[ Legal ]
Privacy Policy
As of July 2026
We take the protection of your personal data seriously. This policy explains what data we process when you visit this website – and, above all, how little of it.
Controller
The controller responsible for data processing on this website within the meaning of the GDPR is:
- Controller
- Akademie des deutschen Mittelstandes, Thomas Philipzig
- Address
- Am Kuckhofer Feld 13d, 41470 Neuss, Deutschland
- kontakt@akademie-dm.de
- Phone
- 02137 93 59 170
We have not appointed a data protection officer, as this is not legally required for us.
Encryption (SSL/TLS)
For security and to protect the transmission of confidential content, this website uses SSL/TLS encryption. You can recognise an encrypted connection by the “https://” prefix and the padlock symbol in your browser bar.
Hosting
This website is hosted by Vercel Inc. (USA). Vercel processes connection data on our behalf as a processor under a data processing agreement; transfers to the USA are safeguarded by the EU Standard Contractual Clauses. The site is delivered as static pages via edge servers. Legal basis is our legitimate interest in a secure and efficient provision of our website (Art. 6 (1)(f) GDPR).
Server log files
When you access the site, the server automatically records technical data required for delivery and security:
- abbreviated IP address
- date and time of the request
- the page requested
- amount of data transferred
- browser type and operating system
- referrer URL
The legal basis is our legitimate interest in the secure, stable operation of the website (Art. 6 (1)(f) GDPR). This data is not merged with other sources.
Cookies and consent
By default we set a single, technically necessary first-party cookie (“adm_consent”) that stores your cookie decision – nothing else. No tracking or marketing service is loaded without your explicit consent (Art. 6 (1)(a) GDPR). You can review or withdraw your decision at any time via “Cookie settings” in the footer, with effect for the future.
The “Statistics” category covers our own product analytics (PostHog) and first-touch campaign attribution described below. The “Marketing” category covers the Meta pixel, the LinkedIn Insight Tag and the Google tag described below, which – only with your consent – set the corresponding cookies. Independently of your consent we also use, on the basis of our legitimate interest, the technical services Vercel Speed Insights and Sentry (error monitoring) described below; these set no cookies and use no personal identifiers. A service in a category is only ever loaded once you consent to that category – and only once it is actually configured. Should we activate a further service, we will obtain your consent beforehand and update this policy accordingly.
Web analytics and session recording (PostHog) – only with consent
With your explicit consent to the “Statistics” category, we use PostHog to understand how our website is used and to improve it. PostHog runs on infrastructure in the European Union and IP addresses are anonymised. Only once you agree in the cookie banner is PostHog loaded and started – without your consent no analysis takes place and no corresponding scripts or cookies are loaded.
PostHog records in particular the pages you visit and navigation paths, dwell time and interactions (e.g. clicks, scrolling), and technical information such as browser, operating system, device type and approximate geographic origin. In addition, PostHog creates anonymised session recordings (session replay) in which all input fields are masked, so that your entries are not recorded.
- Purpose
- Reach and usage analysis, improving content and usability
- Provider
- PostHog, Inc.; processing in the EU cloud (data centre in the EU)
- Legal basis
- Section 25 (1) TDDDG in conjunction with Art. 6 (1)(a) GDPR (consent)
- Data protection
- IP addresses are anonymised; input fields in session recordings are masked
- Withdrawal
- At any time with effect for the future via “Cookie settings” in the footer
- Retention
- Session recordings are deleted automatically after 30 days at the latest; other usage data is stored, in line with the project settings, only for as long as necessary for evaluation
- Privacy policy
- https://posthog.com/privacy
Campaign attribution (adm_attr cookie) – only with consent
With your consent to the “Statistics” category, we store – once, on your first visit – the origin of that visit in a first-party cookie (“adm_attr”), in order to evaluate marketing channels and attribute a later enquiry to the correct source. The cookie holds campaign parameters (utm_*) and click identifiers (e.g. gclid, fbclid) from the URL you arrived with. Without your consent this cookie is not set.
