Privacy Policy - FutureKids Consulting

Privacy Policy

FutureKids Consulting

Last updated: 22 April 2026

Preamble

With the following Privacy Policy, we would like to inform you about the types of your personal data (hereinafter also referred to as ‘data’) that we process, for what purposes and to what extent. This Privacy Policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as ‘Online Offering’).

The terms used are not gender-specific.

Table of Contents

Preamble
Controller
Overview of Processing Activities
Relevant Legal Bases
Security Measures
General Information on Data Storage and Erasure
Rights of Data Subjects
About FutureKids Consulting
Business Services
Business Processes and Procedures
Use of Online Platforms for Offering and Sales Purposes
Providers and Services Used in the Course of Business
Payment Methods
Provision of the Online Offering and Web Hosting
Use of Cookies
Registration, Login and User Accounts
Blogs and Publication Media
Contact and Enquiry Management
Artificial Intelligence (AI)
Video Conferences, Online Meetings, Webinars and Screen Sharing
Cloud Services
Newsletter and Electronic Notifications
Advertising Communication via E-mail, Post, Fax or Telephone
Web Analytics, Monitoring and Optimisation
Customer Reviews and Rating Procedures
Social Media Presences
Plugins and Embedded Functions and Content
Management, Organisation and Auxiliary Tools
Changes and Updates
Definitions

Controller

FutureKids Consulting

Carola Victoria Schlögl-Ngum

Rumpenheimer Str. 6

60388 Frankfurt am Main

Authorised representative: Carola Victoria Schlögl-Ngum

E-mail address: carola@futurekidsguide.com

Imprint: https://futurekidsguide.com/impressum-de/

Overview of Processing Activities

The following overview summarises the types of data processed and the purposes of their processing, and refers to the data subjects concerned.

Types of Data Processed

Inventory data
Employee data
Payment data
Contact data
Content data
Contract data
Usage data
Meta, communication and procedural data
Image and/or video recordings
Audio recordings
Log data

Categories of Data Subjects

Recipients of services and clients
Employees
Prospective customers
Communication partners
Users
Business and contractual partners
Educational and course participants
Depicted persons
Third parties
Customers

Purposes of Processing

Provision of contractual services and fulfilment of contractual obligations
Communication
Security measures
Direct marketing
Reach measurement
Tracking
Office and organisational procedures
Target group formation
Organisational and administrative procedures
Feedback
Marketing
Profiles with user-related information
Provision of our online offering and user-friendliness
Establishment and conduct of employment relationships
Information technology infrastructure
Financial and payment management
Public relations
Sales promotion
Business processes and commercial procedures
Artificial Intelligence (AI)

Relevant Legal Bases

Relevant legal bases under the GDPR: The following provides an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. Where more specific legal bases apply in individual cases, we will inform you of these in the Privacy Policy.

Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

National data protection regulations in Germany: In addition to the GDPR, national data protection regulations apply in Germany. These include in particular the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains in particular special provisions on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated individual decision-making including profiling. The data protection laws of the individual German federal states may also apply.

Relevant legal bases under the Swiss Data Protection Act: If you are located in Switzerland, we process your data on the basis of the Federal Act on Data Protection (Swiss DPA). Unlike, for example, the GDPR, the Swiss DPA does not generally require a legal basis to be stated for the processing of personal data, and the processing of personal data must be carried out in good faith, lawfully and proportionately (Art. 6(1) and (2) of the Swiss DPA). Furthermore, we only collect personal data from data subjects for a specific purpose that is evident to the data subject and process it only in a manner compatible with that purpose (Art. 6(3) of the Swiss DPA).

Security Measures

We implement appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity to the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

The measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input, disclosure, ensuring availability and its separation. Furthermore, we have established procedures that ensure the exercise of data subjects’ rights, the deletion of data and responses to data threats. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes, in accordance with the principle of data protection by design and by default.

