Data protection
Privacy policy according to Art. 13 and 14 GDPR
Version: August 2025
- 1. Scope
- 2. Responsible Company
- 3. Data Protection Officer Contact Details
- 4. General Information on Data Processing
- 5. Collection and Processing of Personal Data in the Context of Our Services
- 6. Collection and Processing of Business Partner Data
- 7. Data Collection from Interested Parties for Acquisition Purposes
- 8. Doorbell Cameras at Our Locations
- 9. Collection and Processing of Data in the Application Process
- 10. Data Collection When Accessing Websites
- 11. Tracking for Analysis and Optimization
- 12. Rights of Data Subjects
Data processing by Fürstenberg Institut GmbH can essentially be divided into two categories:
As part of our services, all data required for the fulfilment of a contract with Fürstenberg Institut GmbH will be processed.
For the purpose of contract processing, all data required for the execution of a contract with Fürstenberg Institut GmbH will be processed. If external service providers are also involved in the processing of the contract, your data will be passed on to them to the extent required.
When you access the website/application of Fürstenberg Institut GmbH, various information is exchanged between your device and our server. This may also include personal data. The information collected in this manner is used, among other things, to optimize our website or to display advertising in the browser of your end device.
This privacy policy also always applies if elsewhere from one of our offerings (e.g. webinars) reference is made to this privacy policy, regardless of how you access or use it.
All these offerings are also collectively referred to as “Services”.
Fürstenberg Institut GmbH
Gorch-Fock-Wall 3 20354 Hamburg
Telephone: +49 (0)40-380820-0
E-Mail: info@fuerstenberg-institut.de
DS EXTERN GmbH
Dipl.-Kfm. Marc Althaus
Frapanweg 22
22589 Hamburg
E-mail: anfragen@dsextern.de
4.2 Consequences of Not Providing Data If mandatory data (marked as such when entered) is not provided, the respective service may not be provided at all or not in the same form and quality.
4.3 Transmission to Public Authorities We transmit personal data to public authorities (including law enforcement agencies) if this is necessary to fulfill a legal obligation to which we are subject (legal basis: Art. 6(1) lit. c GDPR) or if it is required to assert, exercise or defend legal claims (legal basis: Art. 6(1) lit. f GDPR).
5.1 Coaching & Consulting
Info/Purpose: We collect personal data for the purpose of scheduling appointments, counseling, and processing client requests or complaints.
Legal basis: Fulfillment of the service agreements (pursuant to Art. 6(1) lit. b GDPR).
Categories of Data:
- Personal information: Title, salutation/gender, first and last name, date of birth
- Address information: Street, house number, additional address info, zip code, city, country
- Contact information: Phone numbers, email addresses
- Organizational information: Client company/location/business unit
- Content of the consultation
Recipients: Service providers ensuring accessibility of our client service outside core hours and on weekends; partner companies in the context of mediation for care and childcare offers. For email communications with our clients, we use an external IT service provider.
Third-country transfer: Email data is generally processed within the EU. In exceptional cases, maintenance or support services may involve access to personal data from a third country (e.g., USA). Such transfers are based on an adequacy decision of the European Commission (EU-U.S. Data Privacy Framework) or appropriate safeguards such as standard contractual clauses under Art. 46 GDPR.
Retention period: 3 years after completion of the counseling.
5.2 Corporate Health
Legal basis: Fulfillment of the service agreements (Art. 6(1) lit. b GDPR).
Categories of Data:
- Personal info: Title, salutation/gender, first and last name
- Contact info: Email address(es)
- Organizational info: Client company/location/business unit
- Contributions during online events
Third-country transfer: Data processing for storage, email, and online event participation is generally within the EU. Exceptionally, maintenance or support services may allow access from outside the EU (e.g., USA), with transfers based on adequacy decisions or standard contractual clauses.
Retention period: Data collected for event organization and implementation will be deleted when storage is no longer required unless statutory retention obligations or limitation periods must be observed.
5.3 Budget, debt & insolvency counselling
Info/Purpose: Conducting budget, debt, and insolvency counseling.Legal basis: Fulfillment of service agreements (Art. 6(1) lit. b GDPR).
Data categories:
- Personal info: Title, salutation/gender, first and last name, date of birth
- Address info
- Contact info
- Organizational info
- Data on personal and financial situation: family/household/living situation, maintenance obligations, income/vocational status, assets (including bank details, contracts), debt level and creditor data
Third-country transfer: Email communication data is generally processed in the EU. In exceptional cases, maintenance or support services may result in access from a third country (e.g., USA), using adequacy decisions or standard contractual clauses for such transfers.
