Privacy Policy

Name and address of the controller:

The controller within the meaning of the EU General Data Protection Regulation and other data protection regulations is:

Dr. Andreas Tilch UG (limited liability),
Dreisamstraße 13, 79098 Freiburg, Germany

info@dr-andreas-tilch.com

https://www.dr-andreas-tilch.com

We respect your data!

Thank you for your interest in our website. The trust of all visitors and customers, the security of your data, and the protection of your privacy are of paramount importance to us. We therefore treat your personal data in accordance with the applicable data protection regulations and this privacy policy. Personal data is information that can be used to determine your identity, such as your real name, address, or telephone number.

When you view and use our website without registering or otherwise expressly providing us with information, we process the data that is transmitted to us with each request from your browser (see “Log data” below). If you expressly provide us with personal data, this will be used exclusively for the purpose of the request or the respective order. Please note that data transmission over the Internet can never be completely protected against access by third parties.

Below, we would like to explain in more detail what data we process, when, and for what purpose. We explain how our services work and how the protection of your personal data is ensured.

Legal basis for the processing of personal data

If we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) GDPR serves as the legal basis.

Art. 6 (1) lit. b GDPR serves as the legal basis for the processing of personal data that is necessary for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) lit. d GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) lit. f GDPR serves as the legal basis for data processing.

Data deletion and storage period

The personal data of the data subject will be deleted as soon as the purpose of storage no longer applies. Storage may also take place if this is provided for by European or national laws or other regulations to which the controller is subject. The data will also be blocked or deleted when a storage period prescribed by the aforementioned regulations expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

Your rights

You have the right to obtain information free of charge about the data we have stored about you and, if necessary, the right to correct, restrict the processing of, or delete this data. You also have the right to data portability. Finally, you also have the right to complain to the data protection supervisory authority about our processing of your personal data.

We would also like to point out that you can object to the future processing of your personal data at any time in accordance with the legal requirements of Art. 21 GDPR. In particular, you can object to processing for direct marketing purposes.

Provision of information

If you have any questions about the collection, processing, or use of your personal data, for information, for the correction, blocking, or deletion of data, as well as for the revocation of any consent given or to object to a specific use of data, please contact us at the following email address: support@dr-andreas-tilch.com

Log data

The automatic collection and storage of log data by the Internet service provider (provider) is necessary because the processing of this data is technically necessary to display our website to you and to ensure stability and security. The log data includes the following information:

• Date and time of the respective request
• Internet address (URL) that was requested
• URL that the visitor visited immediately before
• Browser and language used
• Operating system used and its interface
• IP address and host name of the visitor
• Access status / HTTP status code
• Amount of data transferred in each case

This data is transmitted to us automatically and cannot be attributed to your person with reasonable effort. The legal basis for the processing of this data is our legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f GDPR, as this data processing is necessary for the operation and display of the website. The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended. The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no possibility for the user to object.

Cookies

We use cookies to make visiting our website attractive and to enable the use of certain functions. These are small text files that are stored on your device and store certain information for exchange with our system. The legal basis for the processing of this data is Art. 6 (1) sentence 1 lit. f GDPR. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing the browser (transient cookies). These include, in particular, session cookies. These store a unique identifier (session ID). This session ID allows various requests from your browser to be assigned to a common session. This allows your device to be recognized when you return to our website during a session. Session cookies are also deleted when you log out.

Other cookies remain on your device for a specified period of time and enable us to recognize your browser or device the next time you visit (persistent cookies).

Please note that certain cookies are set as soon as you enter our website. You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies in certain cases, in particular third-party cookies, or in general. If you do not accept cookies, the functionality of our website may be limited for you.

Configuring cookie settings in your browser

You have the option of preventing cookies from being stored on your computer by adjusting your browser settings accordingly. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:

Internet Explorer™: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies  

Safari™:
https://support.apple.com/de-de/guide/safari/ibrw850f6c51/18.0/mac/15.0

Chrome™: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647 

Firefox™ https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen 

Opera™: http://help.opera.com/Windows/10.20/de/cookies.html 

Pixelmate

In order to make optimal use of the services we use and to respect your decision in accordance with legal requirements, we use GDPR Pixelmate, developed by Christian Wedel (https://wp-dsgvo-plugin.com) and Sabrina Keese-Haufs (https://lawlikes.de/).

