HOMEABOUT MEPROGRAMSEVENTS & SPECIALS CONTACT
de en
Headerbild Datenschutz

Privacy Policy

Privacy Policy


Preamble

With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter also briefly referred to as "data") we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, as well as within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering").

The terms used are not gender-specific.


Status: September 18, 2025


Translation from the original Legal text by Dr. Schwenke


Responsible Party

Bettina Hauschild

Rue de Praetere 36

B-1050 Brussels

Phone: +32 47 45 50 349

Email: info@bettinahauschild.com


Imprint: https://bettinahauschild.com/imprint


Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of processing, and refers to the affected persons.


Types of Processed Data


  • Master data
  • Payment data
  • Contact data
  • Content data
  • Contract data
  • Usage data
  • Meta, communication, and procedural data
  • Image and/or video recordings
  • Audio recordings
  • Log data


Categories of Affected Persons


  • Service recipients and clients
  • Employees
  • Prospects
  • Communication partners
  • Users
  • Business and contractual partners
  • Participants
  • Depicted persons
  • Third parties
  • Customers


Purposes of Processing


  • Provision of contractual services and fulfillment of contractual obligations
  • Communication
  • Security measures
  • Direct marketing
  • Reach measurement
  • Tracking
  • Office and organizational procedures
  • Conversion measurement
  • Audience targeting
  • Organizational and administrative procedures
  • Feedback
  • Surveys and questionnaires
  • Marketing
  • User-related profiling
  • Provision of our online offering and user experience
  • IT infrastructure
  • Financial and payment management
  • Public relations
  • Sales promotion
  • Business processes and management procedures
  • Artificial Intelligence (AI)



Applicable Legal Bases


Applicable legal bases under the GDPR: The following provides an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your country of residence or our country of operation. If, in individual cases, more specific legal bases are relevant, we will inform you of these in the privacy policy.

  • Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of personal data concerning them for one or more specific purposes.
  • Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided that the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, do not override those interests.

Applicable legal bases under the Swiss Data Protection Act (FADP): If you are located in Switzerland, we process your data based on the Federal Act on Data Protection (FADP). Unlike the GDPR, the Swiss FADP does not generally require that a legal basis be named for the processing of personal data, and processing must be carried out in good faith, lawfully, and proportionally (Art. 6(1) and (2) FADP). Additionally, personal data is collected only for a specific purpose recognizable to the data subject and processed only in a manner compatible with that purpose (Art. 6(3) FADP).


Note on the applicability of the GDPR and Swiss FADP: These privacy notices serve to provide information both under the Swiss FADP and the GDPR. For this reason, please note that the terms of the GDPR are used for broader applicability and better understandability. In particular, instead of the terms used in the Swiss FADP such as “processing” of “personal data”, “overriding interest”, and “sensitive personal data”, the terms used in the GDPR are applied: “processing” of “personal data”, “legitimate interest”, and “special categories of data”. The legal meaning of the terms, however, remains determined according to the Swiss FADP where applicable.


National data protection regulations in Belgium: In Belgium, in addition to the GDPR, national data protection regulations apply, including the Act on the Protection of Natural Persons with regard to the Processing of Personal Data.





Security Measures


We take appropriate technical and organizational measures, in accordance with legal requirements, taking into account the state of the art, the implementation costs, and the nature, scope, context and purposes of processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.


These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the related access, input, transfer, availability safeguarding and separation of data. In addition, we have implemented procedures to ensure the exercise of data subject rights, the deletion of data and responses to data threats. We also take the protection of personal data into account already during the development or selection of hardware, software and procedures in accordance with the principle of data protection through technology design and data protection-friendly default settings.


Securing online connections via TLS/SSL encryption technology (HTTPS):

To protect the data of users transmitted through our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user’s browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and in encrypted form.



Disclosure of Personal Data

In the course of processing personal data, it may occur that such data is transmitted to other entities, companies, legally independent organizations, or individuals, or otherwise disclosed to them. Recipients of this data may include, for example, service providers tasked with IT duties or providers of services and content integrated into a website. In such cases, we comply with the legal requirements and, in particular, enter into appropriate contracts or agreements with the recipients of your data to protect your data.



International Data Transfers


Data processing in third countries:

If we transfer data to a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using third-party services or disclosure/transfer of data to other persons, entities, or companies (which can be identified, for example, by the provider’s postal address or when the privacy policy explicitly refers to a transfer to third countries), this is always done in compliance with the legal requirements.

For data transfers to the United States, we primarily rely on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by the EU Commission’s adequacy decision of July 10, 2023. In addition, we have entered into Standard Contractual Clauses (SCCs) with the relevant providers, which comply with the requirements of the EU Commission and establish contractual obligations to protect your data.


This dual safeguard ensures comprehensive protection of your data: the DPF forms the primary protection level, while the SCCs serve as an additional security measure. Should any changes occur to the DPF, the SCCs act as a reliable fallback option. This ensures that your data remains appropriately protected even in the event of political or legal changes.


For each individual service provider, we will inform you whether they are certified under the DPF and whether Standard Contractual Clauses are in place. Further information on the DPF and a list of certified companies can be found on the U.S. Department of Commerce website (in English) at https://www.dataprivacyframework.gov/.


For data transfers to other third countries, equivalent security measures apply, in particular Standard Contractual Clauses, explicit consent, or legally required transfers. Information about third-country transfers and applicable adequacy decisions can be found on the EU Commission website:

https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.



General Information on Data Retention and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consents are withdrawn or when no other legal grounds for processing exist. This applies in cases where the original purpose of processing no longer applies or the data is no longer needed. Exceptions to this rule exist if legal obligations or specific interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons, will be archived accordingly.

Our privacy notices may contain additional information on the retention and deletion of data, specifically applicable to certain processing activities.

If multiple retention periods or deletion deadlines are specified for a particular type of data, the longest period always takes precedence. Data that is no longer needed for its original purpose but must be retained due to legal requirements or other reasons will be processed solely for the purposes justifying its retention.

Retention and Deletion of Data – Swiss Law:

  • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, accounting vouchers and invoices, as well as all required work instructions and other organizational documents
  • (Art. 958f of the Swiss Code of Obligations, OR).
  • 10 years – Data necessary for considering potential claims for damages or similar contractual claims and rights, as well as for handling related inquiries, based on previous business experience and standard industry practice, is stored for the statutory limitation period of ten years, unless a shorter limitation period of five years applies in certain cases (Art. 127, 130 OR).
  • After five years, claims become time-barred for rent, lease, and interest payments, as well as other periodic services; for the delivery of foodstuffs; for catering and tavern debts; for craftwork; for small-scale sale of goods; for medical treatment; for professional work by lawyers, legal agents, attorneys, and notaries; and for employment-related claims by employees (Art. 128 OR).
  • Commencement of periods at the end of the year:
  • If a time limit is not expressly tied to a specific date and is at least one year in length, it automatically begins at the end of the calendar year in which the event triggering the period occurred.
  • In the case of ongoing contractual relationships in which data is stored, the triggering event is the effective date of termination or other cessation of the legal relationship.


Rights of Data Subjects

Rights of Data Subjects under the GDPR

As a data subject under the GDPR, you have various rights, in particular those set out in Articles 15 to 21 GDPR:

  • Right to Object: You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you that is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw any consent you have given at any time.
  • Right of Access: You have the right to request confirmation as to whether data concerning you is being processed, to obtain information about this data, and to receive a copy of the data in accordance with legal requirements.
  • Right to Rectification: You have the right, in accordance with legal requirements, to request the completion or correction of inaccurate data concerning you.
  • Right to Erasure and Restriction of Processing: You have the right, in accordance with legal requirements, to request that data concerning you be erased without delay or, alternatively, to request restriction of processing of the data.
  • Right to Data Portability: You have the right, in accordance with legal requirements, to receive the data concerning you that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller.
  • Right to Lodge a Complaint with a Supervisory Authority: In accordance with legal requirements and without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State where you normally reside, where you work, or where the alleged infringement has occurred, if you believe that the processing of your personal data violates the GDPR.


