore, reporting and performance analysis are conducted, capturing and evaluating performance metrics to assess and continuously optimize the effectiveness of the IT solutions provided. All of these processes are aimed at ensuring high customer satisfaction and compliance with all relevant requirements; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR), legal obligation (Art. 6 Para. 1 S. 1 lit. c GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).
  • Online Courses and Online Training: We process the data of participants in our online courses and online training (collectively referred to as “participants”) to provide our course and training services to them. The data processed, as well as the type, scope, purpose, and necessity of its processing, depend on the underlying contractual relationship. Data generally includes information on courses and services used, and, where part of our service offering, personal goals and results of participants. Forms of processing also include performance evaluation and evaluation of our services and those of the course and training leaders. Additionally, depending on the structure of the respective courses or learning content, further processing procedures may be implemented, such as attendance tracking to document participation, progress monitoring to measure and analyze learning progress by collecting exam and test results, as well as interaction analysis within learning platforms, such as forum posts and assignment submissions; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR).
  • Business Consulting: We process the data of our clients, customers, as well as potential clients and other principals or contractual partners (collectively referred to as “customers”), to provide them with our contractual or pre-contractual services, particularly consulting services. The data processed, as well as the type, scope, purpose, and necessity of its processing, depend on the underlying contractual and business relationship.

    If it is necessary for our contractual fulfillment or legally required, or if customer consent has been obtained, we disclose or transmit customers' data in compliance with professional legal requirements to third parties or contractors, such as authorities, courts, or in IT, office, or comparable services; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR).

Business Processes and Procedures

Personal data of service recipients and principals—such as customers, clients, or, in special cases, clients, patients, business partners, and other third parties—is processed within the context of contractual and comparable legal relationships and pre-contractual measures, such as establishing business relationships. This data processing supports and facilitates business operations in areas such as customer management, sales, payment transactions, accounting, and project management.

The collected data serves to fulfill contractual obligations and to ensure efficient business processes. This includes handling business transactions, managing customer relationships, optimizing sales strategies, and ensuring internal accounting and financial processes. Additionally, the data helps safeguard the controller's rights and supports administrative tasks and company organization.

Personal data may be shared with third parties if necessary to fulfill the mentioned purposes or to comply with legal obligations. Data is deleted upon expiration of statutory retention periods or when the purpose of processing ceases. This includes data that must be retained for longer due to tax and legal record-keeping requirements.