When you visit our website, you can use Pixelmate to control which of the services we use you want to consent to. Your decision is stored separately for each service we use. You can change this setting at any time by using the “Cookies” link at the bottom left of the website.

Pixelmate does not store any personal data.

Encryption via SSL

For security reasons, our website uses SSL (Secure Sockets Layer) encryption. This protects transmitted data and prevents it from being read by third parties. You can recognize successful encryption by the fact that the protocol designation in the status bar of your browser changes from “http://” to “https://” and that a closed lock symbol is visible there.

Web hosting via all-inkl

We use the services of ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68, D-02742 Friedersdorf for web hosting for our websites and have concluded a contract for order processing in accordance with Art. 28 GDPR with all-inkl.com.

Further information can be found in the privacy policy of all-inkl. at https://all-inkl.com/datenschutzinformationen

Legal basis

The legal basis for the processing of this data is our legitimate interest in the operation and maintenance of the operational security of these websites in accordance with Art. 6 (1) (f) GDPR.

Flodesk newsletter

We use the services of Flodesk, Inc., 7011 S 19th St. Suite 400, Phoenix, AZ 85040, USA, to send our newsletter.

If you would like to subscribe to our email newsletter and read it regularly, you must register with a valid email address and thus consent to the processing of your personal data by us. Please note the declaration of consent on the newsletter registration form.

Before sending the newsletter, you must expressly confirm to us in the context of the so-called double opt-in procedure that we should activate the email newsletter service for you. We do this to prevent third-party email addresses from being used for registrations. To this end, you will receive a confirmation and authorization email from us asking you to click on the link contained in this email to confirm that you wish to receive our newsletter. If you do not confirm, your personal data will be deleted within 7 days. 

In connection with the registration, in addition to the email address, the time of registration, the time of confirmation, the IP address, and the consent text are also stored, and we use the email address exclusively for the delivery of the newsletter, unless you have expressly agreed to another use.

This data is stored on the servers of Flodesk Inc.

Small, “invisible” files (beacons) sent with the newsletter can be used to perform various analyses to improve our offerings. The IP address, browser, time of retrieval and opening of the newsletter, and click behavior on links contained in the newsletter are recorded and statistically evaluated.

Please note that there is a possibility that data may be transferred to the USA and processed by US authorities.

However, Flodesk, Inc. is certified under the EU-US Data Privacy Framework. Data transfer to the USA is therefore currently considered sufficiently secure.

To protect your data, we have concluded a data processing agreement with Flodesk Inc. in accordance with Art. 28 GDPR.

For more information, please visit: https://flodesk.com/legal/privacy-policy

Legal basis

The newsletter is sent on the basis of the recipient’s consent in accordance with Art. 6 (1) (a) GDPR.

The analysis of opening and click rates is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR. It is in our interest to create offers that are as relevant as possible for our users and to achieve this by analyzing user behavior and continuously optimizing it.

Digistore24

We also offer digital products for sale on our website.

For this purpose, we use the services of Digistore24 GmbH, St.-Godehard-Straße 32, 31139 Hildesheim, Germany (“Digistore”).

As soon as you click on one of our product buttons, you leave our website and are redirected to Digistore. Digistore becomes the contractual partner of the purchasers of services or products and is responsible for processing the purchasers’ data.

If you follow the link, you may encounter cookies that are not within our control. We cannot accept any liability for this. We have no influence over the scope of the data collected by Digistore. 

The provisions of Digistore apply to the purchase and accompanying processing of data:

1. Terms and Conditions: https://www.digistore24.com/info/terms?language=de  , and
2. Privacy policy: https://www.digistore24.com/page/privacy/1/de 

Legal basis

The legal basis for the processing of personal data when forwarding from our website to the sales page via Digistore is Art. 6 (1) lit. b GDPR.

