Privacy policy

This privacy policy informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online services and the associated websites, functions and content as well as external online presences (e.g. our social media profiles; hereinafter collectively referred to as "online services").

With regard to the terminology used, such as "processing" or "controller", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Controller

Gunnar Hoyer
MPU Academy
Stadthof 16
63065 Offenbach on the Main
Germany

Telephone: 069-34873291
Email: gunnar.hoyer@mpu-akademie.eu

Types of processed data

• Inventory data (e.g. names, addresses)
• Contact information (e.g. email, telephone numbers)
• Content data (e.g., text entries, photographs, videos)
• Usage data (e.g. websites visited, interest in content, access times)
• Metadata/communication data (e.g. device information, IP addresses)
• Contract data (e.g. subject matter, term, customer category)
• Payment details (e.g. bank account details, payment history)

Purposes of Processing

• Provision of the online offer, its functions and content
• Answering contact inquiries and communicating with users
• Scheduling and conducting consultations / coaching sessions
• Security Measures:
• Reach measurement / statistics
• Marketing and remarketing
• Contract fulfillment and invoicing

Used terms

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, social identity of that natural person.

"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data.

The term “controller” refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Relevant legal bases

In accordance with Article 13 of the GDPR, we inform you of the legal bases for our data processing. Unless the legal basis is explicitly stated in this privacy policy, the following applies:

• Article 6 paragraph 1 letter a GDPR in conjunction with Section 25 paragraph 1 TTDSG is the legal basis for processing based on consent (e.g. for non-technically necessary cookies, statistics and marketing tools, chat services such as Chatbase).
• Article 6 paragraph 1 letter b GDPR is the legal basis for processing for the performance of our services and for carrying out pre-contractual and contractual measures as well as for answering inquiries.
• Article 6 paragraph 1 letter c GDPR is the legal basis for processing to fulfill our legal obligations.
• Article 6 paragraph 1 letter f GDPR is the legal basis for processing to protect our legitimate interests (e.g. operation, security and optimization of our online service).
• Article 6 paragraph 1 letter d GDPR is the legal basis if processing is necessary to protect the vital interests of the data subject or of another natural person.

For the storage of information (e.g. cookies) in the user's terminal equipment and access to it, Section 25 of the TTDSG (Telecommunications and Telemedia Data Protection Act) applies in addition.

Security Measures:

In accordance with Article 32 GDPR, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk for the data we process.

We ask that you regularly review the content of our privacy policy. We will update the privacy policy as soon as changes to our data processing activities make this necessary. We will inform you if any changes require action on your part (e.g., renewed consent) or any other individual notification.

Collaboration with processors and third parties

If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this is done only

• based on a legal permission (e.g. if the transfer of data to payment service providers is necessary for the performance of the contract pursuant to Art. 6 para. 1 lit. b GDPR),
• based on your consent,
• due to a legal obligation or
• based on our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties to process data on the basis of a "data processing agreement", this is done on the basis of Art. 28 GDPR.

Transfers to third countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of using third-party services or disclosing or transferring data to third parties, this will only be done if

• to fulfill our (pre-)contractual obligations,
• based on your consent,
• due to a legal obligation or
• based on our legitimate interests

he follows.

Subject to legal or contractual permissions, we will only process or have data processed in a third country if the special conditions of Articles 44 et seq. of the GDPR are met. This means, for example, that processing takes place on the basis of...

• an adequacy decision by the EU Commission pursuant to Art. 45 GDPR (e.g. EU-US Data Privacy Framework for certified US companies) or
• suitable safeguards, such as standard data protection clauses of the EU Commission (Art. 46 GDPR) and, where applicable, additional safeguards.

Rights of data subjects

You have the right,

• In accordance with Article 15 GDPR, you have the right to request information about whether your personal data is being processed, and to receive information about this data as well as further information and a copy of the data.
• In accordance with Article 16 GDPR, you have the right to request the completion of your personal data or the rectification of inaccurate personal data concerning you.
• to request, pursuant to Article 17 GDPR, that the data in question be erased without undue delay, or alternatively, pursuant to Article 18 GDPR, to request a restriction of the processing of the data,
• Pursuant to Article 20 GDPR, you have the right to receive the data concerning you that you have provided to us in a structured, commonly used and machine-readable format and to request its transmission to other controllers.
• to lodge a complaint with the competent supervisory authority in accordance with Article 77 GDPR.

