Data protection

▼ Table of Contents

1. Responsible Authority
2. General Information
   1. Inventory Data
   2. Usage Data
3. Hoster
   1. Raidboxes
4. Advertisements
5. First Contact through Electronic Request
6. Consent
7. Storage Period
8. Cookies
   1. More then essential Cookies
      1. Borlabs
         1. Borlabs Cookie
9. Users‘ Rights
   1. Deletion, Correction, Limitation
   2. Objection
   3. Data Transfer
   4. Complaint
10. Changes to the Privacy Policy
11. Newsletter
    1. Brevo
12. Social Media
    1. Social Media Links
       1. General Information
       2. Linkedin
    2. Social Media Videos
       1. Youtube (Two Click)
13. Online calendar
    1. Calendly
14. Audio / Podcasts
    1. Podigee
15. Videoconferences, Webinare and Onlinemeetings
    1. Zoom

1 Responsible Authority

We are happy about you visiting our website. We would like to introduce you to the responsible authority in terms of data protection law as applicable:

Dipl. Psych. Gesa Heiten
Im Bökeler 5
37079 Bovenden/ Rauschenwasser
Phone: +49 (172) 6315620
E-mail: info@gesa-heiten.de

2 General Information

Pursuant to our statutory obligations, we would like to inform you about the collection and use of your personal data.

When you use our website, personal data about you will be collected. This may happen by you entering the data yourself, for example your e-mail address. But our system also collects your data automatically, for example whenever you visit our website. This happens irrespective of the device or the software that you use to visit our website.

All data that you enter in our app is provided voluntarily; there are no disadvantages to you if you do not provide data. But without certain data, we are unable to provide services or to conclude contracts. Whenever such information is necessary, we will point it out to you.

On this website, the user’s personal data is only collected within the framework of the existing data-protection law, in particular the General Data Protection Regulation (GDPR). The legal terms used in the text are defined in Art. 4 of the GDPR.

The GDPR allows data processing in three cases in particular:

• in accordance with Art. 6 para. 1 (a) and 7 GDPR, when you have consented to us processing your data; in this Privacy Policy and in the cases of consent pursuant to Art. 4 no. 11 GDPR, we will inform you in detail and each time for what purposes and under what circumstances your data will be processed by us;
• in accordance with Art. 6 para. 1 (b) GDPR, when processing your personal data is necessary for negotiating, concluding or performing a contract;
• in accordance with Art. 6 para. 1 (f) GDPR, if the balancing of interests leads to the conclusion that the processing is necessary to protect our legitimate interests; this means in particular our interests to analyse, optimise and secure the offers on our website – meaning primarily the analysis of user behaviour, setting up profiles for advertisement purposes and storage of access data as well as the use of third-party providers.

2.1 Inventory Data

We collect inventory data as far as it is necessary to establish, negotiate or amend a contract (including one without remuneration) between us and the user. This can be: customer data (for example name, address), contact data (for example e-mail address, phone number), service data (for example services ordered, duration, payment). Upon establishing the user relationship, we will ask you for this data (for example name, address and e-mail address) and will also tell you which of the information is required to establish the user relationship.

2.2 Usage Data

We also collect usage data to allow users to use the services on our website. These may consist of: usage information (for example visited websites or parts, duration of visit, interest in services), content data (for example data, text, images, sounds, videos entered or uploaded by you), meta data (for example identity of your device, location, IP address).

We will only combine usage data if and insofar as it is necessary for billing purposes. Otherwise, we will only put together usage data pseudonymously and only insofar as you have not objected. You may send this objection to the address indicated in the “About Us” section or the responsible authority indicated in this Privacy Policy at any time.

The legal basis for this data processing are our legitimate interests pursuant to Art. 6 para. 1 (f) GDPR in analysing the website and your use, possibly also the statutory permission to store data as part of the negotiation of a contract pursuant to Art. 6 para. 1 (b) GDPR.

