Contact us
Back to home page

Data Protection Statement

§ 1 INFORMATION ON THE COLLECTION OF PERSONAL DATA

(1) In the following, we inform you about the collection of personal data when using our website. Personal data refers to all data that can be related to you personally, such as your name, address, email address, and user behavior.

(2) The controller pursuant to Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is Wodianka privacy lawyers, Dockenhudener Straße 12a, 22587 Hamburg, Germany, kontakt@privacy-lawyers.de. For questions regarding data protection, please contact Dr. Volker Wodianka, LL.M. at volker.wodianka@privacy-lawyers.de or use our postal address.

(3) When you contact us via email or contact form, the data you provide (your email address, name, phone number if applicable, and the content of your message) will be stored by us in order to answer your questions. We delete the data collected in this context once storage is no longer necessary or restrict processing if legal retention obligations exist.

§ 2 YOUR RIGHTS

(1) You have the following rights regarding your personal data:

    • Right of access

    • Right to rectification or erasure

    • Right to restriction of processing

    • Right to object to processing

    • Right to data portability

(2) You also have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data.

§ 3 OBJECTION OR WITHDRAWAL OF CONSENT TO DATA PROCESSING

(1) If you have given your consent to the processing of your data, you can withdraw it at any time. Such a withdrawal will affect the lawfulness of the processing of your personal data after you have expressed it to us.

(2) If we base the processing of your personal data on a balancing of interests, you may object to the processing. This is the case in particular when the processing is not necessary for the performance of a contract with you, which will be explained in the relevant functions below. When exercising such an objection, please explain the reasons why we should not process your personal data as we have done. If your objection is justified, we will examine the situation and either stop or adjust the data processing or explain to you our compelling legitimate grounds for continuing the processing.

§ 4 DELETION OF PERSONAL DATA

(1) The data we process will be deleted in accordance with legal requirements if the purpose of processing no longer applies or if they are no longer necessary for that purpose. Your data will also be deleted if the processing was based on your consent and you have withdrawn it.

(2) Storage may be necessary for other legally permissible purposes, such as to fulfill legal obligations, exercise legal claims, or for tax purposes. In these cases, your personal data will only be processed for these purposes.

§ 5 COLLECTION OF PERSONAL DATA WHEN VISITING OUR WEBSITE

(1) When using the website purely for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data your browser transmits to our server. When you view our website, we collect the following technically necessary data to display our website and ensure its stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):

    • IP address

    • Date and time of the request

    • Time zone difference to Greenwich Mean Time (GMT)

    • Content of the request (specific page)

    • Access status/HTTP status code

    • Amount of data transferred

    • Website from which the request comes

    • Browser

    • Operating system and its interface

    • Language and version of the browser software

(2) In addition to the aforementioned data, technically necessary cookies and, with your consent, non-essential cookies are stored on your computer. Cookies are small text files stored on your hard drive by your browser and provide information to the party that sets the cookie (in this case, us). They help make the internet offering more user-friendly and effective overall.

(3) If our website sets cookies requiring consent, you will be informed separately within this privacy policy. If you have given your consent, you can withdraw it at any time via the cookie banner on our website.

(4) To protect your data, we use TLS encryption. You can recognize this by the prefix “https://” in your browser’s address bar.

§ 6 ADDITIONAL FUNCTIONS AND OFFERS ON OUR WEBSITE

(1) In addition to purely informational use, we offer various services which you may use if interested. This usually requires providing additional personal data, which we process in accordance with the principles stated above.

(2) We sometimes use external service providers to process your data. These are carefully selected, contractually bound to our instructions, and regularly monitored.

(3) If our service providers or partners are located in countries outside the European Union or the European Economic Area, we inform you of the consequences of this circumstance at the relevant points in this privacy policy.

§ 7 USE OF SOCIAL MEDIA PLUGINS

(1) This website uses so-called social media plugins from the networks Instagram, Xing, Facebook, X, LinkedIn, Google+ and TikTok, operated by:

    • Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA (Instagram)

    • New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany (Xing)

    • LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, USA

(2) Our site uses the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the plugin providers. Only when you click the marked field is data transmitted. The provider of the plugin is recognizable by its logo. The data specified in § 5.1 of this policy is transmitted. For Meta, the IP address is anonymized immediately after collection according to their statement in Germany. Activating the plugin means personal data is transmitted to the provider and stored there (in the USA for US-based providers).