  • Types of Data Processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses or phone numbers); content data (e.g., textual or image-based messages and posts, as well as information related to them, such as authorship details or creation timestamp); contract data (e.g., contract subject, duration, customer category); usage data (e.g., page views and duration, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions); meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons); log data (e.g., log files regarding logins or data retrieval or access times); creditworthiness data (e.g., credit score, estimated probability of default, risk classification based on it, historical payment behavior).
  • Individuals Concerned: Service recipients and principals; interested parties; communication partners; business and contractual partners; customers; third parties. Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; office and organizational procedures; business processes and economic procedures; security measures; provision of our online offer and user-friendliness; communication; marketing; sales promotion; public relations; assessment of creditworthiness. Financial and payment management.
  • Data Retention and Deletion: Deletion as specified in the section "General Information on Data Storage and Deletion".
  • Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR); legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR); legal obligation (Art. 6 Para. 1 S. 1 lit. c GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • Customer Management and Customer Relationship Management (CRM): Procedures required in customer management and Customer Relationship Management (CRM) (e.g., customer acquisition while observing data protection guidelines, measures to promote customer retention and loyalty, effective customer communication, complaint management and customer service considering data protection, data management and analysis to support the customer relationship, CRM system management, secure account management, customer segmentation, and target audience creation); Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).
  • Contact Management and Contact Maintenance: Procedures necessary for organizing, maintaining, and securing contact information (e.g., setting up and maintaining a central contact database, regularly updating contact information, monitoring data integrity, implementing data protection measures, ensuring access controls, performing backups and restoring contact data, training employees in the effective use of contact management software, regularly reviewing communication history, and adjusting contact strategies); Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).
  • Customer Account: Customers can create an account within our online offering (e.g., customer or user account, hereafter “customer account”). If the registration of a customer account is required, customers are informed of this as well as the information required for registration. Customer accounts are not public and cannot be indexed by search engines. During registration, subsequent logins, and use of the customer account, we store the customers' IP addresses along with access timestamps to be able to verify the registration and prevent potential misuse of the customer account. If the customer account is canceled, the data of the customer account will be deleted after the cancellation date, unless it must be retained for other purposes than account provision or for legal reasons (e.g., internal storage of customer data, order transactions, or invoices). It is the customers' responsibility to secure their data upon account cancellation; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).
  • Wishlist/Favorites List: Customers can create a product/favorites list. In this case, the products are stored within the framework of fulfilling our contractual obligations until the account is deleted, unless the product list entries are removed by the customer or we notify the customer of different retention periods; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR).
  • Customer Loyalty Program/Customer Card: In the context of the customer loyalty program, the controller processes the data of participating customers for the purpose of providing the services offered within this program. For this purpose, the controller stores the information provided by customers, as necessary and indicated, in a customer profile. This profile also includes information about the use of the customer loyalty program and the utilization of related services and benefits. These details are shared with third parties (e.g., service providers) only when necessary for the mentioned purposes. Customer profiles are deleted upon termination of participation in the program. Archiving of the respective data is only conducted as required for statutory retention or to fulfill statutory (up to eleven years for tax inquiries from the end of the year of origin) or contractual claims (up to three years from the end of the year of termination). This is recorded in the processing activities register; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR).
  • General Payment Transactions: Procedures necessary for conducting payment transactions, monitoring bank accounts, and controlling payment flows (e.g., creating and reviewing transfers, processing direct debit transactions, checking account statements, monitoring incoming and outgoing payments, managing returned payments, account reconciliation, cash management); Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).
  • Accounting, Accounts Payable, and Accounts Receivable: Procedures necessary for recording, processing, and controlling business transactions in accounts payable and accounts receivable (e.g., creation and verification of incoming and outgoing invoices, monitoring and management of outstanding items, processing of payment transactions, managing dunning processes, reconciling accounts in connection with receivables and liabilities, accounts payable, and accounts receivable); Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR), legal obligation (Art. 6 Para. 1 S. 1 lit. c GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).
  • Financial Accounting and Taxes: Procedures necessary for recording, managing, and controlling financial transactions, as well as for calculating, reporting, and paying taxes (e.g., recording and posting transactions, preparing quarterly and annual financial statements, conducting payment transactions, managing dunning processes, reconciling accounts, tax consulting, preparing and submitting tax returns, managing tax-related matters); Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR), legal obligation (Art. 6 Para. 1 S. 1 lit. c GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).
  • Marketing, Advertising, and Sales Promotion: Procedures necessary for marketing, advertising, and sales promotion (e.g., market analysis and target audience definition, development of marketing strategies, planning and execution of advertising campaigns, design and production of advertising materials, online marketing including SEO and social media campaigns, event marketing and trade show participation, customer loyalty programs, sales promotion activities, performance measurement and optimization of marketing activities, budget management and cost control); Legal Bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).
  • Economic Analysis and Market Research: To fulfill economic purposes and identify market trends, partner and user preferences, we analyze the data available on business transactions, contracts, inquiries, etc. The group of individuals affected may include partners, interested parties, customers, visitors, and users of the controller's online services. The analyses serve the purposes of economic evaluations, marketing, and market research (e.g., to determine customer groups with different characteristics). If available, profiles of registered users with their information on the services used are taken into account. The analyses are exclusively for the controller's use and are not disclosed externally, except in cases of anonymous analyses with aggregated values. In addition, user privacy is respected; data is pseudonymized for analytical purposes and, where feasible, anonymized (e.g., as aggregated data); Legal Bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).
  • Public Relations: Procedures necessary for public relations and communications (e.g., developing and implementing communication strategies, planning and executing PR campaigns, creating and distributing press releases, maintaining media contacts, monitoring and analyzing media response, organizing press conferences and public events, crisis communication, creating content for social media and corporate websites, managing corporate branding); Legal Bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Use of Online Platforms for Offering and Sales Purposes

We offer our services on online platforms operated by other providers. In this context, we process data of users as far as this is necessary for the provision of our services. Moreover, we may refer to the privacy policies and terms of use of the respective online platforms for information on the processing of user data.

