| About | | Hypnosis for a Stillbirth | | Login | Blog

Data protection declaration


Preamble

The following data protection declaration is intended to inform you about the types of personal data (hereinafter also referred to as ‘data’) we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as ‘online offer’).

The terms used are not gender-specific.

As of: 27 January 2025

Table of contents

Controller

Goenkar Enterprises Ltd.
25ti Martiou 30
7040 Oroklini
Cyprus

Email address: [email protected]

Imprint: https://hypnogyno.com/imprint

Overview of the processing

The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

  • Inventory data.
  • Payment data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication and process data.
  • Image and/or video recordings.
  • Sound recordings.
  • Event data (Facebook).
  • Protocol data.

Special categories of data

  • Health data.

Categories of data subjects

  • Beneficiaries and clients.
  • Interested parties.
  • Communication partners.
  • Users.
  • Business and contractual partners.
  • Patients.
  • Participants.
  • Depicted persons.
  • Third parties.

Purposes of processing

  • Provision of contractual services and fulfilment of contractual obligations.
  • Communication.
  • Security measures.
  • Direct marketing.
  • Reach measurement.
  • Tracking.
  • Office and organisational procedures.
  • Conversion measurement.
  • Target group formation.
  • Affiliate tracking.
  • Organisational and administrative procedures.
  • Feedback.
  • Marketing.
  • Profiles with user-related information.
  • Provision of our online services and user-friendliness.
  • Information technology infrastructure.
  • Public relations.
  • Business processes and business management procedures.
  • Artificial intelligence (AI).

Relevant legal bases

Relevant legal bases according to the GDPR: The following is an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection requirements may apply in your or our country of residence or domicile. Should more specific legal bases apply in individual cases, we will inform you of these in the data protection declaration.

  • Consent (Art. 6 (1) (a) GDPR) – The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
  • Fulfilment of the contract and pre-contractual requests (Art. 6 (1) (1) (b) GDPR) – The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6 (1) (1) (c) GDPR) – processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Protection of vital interests (Art. 6 (1) (1) (d) GDPR) – processing is necessary in order to protect the vital interests of the data subject or of another natural person.
  • Legitimate interests (Art. 6 (1) (1) (f) GDPR) – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
  • Processing of special categories of personal data concerning health, profession and social security (Art. 9 (2) (h) GDPR) – Processing is necessary for the purposes of preventive medicine or occupational medicine, for the assessment of an employee's ability to work, for medical diagnosis, for the provision of care or treatment in the health or social sector or for the management of health or social care systems and services based on Union or Member State law or on the basis of a contract with a health professional.
  • Consent to the processing of special categories of personal data (Art. 9 para. 2 lit. a) GDPR) - The data subject has expressly consented to the processing of the personal data referred to for one or more specified purposes.
  • Processing of special categories of personal data for the protection of vital interests (Art. 9 para. 2 lit. c) GDPR) - Processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent.

Relevant legal bases under Swiss data protection law: If you are located in Switzerland, we process your data on the basis of the Federal Data Protection Act (in short ‘Swiss DSG’). Unlike the GDPR, for example, the Swiss DSG does not, in principle, require a legal basis for the processing of personal data to be stated and requires that the processing of personal data be carried out in good faith, lawfully and proportionately (Art. 6 (1) and (2) of the Swiss DSG). In addition, personal data is only collected by us for a specific purpose that is recognisable to the data subject and is only processed in a manner that is compatible with this purpose (Art. 6 para. 3 of the Swiss Data Protection Act).

Reference to the validity of the GDPR and the Swiss Data Protection Act: This data protection notice serves both to provide information in accordance with the Swiss Data Protection Act and the General Data Protection Regulation (GDPR). For this reason, we ask you to note that the terms of the GDPR are used due to their broader geographical application and comprehensibility. In particular, instead of the terms used in the Swiss DPA, ‘processing’ of ‘personal data’, ‘overriding interest’ and ‘particularly sensitive personal data’, the terms used in the GDPR, ‘processing’ of ‘personal data’ and ‘legitimate interest’ and ‘special categories of data’ are used. However, the legal meaning of the terms will continue to be determined under the Swiss DPA within the scope of the validity of the Swiss DPA.

National data protection regulations in Cyprus: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Cyprus. These include, in particular, the ‘Law on the Protection of Personal Data’.

Security measures

We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as the access, input, disclosure, safeguarding of availability and its separation. Furthermore, we have set up procedures to ensure that data subjects' rights are exercised, that data is deleted and that we respond to data being compromised. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes, in accordance with the principle of data protection, through technology design and data protection-friendly default settings.

Truncation of the IP address: If IP addresses are processed by us or by the service providers and technologies used and the processing of a complete IP address is not necessary, the IP address will be truncated (also known as ‘IP masking’). In this process, the last two digits, or the last part of the IP address after a dot, are removed or replaced by placeholders. The purpose of truncating the IP address is to prevent or significantly impede the identification of a person based on their IP address.

Securing online connections using TLS/SSL encryption technology (HTTPS): We use TLS/SSL encryption technology to protect user data transmitted via our online services from unauthorised access. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission over the internet. These technologies encrypt the information that is transmitted between the website or app and the user's browser (or between two servers), thus protecting the data from unauthorised access. TLS, as the more advanced and secure version of SSL, ensures that all data transfers meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is signalled by the display of HTTPS in the URL. This serves as an indicator for users that their data is being transmitted securely and encrypted.

Transfer of personal data

In the course of our processing of personal data, it may be necessary to transfer or disclose it to other departments, companies, legally independent organisational units or persons. The recipients of this data may include, for example, service providers contracted to carry out IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

International data transfers

Data processing in third countries: If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transmission of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements. If the level of data protection in the third country has been recognised by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers will only take place if the level of data protection is otherwise assured, in particular by standard contractual clauses (Art. 46 (2) (c) GDPR), express consent or in the case of contractual or legally required transfer (Art. 49 (1) GDPR). We will also provide you with the basis for third-country transfers for the individual providers from the third country, with the adequacy decisions taking precedence as the basis. Information on third-country transfers and the relevant adequacy decisions can be found on the European Commission's website: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de. As part of the so-called ‘Data Privacy Framework’ (DPF), the EU Commission has also recognised the level of data protection for certain companies from the USA as secure within the framework of the adequacy decision of 10 July 2023. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/. We will inform you in the data protection notice which of our service providers are certified under the Data Privacy Framework.

Disclosure of personal data abroad: In accordance with the Swiss Data Protection Act, we only disclose personal data abroad if the data subjects are guaranteed an adequate level of protection (Art. 16 of the Swiss Data Protection Act). If the Federal Council has not determined an adequate level of protection (list: https://www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung-staaten.html), we will take alternative security measures. These may include international treaties, specific guarantees, data protection clauses in contracts, standard data protection clauses approved by the Federal Data Protection and Information Commissioner (FDPIC) or internal company data protection rules that have been recognised in advance by the FDPIC or a competent data protection authority in another country. According to Art. 16 of the Swiss Data Protection Act, exceptions for the disclosure of data abroad may be permitted if certain conditions are met, including consent of the data subject, execution of a contract, public interest, protection of life or physical integrity, publicly disclosed data or data from a legally provided register. These disclosures are always made in accordance with the legal requirements. Under the so-called ‘Data Privacy Framework’ (DPF), Schweizer has recognised the level of data protection for certain companies in the USA as secure within the framework of the adequacy decision of 7 June 2024. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/. We will inform you in the data protection notice which of our service providers are certified under the Data Privacy Framework.

General information on data storage and deletion

We delete personal data that we process in accordance with the statutory provisions as soon as the underlying consent is revoked or there is no further legal basis for the processing. This applies to cases in which the original purpose of the processing no longer applies or the data is no longer needed. Exceptions to this rule exist when legal obligations or special interests require longer storage or archiving of the data.

In particular, data that must be stored for commercial or tax law reasons or that must be stored for legal prosecution or to protect the rights of other natural or legal persons must be archived accordingly.

Our data protection notices contain additional information on the storage and deletion of data that specifically applies to certain processing operations.

If there is more than one retention period or deletion period for a date, the longest period shall always apply.

If a period does not explicitly begin on a specific date and is at least one year long, it automatically begins at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships in the context of which data is stored, the event triggering the period is the point in time at which the termination or other ending of the legal relationship takes effect.

We process data that is no longer needed for the originally intended purpose but is stored due to legal requirements or other reasons exclusively for the reasons that justify its storage.