Right to cancel


You have the right to withdraw your consent at any time, pursuant to Article 7(3) GDPR, with effect for the future. Such withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

Right of objection

You can object to the future processing of your personal data at any time in accordance with Article 21 of the GDPR. This objection can be made in particular against processing for direct marketing purposes.

Cookies and right of objection for direct advertising

Cookies are small files that are stored on users' devices. Various types of information can be stored in cookies. A cookie primarily serves to store information about a user or the device on which the cookie is stored, during or even after their visit to an online service.

• Temporary cookies / session cookies: are deleted after a user leaves an online service and closes the browser (e.g. to save a login status).
• Permanent Cookies: They remain stored even after the browser is closed (e.g., for user recognition or to store interests).
• First party cookies: are set by us as the responsible party.
• Third-party cookies: are set by providers other than the operator of the online service (e.g., through analytics or marketing services).

We may use both temporary and permanent cookies, and we explain this in this privacy policy and our cookie banner.

The legal basis for storing information (cookies) on your device and accessing it is generally your consent pursuant to Section 25 Paragraph 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG) in conjunction with Article 6 Paragraph 1 Letter a of the GDPR. Technically essential cookies, which are necessary for the operation of the website, may be used on the basis of Section 25 Paragraph 2 of the TTDSG in conjunction with Article 6 Paragraph 1 Letter f of the GDPR (legitimate interest in a functioning online service).

If you do not wish to have cookies stored on your computer, you can disable the corresponding option in your browser's system settings. Stored cookies can be deleted in the browser's system settings. Disabling cookies may lead to functional limitations of this website.

A general objection to the use of cookies for online marketing purposes can be made to a large number of services, e.g., via the US website. https://optout.aboutads.info/?c=2&lang=EN or the EU side https://www.youronlinechoices.com/ be explained.

Deletion of data

The data we process will be erased or its processing restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated otherwise in this privacy policy, the data stored by us will be erased as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it. If data is not erased because it is required for other legally permissible purposes, its processing will be restricted (blocked).

In accordance with legal requirements in Germany, storage is carried out in particular

• for 6 years in accordance with Section 257 Paragraph 1 of the German Commercial Code (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) as well as
• for 10 years in accordance with Section 147 Paragraph 1 AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).

In accordance with legal requirements in Austria, storage is carried out in particular

• for 7 years in accordance with § 132 para. 1 BAO (accounting records, receipts/invoices, accounts, business papers etc.),
• for 22 years in connection with real estate and
• for 10 years for documents relating to electronically supplied services, telecommunications, broadcasting and television services to non-entrepreneurs in EU Member States (MOSS procedure).

Business-related processing

We also process

• Contract data (e.g. subject matter, term, customer category)
• Payment details (e.g. bank account details, payment history)

from our customers, prospective customers and business partners for the purpose of providing contractual services, service and customer care, as well as marketing, advertising and market research.

Hosting

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services, which we use for the purpose of operating this online service.

In this process, we or our hosting provider process inventory data, contact data, content data, contract data, usage data as well as meta and communication data of customers, prospective customers and visitors of this online service on the basis of our legitimate interests in the efficient and secure provision of this online service pursuant to Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (data processing on behalf of a controller).

Collection of access data and log files

We, or rather our hosting provider, collect data about every access to the server on which this service is located (so-called server log files) based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR. Access data includes:

• Name of the accessed website or file
• Date and time of retrieval
• transferred amount of data
• Message indicating successful retrieval (HTTP status code)
• Browser type and version
• the user's operating system
• Referrer URL (the previously visited page)
• IP address (in abbreviated form where possible) and the requesting provider

Log file information is stored for a maximum of 7 days for security reasons (e.g., to investigate misuse or fraud) and then deleted. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident has been fully resolved.

Therapeutic services and coaching

We process the data of our clients and prospective clients (collectively referred to as "clients") in accordance with Article 6(1)(b) GDPR in order to provide contractual or pre-contractual services. The type, scope, purpose, and necessity of the processing are determined by the underlying contractual relationship.

The processed data includes basic inventory and master data (e.g. name, address), contact details (e.g. email address, telephone number), contract data (e.g. services used, fees, names of contact persons) and payment data (e.g. bank details, payment history).