Rights of Data Subjects under the Swiss Federal Act on Data Protection (FADP)

Under the provisions of the Swiss FADP, you are entitled to the following rights:

  • Right of Access: You have the right to request confirmation as to whether personal data concerning you is being processed and to obtain the information necessary for you to exercise your rights under this Act and to ensure transparent data processing.
  • Right to Data Delivery or Transfer: You have the right to request the release of your personal data, which you have provided to us, in a commonly used electronic format.
  • Right to Rectification: You have the right to request the correction of inaccurate personal data concerning you.
  • Right to Object, Erasure, and Destruction: You have the right to object to the processing of your data and to request that your personal data be erased or destroyed.


Business Services

We process data of our contractual and business partners, e.g. customers and prospective customers (collectively referred to as “contractual partners”), within the scope of contractual and comparable legal relationships as well as related measures and for communication with the contractual partners (including pre-contractual), for example to respond to inquiries.

We use this data to fulfill our contractual obligations. This includes, in particular, the duties to provide the agreed services, any update obligations, and remedies in the event of warranty or other service disruptions. Furthermore, we use the data to protect our rights and for administrative tasks associated with these obligations and for corporate organization. In addition, we process the data on the basis of our legitimate interests in proper and cost-effective business management as well as in security measures to protect our contractual partners and our business operations from misuse, risks to their data, trade secrets, information, and rights (e.g., involving telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only pass on data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed of further forms of processing, such as for marketing purposes, within this privacy policy.

We inform contractual partners which data is required for the aforementioned purposes before or during the data collection process, e.g. in online forms, by special markings (e.g. colors) or symbols (e.g. asterisks), or personally.


We delete the data after the expiry of statutory warranty and comparable obligations, i.e. generally after four years, unless the data is stored in a customer account, e.g., as long as it must be retained for statutory archiving purposes (for tax purposes usually ten years). Data disclosed to us by the contractual partner in the context of an order will be deleted in accordance with the specifications and generally after completion of the order.


Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and e-mail addresses or phone numbers); contractual data (e.g., subject matter of the contract, duration, customer category); usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved); content data (e.g., text or image messages and posts as well as related information such as authorship or time of creation).

Data subjects: Service recipients and clients; prospective customers; business and contractual partners; users (e.g., website visitors, users of online services).

Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; communication; office and organizational procedures; organizational and administrative procedures; business processes and economic procedures; provision of our online offering and user-friendliness.

Retention and deletion: Deletion in accordance with the information in the section “General information on data retention and deletion.”

Legal bases: Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); legal obligation (Art. 6(1)(c) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Further notes on processing operations, procedures and services:

Online shop, order forms, e-commerce and fulfillment of services: We process the data of our customers to enable them to select, purchase, or order the chosen products, goods as well as related services, and to enable their payment and provision, delivery or execution. Where necessary for the fulfillment of an order, we use service providers, in particular postal, freight and shipping companies, to carry out the delivery or performance to our customers. For processing payment transactions, we use the services of banks and payment service providers. The required information is identified as such during the ordering or comparable acquisition process and includes the information required for delivery, provision and invoicing as well as contact information in order to be able to consult with the customer if necessary; Legal basis: Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Coaching: We process the data of our clients as well as interested parties and other clients or contractual partners (collectively referred to as "clients") in order to provide our services to them. The procedures carried out within the framework and for the purposes of coaching include: contacting and communicating with clients, needs analysis to determine suitable coaching measures, planning and conducting coaching sessions, documenting coaching progress, recording and managing client-specific information and data, scheduling and organizing appointments, providing coaching materials and resources, billing and payment management, follow-up and aftercare of coaching sessions, quality assurance and feedback processes.

The processed data, the type, scope, purpose and necessity of their processing are determined by the underlying contract and client relationship.

If it is necessary for the fulfillment of our contract, to protect vital interests or required by law, or if the client has given consent, we disclose or transmit the clients' data, subject to professional legal requirements, to third parties or agents, such as authorities, billing offices and in the area of IT, office or similar services; Legal basis: Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Consulting: We process the data of our clients as well as interested parties and other clients or contractual partners (collectively referred to as "clients") in order to provide our services to them. The procedures carried out within the framework and for the purposes of consulting include: contacting and communicating with clients, conducting needs and requirements analyses, planning and implementation of consulting projects, documenting project progress and results, recording and managing client-specific information and data, scheduling and organizing appointments, providing consulting resources and materials, billing and payment management, follow-up of consulting projects, quality assurance and feedback processes.

The processed data, type, scope, purpose and necessity of their processing are determined by the underlying contract and client relationship.

If it is necessary for the fulfillment of our contract, to protect vital interests or required by law, or if the client has given consent, we disclose or transmit the clients' data, subject to professional legal requirements, to third parties or agents, such as authorities, subcontractors or in the area of IT, office or similar services; Legal basis: Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Worldsoft: Services in the field of providing IT infrastructure and related services (e.g., storage space and/or computing capacities); Service provider: Worldsoft AG, Summelenweg 91, CH-8808 Pfäffikon SZ, Switzerland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://worldsoft.info/; Privacy Policy: https://worldsoft.info/datenschutz; Data Processing Agreement: https://worldsoft.info/datensicherheit.



Business Processes and Procedures

Personal data of service recipients and clients – including customers, clients, or, in special cases, principals, patients, or business partners as well as other third parties – is processed in the context of contractual and comparable legal relationships and pre-contractual measures such as the initiation of business relationships. This data processing supports and facilitates economic processes in areas such as customer management, sales, payment transactions, accounting, and project management.

The collected data is used to fulfill contractual obligations and to organize business processes efficiently. This includes the execution of business transactions, management of customer relationships, optimization of sales strategies, and the safeguarding of internal accounting and financial processes. Additionally, the data helps protect the controller’s rights and supports administrative tasks and the organization of the company.

Personal data may be shared with third parties where this is necessary to fulfill the purposes mentioned or to meet legal obligations. After the expiry of statutory retention periods or once the purpose of the processing no longer applies, the data will be deleted. This also includes data that must be stored longer due to tax law and statutory documentation obligations.

Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and e-mail addresses or phone numbers); content data (e.g., text or image messages and posts as well as related information such as authorship or time of creation); contractual data (e.g., subject matter of the contract, duration, customer category); log data (e.g., log files relating to logins or the retrieval of data or access times); usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).

Data subjects: Service recipients and clients; prospective customers; communication partners; business and contractual partners; third parties; users (e.g., website visitors, users of online services); employees (e.g., staff, applicants, temporary staff and other employees); customers.

Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; office and organizational procedures; business processes and economic procedures; communication; marketing; sales promotion; public relations; financial and payment management; information technology infrastructure (operation and provision of information systems and technical devices such as computers, servers, etc.); provision of our online offering and user-friendliness.

Retention and deletion: Deletion in accordance with the information in the section “General information on data retention and deletion.”

Legal bases: Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR); legal obligation (Art. 6(1)(c) GDPR).