WishList Products, LLC

In order to customize and improve our online marketing activities, we use the services of Wishlist Products, LLC (WishlistMember). 

We use this software in particular for

• Providing a member area
• Creating landing pages
• Platform for the distribution of online courses

Please note that there is a possibility that data may be transferred to the US and processed by US authorities. 

WishList Products, LLC is not certified under the EU-US Data Privacy Framework. 

WishList Products, LLC has committed to complying with the standard contractual clauses for the transfer of personal data to third countries in accordance with Directive 2016/679 (Standard Contractual Clauses – SCC).  

We have entered into a data processing agreement with WishList Products, LLC in accordance with Art. 28 GDPR to protect your personal data. 

Further information on the standard contractual clauses is available at 

https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de

Further information is available at:

https://wishlistmember.com/privacy-policy/

As soon as the purpose for storing your personal data no longer applies, it will be blocked, thus restricting its processing, or deleted in accordance with the statutory deletion periods.

Legal basis

The legal basis for this processing of data is the fulfillment of contractual measures in accordance with Art. 6 (1) (b) GDPR.

Zoom

As part of our offering, we use the services of Zoom Video Communications Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA, represented by Lionheart Squared, 2 Pembroke House, Upper Pembroke Street 28-32, Dublin, DO2 EK84, Republic of Ireland, for online meetings, webinars, and video conferences.

Zoom is a product of Zoom Video Communications Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA. 

Please note that there is a possibility that data may be transferred to the USA and processed by US authorities.

Zoom Video is not certified under the EU-US Data Privacy Framework. 

We have concluded a data processing agreement with Zoom Video in accordance with Art. 28 GDPR.

Zoom has committed to complying with the standard contractual clauses for the transfer of personal data to third countries in accordance with Directive 2016/679 (Standard Contractual Clauses – SCC).  

For more information on the standard contractual clauses, please visit 

https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de and at https://blog.zoom.us/de/sicherheit-und-datenschutz-bei-zoom-unsere-antworten-auf-ihre-fragen/ .  

Further information can be found in Zoom’s privacy policy, https://zoom.us/de-de/privacy.html, and at https://zoom.us/de-de/gdpr.

Legal basis

The legal basis for this processing of data is your consent pursuant to Art. 6 (1) (a) GDPR and your express consent pursuant to Art. 49 (1) (a) GDPR.

Stripe

To process payments in connection with our sales offerings, we use the services of Stripe Payments Europe, Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter “Stripe”), among others.

During the payment process, after clicking on the “Place order” or “Buy now” button, your personal data will be forwarded to Stripe for further processing. 

If the data subject selects a payment method during the ordering process in the online shop, data relating to the data subject is automatically transmitted to Stripe. By selecting a payment option, the data subject consents to the transmission of personal data for the purpose of processing the payment.

The personal data transmitted to Stripe usually includes first name, last name, address, email address, IP address, and, if applicable, date of birth, telephone number, mobile phone number, and other data necessary for processing a payment.

Personal data related to the respective order is also necessary for the processing of the purchase contract. In particular, there may be a mutual exchange of payment information such as bank details, card number, expiration date, and CVC code, as well as data on goods and services and prices.

The purpose of the data transfer is, in particular, identity verification, payment administration, and fraud prevention. The controller will transfer personal data to Stripe in particular if there is a legitimate interest in the transfer.

The personal data exchanged between Stripe and the controller may be transferred by Stripe to credit agencies. The purpose of this transfer is to verify identity and creditworthiness.

Stripe also passes on personal data to service providers or subcontractors to the extent necessary to fulfill contractual obligations or to process the data.

The data subject has the option of revoking their consent to the processing of personal data by Stripe at any time. Revocation does not affect personal data that must be processed, used, or transferred for contractual payment processing.

Stripe has committed to complying with the standard contractual clauses for the transfer of personal data to third countries in accordance with Directive 2016/679 (Standard Contractual Clauses – SCC).  

For more information on the Standard Contractual Clauses, please visit 

https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de 

Further information is available at https://stripe.com/at/privacy.