As part of our services, we may process special categories of personal data pursuant to Article 9(1) GDPR (e.g., health data, information on mental health issues, addictive behavior, etc.). Where necessary, we obtain explicit consent for this processing in accordance with Article 6(1)(a), Article 7, and Article 9(2)(a) GDPR, or process this data for the purposes of preventive healthcare pursuant to Article 9(2)(h) GDPR in conjunction with Section 22 of the German Federal Data Protection Act (BDSG).

Where necessary for the performance of the contract or required by law, we transmit client data to other professionals, third parties involved in the performance of the contract (e.g. billing centers) or comparable service providers, insofar as this serves the provision of our services (Art. 6 para. 1 lit. b GDPR), legal obligations (Art. 6 para. 1 lit. c GDPR), our legitimate interests or those of the clients (Art. 6 para. 1 lit. f GDPR) or vital interests of the clients or other persons (Art. 6 para. 1 lit. d GDPR).

Data is deleted when it is no longer required to fulfill contractual or legal obligations of care, as well as to process any warranty claims or similar obligations. The necessity of data retention is reviewed every three years; otherwise, statutory retention periods apply.

Business analysis and market research

To operate our business efficiently and to identify market trends, customer and user needs, we analyze the data we have on business transactions, contracts, inquiries, etc. For this purpose, we process inventory data, communication data, contract data, payment data, usage data, and metadata based on Article 6 Paragraph 1 Letter f of the GDPR. The data subjects include customers, prospective customers, business partners, as well as visitors and users of our online services.

The analyses are conducted for the purposes of business evaluations, marketing, and market research. Where possible, the data is pseudonymized or anonymized. Personal profiles, if created at all, are deleted or anonymized no later than upon termination of a user account, or otherwise no later than two years after the conclusion of the contract.

Registration function

Users can optionally create a user account. During registration, the required mandatory information will be provided. The data entered during registration will be used for the purpose of using the service. Users may be informed by email about service- or registration-related information (e.g., changes to the service or technical issues).

When users terminate their user account, their data relating to that account will be deleted, unless legal obligations under commercial or tax law (Art. 6 para. 1 lit. c GDPR) prevent this. It is the users' responsibility to back up their data before the end of the contract. We are entitled to irrevocably delete data stored during the contract period if no legal obligations prevent this.

When you use our registration and login functions, as well as your user account, we store your IP address and the time of each user action based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) and those of the user (protection against misuse and other unauthorized use). This data is only shared with third parties if necessary for the enforcement of our claims or required by law (Art. 6 para. 1 lit. c GDPR). IP addresses are anonymized or deleted after 7 days at the latest.

Contacting us

When you contact us (e.g. via contact form, email, telephone or social media), the information provided by the user is processed in accordance with Art. 6 para. 1 lit. b GDPR (pre-contractual inquiries, contractual relationship) or Art. 6 para. 1 lit. f GDPR (general inquiries) for the purpose of processing and handling the contact request.

User data may be stored in a customer relationship management system (“CRM system”) or similar inquiry management systems. We delete inquiries when they are no longer needed; this necessity is reviewed regularly, at least every two years. Furthermore, statutory archiving obligations apply.

Chatbot / Chatbase

We use a chatbot service on our website to offer you the simplest and quickest way to obtain information (e.g., questions about our services, the MPU preparation process, or scheduling an appointment). For this, we use the "Chatbase" service from the provider [Provider Name]. Chatbase Inc., 2261 Market Street STE 85690, San Francisco CA 94114, USA.

The chat is for general information purposes only. Please submit your messages via the chat. no sensitive data (e.g. health data, data relating to criminal offenses, information relating to ongoing proceedings or other special categories of personal data within the meaning of Article 9 GDPR).

Scope of processing

The following data is processed in particular when using the chat:

• Content data: chat messages and questions you entered
• Usage and metadata: Date and time of use, approximate duration of stay, browser and device information (if applicable).
• IP address (in abbreviated form, where technically possible)

The data is processed to automatically answer your inquiry and to continuously improve the quality of the chat. The evaluation is carried out on our behalf by Chatbase based on a data processing agreement pursuant to Article 28 GDPR.