Further notes on processing operations, procedures and services:

Customer Management and Customer Relationship Management (CRM): Procedures required in the context of customer management and customer relationship management (CRM) (e.g., customer acquisition in compliance with data protection requirements, measures to promote customer loyalty and retention, effective customer communication, complaint management and customer service with consideration of data protection, data management and analysis to support the customer relationship, management of CRM systems, secure account management, customer segmentation and target group formation); Legal bases: Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

Contact Management and Contact Maintenance: Procedures required for organizing, maintaining and securing contact information (e.g., setting up and maintaining a central contact database, regular updates of contact information, monitoring data integrity, implementing data protection measures, ensuring access controls, performing backups and restoring contact data, training employees in the effective use of contact management software, regular review of communication history and adjustment of contact strategies); Legal bases: Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

General Payment Transactions: Procedures required for carrying out payment transactions, monitoring bank accounts and controlling payment flows (e.g., creation and verification of transfers, processing of direct debits, checking of account statements, monitoring of incoming and outgoing payments, management of returned direct debits, account reconciliation, cash management); Legal bases: Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

Accounting, Accounts Payable, Accounts Receivable: Procedures required for recording, processing and monitoring business transactions in the field of accounts payable and accounts receivable (e.g., creation and verification of incoming and outgoing invoices, monitoring and management of open items, processing of payment transactions, handling of dunning procedures, account reconciliation in the context of receivables and payables, accounts payable and accounts receivable accounting); Legal bases: Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), legal obligation (Art. 6(1)(c) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

Financial Accounting and Taxes: Procedures required for recording, managing and monitoring financially relevant business transactions as well as for the calculation, reporting and payment of taxes (e.g., account assignment and posting of business transactions, preparation of quarterly and annual financial statements, execution of payment transactions, handling of dunning procedures, account reconciliation, tax advice, preparation and submission of tax returns, handling of tax matters); Legal bases: Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), legal obligation (Art. 6(1)(c) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

Marketing, Advertising and Sales Promotion: Procedures required in the context of marketing, advertising and sales promotion (e.g., market analysis and target group determination, development of marketing strategies, planning and implementation of advertising campaigns, design and production of advertising materials, online marketing including SEO and social media campaigns, event marketing and trade fair participation, customer loyalty programs, sales promotion measures, performance measurement and optimization of marketing activities, budget management and cost control); Legal bases: legitimate interests (Art. 6(1)(f) GDPR).

Public Relations: Procedures required in the context of public relations (e.g., development and implementation of communication strategies, planning and execution of PR campaigns, creation and distribution of press releases, maintenance of media contacts, monitoring and analysis of media response, organization of press conferences and public events, crisis communication, creation of content for social media and corporate websites, management of corporate branding); Legal bases: legitimate interests (Art. 6(1)(f) GDPR).

Worldsoft: Services in the field of providing IT infrastructure and related services (e.g., storage space and/or computing capacities); Service provider: Worldsoft AG, Summelenweg 91, CH-8808 Pfäffikon SZ, Switzerland; Legal bases: legitimate interests (Art. 6(1)(f) GDPR); Website: https://worldsoft.info/; Privacy Policy: https://worldsoft.info/datenschutz; Data Processing Agreement: https://worldsoft.info/datensicherheit


Payment Methods


As part of contractual and other legal relationships, as well as on the basis of our legitimate interests, we offer secure and efficient payment options and use banks, credit institutions and other service providers for this purpose (collectively referred to as “payment service providers”).

The data processed by the payment service providers may include customer details such as name and address, banking information such as account or credit card numbers, passwords, TANs and checksums, as well as contract-, amount- and recipient-related information. These details are required to process transactions. However, the entered data are processed and stored only by the payment service providers. We do not receive any account or credit card details—only confirmation that the payment has been approved or a notification of failure. Payment service providers may forward data to credit reference agencies to verify identity and creditworthiness. Please refer to the terms and privacy policies of the respective payment service providers for more information.

The business terms and privacy notices of the respective payment service providers—available on their websites or in their transaction applications—apply to payment processing. These documents also provide information about exercising rights of withdrawal, access and other data subject rights.

Types of data processed: Customer data (e.g. full name, address, contact details, customer number); payment data (e.g. bank details, invoices, payment history); contract data (e.g. contract subject, duration, customer category); usage data (e.g. page views, dwell time, click paths, usage frequency and intensity, device types and operating systems, interactions with content and functions); meta, communication and process data (e.g. IP addresses, timestamps, identifiers, persons involved).

Data subjects: Service recipients and clients; business and contractual partners; prospects.

Purpose of processing: Fulfilment of contractual obligations and provision of contractual services; business processes and administrative operations.

Retention and deletion: Data are deleted in accordance with the details set out in the section “General Information on Data Retention and Deletion.”

Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6 (1) (b) GDPR); legitimate interests (Art. 6 (1) (f) GDPR).

Additional information on specific services:

  • PayPal: Online payment services (e.g. PayPal, PayPal Plus, Braintree).
  • Provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
  • Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6 (1) (b) GDPR).
  • Website: https://www.paypal.com/de.
  • Privacy Policy: https://www.paypal.com/de/legalhub/paypal/privacy-full.
  • Stripe: Online payment services (technical integration of online payment methods).
  • Provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA.
  • Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6 (1) (b) GDPR).
  • Website: https://stripe.com.
  • Privacy Policy: https://stripe.com/de/privacy.
  • Data transfer basis for third countries: EU/EEA – Data Privacy Framework (DPF), Switzerland – Data Privacy Framework (DPF).



Provision of Online Services and Web Hosting

We process users’ data in order to provide our online services. For this purpose, we process the user’s IP address, which is necessary to deliver the content and functions of our online services to the user’s browser or device.

Types of data processed:

Usage data (e.g. page views and dwell time, click paths, frequency and intensity of use, device types and operating systems, interactions with content and features);

meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, persons involved);

log data (e.g. log files regarding logins, data retrieval or access times);

content data (e.g. text or image messages and posts as well as related information such as author details or time of creation).

Data subjects: Users (e.g. website visitors, users of online services).

Purpose of processing: Provision of our online services and ensuring user-friendliness; operation and provision of IT infrastructure (computers, servers, etc.); security measures.

Retention and deletion: Data are deleted in accordance with the details set out in the section “General Information on Data Retention and Deletion.”

Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing activities, procedures and services:

  • Provision of the online services on rented servers:
  • We use storage space, computing capacity and software that we rent or otherwise obtain from an appropriate server provider (“web host”).
  • Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).
  • Collection of access data and log files:
  • Access to our online services is logged in the form of so-called “server log files”. These may include the address and name of retrieved web pages and files, the date and time of access, transferred data volumes, messages about successful retrieval, browser type and version, the user’s operating system, the referrer URL (the previously visited page), and usually IP addresses and the requesting provider.
  • The server log files can be used for security purposes, for example to avoid server overload (especially in the event of abusive attacks such as DDoS attacks) and to ensure server performance and stability.
  • Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).
  • Data deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that must be retained as evidence are excluded from deletion until the respective incident has been fully clarified.
  • Email transmission and hosting:
  • Our web hosting services also include the sending, receiving and storing of emails. For these purposes, the recipients’ and senders’ addresses, as well as other information related to email transmission (e.g. the providers involved) and the content of the respective emails, are processed. The above data may also be processed for spam detection purposes.
  • Please note that emails sent over the Internet are generally not encrypted. Usually emails are encrypted during transport, but—unless end-to-end encryption is used—emails are not encrypted on the servers from which they are sent or received. We therefore cannot accept responsibility for the transmission path of emails between the sender and our server.
  • Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).
  • Worldsoft: Services in the field of IT infrastructure and related services (e.g. storage space and/or computing capacity).
  • Provider: Worldsoft AG, Summelenweg 91, CH-8808 Pfäffikon SZ, Switzerland.
  • Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).
  • Website: https://worldsoft.info/.
  • Privacy Policy: https://worldsoft.info/datenschutz.
  • Data Processing Agreement: https://worldsoft.info/datensicherheit.


Use of Cookies

The term “cookies” refers to functions that store and retrieve information on users’ devices. Cookies can be used for different purposes, such as ensuring the functionality, security and convenience of online services, and for analyzing visitor traffic. We use cookies in accordance with legal requirements. Where necessary, we obtain users’ consent in advance. If consent is not required, we rely on our legitimate interests. This applies when the storage and retrieval of information is strictly necessary to provide explicitly requested content and features—for example, storing settings or ensuring the functionality and security of our online services. Consent can be withdrawn at any time. We provide clear information on the scope of use and the cookies employed.