3 Hoster

3.1 Raidboxes

Our Website is presented in the Internet by a service provider. We use the service of Raidboxes GmbH, Hafenstraße 32, 48153 Münster, Germany. We have concluded a data processing agreement with our provider. With this contract, our provider is obliged to process the data according to our instructions. You can find more information on data processing at our provider in his privacy policy at https://raidboxes.io/datenschutzerklaerung/. The legal basis for this data processing is on the one hand our legitimate interest in a technologically perfect online offering and its design and optimization in an economically efficient manner pursuant to Art. 6 para. 1 (f) GDPR, and, on the other hand, our contractual or pre-contractual legal relationship in accordance with Art. 6 para. 1 (b) GDPR.
Furthermore, our provider stores information, the so-called server log files, each time the website is used; this is information which is automatically transferred by your browser. In detail, this data consists of:

• your IP address
• type and version of your browser
• host name
• time of visit
• the page from which you came to our page
• name of the page opened
• exact time of usage as well as
• the amount of data transferred

This data will only be used for statistical purposes and do not allow us to identify you as a user.“

4 Advertisements

Before sending you advertisements, we will ask for your explicit consent pursuant to Art. 4 no. 11 GDPR, except in cases of advertisements for similar products to the one you already acquired. This will happen in particular when you grant us consent to mail our newsletter or when you fill out a contact form. You may withdraw your consent at any time in accordance with the subsequent section “Consent”.
INSOFAR AS WE USE YOUR PERSONAL DATA FOR DIRECT MARKETING, YOU MAY ALSO OBJECT TO THE USE OF YOUR DATA FOR THAT PURPOSE AT ANY TIME. THIS MAY BE DONE THROUGH ANY OF OUR MEANS OF CONTACT, PARTICULARLY BY E-MAIL TO THE E-MAIL ADDRESS LISTED IN THE “LEGAL NOTICE” SECTION WITHOUT ANY FORMAL REQUIREMENTS. WE WILL THEN NO LONGER USE YOUR DATA FOR DIRECT MARKETING.

5 First Contact through Electronic Request

If you contact us in electronic form (for example by mail, fax, phone, messenger, etc.), we store and process the data which you have given us (for example name, contact information, content of the request). This is based on our legitimate interest in an effective communication with customers in accordance with Article 6 para. 1 (a) GDPR and, as far as it concerns a request to enter into or to perform a contract, also with Article 6 para. 1 (b) GDPR.
We will only pass on this data to third parties as far as required for the performance of the contract (in accordance with Article 6 para. 1 (b) GDPR), by the overwhelming interest in effective services (in accordance with Article 6 para. 1 (f) GDPR) or based on your consent (in accordance with Article 6 para. 1 (a) GDPR) or if there is another legal permission or obligation.
You may ask us at any time and without any cost to provide information about the purpose of the processing, the origin and the recipient, if any, of your data. You may also request that we correct, delete or limit the processing of your personal data. You may object against the (further) processing of your data at any time and you have a right for the data to be made transferable as well as the right to file a complaint with the competent supervisory agency.
In general, your data will only remain stored as long as required by the purpose of the respective data processing. A longer storage is an option, in particular when required in order to pursue our rights, for other legitimate interests of ours or when there is a statutory duty to keep the data longer (for example record-keeping under tax law, statute of limitations).

6 Consent

Whenever we ask you for your consent for the processing of your data, we will inform you in clear language and in an easily accessible way about the cases for which you will be granting your consent. Any consent that we ask you for is voluntary. Any advantage that you wish to gain by granting consent is also available without consent; simply ask us.

Regarding any consent, you have the right to revoke any consent given to us for the processing of your personal data at any time. You just need to contact us without any particular formal requirement, for example through our contact form, an e-mail to the e-mail address indicated in the “About Us” section or a link to unsubscribe (if offered by us). Your withdrawal has no effect on the legality of the data processing carried out up to that point.

7 Storage Period

Generally, your data will only remain stored as long as required by the purpose of the respective data processing. Storage beyond that is possible in particular if it is still required for pursuing our rights or for other legitimate interests of ours.
For your inventory data which were necessary to perform a contract (including one without remuneration), this means that we store this data until the complete performance or termination of the contractual relationship plus the limitation period (which is generally 2 or 3 years) plus an adequate extra time for potential interruptions of the limitation period.
For your usage data which was collected in the course of your use of the website, this means that we will store it only for the time still required for the proper functionality of our website and as long as we still have a legitimate interest. Statistical information will be primarily stored by us in pseudonymous form.
Beyond that, we still store your data for as long as we are required to do so by law. This concerns in particular the tax-law requirements to keep records, usually for 6 or even 10 years.

