Inventory data (e.g. names, addresses).
Content data (e.g. entries in online forms).
Contact data (e.g. e-mail, telephone numbers).
Meta/communication data (e.g. device information, IP addresses).
Usage data (e.g. websites visited, interest in content, access times).
Categories of data subjects
Communication partners.
Users (e.g. website visitors, users of online services).
Purposes of the processing
Contact enquiries and communication.

• • Paid Membership Pro: Collects names, emails, addresses, phone numbers, and credit card information during checkout.

  • Woocommerce & Woocommerce Subscription: Collects extensive user information during the checkout process, including name, billing and shipping addresses, payment details, and other contact information.

  • Learndash: Collects email addresses and stores course progress, quiz scores, and other learning management data.

7 Relevant legal bases

In the following, we inform you of the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, the national data protection regulations in your or our country of residence and domicile may apply. Should more specific legal bases also apply in individual cases, we will inform you of these in the privacy policy.

Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR) – The data subject has given their consent to the processing of their personal data for a specific purpose or several specific purposes.

Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

• • All plugins: As part of the broader GDPR compliance framework, each plugin’s operation should be aligned with the legal bases of data processing as described in the policy.

8 Security measures

We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, safeguarding availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and responses to data threats. Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

All plugins: It is implied that all plugins, as part of their integration into the website, adhere to certain security standards to protect user data.

9 Transmission and disclosure of personal data

As part of our processing of personal data, data may be transferred to other bodies, companies, legally independent organisational units or persons or disclosed to them. The recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

• • Woocommerce: Describes the conditions under which customer data is stored and the duration. Also notes that team members such as Administrators and Shop Managers have access to customer information.

  • Woocommerce Subscription: Shares customer data with third-party payment processors depending on the payment plugin used.

  • Event Ticket: Collects and retains event-related data such as attendee names, email addresses, and ticket information.

  • Payments via PayPal: Outlines the sharing of necessary payment data with PayPal.
  • Stripe: Mentions potential data storage and sharing with Stripe.

10 Data processing in third countries

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements.

Subject to express consent or contractually or legally required transfer, we only process or have the data processed in third countries with a recognised level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

11 Use of cookies

Cookies are text files that contain data from websites or domains visited and are stored by a browser on the user’s computer. A cookie is primarily used to store information about a user during or after their visit to an online service. The information stored may include, for example, the language settings on a website, the login status, a shopping basket or the location where a video was watched. The term “cookies” also includes other technologies that fulfil the same functions as cookies (e.g. when user information is stored using pseudonymous online identifiers, also known as “user IDs”)

A distinction is made between the following cookie types and functions

Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their browser.

Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or favourite content can be displayed directly when the user visits a website again. The interests of users who are used for reach measurement or marketing purposes can also be stored in such a cookie.

First-party cookies: First-party cookies are set by us.

Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.

Necessary (also: essential) cookies: Cookies may be necessary for the operation of a website (e.g. to save logins or other user input or for security reasons).

Statistical, marketing and personalisation cookies: Cookies are also generally used to measure reach and when a user’s interests or behaviour (e.g. viewing certain content, using functions, etc.) on individual websites are stored in a user profile. Such profiles are used, for example, to show users content that matches their potential interests. This process is also referred to as “tracking”, i.e. tracking the potential interests of users. If we use cookies or “tracking” technologies, we will inform you separately in our privacy policy or when obtaining consent.

Notes on legal bases: The legal basis on which we process your personal data with the help of cookies depends on whether we ask you for your consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is the consent you have given. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (e.g. in the business operation of our online offering and its improvement) or, if the use of cookies is necessary to fulfil our contractual obligations.

Storage period: If we do not provide you with explicit information on the storage period of permanent cookies (e.g. as part of a so-called cookie opt-in), please assume that the storage period can be up to two years.

General information on revocation and objection (opt-out): Depending on whether the processing is based on consent or legal permission, you have the option at any time to revoke any consent you have given or to object to the processing of your data by cookie technologies (collectively referred to as “opt-out”). You can initially declare your objection using your browser settings, e.g. by deactivating the use of cookies (although this may also restrict the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be declared using a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, you can obtain further objection notices in the context of the information on the service providers and cookies used.

Processing of cookie data on the basis of consent: Before we process or have data processed in the context of the use of cookies, we ask users for their consent, which can be revoked at any time. Before consent has not been given, cookies that are absolutely necessary for the operation of our online offering are used at most.

Processed data types: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

Data subjects: Users (e.g. website visitors, users of online services).

Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

12 Affiliate programmes and affiliate links

We may include so-called affiliate links on our website or other references to offers and services from third-party providers (we refer to them collectively as “affiliate links”). If you as a user follow these affiliate links or subsequently take advantage of the offers, we may receive a commission or other benefits from these third-party providers (hereinafter collectively referred to as “commission”).

In order to be able to track whether the users have used the offers of an affiliate link linked by us, it is necessary for the respective third-party providers to know that the users have followed an affiliate link placed on our site. The assignment of these affiliate links to the relevant business transactions or other actions (e.g. purchases) is used exclusively for commission settlement. It will be deleted as soon as it is no longer required for this purpose.

For the purposes of precisely this assignment of affiliate links, the affiliate links can be supplemented with values that may be part of the link or stored in another way, e.g. in a cookie. Such values may include, for example, the source website (referrer), the time, an online identifier of the operator of the website on which the exact affiliate link was located, an online identifier of the relevant offer, the type of link or offer used and an online identifier of the respective site visitor.

Notes on legal bases: If we ask users to consent to the use of third-party providers, the legal basis for the processing of data is consent. In addition, their use may be part of our (pre-)contractual service if the use of third-party providers has been agreed in this context. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to explicitly draw your attention to the information on the use of cookies in this privacy policy.

Processed data types: Data relating to the contracts (e.g. term, subject matter of the contract, etc.), usage data (e.g. pages visited, interest in content, access times), meta/communication data (e.g. device information, and/or IP addresses).

Data subjects: Users (e.g. website visitors, users of various online services).

Purposes of processing: Tracking of affiliate links.

Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), Contract fulfilment and pre-contractual enquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

Services used and service providers:

As of 17/03/2024: none.

Google Fonts

We use Google Fonts on our website. These are the “Google Fonts” of Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. You do not need to log in or enter a password to use Google fonts. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you do not need to worry that your Google account data will be transmitted to Google while using Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We will take a closer look at exactly how the data is stored. Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google makes available to its users free of charge. Many of these fonts are published under the SIL Open Font Licence, while others are published under the Apache licence. Both are free software licences.

What data is stored by Google?

When you visit our website, the fonts are loaded via a Google server. This external call transmits data to the Google server. In this way, Google also recognises that you or your IP address is visiting our website. The Google Fonts API was developed to reduce the use, storage and collection of end user data to what is necessary for the proper provision of fonts. Incidentally, API stands for “Application Programming Interface” and serves, among other things, as a data transmitter in the software sector.

Google Fonts stores CSS and font requests securely at Google and is therefore protected. The collected usage figures allow Google to determine how well the individual fonts are received. Google publishes the results on internal analysis pages, such as Google Analytics. Google also uses data from its own web crawler to determine which websites use Google fonts. This data is published in the Google Fonts BigQuery database. Entrepreneurs and developers use the Google web service BigQuery to analyse and move large amounts of data.

However, it should be noted that every Google Font request also automatically transfers information such as language settings, IP address, browser version, browser screen resolution and browser name to the Google servers. It is not clear whether this data is also stored or whether it is clearly communicated by Google.

How long and where is the data stored?

Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. This enables us to use the fonts with the help of a Google stylesheet. A stylesheet is a format template that can be used to quickly and easily change the design or font of a website, for example.

The font files are stored by Google for one year. Google’s aim is to fundamentally improve the loading time of websites. If millions of websites refer to the same fonts, they are cached after the first visit and immediately reappear on all other websites visited later. Sometimes Google updates font files to reduce file size, increase language coverage and improve design.

How can I delete my data or prevent data storage?

The data that Google stores for one day or one year cannot simply be deleted. The data is automatically transmitted to Google when the page is accessed. To delete this data prematurely, you must contact Google support at https://support.google.com/?hl=de&tid=331658329046. In this case, you can only prevent data storage if you do not visit our site.

Unlike other web fonts, Google allows us unrestricted access to all fonts. This means we have unlimited access to a sea of fonts and can therefore optimise our website. You can find out more about Google Fonts and other issues at https://developers.google.com/fonts/faq?tid=331658329046. Although Google addresses data protection issues there, it does not provide any really detailed information about data storage. It is relatively difficult to obtain really precise information from Google about stored data.

Legal basis

If you have consented to the use of Google Fonts, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when Google Fonts is used.

We also have a legitimate interest in using Google Fonts to optimise our online service. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). Nevertheless, we only use Google Font if you have given your consent.

Google also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may entail various risks for the legality and security of data processing.

Google uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which also correspond to the standard contractual clauses for Google Fonts, can be found at https://business.safety.google/adsprocessorterms/.