Further information on processing, procedures and services:

  • Storage and deletion of data: The following general time limits apply to storage and archiving under German law:
    • 10 years – retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets and the work instructions and other organisational documents, accounting vouchers and invoices required for their understanding (Section 147 (3) in conjunction with (1) nos. 1, 4 and 4a of the German Tax Code (Abgabenordnung – AO), Section 14b (1) of the German Turnover Tax Act (Umsatzsteuergesetz – UStG), Section 2 57 para. 1 no. 1 and 4, para. 4 HGB).
    • 6 years – Other business documents: received commercial or business letters, reproductions of sent commercial or business letters, other documents, insofar as they are relevant for taxation, e.g. hourly wage slips, cost accounting sheets, calculation documents, price labelling, but also payroll accounting documents, insofar as they are not already accounting documents and cash register tapes (§ 147 para. 3 in conjunction with para. 1 no. 2, 3, 5 AO, § 257 para. 1 no. 2 and 3, para. 4 HGB).
    • 3 years – Data required to take into account potential warranty and damage claims or similar contractual claims and rights, as well as to process related requests, based on past business experience and customary industry practices, will be stored for the duration of the regular statutory limitation period of three years (Sections 195, 199 BGB).
  • Data retention and deletion: The following general time limits apply for retention and archiving under Swiss law:
    • 10 years – Retention period for books and records, financial statements, inventories, management reports, opening balance sheets, accounting vouchers and invoices, as well as any required operating instructions and other organisational documents (Art. 958f of the Swiss Code of Obligations (CO)).
    • 10 years – Data necessary for taking into account potential claims for damages or similar contractual claims and rights, as well as for processing related requests, based on previous business experience and customary industry practices, are stored for the statutory limitation period of ten years, unless a shorter period of five years is relevant, which is applicable in certain cases (Art. 12 7, 130 OR). After five years, claims for rent, lease and capital interest as well as other periodic payments, for the delivery of food, for catering and for inn debts, as well as for craft work, retail sales of goods, medical care, professional work by lawyers, legal agents, procurators and notaries and from the employment of employees become time-barred (Art. 128 OR).

Rights of the data subjects

Rights of the data subjects under the GDPR: As data subjects, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:

  • Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw consent at any time.
  • Right of access: You have the right to request confirmation as to whether or not data in question is being processed and to request information about this data, as well as further information and a copy of the data in accordance with legal requirements.
  • Right to rectification: You have the right, in accordance with legal requirements, to request the completion of data concerning you or the rectification of inaccurate data concerning you.
  • Right to erasure and restriction of processing: You have the right, in accordance with the law, to demand that data concerning you be erased immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the law.
  • Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or to demand its transmission to another controller in accordance with the legal requirements.
  • Complaint to the supervisory authority: In accordance with the statutory provisions and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the member state in which you usually reside, the supervisory authority of your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your personal data violates the GDPR .

Rights of data subjects under the Swiss DSG:

As a data subject, you have the following rights in accordance with the provisions of the Swiss DSG:

  • Right of access: You have the right to request confirmation as to whether personal data concerning you is being processed and to receive the information necessary to enable you to assert your rights under this law and to ensure transparent data processing.
  • Right to data disclosure or transfer: You have the right to request disclosure of the personal data that you have provided to us in a commonly used electronic format.
  • Right to rectification: You have the right to request the rectification of inaccurate personal data concerning you.
  • Right to object, erasure and destruction: You have the right to object to the processing of your data and to request that the personal data concerning you be erased or destroyed.

Business services

We process data of our contractual and business partners, e.g. customers and prospects (collectively referred to as ‘contractual partners’), in the context of contractual and comparable legal relationships as well as related measures and with regard to communication with contractual partners (or pre-contractual), for example to answer inquiries.

We use this data to fulfil our contractual obligations. These include, in particular, the obligations to provide the agreed services, any updating obligations and remedies in the event of breaches of warranty and other breaches of performance. In addition, we use the data to protect our rights and for the purpose of the administrative tasks associated with these obligations, as well as for company organisation. In addition, we process the data on the basis of our legitimate interests in both proper and business management and security measures to protect our contractual partners and our business operations from misuse, endangering their data, secrets, information and rights (e.g. for the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the limits of the applicable law, we only pass on the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfil legal obligations. The contractual partners will be informed about further forms of processing, for example for marketing purposes, within the scope of this data protection declaration.

We will notify our contractual partners of the data required for the aforementioned purposes before or during data collection, e.g. in online forms, by means of special labelling (e.g. colours) or symbols (e.g. asterisks or similar), or in person.

We delete the data after the expiry of statutory warranty and comparable obligations, i.e. in principle after four years, unless the data is stored in a customer account, e.g. as long as it has to be kept for legal archiving reasons (usually ten years for tax purposes). We delete data that has been disclosed to us by the contractual partner in the context of an order in accordance with the specifications and, in principle, after the end of the order.

  • Processed data types: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); Payment Data (e.g. bank details, invoices, payment history); Contact data (e.g. postal and e-mail addresses or telephone numbers). Contract data (e.g. contract object, duration, customer category).
  • Special categories of personal data: Health data.
  • Data subjects: Service recipients and clients; interested parties; business and contractual partners. Patients.
  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; communication; office and organisational procedures; organisational and administrative procedures. Business processes and business management procedures.
  • Storage and deletion: Deletion in accordance with the information in the section ‘General information on data storage and deletion’.
  • Legal basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Compliance with a legal obligation (Article 6 (1) (c) GDPR); Legitimate interests (Article 6 (1) (f) GDPR); Protection of vital interests (Article 6 (1) (d) GDPR); processing of special categories of personal data concerning health, profession and social security (Art. 9 para. 2 lit. h) GDPR); consent to processing of special categories of personal data (Art. 9 para. 2 lit. a) GDPR). Processing of special categories of personal data for the protection of vital interests (Art. 9 para. 2 lit. c) GDPR).

Further information on processing, procedures and services:

  • Medical and healthcare services: We process our patients' data in order to provide them with our treatment services and to be able to bill them. The procedures that are part of and for the purposes of processing patient data include: patient admission and administration, anamnesis, diagnosis, therapy planning and implementation, performance of medical tests and examinations, prescription of medication and treatments, patient counselling and education, documentation and administration of medical data, coordination with other doctors and medical specialists, billing of medical services, compliance with medical quality standards and guidelines.
    The data processed, the type, scope, purpose and necessity of their processing are determined by the underlying contractual and patient relationship and will be communicated to the patient in a timely manner.
    In the course of our work, we process information about our patients' health as special categories of personal data. This is done either in the context of health care or to protect the vital interests of patients. In all other situations, we obtain the express consent of the patients to process these special categories of personal data.
    If it is necessary for the fulfilment of our contract, for the protection of vital interests or legally (e.g. to fulfil obligations under social law and reporting obligations), or if the patient has given their consent, we disclose or transfer the patient's data to third parties or agents, such as authorities, medical institutions, laboratories, billing centres and in the area of IT, office or comparable services.
    Your data will be stored for as long as is necessary for us to provide our services and for any follow-up care. The retention period is usually ten years, but may differ in special cases due to special regulations, e.g. the requirements of the Radiation Protection Act; legal bases: contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) DSGVO), legal obligation (Art. 6 para. 1 sentence 1 lit. c) DSGVO), protection of vital interests ( Art. 6 para. 1 sentence 1 lit. d) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR), Processing of special categories of personal data concerning health, profession and social security (Art. 9 para. 2 lit. h) GDPR), Consent to processing of special categories of personal data (Art. 9 para. 2 lit. a) GDPR), Processing of special categories of personal data for the protection of vital interests (Art. 9 para. 2 lit. c) GDPR).
  • Online courses and online training: We process the data of participants in our online courses and online training (uniformly referred to as ‘participants’) in order to provide them with our course and training services. The data processed, the type, scope, purpose and necessity of their processing are determined by the underlying contractual relationship. In principle, the data includes information on the courses and services used and, insofar as they are part of our range of services, personal specifications and results of the participants. The forms of processing also include performance assessment and the evaluation of our services and those of the course and training instructors. In addition, further processing steps may be implemented depending on the features and structure of the respective courses or learning content, such as attendance tracking to document participation, progress monitoring to measure and analyse learning progress by collecting exam and test results, and analysis of interactions in learning platforms, such as forum posts and assignment submissions; legal basis: contract fulfilment and pre-contractual requests (Art. 6 (1) (1) (b) GDPR).
  • Therapeutic services: We process the data of our clients, as well as interested parties and other clients or contractual partners (uniformly referred to as ‘clients’) in order to provide them with our services. The processed data, the type, scope, purpose and necessity of their processing are determined by the underlying contractual and client relationship.

    In the course of our work, we may also process special categories of data, in particular information about the health of clients, possibly with reference to their sex life or sexual orientation, as well as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. For this purpose, we obtain the express consent of the clients, if necessary, and otherwise process the special categories of data if this serves the health of the clients, the data is public or other legal permissions exist.

    If it is necessary for the fulfilment of our contract, for the protection of vital interests or legally required, or if the client has given his consent, we disclose or transmit the client's data to third parties or agents, such as authorities, medical institutions, laboratories, billing centres and in the area of IT, office or comparable services, in compliance with professional regulations; legal basis: fulfilment of the contract and pre-contractual (Art. 6 (1) sentence 1 lit. b) GDPR).

Use of online platforms for sales and marketing purposes

We offer our services on online platforms operated by other service providers. In this context, the data protection notices of the respective platforms apply in addition to our data protection information. This applies in particular with regard to the execution of the payment process and the procedures used on the platforms for reach measurement and interest-based marketing.

