Data Privacy Statement
Notice on Data Protection
This Data Privacy Statement is intended to inform you how we process your personal data and to explain your rights to you. We are aware that the processing of your personal data is extremely important to you as the data subject and accordingly we comply with the relevant statutory provisions. The protection of your private sphere is therefore our highest priority. In processing your personal data we comply with the General Data Protection Regulation and the data protection provisions and the provisions of domestic law.
Name and contact details of the Data Protection Officer and his representative
Struss & Claussen Personal Development
Telephone: +49 (0)40 - 688 79 49 70
Managing Directors & Authorized Representatives: Ragnhild Struss and Johann Claussen
Contact data for the Data Protection Officer:
Ayda Pirmohammadi, M.A. Philosophy
Struss & Claussen Personal Development
Telephone: +49 (0)40 - 688 79 49 70
This data privacy statement uses the terminology of the General Data Protection Regulation (GDPR).
Personal data means any information relating to an identified or identifiable natural person (hereinafter: data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
File system is any structured collection of personal data, which is accessible by means of specific criteria, irrespective of whether this collection is managed centrally, locally or ordered in accordance with functional or geographic factors.
Controller is the natural or legal person, public authority, agency or other body, which alone or jointly with others decides on the purposes and means of the processing of personal data; if the purposes and means of this processing are specified by European Union law or the law of the Member State, the controller and/or the specified criteria for his designation may be specified by European Union law or the law of the Member State.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or other body, to which the personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; these data are processed in accordance with the applicable data protection provisions in accordance with the purposes of the processing.
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
We collect and process the following personal data concerning you:
contact and address information, if you have communicated your contact information to us or registered on our website,
- data, which you have communicated to us in the course of consultations, training or coaching sessions,
- data, which you have communicated to us in the course of counseling by telephone,
- online identifiers (e.g. your IP address, browser type and version, the related operating system, the referrer URL, the IP address, the file name, the access status, the amount of data transferred, the date and time of the server query).
Purposes of processing
We process your data for the following purposes:
- to make contact with you as requested by you,
- to update our offer to you,
- to process the contract,
- to develop the strategy customized to you in the course of the consultation,
- for advertising purposes,
- to send you the e-mail newsletter, if you have registered for it,
- for quality assurance and
- for our statistics.
Legal bases for the data processing
Your data are processed on the following legal bases:
- on the basis of your consent in accordance with Article 6 (1) point (a) GDPR,
- to implement a contract with you in accordance with Article 6 (1) point (b) GDPR,
- to satisfy legal duties in accordance with Article 6 (1) point (c) GDPR, or
- for the purposes of our legitimate interest in accordance with Article 6 (1) point (f) GDPR.
If we base the processing of your personal data on legitimate interests within the meaning of Article 6 (1) point (f) GDPR, these interests are
- the improvement of our offer,
- protection from abuse and
- the management of our statistics.
We receive the data from you (including via the devices used by you). If we do not collect the personal data from you, we additionally inform you from what source the personal data originate and where applicable, whether they originate from publicly accessible sources.
Recipients or categories of recipients of the personal data
In processing your data we work with the following service providers, who have access to your data:
- twentyreasons business solutions GmbH
- Gallup Strengths Center.
Data are transferred to third countries outside the European Union. This transfer takes place on the basis of contractual regulations provided by statute, which are intended to guarantee adequate protection for your data and which you may inspect on request.
We store your personal data only for as long as this is necessary in order to achieve the purpose of the processing or where storage is subject to a statutory retention period.
We store your data,
- if you have given your consent to the processing, as a maximum period up to the time you withdraw your consent,
- if we require the data for the performance of a contract as a maximum period for as long as the contractual relationship with you is in existence or statutory retention periods continue to run,
- if we use the data on the basis of a legitimate interest as a maximum period for as long as your interest in erasure or anonymization of the data does not override our interest.
You have the following rights – in some cases subject to specific conditions:
- the right to request information, free of charge, on the processing of your data and to receive a copy of your personal data. You are entitled inter alia to request information on the purposes of the processing, the categories of personal data, which are processed, the recipients of the data (if the data are transferred), the duration of the storage period or the criteria for the determination of the storage period;
- the right to correct your data. If your personal data are incomplete, you have the right, with due regard to the purposes for the processing, to complete the data;
- the right to have your data erased or blocked; The grounds for a claim for the erasure or blocking of data may be inter alia the withdrawal of the consent, on which the processing is based, the data subject lodges an objection to the processing, the personal data have been unlawfully processed;
- the right to have the processing restricted;
- the right to object to the processing of your data;
- the right to withdraw your consent to the processing of your data and
- the right to lodge a complaint concerning illegal data processing with the competent supervisory authority.
Requirement or obligation for data to be provided
Unless requirement or an obligation to provide data is expressly specified, there is no requirement or obligation to provide data. Such an obligation may arise from legal requirements or contractual provisions.