8 Cookies

8.1 More then essential Cookies

Upon opening the website, we have asked you to consent to the storing of certain cookies which will be placed while you visit our website. Based on your consent pursuant to Art 6 para. 1 (a) GDPR, our website thus uses cookies, so that our offer can be used in a better, more effective and more secure way.
A cookie is a record of information that is stored on your terminal device (computer, tablet, smartphone, etc.). These can be “session cookies”, which are automatically deleted when you leave our website. Other cookies are stored on your computer permanently until you delete them. That allows us to recognize your browser when you visit our website again and to provide you with features or offers according to your previous usage.

Your browser allows you to prevent the use of cookies in general or in specific cases. Please check the instructions for your browser to find out more about this. You can also delete cookies following these instructions which we have listed for you:

for Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en
for Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
for Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
for Edge: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
for Internet Explorer: https://support.microsoft.com/en-gb/help/278835/how-to-delete-cookie-files-in-internet-explorer

Blocking cookies may limit the functionality of our website and of other websites visited by you.
More information on this topic, in particular how you can administer, limit or completely disable third-party cookies and technologies with a similar purpose, can be found at:
https://www.aboutads.info/choices
https://www.youronlinechoices.eu
https://www.networkadvertising.org/choices

8.1.1 Borlabs

In order to obtain your consent to store certain cookies on your device and to document this in line with data protection law, and in line with our legal obligations under Art. 6 para. 1 sentence 1 (c) GDPR and our legitimate interest in accordance with Art. 6 para. 1 (f) GDPR, we use the Cookie Consent Manager “Borlabs Cookie“ provided by Borlabs - Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg, Germany.
Borlabs Cookie only places cookies that are technologically necessary. When you open our website, the following data will be sent to Borlabs Cookie: your consent or the withdrawal of your consent for placing cookies, a cookie placed on your browser by Borlabs Cookie, the duration and version of the cookie, domain and path of the WordPress website and the UID. The UID is a randomly generated ID and no personal information.
Borlabs Cookie processes no personal data. If you want to withdraw the consent to place certain cookies, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked for your consent to place cookies again.
You can find detailed information about the privacy policy of Borlabs Cookies at: https://de.borlabs.io/datenschutz/

8.1.1.1 Borlabs Cookie

For the Cookie Opt In we use the Wordpress plugin from Borlabs (https://borlabs.io/borlabs-cookie/) and you can adapt here your settings.

9 Users‘ Rights

You may request us anytime to provide information about the personal data stored about you free of charge. To avoid misuse, this will require personal identification.

9.1 Deletion, Correction, Limitation

You may at any time demand from us that we correct (or complete) incorrect data as well as a limitation of the processing of data or deletion of your data. This applies in particular if the reason for processing the data is no longer valid, if a required consent has been revoked and there is no other legal basis or if our data processing is unlawful. We will then correct, block or even delete your personal data without delay as far as permitted by law.

9.2 Objection

The right to object to advertisement is governed by our text regarding consent:
Regarding any consent, you have the right to revoke any consent given to us for the processing of your personal data at any time. You just need to contact us without any particular formal requirement, for example through our contact form, an e-mail to the e-mail address indicated in the “About Us” section or a link to unsubscribe (if offered by us). Your withdrawal has no effect on the legality of the data processing carried out up to that point.

9.3 Data Transfer

You may request us to transfer the data stored about you in machine-readable form.

9.4 Complaint

If you feel that our data processing has violated any of your rights, you may file a complaint with the competent regulatory agency (here you find a list of the agencies).

10 Changes to the Privacy Policy

If and when factual or legal reasons will compel us to amend the Privacy Policy, we will update this page accordingly. This will not change the consent provided by the user.

11 Newsletter

11.1 Brevo

If you subscribe to the newsletter offered on our page, we will inform you in detail about the information we will send you, which of your data will be stored and for what it will be used. We will not pass on your data to third parties and we will only use it for mailing the newsletter.

We will only mail you the newsletter if you have provided us with prior consent. To that purpose, you will receive an e-mail from us with a link and further details and we will ask for your consent. By confirming that link, you declare your consent to receive the newsletter and advertisement from us.

Because we are legally required to record your consent as part of the double opt-in, your subscription to the newsletter, the mailing of our consent e-mail and your consent by clicking on the link will be recorded and stored with location and time as well as with your IP address.

The basis for the storage is your consent pursuant to Art. 6 para. 1 (a) GDPR, which you grant us when you register for the newsletter. You may withdraw that consent at any time, for which any notice to us, without any formal requirement, is sufficient (for example through the contact form or by e-mail or by using the link to unsubscribe, which is included in each e-mail). This withdrawal has no effect on the legality of the data processing carried out up to that point.

