Privacy Policy

Privacy Policy


With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes, and to what extent. This privacy policy applies to all personal data processing activities we carry out, both in the context of delivering our services and specifically on our websites, in mobile applications, and within external online presences, such as our social media profiles (collectively referred to as "online services").

The terms used are not gender-specific.

Date: August 28, 2023

Table of Contents

Data Controller

Prof. Dr. Sabina Jeschke
phone: +49 171 27 007 68

Authorized Representatives:

Prof. Dr. Sabina Jeschke

Email Address:


Relevant Legal Bases

Relevant legal bases according to the GDPR: Below is an overview of the GDPR legal bases on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence. If more specific legal bases are relevant in individual cases, we will inform you in the privacy policy.

  • Consent (Art. 6 Para. 1 S. 1 lit. a GDPR) - The data subject has given their consent to the processing of their personal data for one or more specific purposes.
  • Contractual obligations and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract.
  • Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f GDPR) - The processing is necessary for the purposes of the legitimate interests pursued by the data controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data.

National Data Protection Regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes in particular the Federal Data Protection Act (BDSG). The BDSG contains specific provisions on the right to access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission, as well as automated individual decision-making, including profiling.

Note on Applicability of GDPR and Swiss DPA: These privacy notices serve to provide information in accordance with the Swiss Federal Data Protection Act (Swiss DPA) as well as the General Data Protection Regulation (GDPR). Therefore, please note that due to the broader geographical application and comprehensibility, the terms of the GDPR are used. Specifically, instead of the terms "processing" of "personal data," "predominant interest," and "particularly sensitive personal data" used in the Swiss DPA, the GDPR terms "processing" of "personal data," "legitimate interest," and "special categories of data" are used. However, the legal meaning of the terms is still determined by the Swiss DPA when it is applicable.

Overview of Data Processing

The following overview summarizes the types of data processed and the purposes for which they are processed, and refers to the data subjects.

Types of Data Processed

  • Inventory data.
  • Contact data.
  • Content data.
  • Usage data.
  • Meta, communication, and procedural data.

Categories of Data Subjects

  • Communication partners.
  • Users.

Purposes of Processing

  • Contact inquiries and communication.
  • Security measures.
  • Direct marketing.
  • Administration and response to inquiries.
  • Feedback.
  • Provision of our online services and user-friendliness.
  • Information technology infrastructure.

Security Measures

We take appropriate technical and organizational measures, in accordance with legal requirements, considering the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input, disclosure, availability, and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data breaches. Additionally, we consider the protection of personal data in the development or selection of hardware, software, and processes, in accordance with the principle of data protection through technology design and data protection-friendly default settings.

Transfer of Personal Data

In the course of our processing of personal data, it may occur that the data is transferred to other places, companies, legally independent organizational units, or persons, or disclosed to them. Recipients of this data could include, for example, service providers entrusted with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe legal requirements and, in particular, enter into contracts or agreements with the recipients of your data that serve to protect your data.

Data Transfer Within the Organization: We may transfer personal data to other locations within our organization or grant them access to this data. If this transfer is for administrative purposes, the transfer of data is based on our legitimate business and commercial interests, or takes place if it is necessary for the fulfillment of our contractual obligations, or if consent of the data subjects exists or if there is legal permission.

International Data Transfers

Data Processing in Third Countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)), or if this takes place in the context of the use of third-party services or disclosure or transfer of data to other persons, bodies, or companies, this only occurs in compliance with legal requirements. Data transfers to third countries are based on an adequacy decision (Art. 45 GDPR) if the level of data protection in the third country has been recognized as adequate. Otherwise, data transfers only occur if the level of data protection is otherwise ensured, in particular through standard contractual clauses (Art. 46 para. 2 lit. c GDPR), explicit consent, or in cases of contractual or legally required transfer (Art. 49 para. 1 GDPR). Further information on third-country transfers and existing adequacy decisions can be found in the information provided by the EU Commission: EU Commission Information.

EU-US Trans-Atlantic Data Privacy Framework: Within the framework of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the level of data protection for certain companies from the USA as secure under the adequacy decision of July 10, 2023. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at We inform you in the context of the privacy policy which of our service providers are certified under the Data Privacy Framework.