You can also find out which data is generally collected by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/.

Google Analytics

We use Google Analytics to analyse website usage. The data obtained from this is used to optimise our website and advertising measures.

Google Analytics is provided to us by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google processes the website usage data on our behalf and is contractually obliged to take measures to ensure the security and confidentiality of the processed data.

The following data is recorded during your visit to the website

Pages viewed

Orders including sales and products ordered

The achievement of “website goals” (e.g. contact enquiries and newsletter registrations)

Your behaviour on the pages (e.g. length of stay, clicks, scrolling behaviour)

Your approximate location (country and city)

Your IP address (in abbreviated form, so that no clear assignment is possible)

Technical information such as browser, internet provider, end device and screen resolution

Source of origin of your visit (i.e. via which website or advertising medium you came to us)

Personal data such as name, address or contact details are never transmitted to Google Analytics.

This data is transferred to Google servers in the USA. We would like to point out that the same level of data protection cannot be guaranteed in the USA as within the EU.

Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognised on future visits to the website.

The recorded data is stored together with the randomly generated user ID, which makes it possible to analyse pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely.

If you do not agree to the collection of data, you can prevent this by installing the browser add-on once to deactivate Google Analytics or by rejecting cookies via our cookie settings dialogue.

13 Provision of the online offer and web hosting

In order to provide our online offering securely and efficiently, we utilise the services of one or more web hosting providers from whose servers (or servers managed by them) the online offering can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.

The data processed as part of the provision of the hosting service may include all information relating to the users of our online service that is generated during use and communication. This regularly includes the IP address, which is necessary in order to be able to deliver the content of online offers to browsers, and all entries made within our online offer or from websites.

Collection of access data and log files: We ourselves (or our web hosting provider) collect data on every access to the server (so-called server log files). The server log files may include the address and name of the web pages and files accessed, date and time of access, data volumes transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.

The server log files may be used for security purposes, e.g. to prevent server overload (especially in the event of abusive attacks, so-called DDoS attacks) and to ensure server utilisation and stability.

Processed data types: Content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

Data subjects: Users (e.g. website visitors, users of online services).

Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

14 Making contact

When contacting us (e.g. by contact form, e-mail, telephone or via social media), the information of the enquiring persons is processed insofar as this is necessary to answer the contact enquiries and any requested measures.

Contact enquiries are answered in the context of contractual or pre-contractual relationships in order to fulfil our contractual obligations or to respond to (pre)contractual enquiries and otherwise on the basis of legitimate interests in responding to the enquiries.

Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. entries in online forms).

Data subjects: Communication partners.

Purposes of processing: Contact enquiries and communication.

Legal bases: Contract fulfilment and pre-contractual enquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

15 Deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as the consents permitted for processing are revoked or other authorisations cease to apply (e.g. if the purpose of processing this data no longer applies or it is not required for the purpose).

If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise or defence of legal claims or to protect the rights of another natural or legal person.

Further information on the deletion of personal data can also be found in the individual data protection notices of this privacy policy.

• • Woocommerce: Describes the conditions under which customer data is stored and the duration. Also notes that team members such as Administrators and Shop Managers have access to customer information.

  • Woocommerce Subscription: Shares customer data with third-party payment processors depending on the payment plugin used.

  • Event Ticket: Collects and retains event-related data such as attendee names, email addresses, and ticket information.

16 Changes and updates to the privacy policy

We ask you to inform yourself regularly about the content of our privacy policy. We will amend the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your co-operation (e.g. consent) or other individual notification.

If we provide addresses and contact information of companies and organisations in this privacy policy, please note that the addresses may change over time and please check the information before contacting us.

17 Rights of the data subjects

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

Right to object: you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Right to withdraw consent: You have the right to withdraw any consent you have given at any time.

Right to information: You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with the legal requirements.

Right to rectification: You have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you in accordance with the legal requirements.

Right to erasure and restriction of processing: Under the legal requirements, you have the right to demand that data concerning you be erased immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the legal requirements.

Right to data portability: You have the right to receive the data concerning you that you have provided to us in a structured, commonly used and machine-readable format in accordance with the legal requirements or to request that it be transferred to another controller.

Complaint to the supervisory authority: You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

• • All plugins: As part of the broader GDPR compliance framework, each plugin’s operation should be aligned with the legal bases of data processing as described in the policy.

18 Definition of Terms

This section provides you with an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are defined above all in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are primarily intended to aid understanding. The terms are listed in alphabetical order.

Personal data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Controller: “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processing: “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and covers practically every handling of data, be it collection, analysis, storage, transmission or erasure.