  • Processed data types: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); Payment Data (e.g. bank details, invoices, payment history); Contact data (e.g. postal and e-mail addresses or telephone numbers); Contract data (e.g. contract object, duration, customer category); Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and process data (e.g. IP addresses, time stamps, identification numbers, persons involved). Image and/or video recordings (e.g. photographs or video recordings of a person).
  • Data subjects: Service recipients and clients; business and contractual partners; communication partners.
  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; marketing; business processes and business management procedures; communication. Office and organisational procedures.
  • Storage and deletion: Deletion as specified in the ‘General information on data storage and deletion’ section.
  • Legal basis: Contract performance and pre-contractual enquiries (Art. 6 (1) (1) (b) GDPR). Legitimate interests (Art. 6 (1) (1) (f) GDPR).

Further information on processing, procedures and services:

  • Kajabi: Platform through which e-commerce services are offered and provided. The services and the processes carried out in connection with them include, in particular, online shops, websites, their offers and content, community elements, purchasing and payment processes, customer communication, analysis and marketing; service provider: Kajabi, LLC, 17100 Laguna Canyon Road, #100, Irvine, CA 92603 USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://kajabi.com/Privacy Policy: https://legal.kajabi.com/policies/privacyData processing agreement: https://legal.k ajabi.com/Basis for third-country transfers: EU/EEA - Standard Contractual Clauses (https://kajabi.com/policies), Switzerland - Standard Contractual Clauses (https://kajabi.com/policies).
  • WebinarJam: Video conferencing, web conferencing and webinars; Service provider: Genesis Digital LLC, 4730 S. Fort Apache Rd. Suite 300, Las Vegas, NV 89147-7947 USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://home.webinarjam.com/Privacy Policy: https://home.webinarjam.com/privacypolicyData processing agreement: https://home.webinarjam.com/dpa.
  • Zoom: video conferencing, online meetings, webinars, screen sharing, optional session recording, chat function, integration with calendars and other apps; service provider: Zoom Video Communications, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO); Website: https://zoom.usPrivacy Policy: https://explore.zoom.us/de/privacy/Data processing agreement: https://explore.zoom .us/docs/doc/Zoom_GLOBAL_DPA.pdfBasis for third-country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF).

Providers and services used in the context of our business activities

In the course of our business activities, we use additional services, platforms, interfaces or plug-ins from third-party providers (‘services’ for short) in compliance with legal requirements. Their use is based on our interests in the proper, lawful and economic management of our business operations and our internal organisation.

  • Processed data types: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); Payment Data (e.g. bank details, invoices, payment history); Contact data (e.g. postal and e-mail addresses or telephone numbers); Content data (e.g. textual or pictorial messages and posts as well as the information concerning them, such as information on authorship or time of creation). Contract data (e.g. subject matter of the contract, duration, customer category).
  • Data subjects: Service recipients and clients; interested parties. Business and contractual partners.
  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; office and organisational procedures. Business processes and business management procedures.
  • Storage and deletion: Deletion in accordance with the information in the ‘General information on data storage and deletion’ section.
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing, procedures and services:

Payment procedure

Within the framework of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and, for this purpose, use other service providers in addition to banks and credit institutions (collectively ‘payment service providers’).

The data processed by the payment service providers includes inventory data, such as name and address, bank data, such as account or credit card numbers, passwords, TANs and checksums, as well as contract, sum and recipient-related information. This information is required to carry out the transactions. However, the data entered is only processed and stored by the payment service providers. This means that we do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit reference agencies. The purpose of this transmission is to verify identity and creditworthiness. In this regard, we refer you to the terms and conditions and the data protection notices of the payment service providers.

The payment transactions are subject to the terms and conditions and the data protection notices of the respective payment service providers, which can be accessed within the respective websites or transaction applications. We also refer to these for the purpose of further information and assertion of rights of revocation, information and other data subject rights.

  • Processed data types: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); Payment Data (e.g. bank details, invoices, payment history); Contract data (e.g. contract object, duration, customer category); Usage data (e.g. page views and duration of stay, click paths, usage intensity and frequency, device types and operating systems used types and operating systems, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time information, identification numbers, persons involved).
  • Data subjects: Recipients of services and clients; business and contractual partners. Interested parties.
  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations. Business processes and business management procedures.
  • Storage and deletion: Deletion as specified in the section ‘General information on data storage and deletion’.
  • Legal basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR). Legitimate interests (Article 6 (1) (f) GDPR).

Further information on processing, procedures and services:

  • PayPal: Payment services (technical integration of online payment methods) (e.g. PayPal, PayPal Plus, Braintree); service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Website: https://www.paypal.com/dePrivacy Policy: https://www.paypal.com/de/webapps/ mpp/ua/privacy-fullBasis for third-country transfers: Switzerland – adequacy decision (Luxembourg).
  • Stripe: Payment services (technical integration of online payment methods); service provider:
    Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legal basis: Contract fulfilment and pre-contractual requests (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://stripe.comPrivacy Policy: https://stripe.com/de/privacyBasis for third-country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF).

Provision of online services and web hosting

We process user data in order to provide our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

  • Types of data processed:
    usage data (e.g. page views and time spent on the page, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and process data (e.g. IP addresses, time information, identification numbers, persons involved); protocol data (e.g. log files regarding logins or the retrieval of data or access times). Content data (e.g. textual or pictorial messages and posts, as well as the information relating to them, such as information on authorship or the time of creation).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online services and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).) Provision of contractual services and fulfilment of contractual obligations.
  • Storage and deletion: Deletion in accordance with the information in the section ‘General information on data storage and deletion’.
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing, procedures and services:

  • Provision of online services on rented storage space: To provide our online services, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also known as a ‘web host’); legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • Email delivery and hosting: The web hosting services we use also include the sending, receiving and storage of emails. For these purposes, the addresses of the recipients and senders, as well as further information regarding the sending of emails (e.g. the providers involved) and the contents of the respective emails, are processed.
    The aforementioned data may also be processed for the purpose of detecting spam. Please note that e-mails are generally not sent in encrypted form over the internet.
    As a rule, e-mails are encrypted in transit, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received.
    We therefore cannot accept any responsibility for the transmission of e-mails between the sender and their receipt on our server; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • 1&1 IONOS: Services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacity); Service provider: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO);
    Website: https://www.ionos.dePrivacy Policy: https://www.ionos.de/terms-gtc/terms-privacyData Processing Agreement: https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/Basis for third-country transfers: Switzerland - adequacy decision (Germany).

Use of cookies

The term ‘cookies’ refers to functions that store and read information on users‘ end devices. Cookies can also be used for a variety of purposes, such as to ensure the functionality, security and convenience of online services and to analyse visitor traffic. We use cookies in accordance with legal requirements. To do this, we obtain users’ consent in advance if necessary.
If consent is not necessary, we rely on our legitimate interests. This applies if the storage and reading of information is essential to provide expressly requested content and functions. This includes, for example, the storage of settings and ensuring the functionality and security of our online services. Consent can be withdrawn at any time. We provide clear information about the scope of this and which cookies are used.

Notes on the legal basis under data protection law: Whether we process personal data using cookies depends on consent. If consent has been given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.

Storage period: With regard to the storage period, the following types of cookies are distinguished:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their end device (e.g. browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the end device has been closed. This means, for example, that the login status can be stored and preferred content can be displayed directly when the user visits a website again. Likewise, the user data collected using cookies can be used to measure reach.
    Unless we provide users with explicit information about the type and duration of storage of cookies (e.g. when obtaining consent), they should assume that these are permanent and that the storage period can be up to two years.

General information on revocation and objection (opt-out): Users can revoke the consent they have given at any time and also object to the processing in accordance with the legal requirements, including by means of the privacy settings of their browser.

  • Processed data types: Meta, communication and process data (e.g. IP addresses, time information, identification numbers, persons involved). Usage data (e.g. page views and time spent on the page, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online services and user-friendliness.
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing operations, procedures and services:

  • Cookie Script: Consent management: Procedure for obtaining, recording, managing and withdrawing consent, in particular for the use of cookies and similar technologies for storing, reading and processing information on users' end devices and for processing that information; service provider: Objectis Ltd., Laisves st. 60, LT-05120 Vilnius, Lithuania; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://cookie-script.com/de/Privacy Policy: https://cookie-script.com/de/legal/privacy-policy.
    Basis for third-country transfers: Switzerland – adequacy decision (Lithuania).

Obtaining applications from app stores

Our application can be obtained from special online platforms operated by other service providers (known as ‘app stores’). In this context, the data protection notices of the respective app stores apply in addition to our data protection notice. This applies in particular with regard to the methods used on the platforms for measuring reach and for interest-based marketing, as well as any costs incurred.

  • Processed data types: Contract data (e.g. contract object, duration, customer category); Usage data (e.g. page views and time spent on the page, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions).
    Meta, communication and process data (e.g. IP addresses, time information, identification numbers, persons involved).
  • Data subjects: Service recipients and clients. Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; marketing. Provision of our online services and user-friendliness.
  • Storage and erasure: Erasure as described in the section ‘General information on data storage and erasure’.
  • Legal basis: Legitimate interests (Article 6(1)(f) GDPR).