  • Types of Data Processed: Inventory data (e.g., full name, residential address, contact information); content data (e.g., entries in online forms); contract data (e.g., subject of the contract, duration); usage data (e.g., page views, interests in content); meta-, communication-, and procedural data (e.g., IP addresses, timestamps).
  • Individuals Concerned: Users (e.g., visitors and users of the online platforms on which we are present and offer services).
  • Purposes of Processing: Provision of contractual services and customer support; answering inquiries.
  • Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • Marketplace Presence: We process the data of our customers who use our services through marketplaces (e.g., e-commerce or other trading platforms) and online platforms operated by other providers. This includes, among others, customer contact information, payment information, delivery information, order data, and content data. If data is required for contract fulfillment, we mark the required fields as such during the ordering or contract process. We process the data within the framework of contract fulfillment, to respond to inquiries, and for customer support and administrative purposes. Additionally, we process usage data and meta-data from users who visit our marketplace presence, e.g., when they view content or use features. Information on data processing by the platform operator can be found in the platform operator’s privacy policy; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Service Providers and Services Used in Business Activities

We use the services of service providers, particularly IT, logistics, and business infrastructure providers. As part of this, we comply with legal requirements and, in particular, conclude corresponding contracts or agreements with these service providers to ensure the protection of your data.

  • Types of Data Processed: Inventory data (e.g., full name, residential address, contact information); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses or phone numbers); contract data (e.g., subject of the contract, duration); usage data (e.g., page views, interests in content); meta-, communication-, and procedural data (e.g., IP addresses, timestamps); image and/or video recordings; audio recordings.
  • Individuals Concerned: Service recipients and contractors; business and contractual partners; customers; employees; visitors.
  • Purposes of Processing: Contractual services and customer support; office and organizational procedures; business processes and economic procedures; communication.
  • Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • IT Services and Cloud Storage: We process our customers’ data to enable them to plan, implement, and support IT solutions and related services, including data storage in secure cloud environments, data management, and data processing, as well as system hosting. Required information is indicated as such in the ordering process and includes information necessary for the provision of services and invoicing, as well as contact details for inquiries. Data may be disclosed to cloud providers only as necessary for the above purposes, and we ensure compliance with all relevant data protection regulations; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).
  • Web Hosting: The hosting services used by us provide the following services: infrastructure and platform services, computing capacity, storage space, and database services, as well as security services and technical maintenance services that we use to operate this online offer. In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta-data, and communication data of users of this online offer based on our legitimate interests in an efficient and secure provision of this online offer, Art. 6 Para. 1 S. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of processing contracts); Legal Bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Payment Methods

As part of contractual and other legal relationships, due to legal obligations, or otherwise based on our legitimate interests, we offer data subjects efficient and secure payment methods and use other payment service providers in addition to banks and credit institutions (collectively referred to as "payment service providers").

The data processed by the payment service providers includes inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract, sum, and recipient-related information. This information is necessary for carrying out the transactions. However, the entered data is processed and stored only by the payment service providers. In other words, we do not receive account or credit card information, but only information with confirmation or negative information about the payment. Under certain circumstances, data may be transmitted by the payment service providers to credit agencies. This transmission aims to verify identity and creditworthiness. For this, we refer to the general terms and conditions and privacy policies of the payment service providers.

For payment transactions, the terms and conditions and the privacy policies of the respective payment service providers, which are available on the respective websites or transaction applications, apply. We refer to these for further information and the assertion of rights of withdrawal, information, and other data subject rights.

  • Types of Data Processed: Inventory data (e.g., name, address); payment data (e.g., bank details, invoices, payment history); contract data (e.g., contract subject, duration); usage data (e.g., websites visited, interest in content, access times); meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers, involvement of service providers).
  • Individuals Concerned: Customers; interested parties; business and contractual partners.
  • Purposes of Processing: Provision of contractual services and customer support; payment procedures; security measures; fraud prevention.
  • Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR), legal obligation (Art. 6 Para. 1 S. 1 lit. c GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Provision of Online Offer and Web Hosting

To provide our online offer securely and efficiently, we use the services of one or more web hosting providers whose servers (or servers they manage) can be accessed via the internet. For these purposes, we may use infrastructure and platform services, computing capacity, storage space, and database services, as well as security and technical maintenance services.

The data processed as part of providing the hosting offer may include all information concerning users of our online offer that arises as part of usage and communication. This includes regular and transactional content and information related to the provision and administration of the online offer.

  • Types of Data Processed: Content data (e.g., entries in online forms); usage data (e.g., websites visited, interest in content, access times); meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers, involvement of service providers).
  • Individuals Concerned: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our online offer and user-friendliness; content delivery; security measures.
  • Legal Bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • Content Delivery Network (CDN): We use a "content delivery network" (CDN). A CDN is a service that enables content, particularly large media files such as graphics or scripts, to be delivered faster through regionally distributed servers connected via the internet. The processing of user data occurs solely for the aforementioned purposes and to maintain the security and functionality of the CDN; Legal Bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Use of Cookies

Cookies are small text files or other storage notes that store information on end devices and read information from end devices. For example, to store the login status in a user account, a shopping cart content in an online store, the accessed content, or used functions of an online offer. Cookies can also be used for various purposes, including the functionality, security, and comfort of online offers as well as the creation of analyses of visitor flows.