Notes on legal bases under data protection law:

Whether we process personal data using cookies depends on whether we have obtained consent. Where consent has been granted, it serves as the legal basis. Without consent, we rely on our legitimate interests, as described in this section and in the context of the respective services and procedures.

Retention period: We distinguish between the following types of cookies:

  • Temporary cookies (also known as session cookies): These are deleted at the latest after a user has left an online service and closed their device (e.g. browser or mobile application).
  • Permanent cookies: These remain stored even after the device has been closed. For example, a login status can be saved and preferred content displayed immediately when the user revisits a website. Likewise, usage data collected by cookies can be used for audience measurement. Unless we provide users with explicit details about the type and retention period of cookies (e.g. when obtaining consent), they should assume that these are permanent and may be stored for up to two years.

General information on withdrawal and objection (opt-out):

Users can withdraw their consent at any time and can also object to processing in accordance with legal requirements, including through their browser’s privacy settings.

Types of data processed:

Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, persons involved);

content data (e.g. text or image messages and posts as well as related information such as author details or time of creation);

usage data (e.g. page views and dwell time, click paths, frequency and intensity of use, device types and operating systems, interactions with content and features).

Data subjects: Users (e.g. website visitors, users of online services).

Purpose of processing: Provision of our online services and ensuring user-friendliness.

Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR); Consent (Art. 6 (1) (a) GDPR).

Further information on processing activities, procedures and services:

  • Processing of cookie data based on consent:
  • We use a consent management solution to obtain users’ consent for the use of cookies or for the procedures and providers specified in the consent management solution. This procedure serves to collect, record, manage and withdraw consents, in particular with regard to the use of cookies and comparable technologies that store, retrieve and process information on users’ devices.
  • Within this process, users’ consents for the use of cookies and related processing activities—including the specific processing operations and providers mentioned in the consent management procedure—are collected. Users can also manage and withdraw their consents.
  • The consent statements are stored to avoid repeated requests and to demonstrate proof of consent in compliance with legal requirements. Storage takes place server-side and/or in a cookie (so-called opt-in cookie) or by comparable technologies to assign the consent to a specific user or their device.
  • Unless specific information on the providers of consent management services is given, the following general notes apply: The duration of consent storage is up to two years. A pseudonymous user identifier is created and stored along with the time of consent, details about the scope of consent (e.g. the relevant categories of cookies and/or service providers), and information about the browser, system and device used.
  • Legal basis: Consent (Art. 6 (1) (a) GDPR).
  • Worldsoft:
  • Services in the field of IT infrastructure and related services (e.g. storage space and/or computing capacity).
  • Provider: Worldsoft AG, Summelenweg 91, CH-8808 Pfäffikon SZ, Switzerland.
  • Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).
  • Website: https://worldsoft.info/.
  • Privacy Policy: https://worldsoft.info/datenschutz.
  • Data Processing Agreement: https://worldsoft.info/datensicherheit



Processing of Data within the Application (App)

We process users’ data insofar as it is necessary to provide the application and its functionalities, monitor its security, and further develop it. Additionally, we may contact users in compliance with legal requirements if communication is necessary for administration or use of the application. Otherwise, we refer to the privacy information in this privacy policy regarding the processing of users’ data.

Legal bases:

The processing of data required for providing the functionalities of the application serves the fulfillment of contractual obligations. This also applies when providing functionalities requires users’ permissions (e.g., enabling device functions). If the processing of data is not necessary for providing the functionalities but serves the security of the application or our legitimate business interests (e.g., data collection for optimizing the application or security purposes), it is based on our legitimate interests. If users are explicitly asked for their consent to process their data, processing of the data covered by consent is based on that consent.

Types of data processed:

  • Master data (e.g., full name, address, contact information, customer number, etc.)
  • Usage data (e.g., page views and dwell time, click paths, frequency and intensity of use, device types and operating systems, interactions with content and features)
  • Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved)
  • Payment data (e.g., bank details, invoices, payment history)
  • Contract data (e.g., contract subject, duration, customer category)
  • Content data (e.g., textual or visual messages and posts, as well as related information such as authorship or creation time)

Data subjects: Users (e.g., website visitors, users of online services)

Purposes of processing:

  • Provision of contractual services and fulfillment of contractual obligations
  • Security measures
  • Provision of our online services and user-friendliness

Retention and deletion: Deletion in accordance with the section “General Information on Data Storage and Deletion.”

Legal bases:

  • Contract performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR)
  • Legitimate interests (Art. 6 (1) (f) GDPR)

Further information on processing activities, procedures, and services:

  • Commercial use: We process data from users of our application, registered and any trial users (collectively referred to as “users”) to provide contractual services and, on the basis of legitimate interests, to ensure the security of our application and further develop it. Required data is marked as such within the context of usage, order, subscription, or comparable contractual processes and may include the information necessary to provide the service and for billing, as well as contact information for potential follow-ups. Legal bases: Contract performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR).
  • Device permissions for accessing functions and data: Using our application or its functionalities may require users’ permissions to access certain functions of their devices or data stored on or accessible through the devices. By default, users must grant these permissions, which can be revoked at any time in the settings of their devices. The exact procedure for controlling app permissions may depend on the user’s device and software. Users may contact us for clarification. Please note that denying or revoking permissions may affect the functionality of our application.
  • Worldsoft: Services in the field of IT infrastructure and related services (e.g., storage space and/or computing capacities).
  • Provider: Worldsoft AG, Summelenweg 91, CH-8808 Pfäffikon SZ, Switzerland.
  • Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).
  • Website: https://worldsoft.info/
  • Privacy Policy: https://worldsoft.info/datenschutz
  • Data Processing Agreement: https://worldsoft.info/datensicherheit



Blogs and Publication Media

We use blogs or comparable online communication and publication tools (hereinafter referred to as "publication media"). Reader data is processed for the purposes of the publication media only to the extent necessary for its presentation, communication between authors and readers, or for security reasons. Otherwise, we refer to the information on processing visitors’ data within the context of this privacy policy.

Types of data processed:

  • Master data (e.g., full name, address, contact information, customer number, etc.)
  • Contact data (e.g., postal and email addresses or phone numbers)
  • Content data (e.g., textual or visual messages and posts, as well as related information such as authorship or creation time)
  • Usage data (e.g., page views and dwell time, click paths, frequency and intensity of use, device types and operating systems, interactions with content and features)
  • Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved)

Data subjects: Users (e.g., website visitors, users of online services)

Purposes of processing:

  • Feedback (e.g., collecting feedback via online forms)
  • Provision of our online services and user-friendliness

Retention and deletion: Deletion in accordance with the section “General Information on Data Storage and Deletion.”

Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR)

Further information on processing activities, procedures, and services



Contact and Inquiry Management

When contacting us (e.g., by post, contact form, email, telephone, or via social media) as well as within the scope of existing user and business relationships, the data of the inquiring persons is processed to the extent necessary to respond to contact requests and any requested measures.

Types of data processed:

  • Master data (e.g., full name, address, contact information, customer number, etc.)
  • Contact data (e.g., postal and email addresses or phone numbers)
  • Content data (e.g., textual or visual messages and posts, as well as related information such as authorship or creation time)
  • Usage data (e.g., page views and dwell time, click paths, frequency and intensity of use, device types and operating systems, interactions with content and functions)
  • Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved)

Data subjects: Communication partners; Users (e.g., website visitors, users of online services)

Purposes of processing:

  • Communication
  • Organizational and administrative procedures
  • Feedback (e.g., collecting feedback via online forms)
  • Provision of our online services and user-friendliness

Retention and deletion: Deletion in accordance with the section “General Information on Data Storage and Deletion.”

Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR); Fulfillment of contracts and pre-contractual inquiries (Art. 6 (1) (b) GDPR)

Further information on processing activities, procedures, and services:

  • Contact form: When contacting us via our contact form, email, or other communication channels, we process the personal data provided to respond to and handle the respective request. This generally includes information such as name, contact details, and, if applicable, additional information provided that is necessary for proper processing. We use this data solely for the specified purpose of contact and communication.
  • Legal bases: Fulfillment of contracts and pre-contractual inquiries (Art. 6 (1) (b) GDPR); Legitimate interests (Art. 6 (1) (f) GDPR)
  • Worldsoft: Services in the field of IT infrastructure and related services (e.g., storage space and/or computing capacities)
  • Provider: Worldsoft AG, Summelenweg 91, CH-8808 Pfäffikon SZ, Switzerland
  • Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR)
  • Website: https://worldsoft.info/
  • Privacy Policy: https://worldsoft.info/datenschutz
  • Data Processing Agreement: https://worldsoft.info/datensicherheit



Communication via Messenger

We use messengers for communication purposes and therefore ask you to observe the following information regarding the functionality of messengers, encryption, the use of communication metadata, and your options for objection.

You can also contact us through alternative channels, e.g., via telephone or email. Please use the contact options provided to you or those indicated within our online services.

In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we point out that the communication contents (i.e., the message content and attached images) are encrypted end-to-end. This means that the contents of the messages cannot be viewed, not even by the messenger providers themselves. You should always use the latest version of the messenger with encryption enabled to ensure the protection of message contents.

However, we additionally inform our communication partners that while messenger providers cannot view the content, they can determine if and when communication with us occurs, as well as technical information about the devices used by the communication partners and, depending on the device settings, also location information (so-called metadata).

Information on legal bases: If we ask communication partners for permission before communicating with them via messenger, the legal basis for processing their data is their consent. Otherwise, if we do not request consent and, for example, you contact us voluntarily, we use messengers in relation to our contractual partners and in the context of contract initiation as a contractual measure, and in the case of other interested parties and communication partners based on our legitimate interests in fast and efficient communication and in meeting the needs of our communication partners via messenger. We also note that we do not initially transmit the contact data provided by you to the messengers without your consent.

Revocation, objection, and deletion: You can revoke any given consent at any time and object to communication with us via messenger at any time. In the case of communication via messenger, we delete messages according to our general deletion policies (i.e., as described above, after the end of contractual relationships, in the context of archival requirements, etc.) and otherwise as soon as we assume that any inquiries from communication partners have been answered, if no reference to a previous conversation is expected, and if no statutory retention obligations prevent deletion.

Reservation regarding alternative communication channels: To ensure your safety, please understand that, for certain reasons, we may not be able to respond to requests via messenger. This applies in situations where, for example, contractual details must be treated as highly confidential or a response via messenger does not meet formal requirements. In such cases, we recommend using more appropriate communication channels.

Types of data processed:

  • Contact data (e.g., postal and email addresses or phone numbers)
  • Content data (e.g., textual or visual messages and posts, including information about authorship or creation time)
  • Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions)
  • Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved)

Data subjects: Communication partners

Purposes of processing: Communication; Direct marketing (e.g., via email or postal mail)

Retention and deletion: Deletion in accordance with the section “General Information on Data Storage and Deletion.”

Legal bases: Consent (Art. 6 (1) (a) GDPR); Fulfillment of contracts and pre-contractual inquiries (Art. 6 (1) (b) GDPR); Legitimate interests (Art. 6 (1) (f) GDPR)

Further information on processing activities, procedures, and services:

  • Instagram: Sending messages via the social network Instagram; Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/
  • Facebook Messenger: Sending and receiving text messages, voice and video calls, creating group chats, sharing files and media, transmitting location information, synchronizing contacts, message encryption; Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/; Data Processing Agreement: https://www.facebook.com/legal/terms/dataprocessing; Third-country transfer basis: EU/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses (link), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (link)
  • WhatsApp: Text messages, voice and video calls, sending images, videos, and documents, group chat function, end-to-end encryption for enhanced security; Provider: WhatsApp Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.whatsapp.com; Privacy Policy: https://www.whatsapp.com/legal; Third-country transfer basis: EU/EEA - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF)


Push Notifications

With the consent of users, we can send so-called "push notifications." These are messages displayed on users' screens, devices, or browsers, even when our online service is not actively in use.

To subscribe to push notifications, users must confirm the prompt from their browser or device to receive push notifications. This consent process is documented and stored. Storage is necessary to determine whether users have agreed to receive push notifications and to provide proof of consent. For this purpose, a pseudonymous identifier of the browser (so-called "push token") or the device ID of an end device is stored.

Push notifications may be required to fulfill contractual obligations (e.g., technical and organizational information relevant to the use of our online services) and otherwise, unless otherwise stated below, are sent based on the users’ consent. Users can change their push notification preferences at any time via the notification settings of their respective browsers or devices.

Content: Information about me, my services, offers, and promotions

Data types processed:

  • Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions)
  • Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved)
  • Content data (e.g., textual or visual messages and posts, including information about authorship or creation time)

Data subjects: Communication partners; Users (e.g., website visitors, users of online services)

Purposes of processing: Communication; Provision and user-friendliness of our online services; Direct marketing (e.g., via email or postal mail)

Retention and deletion: Deletion in accordance with the section “General Information on Data Storage and Deletion.” Deletion after termination.

Legal bases: Consent (Art. 6 (1) (a) GDPR); Legitimate interests (Art. 6 (1) (f) GDPR)

Further information on processing activities, procedures, and services:

  • Push notifications with advertising content: Push notifications sent by us may contain advertising information. Advertising push notifications are processed based on the users’ consent. If the content of the advertising push notifications is specifically described during the consent process, these descriptions are decisive for the user’s consent. Otherwise, our newsletters contain information about our services and ourselves; Legal basis: Consent (Art. 6 (1) (a) GDPR).
  • Worldsoft: Services in the area of providing IT infrastructure and related services (e.g., storage and/or computing capacities); Service provider: Worldsoft AG, Summelenweg 91, CH-8808 Pfäffikon SZ, Switzerland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://worldsoft.info/; Privacy Policy: https://worldsoft.info/datenschutz; Data Processing Agreement: https://worldsoft.info/datensicherheit



Artificial Intelligence (AI)

We use Artificial Intelligence (AI), which involves processing personal data. The specific purposes and our interest in using AI are described below. According to the term “AI system” under Article 3 (1) of the AI Regulation, AI refers to a machine-based system designed for partially autonomous operation, capable of adapting after deployment, and generating outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments.

Our AI systems are used in strict compliance with legal requirements, including both specific AI regulations and data protection provisions. We particularly adhere to the principles of lawfulness, transparency, fairness, human oversight, purpose limitation, data minimization, integrity, and confidentiality. We ensure that the processing of personal data always takes place on a legal basis, either by obtaining consent from the data subjects or through a legal authorization.

When using external AI systems, we carefully select the providers (hereinafter "AI providers"). In accordance with our legal obligations, we ensure that AI providers comply with applicable regulations. Likewise, we observe our obligations when using or operating the AI services obtained. The processing of personal data by us and the AI providers is carried out exclusively on the basis of consent or legal authorization, with special attention to transparency, fairness, and maintaining human oversight of AI-supported decision-making processes.

To protect the processed data, we implement appropriate and robust technical and organizational measures. These ensure the integrity and confidentiality of processed data and minimize potential risks. Through regular audits of AI providers and their services, we ensure continuous compliance with current legal and ethical standards.

Data types processed:

  • Content data (e.g., textual or visual messages and posts, including information about authorship or creation time)
  • Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions)

Data subjects: Users (e.g., website visitors, users of online services); Third parties

Purposes of processing: Artificial Intelligence (AI)

Retention and deletion: Deletion in accordance with the section “General Information on Data Storage and Deletion.”

Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR)

Further information on processing activities, procedures, and services:



Video Conferences, Online Meetings, Webinars, and Screen Sharing

We use platforms and applications from third-party providers (hereinafter referred to as "conference platforms") for the purpose of conducting video and audio conferences, webinars, and other types of video and audio meetings (hereinafter collectively referred to as "conference"). When selecting conference platforms and their services, we comply with legal requirements.

Data processed by conference platforms: During participation in a conference, the conference platforms process the following personal data of participants. The scope of processing depends on the data required for a specific conference (e.g., login details or real names) and any optional information provided by participants. In addition to processing for the execution of the conference, participant data may also be processed by the conference platforms for security purposes or service optimization. Processed data include personal information (first and last name), contact details (email address, phone number), access credentials (access codes or passwords), profile pictures, professional position/function, IP address of the internet connection, device information, operating system, browser and its technical and language settings, information about communication activities (e.g., chat entries, audio, and video data), as well as use of other available features (e.g., polls). Communication content is encrypted to the extent technically provided by the conference platform. If participants are registered as users on the conference platform, additional data may be processed according to the agreement with the respective conference provider.

Logging and recordings: If text entries, participation results (e.g., from polls), or video or audio recordings are logged, participants will be informed transparently in advance and, where required, asked for their consent.

Data protection measures for participants: Please review the privacy policies of the conference platforms regarding the processing of your data and select the optimal security and privacy settings within the platform’s settings. During a video conference, ensure data and privacy protection in your surroundings (e.g., by informing cohabitants, locking doors, and using, where technically possible, background blurring features). Links to conference rooms and access credentials must not be shared with unauthorized third parties.

Legal bases: If we process user data in addition to the conference platforms and request user consent for the use of the conference platforms or certain features (e.g., consent for recording conferences), the legal basis for processing is this consent. Additionally, processing may be necessary to fulfill our contractual obligations (e.g., participant lists, follow-up on discussion results, etc.). Otherwise, user data is processed based on our legitimate interests in efficient and secure communication with our communication partners.

Data types processed:

  • Master data (e.g., full name, address, contact information, customer number)
  • Contact data (e.g., postal and email addresses, phone numbers)
  • Content data (e.g., textual or visual messages and posts, including authorship or creation time)
  • Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions)
  • Image and/or video recordings (e.g., photographs or video recordings of a person)
  • Audio recordings
  • Log data (e.g., login logs, data retrieval or access times)

Data subjects: Communication partners; Users (e.g., website visitors, users of online services); Depicted persons

Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Communication; Office and organizational procedures

Retention and deletion: Deletion according to the section “General Information on Data Storage and Deletion.”

Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR)

Further information on processing activities, procedures, and services:

  • Zoom: Video conferences, online meetings, webinars, screen sharing, optional session recording, chat functionality, integration with calendars and other apps; Service provider: Zoom Video Communications, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://zoom.us; Privacy Policy: https://explore.zoom.us/de/privacy/; Data Processing Agreement: https://explore.zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf; Basis for third-country transfers: EU/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses (link), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (link)



Newsletters and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter referred to as “newsletters”) exclusively with the recipients’ consent or based on a legal basis. If the content of the newsletter is specified during subscription, this content is decisive for the user’s consent. Normally, providing your email address is sufficient to subscribe to our newsletter. However, to offer a personalized service, we may ask for your name for personal addressing in the newsletter or additional information if required for the purpose of the newsletter.

Deletion and limitation of processing: Unsubscribed email addresses may be stored for up to three years based on our legitimate interests before deletion, in order to prove previously given consent. Processing of this data is limited to defending potential claims. Individual deletion requests can be made at any time, provided that the former consent is confirmed. In cases where permanent compliance with objections is required, we may store the email address solely for this purpose on a blocklist.

The logging of the subscription process is based on our legitimate interests to prove its proper execution. If we engage a service provider to send emails, this is based on our legitimate interests in an efficient and secure delivery system.

Content: Information about me, my services, promotions, and offers.

Data types processed:

  • Master data (e.g., full name, address, contact information, customer number)
  • Contact data (e.g., postal and email addresses, phone numbers)
  • Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons)
  • Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions)
  • Content data (e.g., textual or visual messages and posts, including authorship or creation time)

Data subjects: Communication partners; Users (e.g., website visitors, users of online services)

Purposes of processing: Direct marketing (e.g., via email or post); Provision of contractual services and fulfillment of contractual obligations; Provision of our online offer and user-friendliness

Legal bases: Consent (Art. 6 (1) (a) GDPR); Legitimate interests (Art. 6 (1) (f) GDPR)

Opt-out: You can unsubscribe from our newsletter at any time, i.e., withdraw your consent or object to further receipt. A link to unsubscribe is provided at the end of each newsletter, or you can use one of the contact options provided above, preferably via email.

Further information on processing activities, procedures, and services:

  • Tracking of open and click rates: Newsletters may contain so-called “web beacons,” i.e., pixel-sized files retrieved from our server or that of a service provider upon opening the newsletter. During retrieval, technical information (e.g., browser and system information), your IP address, and the retrieval time are collected. These data are used to improve the newsletter technically and analyze reading behavior based on location (via IP) or access times. The analysis includes whether and when newsletters were opened and which links were clicked. The information is assigned to individual subscribers and stored in their profiles until deletion. This analysis helps us understand user reading habits and adapt content or send different content according to user interests. Tracking and storage of results are based on user consent. Separate revocation of tracking is not possible; the newsletter subscription must be canceled entirely, in which case stored profile information is deleted.
  • Requirement for free services: Consent to receive mailings may be a prerequisite for free services (e.g., access to specific content or participation in certain activities). If users wish to access free services without subscribing to the newsletter, they are asked to contact us.
  • Service provider: Worldsoft AG, Summelenweg 91, CH-8808 Pfäffikon SZ, Switzerland; Website: https://worldsoft.info; Privacy Policy: https://worldsoft.info/datenschutz; Data Processing Agreement: https://worldsoft.info/datensicherheit; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR)



Surveys and Questionnaires

We conduct surveys and questionnaires to collect information for the purpose specified for each survey or questionnaire. Surveys and questionnaires conducted by us (hereinafter “surveys”) are evaluated anonymously. Personal data is only processed as necessary for the provision and technical execution of surveys (e.g., processing the IP address to display the survey in the user’s browser or using cookies to allow resuming the survey).

Data types processed:

  • Master data (e.g., full name, address, contact information, customer number)
  • Contact data (e.g., postal and email addresses, phone numbers)
  • Content data (e.g., textual or visual messages and posts, including authorship or creation time)
  • Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions)

Data subjects: Participants

Purposes of processing: Feedback (e.g., collecting feedback via online forms); Surveys and questionnaires (e.g., surveys with input fields, multiple-choice questions)

Retention and deletion: Deletion according to the section “General Information on Data Storage and Deletion.”

Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR)

Further information on processing activities, procedures, and services:



Web Analytics, Monitoring, and Optimization

Web analytics (also referred to as “reach measurement”) is used to evaluate visitor flows on our online offerings and may include behavioral, interest-based, or demographic information about visitors, such as age or gender, as pseudonymous values. Reach analysis enables us, for example, to identify the times when our online offerings, functions, or content are most frequently used or to invite repeated visits. It also allows us to determine which areas require optimization.

In addition to web analytics, we may also use testing procedures to evaluate and optimize different versions of our online offerings or their components.

Unless otherwise stated, profiles—i.e., aggregated data from a usage session—may be created for these purposes and information may be stored in a browser or on a device and subsequently read. The data collected primarily includes visited websites, elements used on those sites, and technical details such as the browser used, the computer system, and usage times. If users have consented to the collection of their location data, this data may also be processed.

IP addresses of users are also stored, but we employ an IP-masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no personal identifiers (e.g., email addresses or names) are stored during web analytics, A/B testing, or optimization; only pseudonyms are used. This means neither we nor the software providers know the actual identity of users, only the data stored in their profiles for the respective procedures.

