Inventory data (e.g. names, addresses).
Content data (e.g. entries in online forms).
Contact data (e.g. e-mail, telephone numbers).
Meta/communication data (e.g. device information, IP addresses).
Usage data (e.g. websites visited, interest in content, access times).
Categories of data subjects
Communication partners.
Users (e.g. website visitors, users of online services).
Purposes of the processing
Contact enquiries and communication.

• • • Paid Membership Pro: Collects names, emails, addresses, phone numbers, and credit card information during checkout.

    • Woocommerce & Woocommerce Subscription: Collects extensive user information during the checkout process, including name, billing and shipping addresses, payment details, and other contact information.

    • Learndash: Collects email addresses and stores course progress, quiz scores, and other learning management data.

7 Relevant legal bases

We adhere to the General Data Protection Regulation (GDPR) for processing personal data. Below, we detail the specific articles of the GDPR that form the legal foundation for our data processing activities. Additionally, it’s important to note that national data protection laws of your or our country of residence may also apply. Where more specific legal bases are applicable, these will be detailed within our privacy policy.

1. 1. Consent (Article 6(1)(a) GDPR): Data processing is based on the explicit consent given by the data subject for one or more specific purposes. This means that you have agreed to the processing of your personal data for a particular use.

   2. Contract Fulfillment and Pre-contractual Inquiries (Article 6(1)(b) GDPR): Processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the data subject’s request before entering into a contract. This applies to actions that are directly related to contract management and execution.

   3. Legitimate Interests (Article 6(1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the rights, interests, or freedoms of the data subject which require protection of personal data. The specific interests being pursued will be detailed as necessary within the context of individual processing activities.

Plugin Compliance: To ensure comprehensive GDPR compliance, each plugin used on our platforms is evaluated and operated in accordance with these legal bases. We ensure that the plugins adhere to the necessary GDPR standards, maintaining data protection and security at all times.

8 Security measures

We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, safeguarding availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and responses to data threats. Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

All plugins: It is implied that all plugins, as part of their integration into the website, adhere to certain security standards to protect user data.

9 Transmission and disclosure of personal data

As part of our processing of personal data, data may be transferred to other bodies, companies, legally independent organisational units or persons or disclosed to them. The recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

• • • Woocommerce: Describes the conditions under which customer data is stored and the duration. Also notes that team members such as Administrators and Shop Managers have access to customer information.

    • Woocommerce Subscription: Shares customer data with third-party payment processors depending on the payment plugin used.

    • Event Ticket: Collects and retains event-related data such as attendee names, email addresses, and ticket information.

    • Payments via PayPal: Outlines the sharing of necessary payment data with PayPal.
    • Stripe: Mentions potential data storage and sharing with Stripe.

10 Data processing in third countries

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements.

Subject to express consent or contractually or legally required transfer, we only process or have the data processed in third countries with a recognised level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

11 Use of cookies

Cookies are text files that contain data from websites or domains visited and are stored by a browser on the user’s computer. A cookie is primarily used to store information about a user during or after their visit to an online service. The information stored may include, for example, the language settings on a website, the login status, a shopping basket or the location where a video was watched. The term “cookies” also includes other technologies that fulfil the same functions as cookies (e.g. when user information is stored using pseudonymous online identifiers, also known as “user IDs”)

A distinction is made between the following cookie types and functions

Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their browser.

Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or favourite content can be displayed directly when the user visits a website again. The interests of users who are used for reach measurement or marketing purposes can also be stored in such a cookie.

First-party cookies: First-party cookies are set by us.

Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.

Necessary (also: essential) cookies: Cookies may be necessary for the operation of a website (e.g. to save logins or other user input or for security reasons).

Statistical, marketing and personalisation cookies: Cookies are also generally used to measure reach and when a user’s interests or behaviour (e.g. viewing certain content, using functions, etc.) on individual websites are stored in a user profile. Such profiles are used, for example, to show users content that matches their potential interests. This process is also referred to as “tracking”, i.e. tracking the potential interests of users. If we use cookies or “tracking” technologies, we will inform you separately in our privacy policy or when obtaining consent.

Notes on legal bases: The legal basis on which we process your personal data with the help of cookies depends on whether we ask you for your consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is the consent you have given. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (e.g. in the business operation of our online offering and its improvement) or, if the use of cookies is necessary to fulfil our contractual obligations.

Storage period: If we do not provide you with explicit information on the storage period of permanent cookies (e.g. as part of a so-called cookie opt-in), please assume that the storage period can be up to two years.