Notes on Consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users, except when this is not legally required. In particular, consent is not required if storing and reading information, including cookies, is absolutely necessary to provide the user with a telemedia service (i.e., our online offer) they have expressly requested. The revocable consent is clearly communicated to the users and contains the information about the respective cookie use.

Notes on Legal Bases under Data Protection Law: The legal basis under data protection law on which we process users' personal data with the use of cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests (e.g., in the business operation of our online offer and its improvement) or, if the use of cookies is necessary to fulfill our contractual obligations.

Storage Duration: With regard to storage duration, a distinction is made between the following types of cookies:

  • Temporary Cookies (also: "Session Cookies"): Temporary cookies are deleted at the latest after a user has left an online offer and closed their end device (e.g., browser or mobile application).
  • Permanent Cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be stored or preferred content can be displayed directly when the user revisits a website. Likewise, user interests used for reach measurement or marketing purposes can be stored in such a cookie.

General Information on Revocation and Objection (Opt-Out): Users can revoke their given consent at any time and also object to the processing in accordance with the legal requirements of Art. 21 GDPR. Users can also declare their objection through the settings of their browser.

  • Types of Data Processed: Usage data (e.g., websites visited, interest in content, access times); meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers, involvement of service providers).
  • Individuals Concerned: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our online offer and user-friendliness; marketing; reach measurement; security measures.
  • Legal Bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR); legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Special Notes on Applications (Apps)

We process the data of users of our application (referred to as “app”) to enable them to use the functions of the app and to enable them to fulfill the purposes of the app, such as providing educational content or facilitating communication with other users.

Device Permissions for Access to Functions and Data: The use of our app or its functionalities may require the permissions of users to access specific device functions, such as the camera, microphone, or location data. The granting of these permissions must be approved by users prior to their activation, which can be managed within the app settings or device settings.

Processing of App Data for Operational Purposes: We process app data for operational purposes, such as to ensure the stability and security of the app. This includes evaluating data to prevent and rectify app malfunctions, to enhance the user experience, and to ensure that app usage remains in line with applicable laws and terms of service.

Processing of Location Data: If users agree to location-based services provided by the app, the geographical location of the device will be collected and processed. This location data is solely used to display location-based information or functions, as well as for purposes authorized by users.

  • Types of Data Processed: Device data (e.g., hardware and software information, such as operating system); usage data (e.g., information on used functions, interaction times); meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers, location data).
  • Individuals Concerned: Users (e.g., app users).
  • Purposes of Processing: Provision of our online offer and user-friendliness; security measures; range measurement.
  • Legal Bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR); contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR); legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Registration, Login, and User Account

Users can create a user account. During the registration process, the required mandatory information is communicated to the users and processed to provide the user account based on contractual obligations. The data processed includes, in particular, login information (username, password, and an email address).

In the course of using our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the users’ interests in protection against misuse and other unauthorized use. In principle, this data is not passed on to third parties unless it is necessary for pursuing our claims or there is a legal obligation to do so according to Art. 6 Para. 1 lit. c GDPR.

The users can be informed via email about processes relevant to their user account, such as technical changes.

  • Types of Data Processed: Inventory data (e.g., full name, address); contact data (e.g., email address); content data (e.g., entries in online forms); contract data (e.g., subject of the contract, duration); usage data (e.g., websites visited, interest in content, access times); meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers, involvement of service providers).
  • Individuals Concerned: Users (e.g., registered users).
  • Purposes of Processing: Provision of contractual services and customer support; security measures; management and response to inquiries.
  • Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR); legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • Deletion of Data after Termination: If users have terminated their user account, their data regarding the user account will be deleted, subject to statutory retention requirements. It is the responsibility of users to secure their data before the end of the contract if it was retained during the contract term. We are entitled to irretrievably delete all user data stored during the contract term.

Community Features

We offer community features, including discussion forums, groups, and social media features, allowing users to engage in conversation with each other or share content. Users must adhere to community guidelines and behave respectfully towards others.

Participation requires registration, and within the registration process, we communicate the necessary mandatory information to users.

We may temporarily store the IP addresses of users and use them in accordance with our legitimate interest in ensuring the community's safety, particularly to protect against abusive or unauthorized usage of the community features. In the event of misuse or unauthorized usage, the IP address can be used to track the user and take necessary legal action.

