onBildung Logo onBildung

Privacy Policy

1) Introduction and contact details of the controller

1.1 We are delighted that you are visiting our website and thank you for your interest. Below, we provide information about how we handle your personal data when you use our website. Personal data is any data that can be used to identify you personally.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is onBildung GmbH, Kreuzgasse 22, 61250 Usingen, Germany, tel.: +49 6081 58 410 93, email: kontakt@onbildung.de. The controller responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

2) Data collection when visiting our website

2.1 When you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the page server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Our visited website
  • Date and time of access
  • Amount of data sent in bytes
  • Source/reference from which you accessed the site
  • Browser used
  • Operating system used
  • IP address used (if applicable: in anonymized form)

Processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used for any other purpose. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

We use a provider to host our website and display the page content who provides its services itself or through selected subcontractors exclusively on servers within the European Union.

All data collected on our website is processed on these servers.

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

4) Contact

4.1 Brevo

We use the services of the following provider to provide an online appointment booking function: Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany

For the purpose of scheduling appointments, first and last names, email addresses (and, if applicable, telephone numbers if a telephone appointment is requested) are collected and transmitted to the provider in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in effective customer management and efficient appointment management, where they are stored for the purpose of organizing appointments.

After the appointment has been held or after the agreed appointment period has expired, your data will be deleted by the provider.

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

4.2 Personal data is collected when you contact us (e.g., via contact form or email). The data collected when using a contact form can be seen on the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for establishing contact and the associated technical administration.

The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) lit. b GDPR. Your data will be deleted after your request has been processed. This is the case if it can be inferred from the circumstances that the matter in question has been finally clarified and provided that there are no legal obligations to retain data.

5) Web analysis services

Matomo

This website uses a web analysis service provided by the following provider: InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, ("Matomo")

To protect site visitors, Matomo uses a so-called "config_id" to enable various analyses of site usage within a short time window of up to 24 hours. The "config_id" is a randomly set, time-limited hash of a limited set of settings and attributes of the visitor. The config_id or config hash is a string that is calculated for a visitor based on their operating system, browser, browser plugins, IP address, and browser language. Matomo does not use device fingerprinting and uses an anonymized IP address of the site visitor to create the "config_id".

If the information processed in this way includes personal user data, processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes.

Objection (opt-out): You can object to Matomo's collection of data at any time. To do so, use the following opt-out option:

If you object, an opt-out cookie will be set to prevent Matomo from recording your visits.

Data is only transferred to the provider if the service is not hosted on our servers. In the case of self-hosting, no data collected via the service is transferred to the provider.

If the service is not hosted on our servers, we have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

In this case, data transfers to New Zealand are subject to an adequacy decision by the EU Commission, which certifies compliance with European data protection standards for international data transfers.

6) Rights of the data subject

6.1 The applicable data protection law grants you the following rights as a data subject (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the legal basis cited for the respective conditions for exercising these rights:

  • Right of access pursuant to Art. 15 GDPR;
  • Right to rectification pursuant to Art. 16 GDPR;
  • Right to erasure pursuant to Art. 17 GDPR;
  • Right to restriction of processing pursuant to Art. 18 GDPR;
  • Right to be informed pursuant to Art. 19 GDPR;
  • Right to data portability pursuant to Art. 20 GDPR;
  • Right to withdraw consent pursuant to Art. 7(3) GDPR;
  • Right to lodge a complaint pursuant to Art. 77 GDPR.

6.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN PROVE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNING YOU FOR DIRECT MARKETING PURPOSES.

7) Duration of storage of personal data

The duration of storage of personal data is determined by the respective legal basis, the purpose of processing and, if relevant, the respective statutory retention period (e.g., commercial and tax law retention periods).

When processing personal data on the basis of express consent in accordance with Art. 6 (1) (a) GDPR, the data concerned will be stored until you revoke your consent.

If there are statutory retention periods for data that is processed within the framework of legal or quasi-legal obligations on the basis of Art. 6 (1) lit. b GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer necessary for the fulfillment or initiation of a contract and/or we no longer have a legitimate interest in its further storage.

When processing personal data on the basis of Art. 6 (1) lit. f GDPR, this data is stored until you exercise your right of objection under Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

When processing personal data for the purpose of direct marketing on the basis of Art. 6 (1) lit. f GDPR, this data will be stored until you exercise your right to object under Art. 21 (2) GDPR.

Unless otherwise specified in the other information in this statement on specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

As of: January 8, 2026, 11:49:00 a.m.