- Cookie
- adm_attr
- Purpose
- Storing the first-touch origin (campaign parameters utm_* and click IDs)
- Legal basis
- Section 25 (1) TDDDG in conjunction with Art. 6 (1)(a) GDPR (consent)
- Retention
- 90 days
Meta pixel and Conversions API – only with consent
With your explicit consent to the “Marketing” category, we use the Meta pixel to measure the effectiveness of our advertising and to reach visitors to our website again later on Meta platforms (Facebook/Instagram) – known as retargeting. In addition, we transmit conversion events (for example a booked consultation) to Meta server-side via the Conversions API. Both the browser pixel and the server transmission use the same event identifier so that a single event is not counted twice. Personal identifiers (e.g. an email address) are only ever transmitted in pseudonymised form (hashed using SHA-256). Only once you consent in the cookie banner is the Meta pixel loaded – without your consent no pixel is loaded and no “_fbp” or “_fbc” cookies are set.
- Provider
- Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland
- Purpose
- Reach measurement, conversion measurement and retargeting
- Cookies
- _fbp, _fbc (each up to 90 days)
- Data processed
- Cookies (_fbp, _fbc), IP address, browser/device information, triggered events; email only SHA-256-hashed (Conversions API)
- Joint controllership
- For collection via the pixel, joint controllership with Meta applies (Art. 26 GDPR)
- Transfer to third countries
- Transfer to the USA is possible; safeguarded by the EU Standard Contractual Clauses
- Legal basis
- Section 25 (1) TDDDG in conjunction with Art. 6 (1)(a) GDPR (consent)
- Withdrawal
- At any time with effect for the future via “Cookie settings” in the footer
- Privacy policy
- https://www.facebook.com/privacy/policy
LinkedIn Insight Tag and Conversions API – only with consent
With your explicit consent to the “Marketing” category, we use the LinkedIn Insight Tag to measure the effectiveness of our LinkedIn advertising, to build website audiences and to reach visitors again on LinkedIn (retargeting). In addition, we transmit conversion events (for example a booked consultation) to LinkedIn server-side via the Conversions API, using the same event identifier as the browser tag so that a single event is not counted twice. Personal identifiers (e.g. an email address) are only ever transmitted in pseudonymised form (hashed using SHA-256). Only once you consent in the cookie banner is the LinkedIn Insight Tag loaded – without your consent it is not loaded and no LinkedIn cookies are set.
- Provider
- LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (part of Microsoft Corporation, USA)
- Purpose
- Reach measurement, conversion measurement and retargeting
- Cookies
- LinkedIn cookies (e.g. bcookie, lidc, UserMatchHistory, AnalyticsSyncHistory); retention per LinkedIn, up to ~180 days
- Data processed
- IP address (truncated by LinkedIn), device/browser information, page URL and timestamp, triggered events; email only SHA-256-hashed (Conversions API)
- Controllership
- LinkedIn also processes this data as a controller for its own purposes; where applicable joint controllership applies
- Transfer to third countries
- Transfer to the USA is possible; safeguarded by the EU-US Data Privacy Framework and the EU Standard Contractual Clauses
- Legal basis
- Section 25 (1) TDDDG in conjunction with Art. 6 (1)(a) GDPR (consent)
- Withdrawal
- At any time with effect for the future via “Cookie settings” in the footer, and in your LinkedIn account settings
- Privacy policy
- https://www.linkedin.com/legal/privacy-policy
Google (Google Analytics / Google Ads) – only with consent
With your explicit consent to the “Marketing” category, we use Google services via the Google tag (gtag.js) – depending on configuration Google Analytics 4 (reach and behaviour analysis) and/or Google Ads (measuring advertising success and conversion tracking). We use Google Consent Mode v2: before your consent the Google tags are set to “denied” and no analytics or advertising cookies are read or set. Only once you consent in the cookie banner is the Google tag loaded. Where relevant, we additionally transmit conversion events server-side via the Google Measurement Protocol, using the same event identifier to avoid double-counting.