IP address shortening: Where IP addresses are processed by us or by the service providers and technologies used, and where the processing of a complete IP address is not necessary, the IP address will be shortened (also referred to as ‘IP masking’). In this process, the last two digits or the last part of the IP address after a full stop are removed or replaced by placeholders. The purpose of shortening the IP address is to prevent or significantly impede the identification of a person by their IP address.

Securing online connections by TLS/SSL encryption technology (HTTPS): In order to protect the data of users transmitted via our online services from unauthorised access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission over the internet. These technologies encrypt the information transmitted between the website or app and the user’s browser (or between two servers), thereby protecting the data from unauthorised access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions comply with the highest security standards. When a website is secured by an SSL/TLS certificate, this is signalled by the display of HTTPS in the URL. This serves as an indicator for users that their data is being transmitted securely and in encrypted form.

General Information on Data Storage and Erasure

We delete personal data that we process in accordance with the statutory provisions as soon as the underlying consents are revoked or no further legal grounds for processing exist. This applies to cases where the original purpose of processing no longer applies or the data is no longer needed. Exceptions to this rule exist where statutory obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose retention is necessary for legal prosecution or for the protection of the rights of other natural or legal persons, must be archived accordingly.

Our privacy notices contain additional information on the retention and deletion of data that applies specifically to certain processing activities.

Where multiple retention periods or deletion deadlines are specified for a piece of data, the longest period always applies. Data that is no longer retained for its originally intended purpose but is retained due to statutory requirements or other reasons shall be processed exclusively for the reasons that justify its retention.

Retention and Erasure of Data under German Law

10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as the working instructions and other organisational documents required for their understanding (§ 147(1) No. 1 in conjunction with (3) AO, § 14b(1) UStG, § 257(1) No. 1 in conjunction with (4) HGB).
8 years – Accounting vouchers, such as invoices and cost receipts (§ 147(1) Nos. 4 and 4a in conjunction with (3) sentence 1 AO and § 257(1) No. 4 in conjunction with (4) HGB).
6 years – Other business documents: received commercial or business letters, reproductions of sent commercial or business letters, other documents relevant for taxation purposes, as well as payroll accounting documents (§ 147(1) Nos. 2, 3, 5 in conjunction with (3) AO, § 257(1) Nos. 2 and 3 in conjunction with (4) HGB).
3 years – Data required to take account of potential warranty and liability claims or similar contractual claims and rights, as well as to handle related enquiries, is retained for the duration of the standard statutory limitation period of three years (§§ 195, 199 BGB).

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
Right to withdraw consent: You have the right to withdraw consents given at any time.
Right of access: You have the right to obtain confirmation as to whether data concerning you is being processed and to obtain information about such data as well as further information and a copy of the data in accordance with the statutory requirements.
Right to rectification: You have the right, in accordance with the statutory requirements, to request the completion of data concerning you or the rectification of inaccurate data concerning you.
Right to erasure and restriction of processing: You have the right, in accordance with the statutory requirements, to request that data concerning you be erased without undue delay, or alternatively, in accordance with the statutory requirements, to request restriction of the processing of the data.
Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, commonly used and machine-readable format in accordance with the statutory requirements, or to request its transmission to another controller.
Lodging a complaint with a supervisory authority: In accordance with the statutory requirements and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

About FutureKids Consulting

FutureKids Consulting is a sole proprietorship specialising in educational consultancy, headquartered in Frankfurt am Main. We support families in finding the right nursery place and making the right school choice for their child. In the context of our services, we process personal data exclusively for the purpose of providing our consultancy services and making our digital products available.

Business Services

We process personal data of our contractual and business partners, such as customers, clients, prospective customers, suppliers and other cooperation partners (collectively ‘contractual partners’), for the purpose of initiating, executing and settling contractual relationships and comparable legal relationships. This also includes pre-contractual measures taken at the request of the data subject, as well as communication in connection with the respective contractual relationship.