General information on revocation and objection (opt-out): Depending on whether the processing is based on consent or legal permission, you have the option at any time to revoke any consent you have given or to object to the processing of your data by cookie technologies (collectively referred to as “opt-out”). You can initially declare your objection using your browser settings, e.g. by deactivating the use of cookies (although this may also restrict the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be declared using a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, you can obtain further objection notices in the context of the information on the service providers and cookies used.

Processing of cookie data on the basis of consent: Before we process or have data processed in the context of the use of cookies, we ask users for their consent, which can be revoked at any time. Before consent has not been given, cookies that are absolutely necessary for the operation of our online offering are used at most.

Processed data types: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

Data subjects: Users (e.g. website visitors, users of online services).

Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

12 Affiliate programmes and affiliate links

We may include so-called affiliate links on our website or other references to offers and services from third-party providers (we refer to them collectively as “affiliate links”). If you as a user follow these affiliate links or subsequently take advantage of the offers, we may receive a commission or other benefits from these third-party providers (hereinafter collectively referred to as “commission”).

In order to be able to track whether the users have used the offers of an affiliate link linked by us, it is necessary for the respective third-party providers to know that the users have followed an affiliate link placed on our site. The assignment of these affiliate links to the relevant business transactions or other actions (e.g. purchases) is used exclusively for commission settlement. It will be deleted as soon as it is no longer required for this purpose.

For the purposes of precisely this assignment of affiliate links, the affiliate links can be supplemented with values that may be part of the link or stored in another way, e.g. in a cookie. Such values may include, for example, the source website (referrer), the time, an online identifier of the operator of the website on which the exact affiliate link was located, an online identifier of the relevant offer, the type of link or offer used and an online identifier of the respective site visitor.

Notes on legal bases: If we ask users to consent to the use of third-party providers, the legal basis for the processing of data is consent. In addition, their use may be part of our (pre-)contractual service if the use of third-party providers has been agreed in this context. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to explicitly draw your attention to the information on the use of cookies in this privacy policy.

Processed data types: Data relating to the contracts (e.g. term, subject matter of the contract, etc.), usage data (e.g. pages visited, interest in content, access times), meta/communication data (e.g. device information, and/or IP addresses).

Data subjects: Users (e.g. website visitors, users of various online services).

Purposes of processing: Tracking of affiliate links.

Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), Contract fulfilment and pre-contractual enquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

Services used and service providers:

As of 17/03/2024: none.

Google Fonts

We use Google Fonts on our website. These are the “Google Fonts” of Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. You do not need to log in or enter a password to use Google fonts. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you do not need to worry that your Google account data will be transmitted to Google while using Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We will take a closer look at exactly how the data is stored. Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google makes available to its users free of charge. Many of these fonts are published under the SIL Open Font Licence, while others are published under the Apache licence. Both are free software licences.

What data is stored by Google?

When you visit our website, the fonts are loaded via a Google server. This external call transmits data to the Google server. In this way, Google also recognises that you or your IP address is visiting our website. The Google Fonts API was developed to reduce the use, storage and collection of end user data to what is necessary for the proper provision of fonts. Incidentally, API stands for “Application Programming Interface” and serves, among other things, as a data transmitter in the software sector.

Google Fonts stores CSS and font requests securely at Google and is therefore protected. The collected usage figures allow Google to determine how well the individual fonts are received. Google publishes the results on internal analysis pages, such as Google Analytics. Google also uses data from its own web crawler to determine which websites use Google fonts. This data is published in the Google Fonts BigQuery database. Entrepreneurs and developers use the Google web service BigQuery to analyse and move large amounts of data.

However, it should be noted that every Google Font request also automatically transfers information such as language settings, IP address, browser version, browser screen resolution and browser name to the Google servers. It is not clear whether this data is also stored or whether it is clearly communicated by Google.

How long and where is the data stored?

Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. This enables us to use the fonts with the help of a Google stylesheet. A stylesheet is a format template that can be used to quickly and easily change the design or font of a website, for example.

The font files are stored by Google for one year. Google’s aim is to fundamentally improve the loading time of websites. If millions of websites refer to the same fonts, they are cached after the first visit and immediately reappear on all other websites visited later. Sometimes Google updates font files to reduce file size, increase language coverage and improve design.

How can I delete my data or prevent data storage?

The data that Google stores for one day or one year cannot simply be deleted. The data is automatically transmitted to Google when the page is accessed. To delete this data prematurely, you must contact Google support at https://support.google.com/?hl=de&tid=331658329046. In this case, you can only prevent data storage if you do not visit our site.