Legal basis: If we request user consent for third-party tools, consent serves as the legal basis for data processing. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). This also includes information on cookie usage in this privacy policy.

Data types processed: Usage data (e.g., page views, dwell time, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons); Content data (e.g., textual or visual messages and posts, including authorship or creation time).

Data subjects: Users (e.g., website visitors, online service users)

Purposes of processing: Reach measurement (e.g., access statistics, recognition of recurring visitors); creation of profiles with user-related information; provision of our online offerings and user-friendliness.

Retention and deletion: Deletion according to the section “General Information on Data Storage and Deletion.” Cookies may be stored for up to 2 years unless otherwise stated.

Security measures: IP masking (pseudonymization of IP addresses)

Legal bases: Consent (Art. 6 (1) (a) GDPR); Legitimate interests (Art. 6 (1) (f) GDPR)

Service provider: Worldsoft AG, Summelenweg 91, CH-8808 Pfäffikon SZ, Switzerland; Website: https://worldsoft.info; Privacy Policy: https://worldsoft.info/datenschutz; Data Processing Agreement: https://worldsoft.info/datensicherheit; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR)



Online Marketing

We process personal data for the purposes of online marketing, which may include advertising space promotion, the display of advertising and other content (collectively “content”) based on potential user interests, and measurement of effectiveness.

For these purposes, so-called user profiles are created and stored in a file (a “cookie”) or similar methods are used, storing data relevant to content display. This may include viewed content, visited websites, online networks used, communication partners, and technical details such as the browser, computer system, usage times, and functions. Location data may also be processed if the user has consented.

IP addresses are stored but IP-masking procedures (pseudonymization) are used for protection. No direct personal identifiers (e.g., email addresses or names) are stored; only pseudonyms are used. Neither we nor the providers of online marketing methods know the actual identity of users, only the data stored in their profiles.

Profile data is generally stored in cookies or similar methods. Cookies can also be read on other websites using the same online marketing methods, analyzed for content display, and supplemented with additional data on the provider’s server.

In exceptional cases, personal data may be linked to profiles, mainly when users are members of a social network whose online marketing we use and which connects profiles with the stated data. Users may conclude additional agreements with the providers, such as consent during registration.

We only receive aggregated information about the success of ads. Conversion measurement may be used to determine whether online marketing activities resulted in a “conversion” (e.g., a contract concluded with us). Conversion measurement is used solely for marketing success analysis.

Cookies are generally stored for up to two years unless stated otherwise.

Legal basis: Consent (Art. 6 (1) (a) GDPR) if we ask for permission; otherwise, processing is based on legitimate interests (i.e., efficient, economical, and user-friendly services).

Opt-out instructions: Users should refer to the privacy policies and opt-out mechanisms of the respective providers. If no explicit opt-out is provided, cookies can be disabled in browser settings, though this may limit website functionality. Recommended opt-out links:

Data types processed: Usage data; Meta, communication, and procedural data

Data subjects: Users (e.g., website visitors, online service users)

Purposes of processing: Reach measurement, tracking (interest-/behavior-based profiling, use of cookies), audience building, marketing, creation of user-related profiles, conversion measurement, provision of our online offerings and user-friendliness

Retention and deletion: As per “General Information on Data Storage and Deletion”; cookies may be stored for up to 2 years

Security measures: IP masking

Legal bases: Consent (Art. 6 (1) (a) GDPR); Legitimate interests (Art. 6 (1) (f) GDPR)

Service providers:



Customer Reviews and Rating Procedures

We participate in review and rating procedures to evaluate, optimize, and promote our services. When users rate us via the participating review platforms or provide feedback, the respective platform’s terms of service or usage conditions and privacy policies also apply. Usually, submitting a review requires registration with the respective platform.

To ensure that reviewers have actually used our services, we transmit the necessary data regarding the customer and the service used to the respective review platform (including name, email address, and order number or item number) with the customer’s consent. This data is used solely to verify the authenticity of the user.

Data types processed: Contract data (e.g., contract subject, duration, customer category); Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).

Data subjects: Service recipients and clients; Users (e.g., website visitors, online service users)

Purposes of processing: Feedback (e.g., collecting feedback via online forms); Marketing

Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR)

Additional information on processing procedures and services:

  • Review Widgets: We integrate “review widgets” into our online offerings. A widget is a functional and content element embedded in our online offering that displays variable information, e.g., in the form of a seal or badge. The content is displayed within our online offering but retrieved from the servers of the widget provider, ensuring current content, especially up-to-date ratings. To do this, a data connection from our website to the widget provider’s server is established, and the provider receives certain technical information (access data, including IP address) necessary to deliver the widget content to the user’s browser. Additionally, the widget provider receives information that users have visited our online offering. These data may be stored in cookies and used by the widget provider to identify which online offerings participating in the rating system have been visited by the user. Information may also be stored in user profiles and used for advertising or market research purposes. Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).
  • ProvenExpert: Review platform; Service provider: Expert Systems AG, Quedlinburger Strasse 1, 10589 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.provenexpert.com/de-de/; Privacy Policy: https://www.provenexpert.com/de-de/datenschutzbestimmungen/



Social Media Presences

We maintain online presences on social networks and process user data in this context to communicate with active users or provide information about us.

Please note that user data may be processed outside the European Union, which may involve risks, such as making the enforcement of user rights more difficult.

Moreover, user data within social networks is usually processed for market research and advertising purposes. User behavior and resulting interests may be used to create user profiles, which may then be used to display targeted advertisements within and outside the networks. Cookies may be stored on users’ devices to capture behavior and interests. User profiles may also include data independent of the devices used, especially if users are members of the respective platforms and logged in.

For detailed information on processing and opt-out options, please refer to the privacy policies of the respective network providers.

Even for information requests and exercising data subject rights, these are most effectively handled directly with the providers, as they have access to user data and can respond appropriately. We can assist if needed.

Data types processed: Contact data (e.g., postal and email addresses, phone numbers); Content data (e.g., textual or visual messages and posts, authorship or creation time); Usage data (e.g., page views, dwell time, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions)

Data subjects: Users (e.g., website visitors, online service users)

Purposes of processing: Communication; Feedback (e.g., collecting feedback via online forms); Public relations

Retention and deletion: According to “General Information on Data Storage and Deletion”

Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR)

Additional information on processing procedures and services:

  • Instagram: Social network for sharing photos and videos, commenting, liking, messaging, and subscribing to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/; Third-country transfer: EU/EEA - Data Privacy Framework (DPF), Switzerland - DPF
  • Facebook Pages: Profiles within Facebook; We are joint controllers with Meta Platforms Ireland Limited for the collection and transmission of data from visitors to our Facebook page (“fanpage”), including user behavior (e.g., viewed/interacted content, actions taken) and device information (IP address, OS, browser type, language settings, cookie data). Facebook provides “Page Insights” statistics based on this data. Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Service provider: Meta Platforms Ireland Limited; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/; Third-country transfer: EU/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses, Switzerland - DPF, SCCs
  • LinkedIn: Social network; Joint controller with LinkedIn Ireland Unlimited Company for data collection (but not further processing) used to generate “Page Insights” for our LinkedIn profiles. Data includes content viewed, interactions, user actions, device details (IP, OS, browser, language, cookies), and profile information (job function, country, industry, hierarchy level, company size, employment status). Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Third-country transfer: EU/EEA - DPF, SCCs; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out



Plug-ins and Embedded Functions and Content

We integrate functional and content elements into our online offering, which are retrieved from the servers of their respective providers (hereinafter referred to as “third parties”). These may include graphics, videos, or maps (collectively referred to as “content”).