When mailing the newsletter, we use (as part of our legitimate interest in a technologically perfect processing of our customer data and analysis pursuant to Art. 6 para. 1 (f) GDPR) the provider Brevo of the SendinBlue GmbH, Köpenicker Straße 126, 10179 Berlin.

Regarding the handling of your data by our newsletter provider, we refer you to the privacy policy of our newsletter-provider https://www.brevo.com/de/legal/privacypolicy/. Our newsletter provider will only use your data when mailing the newsletter and they will analyse that mailing on our behalf. In addition, our newsletter provider will only use your data to improve its own service. Our newsletter provider will not use the data to contact you directly or to pass on your data to third parties.

The mails used by our newsletter-provider include a "web beacon", which will inform our newsletter provider about the opening of the newsletter and/or the clicking on a link contained therein by you. As part of that process, information regarding your browser, your location and your IP address will be transmitted to our newsletter provider. This information will be used to optimise our communication with you.

Our newsletter provider will also use this data for purposes of analysis and optimisation of their own service, but only in pseudonymised form (meaning that your identification is not possible). But your data will not be used by the provider to contact you directly.

Your data remain stored as long as you are in our mailing list, as long as the storing is necessary to protect our rights or for other legitimate interests or if we are bound by law to keep your data longer.

12 Social Media

12.1 Social Media Links

12.1.1 General Information

We refer with links to our social media presences. When you follow any such link to the social media site, your data will be broadcasted to that site. The social media site will normally store a cookie in your browser and to your account information there, especially, if you are logged into your social media account on the site. The social media site can analyse your use of the platform and your browsing habits and will use these for targeting advertisements based on your interests. That can lead to ads being shown to you when browsing in- and outside of the social media site. Please inform yourself about the use of your data on these sites and use them only, when you agree to that use of your data, that happens on that social media site, in particular, when you are not using that social media site for the first time. We have added links to all the privacy policies of the social media site for your information.

12.1.2 Linkedin

Our page uses links to our presence on the social network LinkedIn, provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, as a subsidiary of LinkedIn Corporation, 2029 Stierlin Ct. Ste. 200 Mountain View, CA 94043, USA.

It is just a normal link, which means that upon opening our page, LinkedIn won't learn anything of your visit to our website. But when you click on the link, you will be taken to LinkedIn, and then LinkedIn will also learn that you visited our page.

Thus, your data may be forwarded to the USA.

We have neither knowledge of, nor any influence on the possible collection and processing of your data by LinkedIn after clicking on the link. Further information can be found in LinkedIn's privacy policy at https://www.LinkedIn.com/legal/privacy-policy?_l=de_DE.

12.2 Social Media Videos

12.2.1 Youtube (Two Click)

Based on our legitimate interest in a technologically perfect online offering and its design and optimisation in an economically efficient manner pursuant to Art. 6 para. 1 (f) GDPR we use YouTube, a service provided by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland in order to embed videos.
To protect your data, we have installed a two-click solution. That way, Google won't learn about your visit once you access our website, but only once you actually click the button. If you confirm the plugin while being logged in at YouTube, Google may attribute your use to your user account.

The data collected by Google may be transferred by Google to countries outside of the EU, in particular to the USA.

However, we have ensured that your data is only transferred to the USA on the basis of a contract in accordance with the standard contractual clauses. Furthermore this provider is certified according to the EU-US Data Privacy Framework. This means that the transfer of data to the USA is possible in a legally secure manner on the basis of the adequacy decision concluded on 10.07.2023.

We have concluded an data processing agreement with this provider, according to which this provider will only process your data on our behalf within the scope of the GDPR and according to our instructions.
You may find further information in YouTube’s privacy policy at
https://www.google.de/intl/de/policies/privacy/.

Regarding the general approach to cookies and their deactivation, we refer you to our general information in this Privacy Policy.

13 Online calendar

13.1 Calendly

Based on our legitimate interest in a technologically perfect online offering and its design and optimization in an economically efficient manner pursuant to Art. 6 para. 1 (f) GDPR, we use the calendar of Calendly https://calendly.com/de, a service offered by Calendly LLC, 1315 Peachtree St NE, Atlanta, GA 30309, USA, to make appointments.