Further information on processing operations, procedures and services:

  • Kajabi: Platform for offering and providing e-commerce services. The services and the processes carried out in connection with them include, in particular, online shops, websites, their offers and content, community elements, purchasing and payment processes, customer communication, analysis and marketing; service provider:
    Kajabi, LLC, 17100 Laguna Canyon Road, #100, Irvine, CA 92603 USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://kajabi.com/Privacy Policy: https://legal.kajabi.com/policies/privacyData processing agreement: https://legal.k ajabi.com/Basis for third-country transfers: EU/EEA - Standard Contractual Clauses (https://kajabi.com/policies), Switzerland - Standard Contractual Clauses (https://kajabi.com/policies).

Community functions

The community functions we provide allow users to enter into conversations or otherwise exchange information with each other. We ask you to note that the use of community functions is only permitted in compliance with the applicable legal situation, our terms and guidelines, and the rights of other users and third parties.

  • Processed data types: Inventory data (e.g. full name, residential address, contact information, customer number, etc.). Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; security measures. Provision of our online services and user-friendliness.
  • Storage and erasure: Erasure as described in the section ‘General information on data storage and erasure’.
  • Legal basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR). Legitimate interests (Article 6 (1) (f) GDPR).

Further information on processing operations, procedures and services:

  • User posts are public: The posts and content created by users are publicly visible and accessible; legal bases: performance of a contract and prior requests (Art. 6 (1) (b) GDPR).
  • Protecting your own data: Users decide for themselves what personal data they disclose on our online services. For example, when users provide information about themselves or participate in conversations.
    We ask users to protect their data and to publish personal data only with caution and only to the extent necessary. In particular, we ask users to note that they must protect their access data very carefully and use secure passwords (i.e. above all, character combinations that are as long and random as possible); legal basis: contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) DSGVO).

Blogs and publication media

We use blogs or comparable means of online communication and publication (hereinafter ‘publication medium’). Readers' data is only processed for the purposes of the publication medium to the extent necessary for its presentation and for communication between authors and readers or for security reasons. In all other respects, we refer to the information on the processing of visitors to our publication medium in the context of this data protection notice.

  • Processed data types: inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact information (e.g. postal and e-mail addresses or telephone numbers); content data (e.g. textual or pictorial messages and posts, as well as information relating to them, such as details of authorship or time of creation); usage data (e.g. page views
    and duration of visit, click paths, intensity and frequency of use, types of device and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time information, identification numbers, persons involved).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Feedback (e.g. collecting feedback via online form). Provision of our online services and user-friendliness.
  • Storage and erasure: Erasure as described in the section ‘General information on data storage and erasure’.
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing, procedures and services:

  • Kajabi: Platform for offering and providing e-commerce services. The services and the processes carried out in connection with them include, in particular, online shops, websites, their offers and content, community elements, purchasing and payment processes, customer communication, analysis and marketing; service provider: Kajabi, LLC, 17100 Laguna Canyon Road, #100, Irvine, CA 92603 USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://kajabi.com/Privacy Policy: https://legal.kajabi.com/policies/privacyData processing agreement: https://legal.k ajabi.com/Basis for third-country transfers: EU/EEA - Standard Contractual Clauses (https://kajabi.com/policies), Switzerland - Standard Contractual Clauses (https://kajabi.com/policies).

Communication via Messenger

We use Messenger for communication purposes and therefore ask you to note the following information regarding the functionality of the Messenger, encryption, the use of communication metadata and your options for objecting.

You can also contact us by alternative means, e.g. by telephone or email. Please use the contact options provided to you or those indicated within our online offering.

In the case of end-to-end encryption of content (i.e. the content of your message and attachments), we would like to point out that the communication content (i.e. the content of the message and attached images) is encrypted from end to end. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use a current version of the messenger with activated encryption to ensure that the message content is encrypted.

However, we would also like to point out to our communication partners that although the providers of the messengers do not see the content, they can find out that and when communication partners communicate with us, as well as technical information about the communication partner's device used and, depending on the settings of their device, location information (so-called metadata) are processed.

Notes on legal bases: Insofar as we ask communication partners for permission before communicating with them via messenger, the legal basis for our processing of their data is their consent. Otherwise, if we do not ask for consent and you contact us, for example, on your own initiative, we use messengers in relation to our contractual partners and in the context of contract initiation as a contractual measure and, in the case of other interested parties and communication partners, on the basis of our legitimate interests in fast and efficient communication and in meeting the needs of our communication partners in communication via messengers. Furthermore, we would like to point out that we do not transmit the contact data provided to us to the messengers for the first time without your consent.

Withdrawal, objection and deletion: You can withdraw your consent at any time and object to communication with us via messenger at any time.
In the case of communication via messenger, we delete the messages in accordance with our general deletion guidelines (i.e. as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any information from the communication partner, if no reference to a previous conversation is to be expected and the deletion does not conflict with any legal storage requirements.
.

Please note that we use other communication channels: To ensure your security, we ask for your understanding that we may not be able to answer questions via Messenger for certain reasons. This applies to situations in which, for example, contract details must be treated as highly confidential or an answer via Messenger does not meet formal requirements. In these cases, we recommend that you use more suitable communication channels.

  • Processed data types: Contact data (e.g. postal and e-mail addresses or telephone numbers). Content data (e.g. textual or pictorial messages and posts, as well as information relating to them, such as details of authorship or time of creation).
  • Data subjects: Communication partners.
  • Purposes of processing: Communication.
  • Storage and erasure: Erasure in accordance with the information in the section ‘General information on data storage and erasure’.
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); contract fulfilment and pre-contractual requests (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing, procedures and services:

  • Instagram: messaging via the social network Instagram; service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); website: https://www.instagram.comprivacy policy: https://privacycenter.instagram.com/policy/.
    Basis for third-country transfers: Switzerland – adequacy decision (Ireland).

Artificial intelligence (AI)

We use artificial intelligence (AI) that processes personal data. The specific purposes and our interest in using AI are stated below. We define AI as a machine-based system designed for a varying degree of autonomous operation, which may be adaptable after its introduction and which produces results such as predictions, content, recommendations or decisions based on the input received, which may influence physical or virtual environments, in accordance with the concept of an ‘AI system’ as defined in Article 3 No. 1 of the AI Regulation.

Our AI systems are deployed in strict compliance with legal requirements. These include both specific regulations for artificial intelligence and data protection requirements. In particular, we adhere to the principles of lawfulness, transparency, fairness, human control, purpose limitation, data minimisation and integrity, and confidentiality. We ensure that personal data is always processed on a legal basis. This can either be the consent of the data subjects or a legal authorisation.

When using external AI systems, we carefully select their providers (hereinafter ‘AI providers’). In accordance with our legal obligations, we ensure that the AI providers comply with the applicable provisions. Likewise, we observe the obligations incumbent on us when using or operating the AI services obtained. We and the AI providers process personal data exclusively on the basis of consent or legal authorisation. In doing so, we place particular emphasis on transparency, fairness and maintaining human control over AI-supported decision-making processes.

We implement appropriate and robust technical and organisational measures to protect the data processed. These ensure the integrity and confidentiality of the processed data and minimise potential risks. We ensure ongoing compliance with current legal and ethical standards by regularly reviewing our AI providers and their services.

  • Processed data types: Content data (e.g. textual or pictorial messages and posts, as well as information related to them, such as information on authorship or time of creation). Usage data (e.g. page views and time spent on the page, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
  • Data subjects: Users (e.g. website visitors, users of online services). Third parties.
  • Purposes of processing: Artificial intelligence (AI).
  • Storage and erasure: Erasure in accordance with the information in the section ‘General information on data storage and erasure’.
  • Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing, procedures and services:

Video conferencing, online meetings, webinars and screen sharing

We use platforms and applications from other providers (hereinafter referred to as ‘conference platforms’) for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings (hereinafter collectively referred to as ‘conferences’). When selecting conference platforms and their services, we comply with legal requirements.

Data processed by conference platforms: When participating in a conference, the conference platforms process the personal data of the participants listed below. The scope of the processing depends, on the one hand, on which data is required for a specific conference (e.g. entry of access data or real names) and which optional information is provided by the participants. In addition to the processing for the purpose of conducting the conference, the participants' data may also be processed by the conference platforms for security purposes or service optimisation. The data processed includes personal data (first name, last name), contact information (email address, telephone number), access data (access codes or passwords), profile pictures, information on professional status/function, the IP address of the internet access, information on the participants' end devices, their operating system, the browser and its technical and language settings, information on the content of communication processes, i.e.
entries in chats as well as audio and video data, as well as the use of other available functions (e.g. surveys). The contents of the communications are encrypted to the extent technically provided by the conference provider. If the participants are registered as users with the conference platforms, then further data may be processed in accordance with the agreement with the respective conference provider.

Logging and recordings: If text entries, participation results (e.g. from surveys) and video or audio recordings are logged, the participants will be informed of this transparently in advance and, if necessary, asked for their consent.

Data protection measures of participants: Please refer to the data protection notices of the conference platforms for details of how your data is processed by them and select the security and data protection settings that are best for you when you configure the conference platforms.
Furthermore, please ensure that data and privacy protection is in place in the background of your recording for the duration of a video conference (e.g. by notifying housemates, locking doors and, as far as technically possible, using the function to make the background unrecognisable). Links to the conference rooms and access data must not be passed on to unauthorised third parties.

