Data protection

 

Privacy policy according to Art. 13 and 14 GDPR

Version: November 2024

List of contents:

  1. Scope of application
  2. Data Controller
  3. Data protection officer
  4. General Information on Data Processing
    1. No obligation to provide
    2. Consequences of non-provision
    3. Transmission to government authorities 
  5. Collection and Processing of Personal Data Within the Scope of Our Services
    1.  Coaching & Consulting
    2. Corporate Health
    3. Budget, debt & insolvency counselling
    4. Modern Health Campus
  6. Collection and Processing of Business Partner Data
  7. Online events for end customers
  8. Collection of Personal Data from Interested Parties for the Purpose of Acquisition
  9. Doorbell Cameras at our Offices
  10. Collection and Processing of Personal Data within the Recruitment Application Process
  11. Collection of Personal Data When Visiting the Website
  12. Tracking to Analyse and Optimize Our Services and Their Use, As Well As To Measure The Success Of Advertising Campaigns And Optimize The Display Of Advertising
  13. Data Subject Rights
    1. Right to Object
    2. Right to Information
    3. Right to Rectification
    4. Right to Erasure (“Right to be Forgotten”)
    5. Right to Restriction of Processing
    6. Right to Data Portability
    7. Right to Withdraw Consent
    8. Right to Complain
1. Scope of application

Data processing by Fürstenberg Institut GmbH can essentially be divided into two categories:

As part of our services, all data required for the fulfilment of a contract with Fürstenberg Institut GmbH will be processed. For the purpose of contract processing, all data required for the execution of a contract with Fürstenberg Institut GmbH will be processed. If external service providers are also involved in the processing of the contract, your data will be passed on to them to the extent required.

When you access the website/application of Fürstenberg Institut GmbH, various information is exchanged between your device and our server. This may also include personal data. The information collected in this manner is used, among other things, to optimize our website or to display advertising in the browser of your end device.

This privacy policy also always applies if elsewhere from one of our offerings (e.g. webinars) reference is made to this privacy policy, regardless of how you access or use it.
All these offerings are also collectively referred to as “Services”.

2. Data Controller

Fürstenberg Institut GmbH
Gorch-Fock-Wall 3 20354 Hamburg
Telephone: +49 (0)40-380820-0
E-Mail: info@fuerstenberg-institut.de

3. Contact details of the data protection officer

DS EXTERN GmbH
Dipl.-Kfm. Marc Althaus
Frapanweg 22
22589 Hamburg
E-mail: anfragen@dsextern.de

4. General information on data processing

a. No obligation to provide data

There is no contractual or a legal obligation to provide personal data. You are not obliged to provide data.
 

b. Consequences of non-provision 

You are not obliged to provide data. Failure to provide the required data (data marked as mandatory during entry) means that the service in question cannot be provided. Otherwise, not providing data can result in the situation that our services cannot be provided in the same form and quality.

c. Transmission to government authorities

We transfer personal data to government authorities (including law enforcement authorities) if this is necessary to fulfil a legal obligation to which we are subject (legal basis: Art. 6 para. 1 c) GDPR) or if it is necessary for asserting, exercising or defending legal claims (legal basis Art. 6 para. 1 f) GDPR).

 

5. Collection and processing of personal data as part of our services

5.1 Coaching & Consulting

Information/Purpose:
We collect personal data for the purpose of making appointments, counselling and processing client enquiries or complaints. 

Legal basis:
Art. 6 (1) b GDPR Performance of a contract

Categories of Personal Data:

  • Personal master data: title, gender, first name, last name, date of birth
  • Address data: street, house number, address additions, postal code, city, country
  • Contact data: telephone number(s), e-mail address(es)
  • Organizational data: organisation/location/business unit
  • Contents of coaching

Categories Of Recipients of The Personal Data:

  • Service providers to ensure our client services are available outside of core hours and on weekends.
  • Partner companies in the context of arranging care and childcare services.
  • Providers of video service tools in the case of online coaching and consulting.

Transfer of Personal Data to a Third Country:

There is no transfer of personal data to a Third Country by the Fürstenberg Institut.

Retention Period:

3 years after the end of the customer relationship 

5.2 Corporate Health

Information/Purpose:
We collect personal data when planning, organising and holding events (e.g. workshops) to strengthen mental health in companies. 

Legal basis:
Art. 6 (1) b GDPR Performance of a contract

Categories of Personal Data:

  • Personal master data: Title, salutation/gender, first name, surname 
  • Contact details: E-mail address(es) 
  • Organisational data: Customer company/location/business unit 
  • Content in the context of online events

Categories Of Recipients of The Personal Data:

  • Hosting service providers for organizing and broadcasting online events.
  • Providers of video service tools in the case of online events.

Transfer of Personal Data to a Third Country:

There is no transfer of personal data to a Third Country by the Fürstenberg Institut.

Retention Period:

We delete the personal data collected in the course of organising and holding events after the data retention is no longer necessary unless there are legal retention obligations or statutes of limitations which must be observed.