Further Information on Data Protection
The contact form on our website provides a quick and simple method of contacting us. So that contact is possible some of the fields are marked as required fields. If you fill out the fields and select "Send", you are giving your consent that your data are communicated to us with the e-mail message. The data are not stored on the web server.
If you register for our newsletter, we use the data required or communicated separately by you for this purpose to send you our e-mail newsletter on a regular basis. You can de-register from the newsletter at any time, either by sending a message to the contact details stated above or via the de-registration link provided.
We have put in place a comprehensive range of technical and organizational measures to protect your data against possible risks, such as unauthorized access or seizure, unauthorized cognizance, modification or distribution, as well as against loss, destruction or abuse.
In order to protect your personal data from unauthorized access by third parties, when the data are being transferred, we secure data transfers, where necessary by means of SSL encryption. This is a standardized encryption procedure for on-line services, in particular for the Web.
The website provider automatically collects and stores data in what are known as server log files, which your browser automatically transfers to us. These are: the type and version of your browser, the operating system used, HTTP referrer, URL, host name of the computer accessing the site, time of the server enquiry, IP address.
These data are not combined with other data sources.
The basis for the data processing is Article 6 (1) point (f) GDPR, which permits the processing of data for the purpose of fulfilling a contract or pre-contractual measures.
Furthermore, you can prevent these data being collected and processed by Google Inc. by downloading and installing the browser add-on available from the following link: https://tools.google.com/dlpage/gaoptout?hl=de
This stores an opt-out cookie for our websites on your device with effect for the browser you are currently using. If you delete these cookies from your browser, you must click once again on this link. You can find more detailed information on conditions of use and data protection on http://www.google.com/analytics/terms/de.html or on https://policies.google.com/?hl=de.
We use Google Fonts, a service from Google Inc. (Google): www.google.com/fonts#AboutPlace:about. These web fonts are integrated by means of a server request, usually to a Google server in the USA. This communicates to the servers which of our Internet sites you have visited. The IP address of the browser of the terminal used by the visitor to these websites is also stored by Google. More detailed information is available in Google's Data Privacy Notice, which you can access here: www.google.com/policies/privacy/.
Facebook using the "Shariff" function
Plug-ins for the Facebook social network, access provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated into our websites. You can recognize the Facebook plug-ins by the Facebook logo or the Like button (Like) on our site. An overview of Facebook plug-ins is available here: http://developers.facebook.com/docs/plugins/. We use the Shariff button, which ensures data protection. Shariff replaces the usual Share button, so that your data are not automatically transferred to Facebook every time you access the site. This will happen only if you click on the button. We advise you that we as the access provider for our site have no knowledge of the contents of the data transferred or of their use by Facebook. You can find more detailed information on this in the Facebook Data Privacy Statement on http://de-de.facebook.com/policy.php.
For the integration of videos we use inter alia the access provider, YouTube. YouTube is operated by YouTube LLC with head office at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. with registered office at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you access our Internet presence through websites equipped with plug-ins, for example our media center, this produces a connection to the YouTube servers and the plug-in is displayed. This communicates to the YouTube servers which of our Internet sites you have visited. If you are logged on to YouTube as a member, YouTube allocates this information to your personal user account. When you use the plug-in, for example by clicking on the start button for a video, this information is also allocated to your user account. You can prevent this information being allocated to your account by logging off from your YouTube user account and any other user accounts of the YouTube LLC und Google Inc. companies before using our website and by deleting the appropriate cookies from those companies. You can find more detailed information on data processing and advice on data protection by YouTube (Google) on www.google.de/intl/de/policies/privacy/.
On our website we use the FontAwesome web font. When a site is accessed, your browser loads the required web fonts into its browser cache, in order to display texts and fonts correctly. For this purpose the browser used by you must accept a connection with the FontAwesome servers. This informs FontAwesome that our website has been accessed through your IP address. If your browser does not support web fonts, your computer uses a standard font. Further information on FontAwesome web fonts is available in FontAwesome's data privacy statement: https://www.fontawesome.com/privacy.
FontAwesome is integrated by means of a CDN (Content Delivery Network). When a website is downloaded, each file included on the site generates what is known as a HTTP request (a server request). Modern browsers can process in parallel between two and four requests, which inevitably creates a queue. The longer the queue, the longer it takes for the website to download. However, the request is restricted by domain. If media contents are rolled out on additional domains, the site can be downloaded by various sources and is built up more quickly.
On our websites we use the TYPEFORM service from TYPEFORM S.L. with registered office in Carrer Bac de Roda, 163, 08018 Barcelona (Spain). TYPEFORM collects data, in order to analyze user behavior on our website and to transfer the information to us. In order that TYPEFORM S.L. may collect and process the data mentioned for the purposes stated, we need your consent. If you do not want to agree to the collection and processing of your data by TYPEFORM as described, it is not possible to communicate your enquiry via the online form. You can find detailed information on data collection and processing by TYPEFORM S.L on https://admin.typeform.com/to/dwk6gt.
Status of this Data Privacy Statement
We reserve the right to amend this Data Privacy Statement at any time with effect for the future.