Controller

The controller within the meaning of the GDPR is:

Dr. Josef Merk

Gustav-Müller-Str. 40, 10829 Berlin, Germany

Phone: +49 (0) 30 28 65 9006

Email: info [at] men-evolving-now.org

For data protection matters, you can reach us at:

privacy [at] men-evolving-now.org

Contacting Us

If you contact us by email or via the contact form, the data you provide will be stored by us in order to process your request. The data processed includes your name, email address and if applicable, your telephone number.

The legal basis is our legitimate interest in responding to your request (Art. 6(1)(f) GDPR) or, where your request is aimed at concluding a contract, Art. 6(1)(b) GDPR.

We delete the data as soon as storage is no longer necessary, or restrict processing where statutory retention obligations apply.

Data Subject Rights

As a data subject, you have the right of access, the right to rectification or erasure, the right to restriction of processing, the right to object to the processing of your data, and the right to data portability. Where you have given us consent, you may withdraw it at any time with effect for the future.

Please send your objection or withdrawal informally to the address above. You also have the right to lodge a complaint with a supervisory authority. A list of authorities is available at: https://www.bfdi.bund.de/

Cloudflare

We use the Content Delivery Network (CDN) of Cloudflare Germany GmbH, Rosental 7, 80331 Munich, Germany, to increase the security and delivery speed of our website. This corresponds to our legitimate interest (Art. 6(1)(f) GDPR). A CDN is a network of (globally) distributed servers capable of delivering content to website users in an optimised way. For this purpose, personal data may be processed in Cloudflare server log files.

Cloudflare is a recipient of your personal data and acts as a processor for us. You have the right to object to the processing; whether the objection is successful must be determined by balancing interests. Your personal data is stored by Cloudflare for as long as necessary for the purposes described. Cloudflare has implemented compliance measures for international data transfers based on the EU Standard Contractual Clauses (SCCs).

Domain Registration

Our domain is registered via hosting.de GmbH, Franzstr. 51, 52064 Aachen, Germany. In this context, only the data required for domain administration is processed. The hosting of the website content itself is not provided by systeme.io (see section Business Platform).

Business Platform

Our website and its associated functions are provided via the systeme.io platform (systeme.io, ITACWT Limited, 2 Cruise Park Rise, Tyrrelstown, Dublin 15, Irland). systeme.io is a recipient of your personal data and acts as a processor for us within the meaning of Art. 28 GDPR.

The following processing operations in particular are handled via systeme.io:

• Hosting and delivery of the website, including associated pages and funnels (including server-side log files such as IP address, date/time of the request, browser and system information, to ensure stability and security);

• Contact and sign-up forms (e.g. name, email address, message, time of submission);

• Customer relationship management (CRM), including management of contacts, tags, and segments;

• Sending of newsletters and automated emails, and statistical analysis of interaction (opens, clicks);

• Processing of bookings and provision of courses.

Categories of data processed: master contact data (in particular name, email address, possibly postal address), communication data, usage, and interaction data (e.g. opens/clicks), possibly order and booking data, and technical connection data (log files).

Purposes: provision and security of the website, handling of enquiries, management of our contacts, sending of information and newsletters, processing of bookings and courses, and optimisation of our offerings and communication.

Legal bases:

• Provision, security and stability of the website and internal CRM: legitimate interest (Art. 6(1)(f) GDPR);

• Handling of enquiries: Art. 6(1)(f) or — for contract-related matters — (b) GDPR;

• Sending of newsletters and performance measurement (opens/clicks) for marketing purposes: consent (Art. 6(1)(a) GDPR);

• Processing of bookings and courses: performance or initiation of a contract (Art. 6(1)(b) GDPR).

Newsletter / double opt-in: Subscription takes place using the double opt-in procedure. You may withdraw your consent at any time with effect for the future, e.g. via the unsubscribe link in every email or via the contact options above. The lawfulness of processing carried out before withdrawal remains unaffected.

Performance measurement: Our newsletters use tracking pixels and tracking links to determine open and click rates. This serves to optimise our campaigns and tailor content to recipients' interests. The legal basis is your consent (Art. 6(1)(a) GDPR), which you may withdraw at any time.

Storage location / data security: The data is stored encrypted on Amazon Web Services servers within the European Union (Ireland). According to systeme.io, no transfer takes place to third countries outside the EU; fonts used (e.g. Google Fonts) are provided locally.

Retention period: The data is processed for as long as the relevant consent exists or for as long as necessary to fulfil the stated purposes. After withdrawal of consent or once the purpose no longer applies, the data is deleted unless statutory retention obligations prevent this. Log files are deleted or anonymised after a short period.

Further information: https://systeme.io/privacy-policy

Payment Processing

For processing payments we use the payment service provider Mollie B.V., Keizersgracht 313, 1016 EE Amsterdam, Netherlands. When you enter into a paid contract with us, the data required for payment processing is transmitted to and processed by Mollie.

Categories of data processed: name, email address, billing/address data, payment amount, selected payment method, and the payment data required for the respective method (e.g. bank or credit card details). The full payment data is processed by Mollie; we ourselves generally do not receive complete bank or credit card details.

Purpose: processing of the payment method you selected, fraud prevention, and compliance with legal obligations (in particular under commercial and tax law).

Legal basis: Processing is carried out for the performance of a contract (Art. 6(1)(b) GDPR) and to comply with legal obligations (Art. 6(1)(c) GDPR). Where Mollie processes data for fraud prevention, this is based on the legitimate interest of Mollie and us in the security of payment transactions (Art. 6(1)(f) GDPR).

Recipient / role: Mollie processes the payment data partly as an independent controller (e.g. to fulfil its own legal and regulatory obligations) and partly as a processor for us. Data processing takes place within the EU.

Retention period: Mollie stores the data for as long as necessary for payment processing and to comply with statutory retention obligations. Further information on data protection at Mollie: https://www.mollie.com/privacy

Cookies

Our website uses technically necessary cookies that are required for the operation and basic functions of the website. The legal basis is Section 25(2) TDDDG and our legitimate interest (Art. 6(1)(f) GDPR).

(If marketing/analytics cookies are also used, their use depends on your consent pursuant to Section 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR, which you can give via our cookie banner and withdraw at any time.)