Legal basis

Use of the chat is voluntary. Data processing within the chatbot is based on your consent (Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG), which is obtained via our consent/cookie management system before the chat is activated. If your inquiry is directly related to an existing contract or the initiation of a contract, processing may additionally be based on Art. 6 para. 1 lit. b GDPR.

Data transfer to the USA

Chatbase processes data, among other things, on servers in the USA. The USA is a third country within the meaning of the GDPR. Data is only transferred if the requirements of Articles 44 et seq. of the GDPR are met. Chatbase uses, in particular, the standard contractual clauses for data protection issued by the EU Commission and, according to its own statements, offers a level of protection in accordance with legal requirements. Additionally, data may be transferred based on an adequacy decision pursuant to Article 45 of the GDPR (EU-US Data Privacy Framework), provided Chatbase is certified accordingly.

Storage duration

The data collected during chat use will only be stored by us for as long as necessary to answer your inquiry and to ensure the proper functioning of the chatbot, or as required by statutory retention periods. Otherwise, the data will be deleted or anonymized.

You can withdraw your consent to the use of the chatbot at any time with effect for the future via the settings in the cookie/consent tool.

Comments and contributions

When users leave comments or other contributions (e.g., on the blog), their IP addresses may be stored for up to 7 days based on our legitimate interests (Art. 6 para. 1 lit. f GDPR). This is done for our security in case someone leaves unlawful content in comments or contributions (e.g., insults, prohibited political propaganda, etc.).

We reserve the right to process user data for spam detection purposes.

Get profile pictures from Gravatar

We use the Gravatar service from the provider within our online offering. Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA .

Gravatar is a service where users can register and upload profile pictures and email addresses. When users with that email address leave comments on other online platforms (especially blogs), their profile pictures can be displayed next to their posts.

For this purpose, the email address provided by users is encrypted before being transmitted to Gravatar. Gravatar thereby receives the user's IP address, as this is technically necessary for communication between the browser and the online service. Further information on data usage by Gravatar can be found at: https://automattic.com/privacy/.

If you do not want an image stored at Gravatar to be displayed, you should use an email address that is not stored at Gravatar to comment, or refrain from using our commenting system.

Newsletter

The following information explains the content, registration, distribution, and evaluation procedures of our newsletter, as well as your rights to object. By subscribing to our newsletter, you agree to receive it and to the procedures described.

• Content: Information about our services, offers and news about the MPU Academy.
• Shipping only with consent or legal permission (§ 7 UWG).

Double opt-in and logging

Newsletter registration uses a double opt-in process. After registering, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent anyone from subscribing using someone else's email address.

Registrations are logged in order to be able to prove the registration process in accordance with legal requirements (storage of registration and confirmation time, IP address, and any changes to your data).

credentials

To register, simply provide your email address. Optionally, you can provide your name to be addressed personally in the newsletter.

Legal basis

The newsletter is sent and its success is measured on the basis of your consent (Art. 6 para. 1 lit. a GDPR, Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 UWG) or on the basis of the legal permission according to § 7 para. 3 UWG (advertising to existing customers).

Termination / revocation

You can unsubscribe from our newsletter at any time, i.e., withdraw your consent. You will find an unsubscribe link at the end of each newsletter. Based on our legitimate interests (Art. 6 para. 1 lit. f GDPR), we may store unsubscribed email addresses for up to three years in order to be able to prove previously given consent. An individual deletion request is possible at any time, provided you confirm that you previously gave your consent.

Newsletter – Email service provider (Mailchimp)

The newsletters are sent via the mailing service provider. “Mailchimp” (The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA).

The shipping provider's privacy policy can be found at: https://mailchimp.com/legal/privacy/.

Mailchimp is used on the basis of a data processing agreement pursuant to Article 28 GDPR. Mailchimp uses standard data protection clauses of the EU Commission or other suitable safeguards to secure data transfers to the USA.

Mailchimp may use recipient data in pseudonymized form, i.e., without linking it to a specific user, to optimize or improve its own services (e.g., technical optimization of email delivery). Mailchimp does not use the data for its own advertising purposes.

Newsletter - Success Measurement

The newsletters contain a so-called "web beacon," i.e., a pixel-sized file that is retrieved from our server or the server of the email service provider when the newsletter is opened. During this retrieval, technical information (browser, system, IP address, retrieval time) as well as information about newsletter opens and clicks on links are collected.