(3) On July 10, 2023, the European Commission adopted an adequacy decision for the USA. It determines that the USA ensures an adequate level of data protection for transfers under this framework. LinkedIn and Meta are certified under the EU-US Data Privacy Framework, allowing us to assume an adequate level of protection.

(4) To our knowledge, the plugin provider stores your data in usage profiles for advertising, market research, and/or user-centered website design. You have the right to object to this, which must be exercised with the respective plugin provider. The legal basis for the use of plugins is Art. 6 para. 1 lit. a GDPR.

(5) For more information about the purpose and scope of data collection and processing by plugin providers, see their privacy policies.

(6) Addresses and privacy policies of the providers:
http://www.facebook.com/policy.php
https://privacy.xing.com/de/datenschutzerklaerung
https://de.linkedin.com/legal/privacy-policy

§ 8 CATEGORIES OF RECIPIENTS OF PERSONAL DATA

(1) To manage our business operations, we use domestic and foreign external service providers (e.g., in IT, logistics, telecommunications, sales, and marketing) who may gain access to your personal data. We have concluded data processing agreements with these providers in accordance with Art. 28 GDPR.

(2) If personal data is passed on to or received from our subsidiaries (e.g., for advertising purposes), this also takes place under data processing agreements.

§ 9 CONDITIONS FOR TRANSFERRING PERSONAL DATA TO THIRD COUNTRIES

(1) In exceptional cases where personal data is transferred to countries outside the European Economic Area (EEA), this is done under the provisions of Art. 44 ff. GDPR. We will inform you of the details at the relevant points.

(2) Some third countries have received adequacy decisions from the European Commission. For others, where laws may not guarantee sufficient protection, we ensure adequate safeguards—such as binding corporate rules, EU standard contractual clauses under Art. 46 GDPR, certifications, or approved codes of conduct.

§ 10 LINKS

(1) We use links to external content on third-party websites.

(2) We have no control over the data collected or the processing operations on those websites, nor do we know the full scope, purpose, or retention periods. We are not responsible for the data processing on linked websites.

(3) For more information, please consult the privacy policies of the respective websites, where you will also find details about your rights and settings to protect your privacy.

§ 11 TRAINING OFFER

a. BOOKING
(1) When booking a training session or sending invitations, we process the following data:

    • Email address

    • First and last name

    • Telephone number

(2) The legal basis for processing is Art. 6 para. 1 lit. b GDPR (contractual or pre-contractual relationship).

b. WEBINARS
(1) You may register for webinars. We use Microsoft Teams (Microsoft Ireland Operations Limited, Dublin, Ireland).

(2) Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient delivery) or Art. 6 para. 1 lit. b GDPR (contractual relationship).

(3) Possible data processed:

    • Participant info: name, email, phone, profile image, audio/video data

    • Metadata

    • Chat messages

(4) You register via our website or email. A confirmation email with a link is sent to you.

(5) You can disable mic/cam at any time. Microsoft processes metadata for analytics.

(6) Microsoft acts as a data processor. Data is encrypted and usually stored within the EEA. If data is processed in the USA, Microsoft’s DPF certification ensures adequate protection.

(7) See Microsoft’s privacy policy for details.

c. E-LEARNING “COURSEPATH”
(1) We offer e-learning via Fellow Digitals GmbH, Cologne, Germany. They also receive your data.

(2) A data processing agreement was signed according to Art. 28 GDPR. The provider acts solely on our instructions.

§ 12 STRIPE
(1) We use Stripe Payments Europe, Limited, Dublin, Ireland, for payment processing.

(2) Stripe is both controller and processor. As controller, it uses your data to fulfill regulatory duties (Art. 6 para. 1 lit. f and b GDPR). As processor, Stripe processes payments per Art. 28 GDPR.

(3) Data processed: name, payment amount, bank details, card number.

(4) Stripe’s terms and privacy policies apply for the selected payment method. Legal basis: Art. 6 para. 1 lit. b and f GDPR.

(5) Data processing is not legally or contractually required, but necessary to use Stripe.

(6) Stripe is headquartered in the USA. Data transfers are covered under the EU-US Data Privacy Framework (DPF).

(7) More info on opt-out and deletion options can be found here.

(8) We store your data until payment processing is completed, including for refunds, claims management, and fraud prevention. Legal retention obligations apply.

§ 13 UPDATES TO THIS PRIVACY POLICY

We update this privacy policy as necessary to reflect changes in data processing. Please review it regularly for updates and third-party contact details.