  • Types of Data Processed: Inventory data (e.g., full name, address); contact data (e.g., email address); content data (e.g., entries in forums or profiles); usage data (e.g., websites visited, interest in content, access times); meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers).
  • Individuals Concerned: Users (e.g., registered community members).
  • Purposes of Processing: Provision of our online offer and user-friendliness; security measures; management and response to inquiries; community management.
  • Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR); legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • Storage of Contributions: Users' contributions in community forums or other public communication channels are permanently stored, visible to all registered members, and can be deleted by the user at any time. After the user's termination of membership, all contributions are anonymized if no contrary interests exist.

Blogs and Publication Media

We use blogs or similar means of online communication and publication (hereinafter "publication medium"). Readers' data is processed solely for the purposes of the publication medium to the extent necessary, as well as for security, reach measurement, and marketing purposes.

  • Types of Data Processed: Inventory data (e.g., full name, address); contact data (e.g., email address); content data (e.g., entries in online forms); usage data (e.g., websites visited, interest in content, access times); meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers).
  • Individuals Concerned: Users (e.g., readers of the blog or publication medium).
  • Purposes of Processing: Provision of our online offer and user-friendliness; security measures; marketing; reach measurement.
  • Legal Bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • Comments and Contributions: When users leave comments or other contributions, their IP addresses can be stored based on our legitimate interests. This is done for our security in the event someone leaves unlawful content (e.g., insults, prohibited political propaganda, etc.). In such cases, we may be liable for the comment or contribution and therefore have an interest in the identity of the author. Furthermore, we reserve the right, based on our legitimate interests, to process users' details for spam detection.
  • Comment Subscriptions: Follow-up comments can be subscribed to by users with their consent. Users receive a confirmation email to verify that they are the owner of the entered email address. Users can unsubscribe from ongoing comment subscriptions at any time. The confirmation email will contain details on the cancellation options.

Contact and Request Management

When contacting us (e.g., via contact form, email, phone, or social media) and in the context of existing user and business relationships, the information of the requesting individuals is processed to the extent necessary to respond to contact requests and any requested actions.

  • Types of Data Processed: Inventory data (e.g., name, address); contact data (e.g., email address, phone number); content data (e.g., entries in online forms); usage data (e.g., websites visited, interest in content, access times); meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers).
  • Individuals Concerned: Communication partners.
  • Purposes of Processing: Request management and response; customer support and communication.
  • Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR); legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • Contact Form: Users can reach us via a contact form on our website. When they submit a form, we process the provided information to answer the inquiry and communicate further as necessary. Information on required fields will be provided in the form. Submission of further information by users is voluntary; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR).

Communication via Messenger

We use messenger services for communication purposes and therefore ask you to observe the instructions below regarding the functionality, encryption, and the use of metadata when contacting us.

You can also contact us by alternative means, such as via telephone or email. Please use the contact details provided to you or those stated within our online offer.

End-to-End Encryption: Messages sent between the users and us are end-to-end encrypted, provided the respective messenger providers support it. This means that the content of the messages is not visible to the messenger providers themselves.

Note on Communication Encryption: While end-to-end encryption protects the content of the communication (i.e., the content of your message and attachments), metadata of the communication (i.e., information about the sender and receiver of a message) may also be collected.

  • Types of Data Processed: Inventory data (e.g., name, address); contact data (e.g., email address, phone number); usage data (e.g., websites visited, interest in content, access times); meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers, involvement of service providers).
  • Individuals Concerned: Communication partners.
  • Purposes of Processing: Communication via messenger; security measures; request management and response.
  • Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR); legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Video Conferences, Online Meetings, Webinars, and Screen Sharing

We use third-party platforms and applications (hereinafter referred to as "conference platforms") for conducting video and audio conferences, webinars, and other forms of video and audio meetings. When selecting the conference platforms and their services, we comply with legal requirements.

Data processed by conference platforms includes user data and metadata (e.g., name and email address of participants, audio and video recordings, screen-sharing data, chat content, and shared files). The providers of the conference platforms also process usage data and metadata for their security and service optimization purposes. If users are referred to conference platforms or software, devices, or other communication tools of third parties, please refer to the conference platforms' privacy policies for information on their data processing procedures.

  • Types of Data Processed: Inventory data (e.g., name, address); contact data (e.g., email address); content data (e.g., video and audio recordings, chat messages); usage data (e.g., interest in content, access times); meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers, involvement of service providers).
  • Individuals Concerned: Communication partners; participants.
  • Purposes of Processing: Video conferences; webinars; online meetings; request management and response.
  • Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR); legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • Recording and Saving Data: For documentation purposes, and where necessary with the consent of the participants, video and audio recordings as well as chat logs are stored and shared with participants or other authorized persons. Additionally, we reserve the right to use this data internally for training and quality purposes. Specific storage and deletion policies depend on the requirements of the conference platforms used and the legal retention periods.