Unlike other web fonts, Google allows us unrestricted access to all fonts. This means we have unlimited access to a sea of fonts and can therefore optimise our website. You can find out more about Google Fonts and other issues at https://developers.google.com/fonts/faq?tid=331658329046. Although Google addresses data protection issues there, it does not provide any really detailed information about data storage. It is relatively difficult to obtain really precise information from Google about stored data.

Legal basis

If you have consented to the use of Google Fonts, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when Google Fonts is used.

We also have a legitimate interest in using Google Fonts to optimise our online service. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). Nevertheless, we only use Google Font if you have given your consent.

Google also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may entail various risks for the legality and security of data processing.

Google uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which also correspond to the standard contractual clauses for Google Fonts, can be found at https://business.safety.google/adsprocessorterms/.

You can also find out which data is generally collected by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/.

Google Analytics

We use Google Analytics to analyse website usage. The data obtained from this is used to optimise our website and advertising measures.

Google Analytics is provided to us by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google processes the website usage data on our behalf and is contractually obliged to take measures to ensure the security and confidentiality of the processed data.

The following data is recorded during your visit to the website

Pages viewed

Orders including sales and products ordered

The achievement of “website goals” (e.g. contact enquiries and newsletter registrations)

Your behaviour on the pages (e.g. length of stay, clicks, scrolling behaviour)

Your approximate location (country and city)

Your IP address (in abbreviated form, so that no clear assignment is possible)

Technical information such as browser, internet provider, end device and screen resolution

Source of origin of your visit (i.e. via which website or advertising medium you came to us)

Personal data such as name, address or contact details are never transmitted to Google Analytics.

This data is transferred to Google servers in the USA. We would like to point out that the same level of data protection cannot be guaranteed in the USA as within the EU.

Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognised on future visits to the website.

The recorded data is stored together with the randomly generated user ID, which makes it possible to analyse pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely.

If you do not agree to the collection of data, you can prevent this by installing the browser add-on once to deactivate Google Analytics or by rejecting cookies via our cookie settings dialogue.

13 Provision of the online offer and web hosting

To ensure our online services are provided securely and efficiently, we employ the services of one or more web hosting providers. These services allow our content to be accessed from servers either owned or managed by these providers. We utilize a variety of infrastructure and platform services, including computing capacity, storage space, database services, security services, and technical maintenance services to support this delivery.

Data Processed: As part of our hosting services, we process all information related to users of our online service that is generated during their use and communication. This typically includes:

• • • IP addresses, essential for delivering content to browsers.

    • Entries made within our online services or external websites.

Collection of Access Data and Log Files: We, or our web hosting provider, collect data every time a server is accessed. These server log files include:

• • • The addresses and names of the accessed web pages and files.

    • Date and time of access.

    • Volume of data transferred.

    • Notification of successful access.

    • Type and version of the browser used.

    • Operating system of the user.

    • Referrer URL (the previously visited page).

    • IP addresses and the identity of the requesting provider.

These log files are primarily used for security purposes, such as preventing server overloads (particularly in the case of abusive attacks, e.g., DDoS attacks) and ensuring optimal server utilization and stability.

Types of Processed Data:

• • • Content data (e.g., entries in online forms).

    • Usage data (e.g., websites visited, interest in content, access times).

    • Meta/communication data (e.g., device information, IP addresses).

Data Subjects:

• • • Users (e.g., website visitors, users of online services).

Legal Basis:

• • • Processing is based on our legitimate interests (Art. 6(1)(f) GDPR), which include operating and improving the stability and security of our online offer.

Specific Plugin Data Collection:

• • • Paid Membership Pro: Collects names, email addresses, physical addresses, phone numbers, and credit card information during the checkout process.

    • Woocommerce & Woocommerce Subscription: Collects comprehensive user information during the checkout process, including names, billing and shipping addresses, payment details, and additional contact information.

    • Learndash: Collects email addresses and records course progress, quiz scores, and other learning management system data.

14 Making contact

When you contact us through various means such as a contact form, email, telephone, or social media, we process the information provided by you to the extent necessary to respond to your inquiries and any associated requests.

Purpose of Processing: We process these inquiries within the framework of contractual or pre-contractual relationships to fulfill our contractual obligations or to respond to pre-contractual inquiries. Additionally, we process data based on our legitimate interests in providing prompt and effective responses to user inquiries.