- Provider
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google LLC, USA)
- Purpose
- Reach/behaviour analysis (Google Analytics 4) and/or advertising-success and conversion measurement (Google Ads)
- Cookies
- e.g. _ga, _ga_*, _gcl_au (retention up to 24 months); set only after consent
- Data processed
- IP address (shortened/anonymised by Google), cookies, device/browser information, page URLs, interactions and conversion events
- Transfer to third countries
- Transfer to the USA is possible; safeguarded by the EU-US Data Privacy Framework and the EU Standard Contractual Clauses
- Legal basis
- Section 25 (1) TDDDG in conjunction with Art. 6 (1)(a) GDPR (consent)
- Withdrawal
- At any time with effect for the future via “Cookie settings” in the footer; additionally via Google's ad settings
- Privacy policy
- https://policies.google.com/privacy
Performance measurement (Vercel Speed Insights)
To measure loading performance we use Vercel Speed Insights. It collects anonymous, aggregated performance metrics, sets no cookies and does not identify you as a person. Legal basis: our legitimate interest in a fast website (Art. 6 (1)(f) GDPR).
Error monitoring (Sentry)
To detect, diagnose and fix technical faults and to keep our website stable and secure, we use the error-monitoring service Sentry. Sentry records technical error and diagnostic data only when an error actually occurs – for example the error message and stack trace, the page URL and browser/operating-system information. We have deliberately disabled the transmission of personal data (no “Personally Identifiable Information”) and record no session replays. No cookies are set. Legal basis is our legitimate interest in the secure and error-free operation of our website (Art. 6 (1)(f) GDPR); Sentry is only active in live operation.
- Provider
- Functional Software, Inc. (Sentry), 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA
- Purpose
- Detection, diagnosis and correction of technical errors; stability and security
- Cookies
- None
- Data processed
- Error/exception data (message, stack trace), page URL, browser/operating-system and device information, technical metadata; no personal identifiers (PII transmission disabled), no session replay
- Transfer to third countries
- When the US region is used, transfer to the USA safeguarded by the EU-US Data Privacy Framework / EU Standard Contractual Clauses; can be avoided by using Sentry's EU region
- Legal basis
- Art. 6 (1)(f) GDPR (legitimate interest)
- Objection
- At any time on grounds relating to your particular situation (see “Right to object”)
- Privacy policy
- https://sentry.io/privacy/
Contacting us
If you contact us by email or phone, we process the data you provide solely to handle your request and only to the extent necessary. Legal basis is our legitimate interest in responding to your enquiry (Art. 6 (1)(f) GDPR); where your enquiry is aimed at concluding a contract, Art. 6 (1)(b) GDPR applies in addition. We delete this data once your enquiry has been dealt with conclusively and no statutory retention obligations apply.
Storage period
We store personal data only for as long as necessary for the respective purpose or as required by statutory retention periods (e.g. under commercial and tax law). Data processed on the basis of consent is stored until you withdraw that consent; data processed on the basis of legitimate interests is stored until you object, unless we can demonstrate compelling legitimate grounds.
Your rights
Under the applicable data protection law you have the following rights in relation to your personal data:
- right of access (Art. 15 GDPR)
- right to rectification (Art. 16 GDPR)
- right to erasure (Art. 17 GDPR)
- right to restriction of processing (Art. 18 GDPR)
- right to be informed (Art. 19 GDPR)
- right to data portability (Art. 20 GDPR)
- right to withdraw consent given (Art. 7 (3) GDPR)
- right to lodge a complaint (Art. 77 GDPR)
The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW), Kavalleriestraße 2–4, 40213 Düsseldorf.
Right to object (Art. 21 GDPR)
Where we process your personal data on the basis of our overriding legitimate interests, you have the right to object to that processing at any time on grounds relating to your particular situation, with effect for the future. If you object, we will stop processing the data concerned unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If we process your data for direct marketing, you may object to that processing at any time.
Changes to this policy
We update this policy whenever changes to our processing make it necessary – in particular when we activate a new service. The current version always applies.