The processing serves in particular the fulfilment of our primary and ancillary contractual obligations. These include the provision of the agreed services, any update and information obligations, the handling of warranty and other service disruptions, the processing of revocations, termination of ongoing obligations, rescission, reimbursements and the handling of other contract-related declarations and enquiries. Both one-off contracts and ongoing contractual relationships are covered.

Data processed includes in particular master data such as name, address and, where applicable, company name, contact data such as e-mail address and telephone number, contract and service data such as subject matter of the contract, duration, order or transaction number, usage and service data, payment and billing data, as well as communication content and history. Where necessary, we also process data that is disclosed or transmitted to us in the context of carrying out an assignment.

In addition, we process the data to safeguard our rights and to fulfil statutory obligations. This includes in particular commercial and tax law retention obligations, documentation obligations, and where applicable, evidence and accountability obligations. Processing is also carried out on the basis of our legitimate interests in proper business management, internal administration, risk management and IT security, as well as the protection of our business operations and contractual partners from misuse, threats to data, trade secrets and other legal interests.

Processed data types: Inventory data; payment data; contact data; contract data; usage data; meta, communication and procedural data.

Data subjects: Recipients of services and clients; prospective customers; business and contractual partners; educational and course participants.

Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; security measures; communication; office and organisational procedures; organisational and administrative procedures; business processes and commercial procedures.

Legal bases: Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR); legal obligation (Art. 6(1)(c) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Further Notes on Processing Activities

Online shop, order forms, e-commerce and fulfilment: We process the data of our customers to enable them to select, purchase or order chosen products, goods and associated services, as well as their payment, delivery or performance. Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).

Educational and training services: We process the data of participants in our educational and training offerings to provide them with our training services. Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).

Coaching: We process the data of clients to provide coaching services, including contact management, needs analysis, planning and conducting sessions, documentation of progress, scheduling, billing and quality assurance. Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).

Consulting: We process the data of clients to provide consultancy services, including contact management, needs and requirements analysis, planning and implementation of consultancy projects, documentation, billing and follow-up. Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).

Online courses and training: We process the data of participants in our online courses and training programmes to provide the respective course and training services, including performance evaluation and learning progress analysis. Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).

Event management: We process the data of participants in events, conferences and similar activities organised or hosted by us to enable participation and the use of associated services. Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).

Business Processes and Procedures

Personal data of recipients of services and clients — including customers, clients or, in specific cases, mandates, patients or business partners as well as other third parties — is processed in the context of contractual and comparable legal relationships and pre-contractual measures such as the initiation of business relationships. This data processing supports and facilitates business operations in areas such as customer management, sales, payment processing, accounting and project management.

Processed data types: Inventory data; payment data; contact data; content data; contract data; usage data; meta, communication and procedural data; log data; employee data.

Data subjects: Recipients of services and clients; prospective customers; communication partners; business and contractual partners; customers; third parties; users; employees.

Legal bases: Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR); legal obligation (Art. 6(1)(c) GDPR).

Further Notes on Processing Activities

Contact management: Procedures required for organising, maintaining and securing contact information, including establishment and maintenance of a central contact database, regular updates, integrity monitoring and access controls. Legal bases: Performance of a contract (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Customer accounts: Customers may set up an account within our online offering. We store IP addresses and access times at the time of registration and subsequent logins to evidence registration and prevent misuse. Legal bases: Performance of a contract (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