Types of Data Processed:

• • • Inventory Data: Such as names and addresses.

    • Contact Data: Including email addresses and telephone numbers.

    • Content Data: Such as the entries made in online forms.

Data Subjects:

• • • Communication Partners: These are individuals who initiate contact with us through any of the available communication channels.

Purposes of Processing:

• • • To handle and respond to contact inquiries and communications effectively, ensuring that user concerns and questions are addressed promptly.

Legal Bases:

• • • Contract Fulfillment and Pre-contractual Inquiries: (Art. 6 Para. 1 S. 1 lit. b GDPR) — The processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.

    • Legitimate Interests: (Art. 6 Para. 1 S. 1 lit. f GDPR) — Processing is necessary for the purposes of the legitimate interests pursued by us, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

15 Deletion of data

We adhere to the principles of data avoidance and minimization. Therefore, we only store your personal data for as long as is necessary to achieve the purposes mentioned here or as provided for by the various storage periods prescribed by law. After cessation of the respective purpose or expiry of these periods, the corresponding data will be routinely blocked or deleted in accordance with statutory regulations.

Criteria for Deletion:

• • • Revocation of Consent: Data processed based on consent will be deleted if the consent is revoked and no other legal ground for processing applies.

    • Cessation of Purpose: Data will be deleted if the purpose for data processing no longer applies and no legal retention requirements need to be fulfilled.

    • Legal Obligations: If data must be retained for legal reasons related to commercial or tax regulations, it will be stored as required by law and blocked from other uses, after which it will be deleted once the legal obligation allows.

Restriction of Processing:

• • • If legal or actual obstacles prevent deletion (e.g., special requirements for data preservation for ongoing investigations or litigation), data processing will be restricted. In this case, the data will be blocked and not processed for other purposes.

Additional Notes:

• • • Woocommerce: Customer data is stored under specific conditions which detail the duration of storage and access rights. Team members such as Administrators and Shop Managers can access customer information for legitimate business purposes.

    • Woocommerce Subscription: Customer data necessary for managing subscriptions is shared with third-party payment processors as dictated by the chosen payment plugin.

    • Event Ticket: Data such as names and email addresses of event attendees and ticket purchasers is retained to manage event participation and for record-keeping purposes.

Further Information:

• • • Detailed information on the deletion of personal data and the individual data protection practices related to different processing activities is available in specific sections of this privacy policy.

16 Changes and updates to the privacy policy

We ask you to inform yourself regularly about the content of our privacy policy. We will amend the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your co-operation (e.g. consent) or other individual notification.

If we provide addresses and contact information of companies and organisations in this privacy policy, please note that the addresses may change over time and please check the information before contacting us.

17 Rights of the data subjects

As a data subject under the General Data Protection Regulation (GDPR), you possess several rights that are detailed in Articles 15 to 21 of the GDPR. These rights include:

• • 1. Right to Object: You may object to the processing of your personal data at any time on grounds related to your particular situation, particularly when data processing is based on Article 6(1)(e) or (f), including profiling based on these provisions. Additionally, if your personal data is processed for direct marketing purposes, you have the right to object at any time to such processing, including profiling related to direct marketing.

    2. Right to Withdraw Consent: You have the authority to withdraw your consent to data processing at any time, impacting the lawfulness of processing based on consent before its withdrawal.

    3. Right to Information: You are entitled to confirm whether or not data concerning you is being processed, and where that is the case, access to the personal data and the following information:

       • The purposes of the processing.

       • The categories of personal data concerned.

       • The recipients or categories of recipient to whom the personal data have been or will be disclosed.

       • The planned period for which the personal data will be stored, or, if not possible, the criteria used to determine that period.

    4. Right to Rectification: You have the right to have incomplete or inaccurate personal data that concerns you corrected without undue delay.

    5. Right to Erasure and Restriction of Processing: You may request the erasure of personal data concerning you under certain conditions or alternatively seek the restriction of processing of your data.

    6. Right to Data Portability: You can receive the personal data concerning you which you have provided to a controller, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another controller without hindrance.

    7. Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of the alleged GDPR infringement.

    Note on Plugins and GDPR Compliance: Each plugin integrated into our service is expected to comply with GDPR standards, aligning with the legal bases for data processing as described within our privacy policy.

    .

18 Definition of Terms

This section provides you with an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are defined above all in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are primarily intended to aid understanding. The terms are listed in alphabetical order.

Personal data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Controller: “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processing: “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and covers practically every handling of data, be it collection, analysis, storage, transmission or erasure.