Notes on the legal basis: Insofar as we also process user data in addition to the conference platforms and ask users for their consent to use the conference platforms or certain functions (e.g. consent to recording conferences), the legal basis for the processing is this consent. Furthermore, our processing may be necessary to fulfil our contractual obligations (e.g. in participant lists, in the case of processing the results of conversations, etc.). Otherwise, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners.

  • Processed data types: inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact information (e.g. postal and e-mail addresses or telephone numbers); content data (e.g. textual or pictorial messages and posts as well as the information concerning them, such as information on authorship or time of creation); usage data (e.g. page views
    and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); image and/or video recordings (e.g. photographs or video recordings of a person); sound recordings; protocol data (e.g. log files regarding logins or the retrieval of data or access times). Meta, communication and process data (e.g. IP addresses, time information, identification numbers, persons involved).
  • Data subjects: Communication partners; Users (e.g. website visitors, users of online services). Depicted persons.
  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; Communication. Office and organisational procedures.
  • Storage and deletion: Deletion in accordance with the information in the ‘General information on data storage and deletion’ section.
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing, procedures and services:

  • Discord: chat, audio and video transmissions, instant messaging and community management; service provider:
    Discord, Inc., 444 De Haro St, Suite 200, San Francisco, California 94107, USA; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://discord.com/Privacy Policy: https://discord.com/privacyBasis for third-country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF).
  • Zoom: video conferencing, online meetings, webinars, screen sharing, optional session recording, chat function, integration with calendars and other apps; service provider: Zoom Video Communications, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://zoom.usPrivacy Policy: https://explore.zoom.us/de/privacy/Data Processing Agreement: https://explore.zoom
    .us/docs/doc/Zoom_GLOBAL_DPA.pdfBasis for third-country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF).
  • WebinarJam: Video conferencing, web conferencing and webinars; service provider: Genesis Digital LLC, 4730 S.
    Fort Apache Rd. Suite 300, Las Vegas, NV 89147-7947 USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://home.webinarjam.com/Privacy Policy: https://home.webinarjam.com/privacypolicyData processing agreement: https://home.webinarjam.com/dpa.

Audio content

We use hosting services from service providers to offer our audio content for listening and downloading. We use platforms that enable the uploading, storage and distribution of audio material.

  • Processed data types: Usage data (e.g. page views and time spent on the page, click paths, frequency and intensity of use, device types and operating systems used, interactions with content and functions); Meta, communication and process data (e.g. IP addresses, time stamps, identification numbers, persons involved). Protocol data (e.g. log files regarding logins or the retrieval of data or access times).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: reach measurement (e.g. access statistics, recognition of returning visitors); conversion measurement (measurement of the effectiveness of marketing measures); profiles with user-related information (creation of user profiles). Provision of our online services and user-friendliness.
  • Storage and erasure: Erasure in accordance with the information in the section ‘General information on data storage and erasure’.
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing, procedures and services:

  • Spotify: podcast hosting, publication and management of podcast content, analysis of listening behaviour and statistics, monetisation options for podcasters; service provider:
    Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://podcasters.spotify.com/Privacy Policy: https://www.spotify.com/de/legal/privacy-policy/Basis for third-country transfers: Switzerland – adequacy decision (Sweden).

Cloud services

We use software services that are accessible via the internet and run on the servers of their providers (so-called ‘cloud services’, also referred to as ‘software as a service’) for storing and managing content (e.g. document storage and management, sharing documents, content and information with specific recipients or publishing content and information).

In this context, personal data may be processed and stored on the providers‘ servers if they are part of communication processes with us or are otherwise processed by us, as explained in this data protection declaration. This data may include, in particular, users’ master data and contact data, data on processes, contracts, other processes and their contents.
The cloud service providers also process usage data and metadata, which they use for security purposes and to optimise their services.

If we use the cloud services to provide forms or other documents and content for other users or publicly accessible websites, the providers may store cookies on the users' devices for the purposes of web analysis or to remember user settings (e.g. in the case of media control).

  • Processed data types: inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact information (e.g. postal and e-mail addresses or telephone numbers); content data (e.g. textual or pictorial messages and posts as well as the information concerning them, such as information on authorship or time of creation).
    Usage data (e.g. page views and length of stay, click paths, frequency and intensity of use, types of devices and operating systems used, interactions with content and functions).
  • Data subjects: Interested parties; communication partners. Business and contractual partners.
  • Purposes of processing: Office and organisational procedures. Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).).
  • Storage and deletion: Deletion in accordance with the information in the ‘General information on data storage and deletion’ section.
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing, procedures and services:

Newsletter and electronic notifications

We send newsletters, e-mails and other electronic notifications (hereinafter ‘newsletters’) only with the consent of the recipients or on a legal basis. If the contents of a newsletter are mentioned in the context of registration, these contents are decisive for the consent of the users. To subscribe to our newsletter, it is normally sufficient to provide your e-mail address.
However, in order to offer you a personalised service, we may ask you to provide your name so that we can address you personally in the newsletter or to provide further information if this is necessary for the purpose of the newsletter.

Deletion and restriction of processing: We may store the email addresses that have been unsubscribed for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove that we have previously given our consent.
The processing of this data is limited to the purpose of a potential defence against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the e-mail address in a block list for this purpose alone (so-called ‘block list’).

The recording of the registration process is based on our legitimate interests for the purpose of proving that it has been carried out properly. Insofar as we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in an efficient and secure sending system.

Contents:

Information about us, our services, promotions and offers.

Furthermore, there is information and discussions about music.

  • Processed data types: inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact information (e.g. postal and e-mail addresses or telephone numbers); meta, communication and process data (e.g. IP addresses, time stamps, identification numbers, persons involved); usage data (e.g. page views and dwell
    , click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and functions). Image and/or video recordings (e.g. photographs or video recordings of a person).
  • Data subjects: Communication partners. Users (e.g. website visitors, users of online services).
  • Purposes of processing: Direct marketing (e.g. by email or post); Provision of contractual services and fulfilment of contractual obligations; Communication. Office and organisational procedures.
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • Option to object (opt-out): You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options given above, preferably email.

Further information on processing, procedures and services:

  • Prerequisite for using free services: Consent to receive mailings can be made dependent on the prerequisite of using free services (e.g. access to certain content or participation in certain promotions). If users wish to use the free service without registering for the newsletter, we ask them to contact us.
  • Reminder emails for the ordering process: If users do not complete an order process, we can remind them by email of the order process and send them a link to continue it. This function can be useful, for example, if the purchase process could not be continued due to a browser crash, oversight or forgetting.
    The dispatch is based on consent, which users can revoke at any time; legal basis: consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
  • ConvertKit: Email and conversion optimisation platform; service provider: ConvertKit LLC, 505 W. Idaho Street #513, Boise, ID 83702, P.O.
    Box 761 Boise, Idaho 83701, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://convertkit.com/Privacy Policy: https://convertkit.com/privacyBasis for third-country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF).
  • WebinarJam: video conferencing, web conferencing and webinars; service provider: Genesis Digital LLC, 4730 S.
    Fort Apache Rd. Suite 300, Las Vegas, NV 89147-7947 USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://home.webinarjam.com/Privacy Policy: https://home.webinarjam.com/privacypolicy.
    Data processing agreement: https://home.webinarjam.com/dpa.

Web analysis, monitoring and optimisation

The purpose of web analysis (also known as ‘reach measurement’) is to evaluate the flow of visitors to our online services and may include behaviour, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, identify the times when our online services or their functions or content are most frequently used, or invite reuse. It also enables us to understand which areas require optimisation.

In addition to web analysis, we may also use test procedures to test and optimise different versions of our online services or their components.

Unless otherwise stated below, profiles, i.e. data summarised for a usage process, can be created and information can be stored in a browser or in a terminal device and then read for these purposes. The information collected includes, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used and information on usage times.
If users have given their consent to the collection of their location data to us or to the providers of the services we use, the processing of location data is also possible.

In addition, the IP addresses of users are stored. However, we use an IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect users.
In general, no clear user data (such as email addresses or names) is stored in the context of web analysis, A/B testing and optimisation, but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective procedures.