Data Deletion

The data we process will be deleted in accordance with legal requirements as soon as their permitted consents are revoked or other permissions lapse (e.g., if the purpose for processing this data is no longer applicable or they are not required for the purpose). Unless the data is deleted because it is required for other and legally permissible purposes, their processing will be restricted to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

Our privacy policy may also contain further details on the retention and deletion of data that primarily apply to the respective processing.

Rights of Data Subjects

As a data subject under the GDPR, you have various rights, which primarily arise from Articles 15 to 21 of the GDPR:

  • Right to Object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for such marketing; this applies to profiling to the extent that it is related to such direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw your consent at any time.
  • Right to Access: You have the right to request confirmation as to whether the data in question is being processed and to receive information about this data as well as further information and a copy of the data in accordance with legal requirements.
  • Right to Rectification: You have the right to request the completion of the data concerning you or the correction of the incorrect data concerning you, in accordance with legal requirements.
  • Right to Erasure and Restriction of Processing: You have the right to demand that the data concerning you be deleted immediately or, alternatively, to demand a restriction on the processing of the data in accordance with the legal requirements.
  • Right to Data Portability: You have the right to receive the data concerning you that you have provided to us in a structured, common and machine-readable format or to request its transfer to another data controller.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of personal data relating to you violates the GDPR.

Use of Cookies

Cookies are small text files or other storage markers that store information on end devices and read information from end devices. For example, to maintain the login status in a user account, a shopping cart content in an e-shop, the accessed content or used functions of an online service. Cookies can also be used for various purposes, e.g., for functionality, security, and comfort of online services as well as for creating analyses of visitor flows.

Consent Guidelines: We use cookies in compliance with legal regulations. Therefore, we obtain prior consent from users unless it is legally not required. Consent is particularly not necessary when the storage and retrieval of information, including cookies, are strictly necessary to provide users with the telemedia service they expressly requested (i.e., our online offering). Essential cookies typically include functions that support the display and operability of the online offering, load balancing, security, storage of user preferences, and choices, or similar purposes related to providing the primary and secondary functions of the online service requested by users. Revocable consent is clearly communicated to users and includes information about the specific cookie usage.

Legal Basis for Data Protection: The legal basis on which we process users' personal data with the help of cookies depends on whether we ask for their consent. If users consent, the legal basis for the processing of their data is the declared consent. Otherwise, the data processed through cookies is based on our legitimate interests (e.g., in the commercial operation of our online offering and its usability) or, if it occurs as part of fulfilling our contractual obligations, when the use of cookies is necessary to meet our contractual obligations. We clarify the purposes for which we process cookies in the course of this privacy policy or within our consent and processing processes.

Storage Duration: Regarding storage duration, the following types of cookies are distinguished:

  • Temporary Cookies (also: Session or Session Cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their terminal device (e.g., browser or mobile application).
  • Permanent Cookies: Permanent cookies remain stored even after closing the terminal device. For example, the login status can be saved or preferred content can be displayed directly when the user revisits a website. Likewise, user data collected via cookies can be used for reach measurement. Unless we provide explicit information about the type and duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and can have a storage duration of up to two years.

General Notes on Revocation and Objection (i.e., "Opt-Out"): Users can revoke their given consents at any time and object to the processing in accordance with legal requirements. Among other options, users can restrict the use of cookies in their browser settings (although this may also limit the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be declared through the websites and

  • Legal Bases: Legitimate Interests (Art. 6 (1) S. 1 lit. f GDPR). Consent (Art. 6 (1) S. 1 lit. a GDPR).

Provision of Online Services and Web Hosting

We process user data to provide our online services. To this end, we process the user's IP address, which is necessary to deliver the content and features of our online services to the user's browser or device.

  • Type of Data Processed: Usage data (e.g., visited web pages, interest in content, access times); Meta-, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status). Content data (e.g., entries in online forms).
  • Affected Persons: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our online services and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices such as computers, servers, etc.). Security measures.
  • Legal Bases: Legitimate Interests (Art. 6 (1) S. 1 lit. f GDPR).

Contact and Inquiry Management

When contacting us (e.g., via mail, contact form, email, telephone, or social media) and within the context of existing user and business relationships, the information provided by the inquiring parties is processed to the extent necessary to respond to contact inquiries and any requested actions.