Cloud Services

We use cloud services, in particular for storing and managing documents, organizing appointments, communicating, and sending emails, as well as creating spreadsheets and presentations, exchanging documents, content, and information with designated recipients, or publishing websites, forms, or other content and information.

In this context, personal data may be processed and stored on the servers of cloud service providers to the extent that this data is part of communication with us or is otherwise processed by us in accordance with this privacy policy. This data can include, in particular, user and contact data, data on transactions, processes, and contracts, other procedures, and their content. Cloud service providers also process usage data and metadata, which they use for security purposes and service optimization.

  • Types of Data Processed: Inventory data (e.g., name, address); contact data (e.g., email address, phone number); content data (e.g., text entries, photographs, videos); contract data (e.g., subject of the contract, duration); usage data (e.g., websites visited, interest in content, access times); meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers, involvement of service providers).
  • Individuals Concerned: Communication partners; users (e.g., website visitors, users of online services).
  • Purposes of Processing: Office and organizational procedures; communication; contract processing; request management and response.
  • Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR); legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • Security Measures: We take appropriate security measures when using cloud services, which may include encryption, access restrictions, and regular reviews to protect stored data from unauthorized access, loss, or damage.

Newsletter and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter "newsletters") only with the consent of the recipients or a legal permission. If the contents of a newsletter are specifically described during registration, they are decisive for the user's consent. Otherwise, our newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name for personalized address in the newsletter or other information if required for the purposes of the newsletter.

Double-Opt-In Procedure: The registration for our newsletter is generally carried out in a so-called double-opt-in procedure. This means that after registration, you receive an email in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with external email addresses. Registrations for the newsletter are logged to be able to prove the registration process in accordance with legal requirements. This includes storing the login and the confirmation time as well as the IP address. Likewise, changes to your data stored by the shipping service provider are logged.

  • Types of Data Processed: Inventory data (e.g., name, address); contact data (e.g., email address); meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers).
  • Individuals Concerned: Communication partners; recipients of newsletters.
  • Purposes of Processing: Direct marketing; communication.
  • Legal Bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR); legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR) for logging the procedures based on the double-opt-in.

Additional Information on Processing Procedures, Methods, and Services:

  • Success Measurement: The newsletters contain a so-called "web beacon," i.e., a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a shipping service provider, from its server. Within this retrieval process, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval, is collected. This information is used for technical improvement of our services based on technical data or target groups and their reading behavior based on retrieval locations (determined by IP address) or access times.

Promotional Communication via Email, Mail, Fax, or Telephone

We process personal data for the purposes of promotional communication, which may occur through various channels, such as email, phone, mail, or fax, in accordance with legal requirements.

Recipients have the right to revoke granted permissions or to object to promotional communication at any time.

After revocation or objection, we may store the data necessary to prove the prior permission or consent for up to three years based on our legitimate interests before we delete it. The processing of this data is limited to a possible defense against claims. In the case of obligations to permanently consider objections, we reserve the right to store the data in a block list for this purpose alone.

  • Types of Data Processed: Inventory data (e.g., name, address); contact data (e.g., email address, phone number); usage data (e.g., interest in content); meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers).
  • Individuals Concerned: Communication partners.
  • Purposes of Processing: Direct marketing; request management and response.
  • Legal Bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR); legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR) based on prior business relationships or applicable legal permissions.

Competitions and Contests

We process personal data of participants in competitions and contests only in compliance with the relevant data protection regulations, provided the processing is contractually required, consent has been granted by the participants, or it serves our legitimate interests (e.g., in the security of the competition or contest or protection against misuse through potential control measures).

If contributions from participants (e.g., photos or text) are published within the scope of the competition or contest, we would like to point out that the participants' names may also be published. Participants can object to this at any time.

  • Types of Data Processed: Inventory data (e.g., name, address); contact data (e.g., email address); content data (e.g., entries in competition or contest submissions); usage data (e.g., websites visited, interest in content, access times); meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers).
  • Individuals Concerned: Competition or contest participants.
  • Purposes of Processing: Execution of competitions and contests; communication with participants; compliance with legal obligations; marketing and promotion purposes.
  • Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR); consent (Art. 6 Para. 1 S. 1 lit. a GDPR); legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Surveys and Polls

We conduct surveys and polls to collect feedback, conduct market research, and assess user satisfaction. Participation in these surveys and polls is voluntary. If participants consent to the processing of their data, this is the legal basis for processing their data.