Notes on the legal basis: If we ask users for their consent to use the third-party providers, the legal basis for data processing is their consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economic and user-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

  • Processed data types: Usage data (e.g. page views and time spent on the page, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication and process data (e.g. IP addresses, time stamps, identification numbers, persons involved). Image and/or video recordings (e.g. photographs or video recordings of a person).
  • Data subjects: Users (e.g. website visitors, users of online services). Communication partners.
  • Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles); provision of our online services and user-friendliness; communication. Office and organisational procedures.
  • Storage and deletion: Deletion as described in the section ‘General information on data storage and deletion’. Storage of cookies for up to 2 years (unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).
  • Security measures: IP masking (pseudonymisation of the IP address).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing, procedures and services:

  • Google Analytics: We use Google Analytics to measure and analyse the use of our online services on the basis of a pseudonymous user identification number.
    This identification number does not contain any unique data, such as names or email addresses. It is used to assign analysis information to a terminal device in order to recognise which content users have accessed within one or more usage processes, which search terms they have used, which they have accessed again or with which they have interacted with our online services.
    Likewise, the time of use and its duration are stored, as well as the sources of users who refer to our online offer and technical aspects of their end devices and browsers.
    In doing so, pseudonymous profiles of users are created with information from the use of various devices, whereby cookies can be used. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics does provide broad geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, the IP address data is used exclusively for this geolocation data derivation before it is immediately deleted.
    They are not logged, are not accessible and are not used for any further purposes. When Google Analytics collects measurement data, all IP queries are carried out on EU-based servers before the traffic is forwarded to Analytics servers for processing; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/Security measures:
    IP masking (pseudonymisation of the IP address); Privacy Policy: https://policies.google.com/privacyData processing agreement: https://business.safety.google/adsprocessorterms/Basis for third-country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Adequacy Decision (Ireland); Opt-out: Opt-out plug-in: https://tools.
    google.com/dlpage/gaoptout?hl=de, settings for the display of advertisements: https://myadcenter.google.com/personalizationoffFurther information: https://business.safety.google/adsservices/ (types of processing and processed data).
  • WebinarJam: video conferencing, web conferencing and webinars; service provider:
    Genesis Digital LLC, 4730 S. Fort Apache Rd. Suite 300, Las Vegas, NV 89147-7947 USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://home.webinarjam.com/Privacy Policy: https://home.webinarjam.com/privacypolicy.
    Data processing agreement: https://home.webinarjam.com/dpa.

Online marketing

We process personal data for online marketing purposes, which may include, in particular, the marketing of advertising space or the presentation of advertising and other content (collectively referred to as ‘content’) based on the potential interests of users and the measurement of its effectiveness.

For these purposes, so-called user profiles are created and stored in a file (the so-called ‘cookie’) or similar procedures are used, by means of which the information relevant to the user for the presentation of the aforementioned content is stored.
This may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information, such as the browser and computer system used, as well as information on times of use and functions used. If users have consented to the collection of their location data, this may also be processed.

In addition, the IP addresses of users are stored. However, we use available IP masking procedures (i.e. pseudonymisation by shortening the IP address) for user protection. In general, no clear user data (such as email addresses or names) is stored as part of the online marketing process, only pseudonyms. This means that we, as well as the providers of the online marketing process, do not know the actual user identity, only the information stored in their profiles.

The statements in the profiles are usually stored in cookies or by similar methods. These cookies can later generally be read on other websites that use the same online marketing method, and they can be analysed for the purpose of displaying content and supplemented with additional data and stored on the server of the online marketing method provider.

In exceptional cases, it is possible to assign clear data to the profiles, especially if, for example, the users are members of a social network that uses our online marketing process and the network links the user profiles with the aforementioned information. Please note that users can make additional agreements with the providers, for example by giving their consent during registration.

We only receive access to summarised information about the success of our advertisements. However, we can use so-called conversion measurements to check which of our online marketing methods have led to a so-called conversion, i.e. for example to the conclusion of a contract with us. The conversion measurement is used solely to analyse the success of our marketing measures.

Unless otherwise stated, we ask you to assume that cookies used are stored for a period of two years.

Notes on legal bases: If we ask users for their consent to use third-party providers, the legal basis for data processing is permission. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economic and user-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

Notes on revocation and objection:

We refer you to the data protection notices of the respective providers and the options for objection (so-called ‘opt-out’) provided by the providers.
If no explicit opt-out option has been provided, you have the option of disabling cookies in your browser settings. However, this may restrict the functionality of our online services. We therefore also recommend the following opt-out options, which are offered collectively for each region:

a) Europe: https://www.youronlinechoices.eu.

b) Canada: https://www.youradchoices.ca/choices.

c) USA: https://www.aboutads.info/choices.

d) Cross-regional: https://optout.aboutads.info.

  • Types of data processed:
    content data (e.g. textual or pictorial messages and posts, as well as the information relating to them, such as information on authorship or time of creation); usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication and process data (e.g. IP addresses , time stamps, identification numbers, involved persons). Event Data (Facebook) (‘Event Data’ is information that is sent to the provider Meta, for example, via meta pixels (whether via apps or other channels) and relates to persons or their actions. This data includes, for example, details of website visits, interactions with content and functions, app installations and product purchases.
    Event data is processed with the aim of creating target groups for content and advertising messages (custom audiences). It is important to note that event data does not include actual content such as written comments, login information or contact information such as names, email addresses or phone numbers. ‘Event Data’ is deleted by Meta after a maximum of two years, and the audiences created from it disappear when our Meta user accounts are deleted.
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: reach measurement (e.g. access statistics, recognition of returning visitors); tracking (e.g. interest/behavioural profiling, use of cookies); conversion measurement (measurement of the effectiveness of marketing measures); target group formation; marketing; profiles with user-related information (creation of user profiles). Provision of our online services and user-friendliness.
  • Storage and erasure: Erasure in accordance with the information in the ‘General information on data storage and erasure’ section. Storage of cookies for up to 2 years (unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).
  • Security measures: IP masking (pseudonymisation of the IP address).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing, procedures and services:

  • Meta-Pixel and Custom Audiences: With the help of the meta-pixel (or comparable functions for transmitting event data or contact information via interfaces in apps), the company Meta is able, on the one hand, to determine the visitors to our online offering as a target group for the display of ads (so-called ‘meta-ads’). Accordingly, we use the meta pixel to display the meta ads we have placed only to those users on Meta platforms and within the services of Meta's partners (so-called ‘Audience Network’ https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offering or who exhibit certain characteristics (e.g. interest in certain topics or products that can be seen from the websites visited
    websites) that we transmit to Meta (so-called ‘custom audiences’). With the help of the Meta pixel, we also want to ensure that our Meta ads match the potential interest of users and do not have a harassing effect.
    With the help of the meta pixel, we can also track the effectiveness of the meta ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a meta ad (so-called ‘conversion measurement’); Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://www.facebook.comPrivacy Policy: https://www.facebook.com/privacy/policy/Data Processing Agreement: https://www.facebook.com/legal/terms/dataprocessingBasis for
    third country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - adequacy decision (Ireland); Further information: User event data, i.e. information on behaviour and interests, is processed for the purposes of targeted advertising and audience development on the basis of the agreement on joint responsibility (‘Addendum for Controllers’, https://www.facebook.com/legal/controller_addendum).
    The joint controllership is limited to the collection and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular with regard to the transfer of data to the parent company Meta Platforms, Inc. in the USA (on the basis of the standard contractual clauses between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
  • Facebook Ads: Placement of ads within the Facebook platform and analysis of ad results; service provider:
    Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://www.facebook.comPrivacy Policy: https://www.facebook.com/privacy/policy/Basis for third-country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Adequacy
    (Ireland); Right of appeal (opt-out): Please refer to the data protection and advertising settings in the user profile on the Facebook platforms and to Facebook's consent procedure and contact options for exercising information and other rights of affected parties, as described in Facebook's data protection declaration; Further information:
    User event data, i.e. information on behaviour and interests, is processed for the purposes of targeted advertising and audience development on the basis of the agreement on joint responsibility (‘Addendum for Controllers’, https://www.facebook.com/legal/controller_addendum).
    The joint responsibility is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular with regard to the transmission of data to the parent company Meta Platforms, Inc. in the USA (on the basis of the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
  • Google Ads and conversion tracking: online marketing process for the purpose of placing content and ads within the service provider's advertising network (e.g. in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the ads.
    We also measure the conversion of the ads, i.e. whether users have interacted with the ads and used the offers advertised (so-called conversions). However, we only receive anonymous information and no personal information about individual users; service provider:
    Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 (1) 1 a) GDPR), Legitimate interests (Art. 6 (1) 1 f) GDPR); Website: https://marketingplatform.google.comPrivacy Policy: https://policies.google.com/privacyBasis for third-country transfers: EU/EEA
    – Data Privacy Framework (DPF), Switzerland – adequacy decision (Ireland); Additional information: Types of processing and processed data: https://business.safety.google/adsservices/. Data processing conditions between controllers and standard contractual clauses for third-country data transfers: https://business.safety.google/adscontrollerterms.
  • Instagram Ads: Placement of ads within the Instagram platform and analysis of ad results; service provider:
    Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR); website: https://www.instagram.comprivacy policy: https://privacycenter.instagram.com/policy/basis for third-country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Adequacy (Ireland); Right of appeal (opt-out): We refer to the data protection and advertising settings in the user's profile on the Instagram platform and as part of Instagram's consent procedure and Instagram's contact options for exercising information and other data subject rights in Instagram's data protection declaration; Further information:
    User event data, i.e. information on behaviour and interests, is processed for the purposes of targeted advertising and audience development on the basis of the joint controllership addendum (‘Controller Addendum’, https://www.facebook.com/legal/controller_addendum). The joint controllership is limited to the collection and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular with regard to the transfer of data to the parent company Meta Platforms, Inc. in the USA (on the basis of the standard contractual clauses between Meta Platforms Ireland Limited and Meta Platforms, Inc.).

