Privacy Policy
1. Name and address of the controller
The controller within the meaning of the GDPR and other data protection provisions is:
Impulsgrad GmbH
represented by Michael Wurst
Bahnhofanlage 18
68723 Schwetzingen
Germany
Email: info@nlp.de
Website: www.nlp.de
2. Data collected when visiting our website (server log files)
When using our website for information purposes only, we collect only the data that your browser transmits to our server (so-called "server log files"): the website accessed, the date and time of access, the amount of data transferred, the source/referrer, the browser used, the operating system used, and the (where applicable anonymised) IP address. Processing is carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in the stability and functionality of the website. No disclosure to third parties takes place. We reserve the right to review this data subsequently if there are specific indications of unlawful use.
3. Hosting
Our website is hosted by the following service provider acting as a processor:
DomainFactory GmbH, c/o WeWork, Neuturmstraße 5, 80331 Munich, Germany
The provider processes, on our behalf, the data required to provide the website. Legal basis: Art. 6(1)(f) GDPR. A data processing agreement (Art. 28 GDPR) is in place.
4. Consent management / consent banner
When you first access our website, a consent banner (consent management tool) informs you about the use of services that are not strictly necessary (in particular analytics and marketing services as well as embedded content). These services are only loaded after you have given your consent (Art. 6(1)(a) GDPR). You can withdraw or adjust your choice at any time with effect for the future via the cookie settings. Technically necessary cookies or services may be used without consent (Section 25(2) TDDDG).
Consent tool used: cockpit.legal. To control Google services we also use Google Consent Mode (v2); before your consent, no signals or only limited signals that cannot be linked to you are transmitted.
5. Contact by email
If you contact us by email (info@nlp.de), we process the information you provide in order to handle your request. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR. Deletion takes place as soon as the data is no longer required and no retention obligations apply.
6. Booking / seminar registration
When you book via our form, we process the data provided (e.g. first and last name, email, where applicable billing/company address, selected ticket/add-on options) in order to perform the contract. Legal basis: Art. 6(1)(b) GDPR. Processors used:
- Form/workflow processing (n8n Cloud): n8n GmbH, Borsigstr. 27, 10115 Berlin, Germany.
- Data storage (Google Sheets): Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, D04 E5W5, Ireland (data transfer to the USA possible, see section 11).
- Invoicing: easybill GmbH, Düsselstr. 21, 41564 Kaarst, Germany.
Data processing agreements (Art. 28 GDPR) are in place with these service providers. Booking and invoicing data are stored within the framework of the statutory commercial and tax retention periods.
7. Transfer to the Society of NLP (certification, USA)
For certification as part of the training, a license agreement between you and the Society of NLP (USA) is required. You complete the license agreement yourself (expected via an electronic signature service). The Society of NLP is an independent controller for the data collected under the license agreement. To prepare and carry out the certification, the participant data required for this purpose – in particular first and last name, address (street, postal code, city, country), phone number and email address – is transferred to the Society of NLP in the USA.
The legal basis for the processing is the performance or initiation of the contract (Art. 6(1)(b) GDPR). You expressly confirm the US transfer during booking via a checkbox; this explicit consent is given in the knowledge that there is no adequacy decision for the USA and that residual risks may remain despite any safeguards (Art. 49(1)(a) GDPR). In addition, the transfer is necessary for the performance of the contract concluded or to be concluded between you and the Society of NLP (Art. 49(1)(b) GDPR).
The USA does not have a generally adequate level of data protection. The transfer is therefore carried out on the basis of appropriate safeguards (Art. 46 GDPR) – such as EU standard contractual clauses or, where applicable, a certification of the recipient under the EU-US Data Privacy Framework – or, where no such safeguards exist, on the basis of the aforementioned derogations (Art. 49 GDPR). You can withdraw your consent at any time with effect for the future; however, without the transfer, certification by the Society of NLP cannot be issued.
8. Seminar insurance (external partner)
We merely provide a link to the option of taking out seminar insurance with our partner HanseMerkur. The insurance contract is concluded exclusively between you and HanseMerkur; the booking process does not run through us. HanseMerkur is independently responsible for the data collected there; their privacy policy applies.
9. Embedded third-party content (Vimeo)
We embed videos from Vimeo (Vimeo, Inc., 330 West 34th Street, 10th Floor, New York, NY 10001, USA). To avoid data transfer without your consent, we load the videos by means of a two-click / preview solution: before the video, only a locally hosted preview image is shown. Only when you actively start the video is a connection to Vimeo established, and personal data (including your IP address) may be transmitted to Vimeo, also to the USA (see section 11). The legal basis is your consent given by the click (Art. 6(1)(a) GDPR).
10. Web analytics and marketing (only with consent)
The following services are loaded exclusively after your consent via the consent banner (Art. 6(1)(a) GDPR). Consent can be withdrawn at any time with effect for the future.
10.1 Google Tag Manager
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, D04 E5W5, Ireland. Google Tag Manager manages and loads further services (tags). The Tag Manager itself does not collect personal data in its own cookies but serves as the technical basis for the services below.
10.2 Google Analytics
Provider: Google Ireland Limited (address as above). Google Analytics uses cookies or similar technologies to analyse the use of the website (e.g. pages visited, time spent, approximate origin). Among other things, truncated IP addresses and pseudonymous usage identifiers are processed. A data transfer to the USA is possible (see below).
10.3 Meta Pixel (Facebook/Instagram)
Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The Meta Pixel measures the effectiveness of our advertisements (conversion tracking) and enables remarketing. In doing so, your IP address, information about pages visited and actions (e.g. a completed booking), and where applicable hashed contact data are transmitted to Meta; a transfer to the USA is possible. Meta processes this data partly as an independent controller or joint controller; details can be found in Meta's data policy.
10.4 Third-country transfer and withdrawal
For the aforementioned services, a transfer to the USA may take place (see section 11). You can withdraw any consent given at any time via the cookie settings. In addition, Google offers a deactivation add-on for Google Analytics; advertising preferences at Meta can be adjusted in your account settings.
11. Data transfer to third countries
Insofar as we use services whose providers process data outside the EU/EEA (in particular the USA) (Google, Meta, Vimeo), this is carried out on the basis of appropriate safeguards, in particular EU standard contractual clauses or – where applicable – on the basis of an adequacy decision (EU-US Data Privacy Framework).
12. Storage period
The storage period is determined by the respective legal basis, the purpose of processing and – where applicable – the statutory retention period (e.g. commercial and tax retention periods). Data from consent-based processing is stored until withdrawal; contract data is deleted after the retention periods expire, provided it is no longer required. Otherwise, data is deleted as soon as it is no longer necessary for the purposes for which it was collected.
13. Rights of the data subject
You have the right to information (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), notification (Art. 19), data portability (Art. 20), withdrawal of consent given (Art. 7(3), with effect for the future), and to lodge a complaint with a supervisory authority (Art. 77 GDPR).
14. Right to object
If we process your data on the basis of an overriding legitimate interest (Art. 6(1)(f) GDPR), you have the right to object at any time, for reasons arising from your particular situation, with effect for the future. If your data is processed for direct marketing, you have the right to object at any time to processing for this purpose; thereafter we will no longer process the data concerned for direct marketing purposes.