Retention period: 10 years after counseling ends.
5.4 Health & Safety
Info/Purpose: Collection of personal data for planning, organizing, and conducting events (e.g., workshops) on occupational safety and occupational health, as well as mediation of occupational health services.
Processing of health data takes place exclusively between client companies and occupational health service providers. Fürstenberg Institut itself does not process this health data.
Legal basis: Fulfillment of service agreements (Art. 6(1) lit. b GDPR).
Categories of Data:
- Personal info: Name, first name
- Communication data: Email address
- Organization data: Company name/address
- Billing data: Participation in occupational health checks
E-learning participation data (quiz results, certificates) - Technical data: e.g., IP address, device, browser
Recipients: We cooperate with providers for data storage, email, and videocommunication for technical implementation. For e-learning courses and management of participant data, we work with additional service providers, including resellers (for purchase and payment), e-learning providers (hosting and delivery of courses), and data synchronization providers.
Third-country transfer: Processed generally within EU; exceptions as above. Use of video services and data sync may involve transfers outside the EU.
Retention period: Client contacts’ data is retained for the duration of the client relationship and deleted thereafter unless legal obligations or statutes apply. Participation data is deleted three years after the event.
5.5 Modern Health Campus
Info/Purpose: Conducting courses in the field of mental health.
Legal basis: Performance of service agreements for registration and participation (Art. 6(1) lit. b GDPR), and your consent for newsletter registration (Art. 6(1) lit. a GDPR).
Categories of Data:
- Personal info: Name, first name
- Communication data: Email address
- Organization data: Company name/address
Client history: e.g., purchased products - Contractual/payment data
- Participation data (quiz results, certificates)
- Technical data
- Content data: videos, images, texts, audio, files
Recipients: We work with various service providers for the implementation of courses and the management of participant data, including resellers, e-learning, video, newsletter, and data synchronization providers.
Third-country transfer: Transfers relating to course video services and data synchronization may occur outside the EU.
Retention Period: Participation data is deleted three years after course completion; newsletter-related data is retained as long as there is active interaction.
5.6 myFürstenberg Client Portal
Info/Purpose: Provision of personalized content and information related to booked services (e.g., coaching, media library, events), chat function, as well as individual appointment booking.
Legal basis: Your consent for personal profile registration (Art. 6(1) lit. a GDPR); our legitimate interest in providing appointment booking and communication options (Art. 6(1) lit. f GDPR).
Categories of Data: Contact, organizational data, responses.
Recipients: We process data internally or with external support providers as needed, e.g., for data integrity. Hosting takes place in Hamburg data centers; all chat data is processed within the EEA.
Third-country transfer: No transfer outside the EU.
Retention Period: As long as client relationship exists, unless deletion is requested sooner. Appointments are kept for the duration of the client relationship. Chat data is deleted after one month.
5.7 Media Provision
Info/Purpose: To support our services, we provide media content such as videos and podcasts through third-party platforms. Personal data (esp. IP and usage data) may be processed when accessing such content, and providers may use cookies or similar technology for their own purposes.
Legal basis: Our legitimate interest in appealing and functional media presentation (Art. 6(1) lit. f GDPR) and your consent if granted via the cookie consent tool (Art. 6(1) lit. a GDPR).
Platforms used:
- Vimeo (provider: Vimeo Inc., New York, USA), privacy policy: https://vimeo.com/privacy
- SoundCloud (provider: SoundCloud Global Limited & Co. KG, Berlin), privacy policy: https://soundcloud.com/pages/privacy
Third-country transfer: Use of Vimeo or SoundCloud may result in data transfer to third countries (e.g. USA). These transfers are under the providers’ own responsibility, usually relying on standard contractual clauses or adequacy decisions. We have no influence over the provider’s processing.
5.8 Satisfaction Surveys
Info/Purpose: To assess our service quality, online surveys may be sent after consultations or events. Participation is voluntary. Surveys may be associated with short-term personal references, but evaluations are conducted anonymously.
Legal basis: Your consent (Art. 6(1) lit. a GDPR).
Recipients: An external service provider processes survey data exclusively on our behalf and according to our instructions. No data transfer to unnecessary third parties.
Third-country transfer: None.
Retention Period: Personal reference is anonymized after the survey is completed.