Legal basis

The legal basis for the processing of personal data during a booking or payment transaction is Art. 6 (1) (b) GDPR.

PayPal

To process payments in connection with our sales offers, we use the services of the payment service provider PayPal Europe S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, among others.

During the payment process, after clicking on the “Place order” or “Buy now” button, your personal data will be forwarded to PayPal for further processing. 

If you select a payment method during the ordering process in the online shop, your data will be automatically transmitted to PayPal. By selecting a payment option, you consent to the transfer of personal data for the purpose of processing the payment.

The personal data transmitted to PayPal usually includes: first name, last name, address, email address, telephone number, and other data necessary for processing a payment.

Personal data related to the respective order is also necessary for the processing of the purchase contract. In particular, there may be a mutual exchange of payment information such as bank details, card number, expiration date, and CVC code, as well as data on goods, services, and prices.

The purpose of the data transfer is, in particular, identity verification, payment administration, and fraud prevention. The controller will transfer personal data to PayPal in particular if there is a legitimate interest in the transfer.

The personal data exchanged between PayPal and the controller may be transferred by PayPal to credit agencies. The purpose of this transfer is to verify identity and creditworthiness.

PayPal also passes on personal data to service providers or subcontractors if this is necessary to fulfill contractual obligations or if the data is to be processed.

You have the option to revoke your consent to the processing of personal data by PayPal at any time. Revocation does not affect personal data that must be processed, used, or transmitted for contractual payment processing.

Please note that personal data may be transferred to the United States and processed by US authorities. The parent company PayPal is based in the United States.

This company is not certified under the EU-US Data Privacy Framework. 

PayPal has committed to complying with the standard contractual clauses for the transfer of personal data to third countries in accordance with Directive 2016/679 (Standard Contractual Clauses – SCC).  

For more information on the standard contractual clauses, please visit 

https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de 

Despite the standard contractual clauses we have concluded with PayPal, these provisions may not be sufficient to ensure the effective protection of personal data transferred to the United States in practice. 

Further information can be found in PayPal’s privacy policy at https://www.paypalobjects.com/marketing/ua/pdf/DE/de/privacy-full.pdf

PayPal is not a processor within the meaning of Art. 4 No. 8 GDPR. It has its own responsibility. 

Legal basis

The legal basis for the processing of personal data during a booking or payment transaction is Art. 6 (1) (b) GDPR.

Google reCAPTCHA

To protect against unwanted bots, we use the reCAPTCHA service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is a background service that helps us to exclude machines from using our services.

Google Ireland Limited processes the data in the EU.

To protect your personal data, we have concluded a data processing agreement with Google Ireland Limited in accordance with Art. 28 GDPR.

It cannot be ruled out that data may also be processed in the USA. However, the parent company Google LLC, based in the USA, is certified under the EU-US Data Privacy Framework. 

Data transfer to the USA is therefore currently considered sufficiently secure.

For more information about Google reCAPTCHA, please visit https://www.google.com/recaptcha 

Further information on data use by Google can be found on the overview page: https://policies.google.com/technologies/ads. Google’s privacy policy is available at https://policies.google.com/privacy.

Legal basis

The legal basis for this processing of data is your consent in accordance with Art. 6 (1) (a) GDPR.

Google Web Fonts

We use Google Web Fonts. All fonts are loaded locally.
When using Google Web Fonts, no personal data is passed on to third parties.

System and information security

We secure our website and other systems through technical and organizational measures against loss, destruction, access, modification, or distribution of stored data by unauthorized persons. Despite controls, however, complete protection against all risks is not possible. Due to the connection to the Internet and the resulting technical possibilities alone, no guarantee can be given that content and the flow of information will not be viewed and recorded by third parties.

Objection to unsolicited advertising by email

In accordance with the legal notice requirements under Section 5 of the German Telemedia Act (DDG), we have published general contact details and an email address on our website. We hereby object to the use of this contact information for the unsolicited sending of information material, advertising, or spam emails that we have not explicitly requested.

Status of the privacy policy: December 1, 2025