5.3 Budget, debt & insolvency counselling

Information/Purpose:
Implementation of budget, debt and insolvency counselling

Legal basis:
Art. 6 (1) b GDPR Performance of a contract

Categories of Personal Data:

  • Personal master data: Title, form of address/gender, first name, surname, date of birth,
  • Address data: Street, house number, address supplements if applicable, postcode, city, country
  • Contact details: Telephone number(s), e-mail address(es)
  • Organisational data: Customer company/location/business unit
  • Data on the personal and economic situation:
    • Family, household and housing situation
    • Maintenance obligations
    • Income and employment situation
    • Assets including account data, contracts
    • Debt level and data on creditors

Categories Of Recipients of The Personal Data:

  • If you authorise us to do so, we will transmit data to the following institutions:
    • Creditor or creditor representative
    • Credit institutions
    • Competent courts and/or trustee/insolvency administrator
    • In anonymised form, the City of Hamburg and, if applicable, the federal government for statistical purposes
  • IT service providers

For the purposes of creating forms and entries, we use the CAWIN software from the Institut für Finanzdienstleistungen e.V., Hamburg. This is a web application hosted in the Fürstenberg Institute’s own computer centre. The Institut für Finanzdienstleistungen e.V. provides updates and has no access to personal data of debt counselling clients.

Further information can be found at https://cawin.de/wiki/Datenschutz_und_Datensicherheit

Transfer of Personal Data to a Third Country:

The Fürstenberg Institute does not transfer data to third countries.

Retention Period:

 10 years after completion of the consultation

5.4 Modern Health Campus

Information/Purpose:
Organising courses in the field of mental health.

Legal basis:

  • Art. 6 para. 1 b) GDPR for registration and participation in courses
  • Art. 6 para. 1 a) GDPR in the case of a newsletter registration

Categories of Personal Data:

  • Personal master data (surname, first name)
  • Communication data (e-mail address)
  • Organisational data (company name, company address)
  • Customer history (e.g. products purchased)
  • Contract billing and payment data (e.g. payment method, invoices)
  • Participation data (quiz results, participation certificates)
  • Technical data (e.g. IP address, device, browser)
  • Content data (e.g. videos, images, texts, audios, files)

Categories Of Recipients of The Personal Data:

  • Reseller Partner namotto Universal Brands, Potsdamer Straße 125, 10783 Berlin, Germany for the purchase and payment processing on the platform ablefy (formerly elopage).
  • LearnWorlds Ltd, Gladstonos 120, Foloune Building, 2nd Floor, B1 3032 Limassol, Cyprus for hosting and providing the courses.
  • Video service provider for the realisation of online courses.
  • Service provider for the dispatch of newsletters.
  • Service provider for ensuring data synchronisation.

Transfer of Personal Data to a Third Country:

Data is transferred to third countries outside the EU when using the course-related video services and to ensure data synchronisation. Data is transferred on the basis of an adequacy decision in accordance with Art. 45 GDPR, which applies to the EU-U.S. Privacy Framework, after which the service-providing companies are certified.  

Retention Period:
We delete the data generated in the course of the purchase transaction after storage is no longer necessary, unless there are statutory retention obligations or limitation periods must be observed. Participation data for the courses will be deleted three years after completion of the course.

We store the data collected in connection with the newsletter for as long as there is an interactive exchange or until consent is withdrawn.

6. Collection and Processing of Business Partner Data

Information/Purpose:

  • Contact being made
  • Communication for contract initiation and implementation
  • Customer concerns, complaints, contract creation and maintenance, appointments
  • Newsletter to existing customers

Legal basis:

Art. 6 para. 1 b) GDPR or Art. 6 para. 1 f) GDPR in conjunction with § 7 para. 3 UWG for the newsletter to existing customers 

Legitimate interest: Effective communication with service providers and customer companies as well as advertising to existing customers in connection with our services 

Categories of Personal Data:

  • Personal master data: First name, surname
  • Company address data: Street, house number, postcode, city, country
  • Contact details: Telephone number(s), e-mail address(es)
  • Organisational data: Customer company/function

Categories Of Recipients of The Personal Data:

  • IT service providers for maintenance and support
  • Hosting service providers
  • IT service providers for sending of newsletters to existing customers
  • IT service provider for the appointment scheduling software

Transfer of Personal Data to a Third Country:

There is no transfer of personal data to a Third Country by the Fürstenberg Institut.

Retention Period:

We delete the data collected in the context of communication and cooperation with service providers and customer companies after storage is no longer necessary, unless there are statutory retention obligations or limitation periods must be observed.

7. Collection of data from interested parties for the purpose of acquisition

The following information describes how your personal data is processed if you are interested in our services or events and contact us by email, telephone or via our contact forms (at www.fuerstenberg-institut.de/kontakt and www.modern-health-campus.de/kontakt).