Embedding always requires that the third-party providers process users’ IP addresses, as content cannot be delivered to the browser without the IP address. The IP address is therefore necessary for displaying these contents or functions. We strive to use only content where the respective providers apply the IP address solely for content delivery. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can evaluate information such as visitor traffic on our website. Pseudonymous information may additionally be stored in cookies on users’ devices and may include technical information about the browser and operating system, referring websites, visit times, and other usage information, and may also be combined with information from other sources.

Legal basis: If we request user consent for the use of third-party providers, the legal basis for processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). Please also refer to the information on the use of cookies in this privacy policy.

Data types processed: Usage data (e.g., page views, dwell time, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons); Contact data (e.g., postal and email addresses, phone numbers); Content data (e.g., textual or visual messages and posts, authorship, creation time).

Data subjects: Users (e.g., website visitors, online service users)

Purposes of processing: Provision of our online offering and user-friendliness; User profile creation

Retention and deletion: According to “General Information on Data Storage and Deletion.” Cookies may be stored for up to 2 years unless otherwise specified.

Legal basis: Consent (Art. 6 (1) (a) GDPR); Legitimate interests (Art. 6 (1) (f) GDPR)

Further information on processing procedures and services:

  • Google Fonts (self-hosted): Provision of font files for user-friendly display of our website; hosted on our server; no data transmitted to Google; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR)
  • Font Awesome (self-hosted): Display of fonts and icons; hosted on our server; no data transmitted to Font Awesome; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR)
  • Vimeo Video Player: Integration of a video player; Service provider: Vimeo Inc., Attention: Legal Department, 555 West 18th Street, New York, NY 10011, USA; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://vimeo.com; Privacy Policy: https://vimeo.com/privacy; Data Processing Agreement: https://vimeo.com/enterpriseterms/dpa; Third-country transfer: EU/EEA - Standard Contractual Clauses, Switzerland - SCCs



Management, Organization, and Support Tools

We use services, platforms, and software from other providers (hereinafter referred to as “third parties”) for organizational, administrative, planning, and service delivery purposes. When selecting providers and services, we ensure compliance with legal requirements.

In this context, personal data may be processed and stored on third-party servers. This can include master and contact data of users, data on processes, contracts, and other operations, as well as their content.

If users are referred to third-party software or platforms as part of communication, business, or other relationships with us, third parties may process usage data and metadata for security, service optimization, or marketing purposes. We therefore recommend reviewing the privacy policies of the respective third parties.

Data types processed: Content data (e.g., textual or visual messages and posts, authorship, creation time); Usage data (e.g., page views, dwell time, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons)

Data subjects: Communication partners; Users (e.g., website visitors, online service users)

Purposes of processing: Communication; Provision of contractual services and fulfillment of contractual obligations; Office and organizational procedures

Retention and deletion: According to “General Information on Data Storage and Deletion”

Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR)

Further information on processing procedures and services:



Changes and Updates

Please regularly check our privacy policy for updates. We adjust the privacy policy whenever changes in our data processing require it. We will inform you if the changes require any action on your part (e.g., consent) or other individual notification.

If we provide addresses or contact information of companies or organizations in this privacy policy, please note that addresses may change over time, and we recommend verifying the information before contacting them.



Definitions

This section provides an overview of the terminology used in this privacy policy. Where terms are legally defined, the statutory definitions apply. The following explanations are primarily intended to aid understanding.

Artificial Intelligence (AI): The purpose of AI data processing is the automated analysis and processing of user data to detect patterns, make predictions, and improve the efficiency and quality of our services. This includes data collection, cleaning, structuring, training and application of AI models, and continuous monitoring and optimization of results. AI processing is carried out only with the user’s consent or based on statutory authorization.

Audience Targeting: Audience targeting (“Custom Audiences”) defines groups for advertising purposes. For example, based on user interest in specific products, targeted ads may be shown for similar products or shops. “Lookalike Audiences” show content to users whose profiles or interests are likely similar to the source audience. Cookies and web beacons are typically used.

Contact Data: Contact data are essential details that enable communication with individuals or organizations. This includes telephone numbers, postal addresses, email addresses, as well as social media handles and instant messaging identifiers.

Conversion Measurement: Conversion measurement (also called “visitor action analysis”) is a method to determine the effectiveness of marketing measures. Typically, a cookie is stored on users’ devices on the websites where the marketing measures are implemented and later retrieved on the target website. This allows tracking, for example, whether ads placed on other websites were successful.

Contract Data: Contract data refers to information documenting agreements between parties, including terms and conditions, start/end dates, types of services or products, pricing, payment conditions, termination rights, renewal options, and special clauses.

Employees: Employees are persons in an employment relationship, whether as staff, employees, or in similar positions. An employment relationship is a legal relationship between an employer and an employee, established through an employment contract or agreement. It entails the employer’s obligation to pay the employee remuneration in exchange for their work performance. Employment encompasses various phases, including initiation (conclusion of the employment contract), execution (performance of duties), and termination (through resignation, termination agreement, or other means). Employee data includes all information related to these individuals in the context of their employment, such as personal identification data, identification numbers, salary and bank details, working hours, leave entitlements, health data, and performance evaluations.

Content Data: Content data includes information generated during the creation, editing, and publication of content of any kind. This category may encompass text, images, videos, audio files, and other multimedia content published across various platforms and media. Content data also includes metadata, such as tags, descriptions, author information, and publication dates.

Log Data: Log data records events or activities in a system or network. Typical information includes timestamps, IP addresses, user actions, error messages, and other usage or operational details. Log data is used for system analysis, security monitoring, and performance reporting.

Master Data: Master data includes essential information necessary for identifying and managing contract partners, user accounts, profiles, and similar assignments. This may include personal and demographic information such as names, contact details (addresses, phone numbers, email addresses), birth dates, and specific identifiers (user IDs). Master data forms the basis for formal interactions between individuals and services, institutions, or systems by enabling unique identification and communication.

Meta, Communication, and Procedural Data: These categories contain information about how data is processed, transmitted, and managed. Metadata (“data about data”) describes the context, origin, and structure of other data, e.g., file size, creation date, document author, and change history. Communication data covers exchanges between users via various channels, such as email, call logs, social media messages, and chat histories, including involved persons, timestamps, and transmission paths. Procedural data describes processes within systems or organizations, including workflow documentation, transaction and activity logs, and audit logs for tracking and verification.

Personal Data: “Personal data” means any information relating to an identified or identifiable natural person (“data subject”). A person is identifiable if they can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier (e.g., cookie), or one or more characteristics of their physical, physiological, genetic, mental, economic, cultural, or social identity.

Profiles with User-Related Information: This refers to any automated processing of personal data used to analyze, evaluate, or predict aspects relating to an individual (e.g., demographics, behavior, interests, interaction with websites or content). Profiling often uses cookies and web beacons.

Processing: Any operation or set of operations performed on personal data, whether automated or not. This includes collecting, storing, analyzing, transmitting, or deleting data.

Reach Measurement (Web Analytics): This evaluates visitor flows on an online offering and may include visitor behavior or interests in specific content. It helps website operators understand when users visit and which content is of interest, allowing better alignment of content to user needs. Pseudonymous cookies and web beacons are commonly used.

Tracking: Tracking occurs when user behavior can be followed across multiple online offerings. Behavioral and interest data are typically stored in cookies or on provider servers (profiling) and may be used to display ads likely to match user interests.

Usage Data: Usage data refers to information about how users interact with digital products, services, or platforms. This includes which functions are used, how long users stay on specific pages, navigation paths, frequency of use, timestamps, IP addresses, device information, and location data. Usage data is crucial for analyzing user behavior, optimizing user experience, personalizing content, improving products or services, and identifying trends, preferences, and potential issues.

Payment Data: Payment data includes all information necessary to process financial transactions, such as credit card numbers, bank account information, transaction amounts, verification numbers, and billing information, including transaction status, chargebacks, authorizations, and fees.

Employees and Contract Data are included for completeness.

E-Mail
Termin buchen