6. Collection and Processing of Business Partner Data
Info/Purpose: We process personal data of business partners for contacting, communication in contractual relationships and to complaints, processing and maintenance of data, scheduling, and sending newsletters to existing customers.
Legal basis: Fulfillment of existing or initiated contractual relationships (Art. 6(1) lit. b GDPR). Where communication with service providers and clients and newsletter delivery to existing customers occurs, processing relies on our legitimate interest in efficient communication and direct marketing (Art. 6(1) lit. f GDPR in conjunction with Sec. 7(3) UWG).
Data categories: Name, business address, contact details, organizational info.
Recipients: IT providers for newsletter, storage, email, scheduling and videocommunication.
Third-country transfer: Data is generally processed within the EU; exceptions apply as above.
Retention Period: Deleted when no longer required, unless obliged by law or limitation periods.
The following information describes how your personal data is processed if you are interested in our services or events and contact us by email, telephone or via our contact forms (at www.fuerstenberg-institut.de/kontakt and www.modern-health-campus.de/kontakt).
Info/Purpose: Acquisition (offers, scheduling meetings)
Legal basis: Your consent (Art. 6(1) lit. a GDPR)
Data categories: Personal, address, contact data
Recipients: We work with various IT service providers for the technical implementation of communication and internal processes. These are service providers for data storage and email communication.
Third-country transfer: The processing of data in the course of data storage and email generally takes place within the European Union. In exceptional cases, personal data may be accessed from a third country (e.g., the US) in the context of maintenance or support services. Such data transfers are based on an adequacy decision by the European Commission (EU-US Data Privacy Framework) or using appropriate safeguards such as standard contractual clauses in accordance with Art. 46 GDPR.
Retention Period: Stored as long as interaction exists or until consent is withdrawn.
Info/Purpose: To protect our offices, doorbell cameras are installed at our locations. They are activated when the bell is pressed, and only display the image temporarily for reception staff. No recording is made.
Legal basis: Our legitimate interest in protecting our property (Art. 6(1) lit. f GDPR).
Recipients: None.
Third-country transfer: None.
Retention Period: No recording.
Info/Purpose: Identification, establishing contact, communication for contract initiation, applicant selection, applicant pool
Legal basis: Your consent (in accordance with Art. 6 (1) (a) GDPR in conjunction with § 26 BDSG and Art. 88 GDPR)
Data category:
- Personal master data
- Address data
- Contact details
- Application data
Recipients: We work with various IT service providers for the technical implementation of communication and internal processes. These are service providers for data storage and email communication.
Third country transfers: Data processing in the course of data storage and email communication generally takes place within the European Union. In exceptional cases, personal data may be accessed from a third country (e.g., the US) in the context of maintenance or support services. Such data transfers are based on an adequacy decision by the European Commission (EU-US Data Privacy Framework) or using appropriate safeguards such as standard contractual clauses in accordance with Art. 46 GDPR.
Retention Period: 6 months. If you have given us your consent to store your data in our applicant pool, we will store your data for up to 2 years or until you revoke your consent.
The Fürstenberg Institute collects a range of general data and information each time our websites are accessed. This general data is stored in the server log files.
Info/Purpose: The data collected is used to establish a connection, display the content of the website correctly, detect attacks on our site based on unusual activity, and perform general error diagnosis.
Legal basis: Our legitimate interest in the proper functioning of services, security of data and business processes, prevention of misuse, and prevention of damage caused by interference with information systems (in accordance with Art. 6(1)(f) GDPR).
Data category: Access data
Date and time of visit to our service; the page from which the accessing system reached our site; pages accessed during use; session identification data (session ID); in addition, the following information from the accessing computer system: Internet Protocol address (IP address) used, browser type and version, device type, operating system, and similar technical information.
Recepients: We work with specialized IT security service providers to detect and prevent attacks that exploit security gaps or vulnerabilities. In the event of a cyberattack, data may be passed on to the relevant law enforcement authorities.
Third-country transfer: No third-country transfer takes place.
Retention Period: 7 days
Info/Purpose: Analyzing user behavior through tracking helps us to check the effectiveness of our services, optimize them, adapt them to user needs, and fix errors. Tracking to measure the success of advertising campaigns serves to optimize our ads for the future.
Legal basis: Your consent (in accordance with Art. 6 (1) (a) GDPR)
Information on the tracking methods used can be found in the privacy settings (Consent Management Tool).