Offering an affiliate programme

We offer an affiliate programme, i.e. we offer commissions or other benefits (collectively referred to as ‘commission’) to users (referred to as ‘affiliates’) who refer to our offers and services.
The reference is made by means of a link assigned to the respective affiliate or other methods (e.g. discount codes) that allow us to recognise that the use of our services was based on the reference (collectively referred to as ‘affiliate links’).

In order to be able to track whether users have taken advantage of our services based on the affiliate links used by the affiliates, it is necessary for us to know that users have followed an affiliate link. The assignment of affiliate links to the respective business transactions or other utilisation of our services serves the sole purpose of calculating commission and is cancelled as soon as it is no longer required for this purpose.

For the purposes of the aforementioned assignment of the affiliate links, the affiliate links can be supplemented by certain values that are part of the link or can be stored elsewhere, e.g. in a cookie.
The values may include, in particular, the source website (referrer), the time, an online identifier for the operator of the website on which the affiliate link was located, an online identifier for the respective offer, the type of link used, the type of offer and an online identifier for the user.

Notes on legal bases: The processing of our partners' data is carried out for the provision of our (pre-)contractual services. User data is processed on the basis of their consent.

  • Processed data types: Contract data (e.g. subject matter of the contract, duration, customer category); Usage data (e.g. page views and time spent on the page, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); Protocol data (e.g. log files regarding logins or the retrieval of data or access times); Meta , communication and process data (e.g. IP addresses, time information, identification numbers, persons involved). Image and/or video recordings (e.g. photographs or video recordings of a person).
  • Data subjects: Users (e.g. website visitors, users of online services); Business and contractual partners. Communication partners.
  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; Affiliate tracking; Communication. Office and organisational procedures.
  • Storage and deletion: Deletion in accordance with the information in the section ‘General information on data storage and deletion’.
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing, procedures and services:

Social media sites

We maintain an online presence on social media sites and process user data in this context in order to communicate with active users on these sites or to provide information about us.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, the enforcement of user rights could be made more difficult.

Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, user profiles can be created based on user behaviour and the resulting interests of users.
The latter may in turn be used to place advertisements inside and outside the networks that presumably correspond to the interests of the users. Therefore, cookies are usually stored on the users' computers, in which the usage behaviour and the interests of the users are stored.
In addition, data can also be stored in the user profiles independently of the devices used by the users (in particular if they are members of the respective platforms and are logged in there).

For a detailed description of the respective forms of processing and the opt-out options, we refer to the data protection declarations and information provided by the operators of the respective networks.

We would also like to point out that requests for information and the assertion of data subject rights can be most effectively asserted with the providers. Only the providers have access to the user data and can take appropriate measures and provide information directly. However, if you require assistance, please do not hesitate to contact us.

  • Processed data types: Contact data (e.g. postal and e-mail addresses or telephone numbers); content data (e.g. textual or pictorial messages and posts, as well as the information relating to them, such as details of authorship or time of creation).
    Usage data (e.g. page views and duration of visit, click paths, frequency and intensity of use, types of device and operating systems used, interactions with content and functions).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Communication; Feedback (e.g. collecting feedback via online form). Public relations.
  • Storage and erasure: Erasure in accordance with the information in the section ‘General information on data storage and erasure’.
  • Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing, procedures and services:

  • Instagram: social network that allows you to share photos and videos, comment on and favourite posts, send messages, subscribe to profiles and pages; service provider:
    Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); website: https://www.instagram.comprivacy policy: https://privacycenter.instagram.com/policy/Basis for third-country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - adequacy decision (Ireland).
  • Facebook pages: Profiles within the Facebook social network - We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not further processing) of data from visitors to our Facebook page (so-called ‘fan page’).
    This data includes information about the types of content that users view or interact with, or the actions they take (see ‘Things you and others have done and provided’ in the Facebook Data Policy: https://www.facebook.com/privacy/policy/), as well as information about the devices users use (e.g. IP addresses, operating system, browser
    type, language settings, cookie data; see ‘Device Information’ in the Facebook Data Policy: https://www.facebook.com/privacy/policy/). As explained in the Facebook Data Policy under ‘How do we use this information?’, Facebook also collects and uses information to provide analytics services, known as ‘Page Insights’, to page administrators to help them understand how people interact with their pages and the content associated with them.
    We have entered into a special agreement with Facebook (‘Information on Page Insights’, https://www.facebook.com/legal/terms/page_controller_addendum), which specifically governs the security measures that Facebook must observe and in which Facebook has agreed to fulfil the rights of data subjects (i.e. users can, for example, address requests for information or deletion directly to Facebook). The rights of users (in particular to information, deletion, objection and complaints to the relevant supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the ‘Information on Page Insights’ (https://www.facebook.com/legal/terms/information_about_page_insights_data).
    The joint responsibility is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular with regard to the transmission of data to the parent company Meta Platforms, Inc. in the USA; service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); website: https://www.facebook.comprivacy policy: https://www.facebook.com/privacy/policy/Basis for third-country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - adequacy decision (Ireland).
  • YouTube: social network and video platform; service provider:
    Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Privacy Policy: https://policies.google.com/privacyBasis for third-country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Adequacy Decision (Ireland).
    Opt-out: https://myadcenter.google.com/personalizationoff.

Plug-ins and embedded functions and content

We incorporate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as ‘third-party providers’).
These may be graphics, videos or city maps (hereinafter uniformly referred to as ‘content’).

The integration always requires that the third-party providers of this content process the IP address of the user, since they would not be able to send the content to the user's browser without the IP address. The IP address is therefore required for the presentation of this content or these functions.
We endeavour to use only content from providers who use the IP address solely for the purpose of delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as ‘web beacons’) for statistical or marketing purposes. Pixel tags’ can be used to evaluate information such as visitor traffic on the pages of this website.
The pseudonymous information may also be stored in cookies on the user's device and may include, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online services, but may also be linked to such information from other sources.

Notes on legal bases: If we ask users for their consent to use third-party providers, the legal basis for data processing is permission. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

  • Processed data types:
    usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication and process data (e.g. IP addresses, time stamps, identification numbers, persons involved); contact data (e.g. postal and e-mail addresses or telephone
    s); content data (e.g. textual or pictorial messages and posts as well as the information concerning them, such as information on authorship or time of creation). Inventory data (e.g. full name, home address, contact information, customer number, etc.).
  • Data subjects: Users (e.g. website visitors, users of online services); Beneficiaries and clients; Interested parties. Participants.
  • Purposes of Processing: Provision of our online services and usability; Profiles with user-related information (Creating user profiles); Communication; Office and organisational procedures. Marketing.
  • Storage and erasure: Erasure in accordance with the information in the ‘General information on data storage and erasure’ section. Storage of cookies for up to 2 years (unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing, procedures and services:

  • Integration of third-party software, scripts or frameworks (e.g. jQuery): We integrate software into our online offering that we retrieve from the servers of other providers (e.g. function libraries that we use to make our online offering more user-friendly).
    In doing so, the respective providers collect the IP address of the users and may process it for the purpose of transmitting the software to the user's browser, for security purposes, and for the evaluation and optimisation of their offer. - We integrate software into our online offer that we retrieve from the servers of other providers (e.g. function libraries that we use for the purpose of displaying or making our online offer user-friendly).
    In doing so, the respective providers collect the IP address of the user and may process it for the purpose of transmitting the software to the user's browser, for security purposes, and to evaluate and optimise their offer; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • YouTube videos: Video content; YouTube videos are embedded via a special domain (recognisable by the component ‘youtube-nocookie’) in the so-called ‘extended data protection mode’, whereby no cookies are collected on user activities in order to personalise the video playback. Nevertheless, information on the interaction of users with the video (e.g. remembering the last playback point) may be stored; service provider:
    Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal basis: consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); website: https://www.youtube.comprivacy policy: https://policies.google.com/privacybasis for third-country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - adequacy decision (Ireland).
  • Vimeo video player: Integration of a video player; service provider:
    Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO); Website: https://vimeo.comPrivacy Policy: https://vimeo.com/privacyData processing agreement: https://vimeo.com/enterpriseterms/
    dpaBasis for third-country transfers: EU/EEA - Standard Contractual Clauses (https://vimeo.com/enterpriseterms/dpa), Switzerland - Standard Contractual Clauses (https://vimeo.com/enterpriseterms/dpa).
  • eTermin: appointment planning, appointment management and contact management; service provider: eTermin GmbH, Mättivor 3, 6430 Schwyz, Switzerland; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO); website: https://www.etermin.net/privacy policy: https://www.etermin.net/online-terminbuchung-datenschutzorder processing
    contract: Provided by the service provider. Basis for third-country transfers: EU/EEA - adequacy decision (Switzerland).

Management, organisation and auxiliary tools

We use services, platforms and software from other providers (hereinafter referred to as ‘third-party providers’) for the purposes of organising, managing, planning and providing our services. When selecting third-party providers and their services, we observe the legal requirements.

