Privacy policy
1. Controller
The controller responsible for data processing on this website is:
European Institute for Neurodivergence
under the legal sponsorship of
Learning Unlimited GmbH
Am Wolfspfädchen 69
53859 Niederkassel
Germany
Represented by the management
Managing Director: Sabine Buch
E-mail: info@eifnd.de
2. Data Protection Officer
We are not subject to the legal obligation to appoint a data protection officer.
3. General Information on Data Processing
The protection of your personal data is an important concern for us. We process personal data exclusively within the framework of the applicable statutory provisions, in particular the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Telecommunications Digital Services Data Protection Act (TDDDG).
Personal data means any information relating to an identified or identifiable natural person. This includes, in particular, names, addresses, e-mail addresses, telephone numbers, contract data, payment data, usage data, online identifiers and, where applicable, communication content.
We process personal data only insofar as this is necessary to provide a functional website, to deliver our services, to initiate and perform contracts, to communicate with you, to comply with legal obligations or on the basis of your consent.
4. Legal Bases of Processing
Where we obtain consent for processing operations involving personal data, Art. 6(1)(a) GDPR serves as the legal basis.
Where processing is necessary for the performance of a contract or for the implementation of pre-contractual measures, Art. 6(1)(b) GDPR serves as the legal basis.
Where processing is necessary for compliance with a legal obligation, Art. 6(1)(c) GDPR serves as the legal basis.
Where processing is necessary to safeguard the legitimate interests of our company or a third party, and the interests, fundamental rights and freedoms of the data subject do not override those interests, Art. 6(1)(f) GDPR serves as the legal basis.
Where the use of cookies or similar technologies involves storing information on your terminal device or accessing information already stored on your terminal device, permissibility is additionally governed by Section 25 TDDDG. Consent is generally required unless the technologies used are strictly necessary.
5. Data Processing When Visiting the Website
5.1 Server Log Files
When you access our website, our system automatically collects data and information from the computer system of the accessing device. In particular, the following data may be processed:
IP address
date and time of access
page / file accessed
amount of data transferred
browser type and browser version
operating system used
referrer URL
host name of the accessing computer
information about the internet service provider
This data is processed in order to ensure the technical functionality, stability and security of the website, to detect and prevent misuse and to safeguard the long-term integrity of our systems.
The legal basis is Art. 6(1)(f) GDPR.
Our legitimate interest lies in the secure, stable and error-free provision of our website.
The log files are stored for a limited period of 30 days and then deleted, unless longer retention is required for security or evidentiary reasons.
5.2 Hosting
Our website is hosted by an external technical service provider in Germany. As part of the hosting, all data arising in connection with the operation of this website is processed.
This includes, in particular, server log files, connection data, metadata, security data and, where applicable, content processed via the website.
The legal basis is Art. 6(1)(f) GDPR and, where a contractual relationship is concerned, Art. 6(1)(b) GDPR.
A data processing agreement pursuant to Art. 28 GDPR will be concluded with the hosting service provider if the provider processes personal data on our behalf.
6. Contacting Us
If you contact us by e-mail, contact form, telephone, video conference, messaging system or by any other means, we process the personal data you provide in order to handle your request.
This may include, in particular:
name
e-mail address
telephone number
message content
date and time of contact
where applicable, contract or order data
where applicable, attachments and submitted documents
Processing is carried out in order to handle your enquiry, to communicate with you and, where applicable, to initiate or perform a contract.
The legal basis is Art. 6(1)(b) GDPR where the enquiry is aimed at concluding or performing a contract. In all other cases, the legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the proper handling of contact enquiries and the maintenance of business relationships.
The data will be deleted as soon as it is no longer required for handling the matter and no statutory retention obligations prevent deletion.
7. Registration, Customer Account and Course Access
Where our website offers the option to create a customer account or to register for digital content, online courses, memberships, learning platforms or protected areas, we process the data entered during registration.
This includes, in particular:
first and last name
e-mail address
billing address
username
password or hashed access data
course bookings
contract and transaction data
access data and login times
learning progress, status information and usage data within the course
where applicable, certificate data or certificates of attendance
Processing is carried out for the purpose of setting up and managing the user account, providing booked content, authentication, contract processing and customer support.
The legal basis is Art. 6(1)(b) GDPR.
Where certain data is processed for the prevention of misuse, IT security or legal enforcement, this is carried out on the basis of Art. 6(1)(f) GDPR.
8. Booking, Ordering and Contract Processing
If you book or order paid or free services via our website, we process the data required for contract performance.
This may include, in particular:
name, company
billing address and, where applicable, delivery address
e-mail address
telephone number
products or services ordered
course and contract data
invoice data
payment status
customer number
tax data
communication data relating to contract processing
Processing is carried out for the purpose of contract performance, provision of content, invoicing, payment processing, customer communication and, where applicable, the establishment, exercise or defence of legal claims.