If we use a survey or polling tool that involves processing personal data of participants, we will provide detailed information on the use of such tools, including any necessary permissions or consents required by participants.

  • Types of Data Processed: Inventory data (e.g., name, address); contact data (e.g., email address); content data (e.g., survey responses); usage data (e.g., interest in content, access times); meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers).
  • Individuals Concerned: Survey and poll participants.
  • Purposes of Processing: Market research; customer satisfaction; feedback collection.
  • Legal Bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR); legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR) based on improving services or understanding customer needs.

Web Analysis, Monitoring, and Optimization

We use web analysis tools for the purpose of optimizing our online offer, monitoring reach, user experience, and the effectiveness of our marketing efforts. These tools collect data on user behavior, including the sources from which visitors arrive at our website, viewed content, access times, and information on the user’s device and operating system. This information helps us improve the user experience and content relevancy.

Depending on the use of external tools, cookies or similar tracking mechanisms may be deployed, and users may be asked for their consent.

  • Types of Data Processed: Usage data (e.g., websites visited, interest in content, access times); meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers).
  • Individuals Concerned: Users (e.g., website visitors).
  • Purposes of Processing: Reach measurement; monitoring; optimization; market research.
  • Legal Bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR) for cookies; legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR) in the improvement and economic operation of our website.

Online Marketing

We process personal data for online marketing purposes, which includes, but is not limited to, advertising space marketing, displaying promotional and other content (collectively referred to as “content”) based on potential user interests, and measuring the effectiveness of marketing efforts.

For these purposes, we create user profiles, which are stored in a file (so-called “cookie”) or by similar processes in which the relevant user data for displaying the mentioned content, measuring its effectiveness, or recording potential user interactions with this content, is saved. Unless users are asked separately for consent, these profiles are created only pseudonymously, meaning that we cannot identify users directly.

  • Types of Data Processed: Usage data (e.g., websites visited, interest in content, access times); meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers).
  • Individuals Concerned: Users (e.g., website visitors).
  • Purposes of Processing: Marketing; profiling (e.g., creating user profiles); reach measurement; behavioral targeting.
  • Legal Bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR) for cookies; legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR) in online marketing and economic operation of our website.

Affiliate Programs and Affiliate Links

We include so-called "affiliate links" or other references (which may include discount codes) to third-party offers within our online offer. If users follow the affiliate links or subsequently take advantage of the offers, we can receive a commission or other benefits from these third parties.

To track whether users have taken advantage of the offers of an affiliate link we use, it is necessary for the respective third-party providers to know that users have followed an affiliate link used within our online offer. The assignment of affiliate links to the respective business transactions or other actions of the users serves the sole purpose of commission settlement and will be canceled as soon as it is no longer necessary for the purpose.

  • Types of Data Processed: Usage data (e.g., websites visited, interest in content, access times); meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers); transaction data (e.g., purchases, requested services, timestamps, transaction data).
  • Individuals Concerned: Users (e.g., website visitors interested in affiliate offers).
  • Purposes of Processing: Affiliate tracking.
  • Legal Bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR) in effective commission settlement.

Customer Reviews and Rating Procedures

We participate in review and rating procedures to evaluate, improve, and market our services. If users rate or otherwise provide feedback via the designated rating platform or procedure, the general terms and conditions and privacy policies of the platform apply. We may also publish user feedback on our website or marketing material with users' consent.

  • Types of Data Processed: Inventory data (e.g., name, address); contact data (e.g., email address); content data (e.g., user reviews, ratings, comments).
  • Individuals Concerned: Customers; users (e.g., website visitors who submit reviews).
  • Purposes of Processing: Customer reviews; customer feedback; marketing.
  • Legal Bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR); legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR) in improving our services.

Social Network Presences (Social Media)

We maintain online presences within social networks to communicate with users active there or to provide information about us. We point out that data of users may be processed outside the European Union. This can result in risks for users because, for example, it could make it more difficult to enforce users' rights.

Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, user profiles can be created based on users' behavior and resulting interests. The user profiles can be used to display advertisements inside and outside the networks that presumably correspond to users' interests. For these purposes, cookies are usually stored on users' computers, in which users' usage behavior and interests are stored. Furthermore, data can be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in).