Thus, the data you enter while making an appointment will be passed to Calendly. Your data will be transmitted to the USA in that process.
You can find more information about the privacy policy of Calendly at https://calendly.com/legal/privacy-notice. We have entered into a contract on data processing with Calendly, according to which Calendly will only process your data according to our instructions. Additionally we have ensured that your data is only transferred to the USA on the basis of a contract in accordance with the standard contractual clauses. According to the GDPR and the EuGH, this is a legal basis for the transfer of data to the USA. Furthermore this provider is certified according to the EU-US Data Privacy Framework. This means that the transfer of data to the USA is possible in a legally secure manner on the basis of the adequacy decision concluded on 10.07.2023.

In order to arrange an appointment, we ask for the data requested in the Calendly form and we collect your IP address at the time of entry. This data will not be passed to third parties by us or by Calendly and only serves statistical purposes and for arranging appointments. Data entry will be encrypted, preventing third parties from reading your data while you enter it. You will find more information about the data collected by Calendly and how they process your data in the privacy policy of Calendly .

Your data will remain stored as long as the reason for the appointment is still relevant, in particular as long as the storage is still necessary to perform the contract, to pursue our rights or for other legitimate interests of ours or as long as we are required by law to keep your data stored (for example by tax-law requirements on the keeping of records). If the appointment passes without any consequences, your data will be deleted.

14 Audio / Podcasts

14.1 Podigee

Based on our legitimate interest in a technologically perfect online offering and its design and optimisation in an economically efficient manner pursuant to Art. 6 para. 1 (f) GDPR, we use the podcast hoster Podigee, provided by Podigee GmbH, Schlesische Strasse 20, 10997 Berlin, Germany, for embedding sound files.
When you call up the podcast, our podcast hoster will receive the IP address and information about the user's device, so that podcasts can be downloaded and/or played. In that process, statistical data will also be collected, like the number of downloads. Our podcast hoster will however anonymise or pseudonymise the data before they will be stored, unless they are required for delivering the podcasts.
You will find more information in the privacy policy of our podcast hoster at: https://www.podigee.com/de/about/privacy/. We also refer you to our general instructions on cookies and their deactivation in this privacy policy.

15 Videoconferences, Webinare and Onlinemeetings

15.1 Zoom

We use external communication providers (external providers or platforms for our video conferences, audio conferences, webinars or other online meetings and online communication), in this case the provider ZOOM Video Communications Inc., San Jose Office, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. This is based either
- on our contractual or pre-contractual legal relationship in accordance with Art. 6 para. 1 (b) GDPR,
- on your consent if we have obtained that before (for example for a recording) in accordance with Art. 6 para. 1 (a) GDPR or
- on our legitimate interest in a technologically perfect online offering and its design and optimisation in an economically efficient manner pursuant to Art. 6 para. 1 (f) GDPR.
Each time you use our external communication provider, any data that you enter, indicate or show during the communication (in particular contractual data like name and e-mail, usage data like the browse used, visited websites, duration of the visit, referrer URL and your IP address, content data like audio and video communication and/or recordings, chat protocols, shared screen content) will be transmitted to the external communication provider and stored by them. We use settings that guarantee as much privacy as possible, and you can be careful about your privacy as well. For example, you can register with alias names or with one-time e-mail addresses or (partially) deactivate your transfer of audio and video.

When using this provider, it may happen that your data is transferred to the USA. However, we have ensured that your data is only transferred to the USA on the basis of a contract in accordance with the standard contractual clauses. According to the GDPR and the EuGH, this is a legal basis for the transfer of data to the USA. This applies in particular since the US Presidential Decree of 07.10.2022. 

We have concluded an data processing agreement with this provider, according to which this provider will only process your data on our behalf within the scope of the GDPR and according to our instructions. 

Your data will remain stored as long as necessary for the purposes of your consent, for performing the contract, to pursue our legal rights or for other legitimate interests of ours or as long as we are required by law to keep your information.
Neither we nor the external communication provider will pass on your data to third parties. Exceptions may be made for analysing the user date for service and security purposes as well as for marketing purposes of the external communication provider. For the further use of your data by the external communication provider, we refer you to their terms and conditions https://zoom.us/terms and the associated privacy policy https://zoom.us/privacy
Insofar as external communication providers store cookies or other trackers on your device, we refer you to our general information about dealing with cookies and deactivating them in this privacy policy.

This is our current valid privacy policy from 17.03.2025