The legal basis is Art. 6(1)(b) GDPR.
Where commercial and tax retention obligations exist, the additional legal basis is Art. 6(1)(c) GDPR.
9. Payment Processing
We use external payment service providers to process payments. The data required for payment is transmitted to the respective payment service provider insofar as this is necessary for payment processing.
This may include, in particular:
name
billing data
e-mail address
order amount
currency
transaction identifiers
payment status
where applicable, bank account details or credit card data, unless these are collected directly only by the payment provider
The legal basis is Art. 6(1)(b) GDPR.
Depending on the payment service provider used, further data processing may be carried out by the provider itself. In such cases, the privacy policy of the respective payment service provider also applies.
Payment service providers used:
Stripe, PayPal, Klarna, Digistore24
10. Provision of Digital Content and Online Courses
We process personal data in order to provide digital content, online courses, webinars, learning modules, downloadable materials, certificates and other digital services.
In this context, the following may be processed in particular:
master data
contact data
contract data
booking data
usage and access data
learning progress
processing status
answers submitted in learning modules
test results
certificates and proof of participation
support and communication data
The legal basis is Art. 6(1)(b) GDPR.
Where we evaluate anonymised or aggregated usage data to improve our services, this is carried out on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in optimising our offering, quality assurance and the user-friendly further development of our digital services.
11. Newsletter and Promotional Communication
If you subscribe to our newsletter or consent to receiving promotional communication, we process your data in order to send you information about our offers, events, courses, content and news.
We regularly process:
e-mail address
name, where provided
proof of consent
time of registration
confirmation time in the case of double opt-in
technical log data
where applicable, interaction data, such as openings or clicks, if newsletter tracking is used
The legal basis is Art. 6(1)(a) GDPR.
You may withdraw your consent at any time with effect for the future, for example via the unsubscribe link in the newsletter or by sending us a message.
Where we send advertising to existing customers within the legally permitted scope, this is carried out on the basis of Art. 6(1)(f) GDPR in conjunction with the applicable competition law provisions.
12. Cookies, Consent Management and Similar Technologies
Our website uses cookies and comparable technologies. These may include technically necessary technologies as well as — only with your consent — functional, statistical, external media or marketing technologies.
Technically necessary cookies and comparable technologies are used, in particular, to:
provide basic website functions
store language settings
enable login
provide security functions
enable the shopping cart or booking process
document your consent decision
The legal basis for the processing of personal data is Art. 6(1)(f) GDPR or Art. 6(1)(b) GDPR where the function is contractually required. Where storing or reading information on your terminal device is required, this is done only within the legally permitted framework.
Cookies and external content that are not technically necessary are loaded only after your express consent. The legal basis is then Art. 6(1)(a) GDPR in conjunction with Section 25 TDDDG.
You may withdraw or adjust your consent at any time with effect for the future via our consent tool.
13. YouTube Embedding Only After Consent
Videos from the YouTube platform may be embedded on our website. The provider is generally Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In connection with YouTube services, further processing by Google LLC, USA, may take place.
We have designed our YouTube embedding so that data is transferred to YouTube or Google only after your express consent. Before you give consent, the video is not actively loaded; instead, only a consent or placeholder element is displayed.
If you activate an embedded YouTube video after giving consent, the following data in particular may be transmitted to YouTube/Google:
IP address
date and time of access
information about your device and browser
referrer URL
information about the page accessed
usage data and interaction data
where applicable, cookie and identifier data
where applicable, data relating to your Google or YouTube account if you are logged in there
The legal basis is Art. 6(1)(a) GDPR in conjunction with Section 25 TDDDG.
Where possible, we use the Privacy Enhanced Mode offered by YouTube. Google states that, in this mode, views of embedded videos are not used to personalise the YouTube browsing experience. Nevertheless, data may still be transmitted to Google/YouTube when using this mode, particularly after activating the video. Privacy Enhanced Mode therefore does not replace consent, but merely reduces certain processing operations.
Where personal data is transferred to Google LLC in the USA in connection with the use of YouTube, Google bases data transfers, among other things, on certification under the EU-U.S. Data Privacy Framework; Google LLC is currently listed there as actively certified.
Further information can be found in the privacy information provided by Google and YouTube.
14. Social Media and External Presences
We maintain online presences on social networks and platforms in order to communicate with interested parties and users and to provide information about our services.
When you visit our presences on social networks, the privacy policies of the respective platform operators apply. Personal data may be processed outside the European Union in this context.
Where our website merely links to our profiles, no data is transmitted to the respective platform simply by loading our website. However, if social media plugins or embedded content are used, these should be integrated in a data protection-compliant manner and, where applicable, included in consent management.