  • Type of Data Processed: Contact data (e.g., email, telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta-, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Affected Persons: Communication partners.
  • Purposes of Processing: Contact inquiries and communication; Administration and response to inquiries; Feedback (e.g., collection of feedback via online form). Provision of our online services and user-friendliness.
  • Legal Bases: Legitimate Interests (Art. 6 (1) S. 1 lit. f GDPR). Contract fulfillment and pre-contractual inquiries (Art. 6 (1) S. 1 lit. b GDPR).

Newsletter and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter "newsletters") only with the consent of the recipients or legal permission. If the content of the newsletter is specifically described during the signup process, it is decisive for user consent. Otherwise, our newsletters contain information about our services and us.

To subscribe to our newsletters, providing your email address is generally sufficient. However, we may ask you for a name for personal addressing in the newsletter or additional information if required for the purpose of the newsletter.

Double-Opt-In Procedure: The subscription to our newsletter is generally carried out in a so-called double-opt-in procedure. That is, after registering, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent anyone from registering with someone else's email address. Newsletter subscriptions are logged to prove the registration process according to legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the shipping service provider are also logged.

Deletion and Restriction of Processing: We may store the email addresses of unsubscribed users for up to three years based on our legitimate interests before deleting them, to prove prior consent. The processing of this data is limited to the purpose of potential defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed. In the case of obligations for permanent consideration of objections, we reserve the right to store the email address solely for this purpose in a blocklist (so-called "Blocklist").

The logging of the registration process is based on our legitimate interests for the purpose of proving its proper execution. If we commission a service provider for email dispatch, this is done based on our legitimate interests in an efficient and secure shipping system.


Information about us, our services, promotions, and offers.

  • Type of Data Processed: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Meta-, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status); Usage data (e.g., visited websites, interest in content, access times).
  • Affected Persons: Communication partners.
  • Purposes of Processing: Direct marketing (e.g., via email or postal mail).
  • Legal Bases: Consent (Art. 6 (1) S. 1 lit. a GDPR); Legitimate Interests (Art. 6 (1) S. 1 lit. f GDPR).
  • Opt-Out Options: You can cancel the receipt of our newsletter at any time, i.e., revoke your consent or object to further receipt. A link to unsubscribe from the newsletter can be found at the end of each newsletter, or you can use one of the contact options provided above, preferably via email, for this purpose.

Additional Notes on Processing, Procedures, and Services:

  • Measurement of Open and Click Rates: The newsletters contain a so-called "web beacon," i.e., a pixel-sized file that is retrieved from our server, or the server of the shipping service provider if applicable, when opening the newsletter. During this retrieval, technical information, such as information about the browser and your system, your IP address, and the time of retrieval, are initially collected.

    This information is used to technically improve our newsletters based on technical data or target groups and their reading behavior, based on their retrieval locations (which can be determined using the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. This information is assigned to individual newsletter recipients and stored in their profiles until they are deleted. The evaluations serve us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

Legal Bases: Consent (Art. 6 (1) S. 1 lit. a GDPR).
  • Mailchimp: Email dispatch and automation services; Service Provider: Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; Legal Bases: Legitimate Interests (Art. 6 (1) S. 1 lit. f GDPR); Website:; Privacy Policy:; Data Processing Agreement:; Basis for Third-Country Transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (Provided by the service provider). Additional Information: Special Security Measures:
  • Amendment and Update of the Privacy Policy

    We encourage you to regularly review the content of our privacy policy. We will adjust the privacy policy as soon as the changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your participation (e.g., consent) or another individual notification.

    If we provide addresses and contact information of companies and organizations in this privacy policy, please note that addresses may change over time and we ask you to verify the details before making contact.

    Responsible Supervisory Authority:

    Berlin Commissioner for Data Protection and Freedom of Information
    Friedrichstr. 219
    Visitor entrance: Puttkamerstr. 16 – 18 (5th floor)
    10969 Berlin
    Phone: 030 13889-0
    Fax: 030 2155050

    For more information about the Berlin Commissioner for Data Protection and Freedom of Information, visit

    Created with free by Dr. Thomas Schwenke