This information is used to technically improve our services and to optimize the content of the newsletter. The analysis is conducted in pseudonymized form; individual user analysis is not our goal.

Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), based on your consent (Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG).

Google uses cookies. The information generated by the cookie about your use of our website is generally transmitted to and stored on a Google server in the USA. We only use Google Analytics with IP anonymization enabled. This means that Google shortens the IP address of users within the EU or the EEA; only in exceptional cases is the full IP address transmitted to the USA and shortened there.

Google will use this information on our behalf to evaluate the use of our online services, compile reports on website activity, and provide other services related to the use of the online services. Pseudonymous user profiles may be created from the processed data.

The IP address transmitted by your browser will not be merged with other Google data.

You can withdraw your consent at any time via our consent tool or prevent the storage of cookies by adjusting your browser settings accordingly. Furthermore, you can prevent the collection of data generated by the cookie and its processing by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Google marketing services (e.g. Google Ads, remarketing)

Based on your consent (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG), we use marketing and remarketing services ("Google Marketing Services") from Google Ireland Limited. Google Marketing Services enable us to display advertisements on and for our website in a more targeted manner, so that users only see ads that potentially match their interests.

For this purpose, Google uses cookies and similar technologies. The information collected via cookies about the use of this website (e.g., pages visited, content clicked, technical information) may be transferred to Google servers in the USA and analyzed there. The data is processed pseudonymously.

You can withdraw your consent at any time via our consent tool. You can also deactivate interest-based advertising by Google via the following page: https://adssettings.google.com/.

Facebook Pixels, Custom Audiences and Facebook Conversion

Within our online service, with your consent (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG), the so-called “Facebook pixel” of the social network Facebook, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is used.

With the help of the Facebook pixel, Facebook can identify visitors to our website as a target audience for displaying advertisements ("Facebook Ads"). We use the pixel to show Facebook Ads only to users who have shown an interest in our website or who exhibit certain characteristics (e.g., interest in MPU topics) that we transmit to Facebook ("Custom Audiences").

The Facebook pixel allows Facebook to log, among other things, whether users have reached our website after clicking on an ad (so-called "conversion"). The data collected is anonymous to us; however, Facebook can link it to the respective user profile.

You can withdraw your consent at any time and also make further settings in the Facebook settings for usage-based advertising: https://www.facebook.com/adpreferences/ad_settings/.

Online presence in social media

We maintain online presences within social networks and platforms (e.g., Facebook, Instagram, YouTube) to communicate with customers, prospective customers, and users and to inform them about our services. When accessing these networks, the terms and conditions and data processing policies of the respective operators apply.

Unless otherwise stated, we process user data when users communicate with us via social networks (e.g., direct messages, comments, posts). The legal basis for this processing is our legitimate interest in effective public relations and communication (Art. 6 para. 1 lit. f GDPR) or your consent (Art. 6 para. 1 lit. a GDPR).

Integration of services and content of third parties

Within our online services, we use content or service offerings from third-party providers based on our legitimate interests (analysis, optimization and economic operation of our online services, Art. 6 para. 1 lit. f GDPR) to integrate their content and services (e.g. videos or fonts).

This requires that third-party providers are aware of users' IP addresses, as they cannot send the content to users' browsers without them. The IP address is therefore necessary for displaying the content.

YouTube

We embed videos from the platform "YouTube" of Google Ireland Limited. Privacy policy: https://policies.google.com/privacy?hl=de.

Google Fonts

We use Google Fonts from Google Ireland Limited to ensure consistent font display. If your browser does not support web fonts, a standard font from your computer will be used. More information: https://developers.google.com/fonts/faq.

Use of Facebook Social Plugins

Based on your consent (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG), we use social plugins from the social network Facebook (Meta Platforms Ireland Limited). These plugins can display interactive elements or content (e.g., "Like" button, share post).

When a user accesses a feature of this online service that contains such a plugin, their device establishes a direct connection to Facebook's servers. The plugin's content is transmitted directly from Facebook to the user's device and integrated into the online service. This process can lead to the creation of user profiles.

The purpose and scope of data collection and the further processing and use of data by Facebook, as well as the related rights and settings options for protecting users' privacy, can be found in Facebook's privacy policy: https://www.facebook.com/privacy/policy.

status of this privacy policy

Status: November 2025

Due to the ongoing development of our website or changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The current version is always available at this URL.