Information/Purpose:

  • Prospects/acquisition: preparation of quotations, scheduling of personal acquisition meetings 

Legal basis:

Art. 6 para. 1 a) GDPR Consent

Categories of Personal Data:

  • Personal master data: first name, surname 
  • Address data 
  • Contact details 

Categories Of Recipients of The Personal Data:

  • Hosting service provider

Transfer of Personal Data to a Third Country:

There is no transfer of personal data to a Third Country by the Fürstenberg Institut.

Retention Period:

We store the personal data related to the acquisition as long as there is an interactive exchange or until the consent is revoked.

8. Doorbell cameras at our locations

Information/Purpose:

  • To protect our offices, video doorbell systems (doorbell cameras) are installed at the entrance of our offices. These are activated when the doorbell is pressed. There is no image recording. The image is only displayed for a short time to our employees at the reception.

Legal basis:

  • Art. 6 para. 1 f) GDPR Legitimate interest: Protection of property

Categories Of Recipients of The Personal Data:

  • There is no transfer to third parties.

Transfer of Personal Data to a Third Country:

  • There is no transfer of personal data to a Third Country by the Fürstenberg Institut.

Retention Period:

  • No image is stored therefore no retention period applies.
9. Collection and processing of personal data as part of the application process

Information/Purpose:

  • Identification, contacting, communication for contract initiation, applicant selection, applicant pool 

Legal basis:
§ 26 BDSG in conjunction with Art. 88 GDPR, Art. 6 para. 1 a) GDPR 

Categories of Personal Data:

  • Personal master data
  • Address data
  • Contact details
  • Application data

Categories Of Recipients of The Personal Data:

  • Other departments within the company 
  • Hosting service provider  

Transfer of Personal Data to a Third Country:

There is no transfer of personal data to a Third Country by the Fürstenberg Institut.

Retention Period:

6 months, if you have consented to the storage of your data in our applicant pool until you withdraw your consent, but no later than 2 years  

10. Collection of Personal Data When Visiting the Website

The Fürstenberg Institute collects a range of general data and information each time the website is accessed. This general data is stored in the server log files.

Information/Purpose:

  • Establishment of the connection.
  • Correct display of the website content.
  • Detection of attacks on our website based on unusual activities.
  • Error diagnosis.

Legal basis:

Art. 6 para. 1 f) GDPR Legitimate interest 

Legitimate interest: Proper functioning of services, security of data and business processes, prevention of misuse, prevention of damage due to interference with information systems.

Categories of Personal Data:

  • Access data: Date and time of the visit to our service; the page from which the accessing system reached our site; pages accessed during use; data for session identification (session ID); also the following information of the accessing computer system: internet protocol address (IP address) used, browser type and version, device type, operating system and similar technical information. 

Categories Of Recipients of The Personal Data:

  • IT security service providers: Prevention of attacks by exploiting security gaps/vulnerabilities
  • Law enforcement authorities in the event of a cyber-attack

Transfer of Personal Data to a Third Country:

There is no transfer of personal data to a Third Country by the Fürstenberg Institut.

Retention Period:

7 days

11. Tracking to analyse and optimise our services and their use and to measure the success of advertising campaigns and optimise the display of advertising

Information/Purpose:

The analysis of user behaviour by means of tracking helps us to check the effectiveness of our services, to optimize them and adapt them to the needs of users, and to correct errors. Tracking to measure the success of advertising campaigns is used to optimize our ads for the future.

Legal basis:

Art. 6 para. 1 a) GDPR Consent

12. Data Subject Rights

12.1 Right to Object

If we process your personal data for direct marketing purposes, you have the right to object at any time with future effect to the processing of personal data concerning yourself for such marketing, insofar as it is related to such direct marketing.  

You also have the right to object, on grounds relating to your particular situation, at any time with future effect to processing of personal data concerning you which is based on point (e) or (f) of Art. 6 para. 1 GDPR. 

You can exercise your right to object free of charge. You can contact us using the contact details above. 

12.2 Right to Information

You have the right to know whether personal data concerning you is processed by us, what personal data this may be, and further information in accordance with Art. 15 GDPR. 

12.3 Right to Rectification

You have the right to demand that we correct incorrect personal data affecting you (Art. 16 of the GDPR). Taking the purpose of processing into account, you have the right to demand that incomplete personal data be completed – even in the form of a supplementary explanation. 

12.4 Right to Erasure (“Right to be Forgotten”)

You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds specified in Art. 17 para. 1 GDPR applies and the processing is not necessary for one of the purposes specified in Art. 17 para. 3 GDPR.

12.5  Right to Restriction of Processing

You are entitled to request a restriction on the processing of your personal data if one of the conditions set out in Art. 18 para. 1 a) to d) GDPR is met. 

12.6 Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us or to have it transmitted directly by us, where technically feasible. This should always apply if the basis for data processing is consent or a contract and the data is processed automatically. This therefore does not apply to data held only in paper form. 

12.7 Right to Withdraw Consent

If the processing is based on your consent, you have the right to withdraw your consent at any time. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. You can contact us using the contact details above. 

12.8 Right to Complain

You have the right to complain to a supervisory body.