LinkedIn
Instagram
Facebook
X
TikTok
Vimeo
Spotify
15. Appointment Scheduling, Video Conferences and Webinars
If we offer online appointments, consultations, webinars or video conferences, we process the personal data required for this purpose.
This may include, in particular:
name
e-mail address
telephone number
appointment request
communication content
audio/video data
chat content
technical connection data
meeting metadata
Processing is carried out for the purpose of conducting the agreed appointment, communication, documentation and, where applicable, contract performance.
The legal basis is Art. 6(1)(b) GDPR and, where no contractual relationship exists, Art. 6(1)(f) GDPR.
Calendly
Microsoft Teams
Zoom
Google Meet
WebinarJam
16. Applications
If you apply to us, we process the personal data submitted as part of the application process exclusively for the purpose of conducting the application procedure.
This includes, in particular:
master and contact data
application documents
CV
certificates
proof of qualifications
correspondence
notes from job interviews
The legal basis is Art. 6(1)(b) GDPR or Section 26 BDSG, insofar as processing is necessary for deciding whether to establish an employment relationship.
If your application is unsuccessful, your data will be deleted after completion of the procedure, unless consent for longer storage has been given and no statutory retention or evidentiary obligations prevent deletion.
17. Recipients of Personal Data
Within our company, those departments that require your data to fulfil the respective purposes will have access to it.
In addition, data may be transmitted to external recipients, in particular to:
hosting providers
IT service providers
payment service providers
course and shop platforms
newsletter and e-mail service providers
support and CRM providers
tax advisors and accounting services
legal advisors
authorities and public bodies where there is a legal obligation
shipping and communication service providers
video platforms such as YouTube, where you have given consent
Where external service providers process data on our behalf, we conclude data processing agreements with them pursuant to Art. 28 GDPR where required.
18. Transfers to Third Countries
Personal data is transferred to countries outside the European Union or the European Economic Area only where this is legally permissible or where you have given your consent.
A transfer to a third country may take place, in particular, if we use services provided by providers based in the USA or other third countries, or if embedded external content is loaded after your consent.
Where a transfer to a third country takes place, we ensure appropriate safeguards. This may be done, in particular, on the basis of:
an adequacy decision by the European Commission,
appropriate safeguards pursuant to Art. 46 GDPR,
or your express consent.
In the case of Google/YouTube, a transfer to the USA may take place. Google LLC is currently listed as actively certified under the EU-U.S. Data Privacy Framework.
19. Storage Period
We store personal data only for as long as this is necessary for the respective processing purposes.
In addition, we store data only insofar as statutory retention obligations exist, in particular under commercial and tax law, or insofar as the data is required for the establishment, exercise or defence of legal claims.
As soon as the respective purpose no longer applies and there are no statutory retention obligations or other legal reasons for further storage, the data will be deleted.
20. Your Rights
In accordance with the statutory provisions, you have the following rights:
right of access pursuant to Art. 15 GDPR
right to rectification pursuant to Art. 16 GDPR
right to erasure pursuant to Art. 17 GDPR
right to restriction of processing pursuant to Art. 18 GDPR
right to data portability pursuant to Art. 20 GDPR
right to object pursuant to Art. 21 GDPR
right to withdraw consent given with effect for the future pursuant to Art. 7(3) GDPR
If you believe that the processing of your personal data violates data protection law, you also have the right to lodge a complaint with a data protection supervisory authority.
21. Right to Object
Where we process personal data on the basis of Art. 6(1)(f) GDPR, you have the right to object to the processing at any time on grounds relating to your particular situation.
Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data for the purpose of such advertising.
22. Withdrawal of Consent
You may withdraw consent once given at any time with effect for the future. The lawfulness of processing carried out up to the point of withdrawal remains unaffected.
Withdrawal may be made, in particular, via the settings of our consent tool or by sending us an informal notification.
23. Obligation to Provide Data
The provision of personal data is partly required by law or contract or is necessary for the conclusion of a contract.
Without the provision of certain data, we may not be able to conclude a contract, provide services or process enquiries.
The data required in each individual case can be found in the respective input forms or contractual documents.
24. Automated Decision-Making / Profiling
Automated decision-making, including profiling within the meaning of Art. 22 GDPR, does not take place unless expressly stated otherwise in this Privacy Policy.
25. Data Security
We take appropriate technical and organisational measures to protect your data against loss, manipulation, unauthorised access, unauthorised disclosure or other unauthorised processing.
These measures include, in particular, measures to ensure the confidentiality, integrity, availability and resilience of the systems and services in connection with the processing of personal data.
Our website uses SSL or TLS encryption where this is technically provided.
26. Amendments to this Privacy Policy
We reserve the right to amend this Privacy Policy if this becomes necessary due to changes in the legal situation, technical changes, changes to our services or other circumstances.
The version available on our website at the time of your visit shall apply.
Last updated: 20 March 2026