In this context, personal data may be processed and stored on the servers of third-party providers. This may affect various data that we process in accordance with this data protection declaration. This data may include, in particular, master data and contact data of users, data on processes, contracts, other procedures and their contents.

If users are referred to third-party providers or their software or platforms in the context of communication, business or other relationships with us, the third-party providers may process usage data and metadata for security, service optimisation or marketing purposes. We therefore ask you to refer to the data protection notices of the respective third-party providers.

  • Types of data processed:
    content data (e.g. textual or pictorial messages and posts, as well as information relating to them, such as details of authorship or time of creation); usage data (e.g. page views and time spent on the page, click paths, frequency and intensity of use, types of device and operating systems used, interactions with content and functions); meta, communication and process data (e.g. IP addresses
    , time stamps, identification numbers, involved persons); Contact data (e.g. postal and e-mail addresses or telephone numbers); Inventory data (e.g. full name, residential address, contact information, customer number, etc.); Payment Data (e.g. bank details, invoices, payment history); Contract data (e.g. contract object, duration, customer category).
    Image and/or video recordings (e.g. photographs or video recordings of a person).
  • Special categories of personal data: Health data.
  • Data subjects: Communication partners; Users (e.g. website visitors, users of online services); Business and contractual partners. Patients.
  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations. Office and organisational procedures.
  • Storage and deletion: Deletion as described in the section ‘General information on data storage and deletion’.
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing, procedures and services:

  • Doodle: online appointment scheduling and management; service provider: Doodle AG, Werdstrasse 21, P.O. Box, 8021 Zurich, Switzerland; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); website: https://doodle.com/de/privacy policy: https://doodle.com/de/privacy-policy/.
    Basis for third-country transfers: EU/EEA - adequacy decision (Switzerland).
  • AI software (on your own server): use of ‘artificial intelligence’ in the respective legal sense of the term, i.e. in particular software based on certain logic and essentially autonomously to understand and generate natural language or other inputs as well as data; to analyse information and make predictions; service provider:
    execution on servers and/or computers under its own data protection responsibility; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • Appointmed: Practice software (appointment booking and management, patient files, video consultations, billing); Service provider: appointmed GmbH, Tannengasse 3/12, 1150 Vienna, Austria; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO); Website: https://www.appointmed.comPrivacy Policy: https://www.appointmed.
    com/impressum#datenschutzerklaerung-0Data processing agreement: Provided by the service provider; Basis for third-country transfers: Switzerland – adequacy decision (Austria). Further information: https://www.appointmed.com/sicherheit-und-datenschutz.

Amendments and updates

We ask you to regularly review the content of our data protection declaration. We will amend the data protection declaration as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or any other individual notification.

If we provide addresses and contact information for companies and organisations in this data protection declaration, please note that the addresses may change over time and please check the information before contacting us.

Definitions

This section provides an overview of the terms used in this privacy policy. Insofar as the terms are legally defined, their legal definitions apply. The following explanations, on the other hand, are intended primarily for comprehension.

  • Affiliate tracking: As part of affiliate tracking, links are logged that the linking websites use to refer users to websites with product or other offers. The operators of the respective linking websites may receive a commission if users follow these so-called affiliate links and subsequently take advantage of the offers (e.g. buy goods or services).
    To do this, it is necessary for the providers to be able to track whether users who are interested in certain offers subsequently take advantage of them at the instigation of the affiliate links. Therefore, for affiliate links to function properly, it is necessary that they be supplemented with certain values that become part of the link or are otherwise stored, e.g. in a cookie.
    The values include, in particular, the source website (referrer), the time, an online identifier for the website operator on which the affiliate link was located, an online identifier for the respective offer, an online identifier for the user and tracking-specific values, such as advertising material ID, partner ID and categorisations.
  • Inventory data: Inventory data includes essential information necessary for the identification and administration of contractual partners, user accounts, profiles and similar assignments. This data may include personal and demographic information such as names, contact information (addresses, telephone numbers, email addresses), dates of birth and specific identifiers (user IDs).
    Inventory data forms the basis for any formal interaction between persons and services, facilities or systems by enabling clear assignment and communication.
  • Content data: Content data includes information generated in the course of creating, editing and publishing content of all kinds. This category of data can include text, images, videos, audio files and other multimedia content published on different platforms and media.
    Content data is not limited to the actual content, but also includes metadata that provides information about the content itself, such as tags, descriptions, author information and publication data.
  • Contact data: Contact data is essential information that enables communication with individuals or organisations. It includes, among other things, telephone numbers, postal addresses and email addresses, as well as means of communication such as social media handles and instant messaging identifiers.
  • Conversion tracking: Conversion tracking (also known as ‘visitor action evaluation’) is a process that can be used to determine the effectiveness of marketing measures. To do this, a cookie is usually stored on the user's device within the websites on which the marketing measures take place and then retrieved again on the target website.
    For example, this enables us to track whether the ads we have placed on other websites have been successful.
  • Artificial intelligence (AI): The purpose of processing data using artificial intelligence (AI) includes the automated analysis and processing of user data to recognise patterns, make predictions and improve the efficiency and quality of our services.
    This includes the collection, cleansing and structuring of data, the training and application of AI models, and the continuous review and optimisation of the results, and is carried out exclusively with the consent of the user or on the basis of legal permission.
  • Meta, communication and process data: Meta, communication and process data are categories that contain information about the way data is processed, transmitted and managed. Meta data, also known as data about data, includes information that describes the context, origin and structure of other data.
    They may include information such as file size, creation date, document author and change histories. Communication data records the exchange of information between users across various channels, such as email traffic, call logs, social network messages and chat histories, including the people involved, timestamps and transmission paths.
    Procedural data describes the processes and procedures within systems or organisations, including workflow documentation, transaction and activity logs, and audit logs used to track and verify operations.
  • Usage Data: Usage data refers to information that captures how users interact with digital products, services or platforms. This data includes a wide range of information that shows how users use applications, which functions they prefer, how long they spend on certain pages and which paths they navigate through an application.
    Usage data may also include the frequency of use, timestamps of activities, IP addresses, device information and location data. They are particularly valuable for analysing user behaviour, optimising user experiences, personalising content and improving products or services. In addition, usage data plays a crucial role in identifying trends, preferences and possible problem areas within digital offerings
  • Personal data: ‘Personal data’ means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the
    that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Profiles with user-related information:
    The processing of ‘profiles with user-related information’, or ‘profiles’ for short, includes any type of automated processing of personal data that consists of using this personal data to analyse, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include different information regarding demographics, behaviour and interests, such as interaction with websites and their content, etc.)
    evaluate or predict (e.g. interests in certain content or products, click behaviour on a website or location). Cookies and web beacons are often used for profiling purposes.
  • Log data: Log data is information about events or activities that have been logged in a system or network. This data typically includes information such as timestamps, IP addresses, user actions, error messages and other details about the use or operation of a system. Log data is often used to analyse system problems, for security monitoring or to create performance reports.
  • Reach measurement: Reach measurement (also referred to as web analytics) is used to evaluate the visitor flows of an online offering and may include the behaviour or interests of visitors in certain information, such as the content of websites. With the help of reach analysis, operators of online offerings can, for example, see at what time users visit their websites and what content they are interested in.
    This enables them, for example, to better adapt the content of their websites to the needs of their visitors. Pseudonymous cookies and web beacons are often used for reach analysis in order to recognise returning visitors and thus obtain more precise analyses of the use of an online service.
  • Tracking: ‘Tracking’ is when the behaviour of users can be traced across several online offers. As a rule, information on behaviour and interests is stored in cookies or on the servers of the tracking technology providers with regard to the online offers used (so-called profiling). This information can then be used, for example, to display advertisements to users that are likely to correspond to their interests.
  • Controller: The ‘controller’ is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing: ‘Processing’ is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and encompasses practically every handling of data, be it collection, evaluation, storage, transmission or deletion.
  • Contract data: Contract data is specific information related to the formalisation of an agreement between two or more parties. It documents the terms under which services or products are provided, exchanged or sold. This data category is essential for managing and fulfilling contractual obligations and includes both the identification of the parties to the contract and the specific terms and conditions of the agreement.
    Contract data may include start and end dates of the contract, the type of services or products agreed, pricing arrangements, payment terms, cancellation rights, renewal options and special terms or clauses. They serve as the legal basis for the relationship between the parties and are crucial for clarifying rights and obligations, enforcing claims and resolving disputes.
  • Payment Data: Payment data includes all information needed to process payment transactions between buyers and sellers. This data is crucial for e-commerce, online banking and any other form of financial transaction.
    They include details such as credit card numbers, bank account information, payment amounts, transaction dates, verification numbers and billing information. Payment data may also include information about payment status, chargebacks, authorisations and fees.
  • Target group formation: Custom audiences are used to define target groups for advertising purposes, e.g. to display advertisements. For example, based on a user's interest in certain products or topics on the internet, it can be concluded that this user is interested in advertisements for similar products or the online shop where they viewed the products.
    The term ‘lookalike audiences’ (or similar target groups) is used when the content deemed suitable is displayed to users whose profiles or interests presumably correspond to the users for whom the profiles were formed. As a rule, cookies and web beacons are used to create custom audiences and lookalike audiences.