For a detailed description of the respective processing forms and the options to object (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

  • Types of Data Processed: Inventory data (e.g., name, address); contact data (e.g., email address); content data (e.g., photos, videos, messages); usage data (e.g., websites visited, interest in content, access times); meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers).
  • Individuals Concerned: Users (e.g., social media platform members).
  • Purposes of Processing: Social media communication; marketing; reach measurement.
  • Legal Bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR) in effective communication and marketing.

Plugins and Embedded Functions and Content

We integrate functional and content elements from the servers of their respective providers (hereinafter referred to as "third-party providers") within our online offer. These may include graphics, videos, social media buttons, or posts (hereinafter referred to as "content").

The integration always requires that third-party providers of this content process the IP address of the user, as they could not send the content to their browser without the IP address. The IP address is therefore necessary for the display of this content or functions. We strive to use only such content whose respective providers use the IP address solely for content delivery. Third-party providers may also use pixel tags (invisible graphics, also called "web beacons") for statistical or marketing purposes. Pixel tags can be used to analyze information, such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain technical information about the browser and operating system, referring websites, visit time, and other details regarding the use of our online offer, as well as be linked to such information from other sources.

  • Types of Data Processed: Usage data (e.g., websites visited, interest in content, access times); meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers); content data (e.g., text entries, photographs, videos).
  • Individuals Concerned: Users (e.g., website visitors interested in embedded content).
  • Purposes of Processing: Provision of our online offer and user-friendliness; content delivery; marketing; reach measurement.
  • Legal Bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR); legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR) in the integration of content and functions.

Management, Organization, and Assistance Tools

We use services, platforms, and software from other providers (hereinafter referred to as "third-party providers") for the purposes of organizing, managing, planning, and providing our services. When selecting these tools and services, we ensure compliance with legal requirements and security measures to protect user data.

In the course of using these tools, data may be transmitted to and processed by the respective third-party providers. This data may include inventory data, contact data, content data, contract data, usage data, meta-data, and procedural data.

  • Types of Data Processed: Inventory data (e.g., name, address); contact data (e.g., email address); content data (e.g., entries in online forms); contract data (e.g., subject of the contract, duration); usage data (e.g., websites visited, interest in content, access times); meta-, communication-, and procedural data (e.g., IP addresses, timestamps, identification numbers).
  • Individuals Concerned: Users (e.g., website visitors, customers, and business partners).
  • Purposes of Processing: Office and organizational procedures; contract processing; request management and response.
  • Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR); legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR) in efficient and secure business organization.

Changes and Updates

We reserve the right to change this privacy policy to adapt it to changing legal situations, as well as to changes in our data processing activities. However, this only applies with regard to statements on data processing. If user consent is required or parts of the privacy policy contain provisions of the contractual relationship with the users, changes will only be made with user consent.

Users are requested to regularly inform themselves about the content of this privacy policy.

Definitions of Terms

This section provides an overview of the terms used in this privacy policy. Many of the terms are derived from the law and defined primarily in Art. 4 of the GDPR. The legal definitions are binding. However, the following explanations are intended primarily to aid understanding. The terms are sorted alphabetically.

  • Personal Data: Any information relating to an identified or identifiable natural person (data subject); a natural person is considered identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier (e.g., cookie), or one or more specific characteristics.
  • Controller: The natural or legal person, public authority, institution, or other body that alone or jointly with others determines the purposes and means of processing personal data.
  • Processing: Any process carried out with or without the help of automated procedures or any such series of processes in connection with personal data. The term is broad and encompasses practically every handling of data, whether it involves collection, evaluation, storage, transmission, or deletion.

Latest Update: 28/February/2025​ | Global Terms & Conditions | Data Privacy

Find out in less than 5 minutes if you're cut out for Passive Income!

Just fill in the two fields, and get ready to receive your download link via email in no time. ⬇️

Free People Magnet Blueprint Business Resources

Join the VIP Fast Lane Now!

Join my VIP list to be the first in line when the program launches! As a VIP, you’ll also get an exclusive launch discount 🎁! Just fill in the two fields, confirm your email – and you are in instantly! ⬇️

VIP List

Start your passive Income Biz Now!

Just fill in the two fields, and get ready to receive your download link via email in no time. ⬇️

passive income starter kit special programs links

Take The Super-Charging Digital Product Idea Finder Quiz Now! 3 Minutes - DONE!

Just fill in the two fields, and get ready to receive your download link via email in no time. ⬇️

Go-To Expert Branding Pack

1-2-3 Go! Launch your New Online Course in no time!

Just fill in the two fields, and get ready to receive your download link via email in no time! ⬇️

But there is a costly Problem with Digital Products....!!