General payment transactions: Procedures required for carrying out payment transactions, monitoring bank accounts and controlling payment flows. Legal bases: Performance of a contract (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Accounting (accounts payable and receivable): Procedures required for the recording, processing and control of business transactions in the area of accounts payable and receivable, including invoice management, open item management, payment processing and dunning. Legal bases: Performance of a contract (Art. 6(1)(b) GDPR); legal obligation (Art. 6(1)(c) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Financial accounting and tax: Procedures required for the recording, management and control of financially relevant business transactions and for the calculation, reporting and payment of taxes. Legal bases: Performance of a contract (Art. 6(1)(b) GDPR); legal obligation (Art. 6(1)(c) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Sales: Procedures required for planning, executing and controlling measures to market and sell products or services, including customer acquisition, quotation management, order processing and sales controlling. Legal bases: Performance of a contract (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Marketing, advertising and sales promotion: Procedures required in the context of marketing, advertising and sales promotion, including market analysis, development of marketing strategies, planning and execution of advertising campaigns, SEO and social media campaigns. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Public relations: Procedures required in the context of public relations and PR, including development and implementation of communication strategies, press releases, media relations, social media content management and corporate branding. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Use of Online Platforms for Offering and Sales Purposes

We offer our services on online platforms operated by other service providers. In this context, the data protection notices of the respective platforms apply in addition to our privacy notices, in particular with regard to payment processing and the procedures used on the platforms for reach measurement and interest-based marketing.

Processed data types: Inventory data; payment data; contact data; contract data; usage data; meta, communication and procedural data.

Data subjects: Recipients of services and clients; business and contractual partners.

Legal bases: Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Further Notes

Shopify: Platform through which e-commerce services are offered and carried out. Service provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Website: https://www.shopify.com. Privacy policy: https://www.shopify.com/legal/privacy.

Providers and Services Used in the Course of Business

In the course of our business activities, we use additional services, platforms, interfaces or plug-ins from third-party providers (‘services’) in compliance with statutory requirements. Their use is based on our interest in the proper, lawful and cost-effective management of our business operations and internal organisation.

Processed data types: Inventory data; payment data; contact data; content data; contract data; usage data; meta, communication and procedural data.

Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR); consent (Art. 6(1)(a) GDPR).

Further Notes

Lexware Office: Online software for invoicing, accounting, banking and tax submission with document storage. Service provider: Haufe Service Center GmbH, Munzinger Straße 9, 79111 Freiburg, Germany. Website: https://www.lexware.de.

Shopify: E-commerce platform. Service provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

PayPal: Payment services (technical integration of online payment methods). Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. Website: https://www.paypal.com. Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).

Brevo: E-mail sending and automation services. Service provider: Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. Website: https://www.brevo.com.

Calendly: Online appointment scheduling and management. Service provider: Calendly LLC., 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA. Transfer basis: Standard Contractual Clauses.

Zoom: Video conferences, online meetings, webinars, screen sharing, optional session recording, chat function, calendar integration. Service provider: Zoom Video Communications, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA. Transfer basis: Data Privacy Framework (DPF); Standard Contractual Clauses.

Google Analytics: We use Google Analytics to measure and analyse the use of our online offering on the basis of a pseudonymous user identification number. This identification number contains no unique data such as names or e-mail addresses. It serves to assign analysis information to an end device. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Legal basis: Consent (Art. 6(1)(a) GDPR). Security measures: IP masking.

Yoast SEO: Website optimisation for search engines. Service provider: Yoast B.V., Don Emanuelstraat 3, 6602 GX Wijchen, Netherlands.

Google Search Console: Monitoring of website performance, analysis of search queries, identification of indexing issues, management of sitemaps. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Payment Methods

In the context of contractual and other legal relationships, on the basis of statutory obligations or otherwise on the basis of our legitimate interests, we offer data subjects efficient and secure payment options and, in addition to banks and credit institutions, use further service providers for this purpose (collectively ‘payment service providers’). Payment transactions are carried out exclusively via encrypted connections in accordance with the current state of the art, so that the data entered is protected from unauthorised access during transmission.

Data processed by payment service providers includes inventory data such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, amount and recipient-related information. The information is required in order to carry out the transactions. However, the data entered is processed only by the payment service providers and stored by them. We therefore do not receive any account or credit card-related information, but only information confirming or denying the payment.

Processed data types: Inventory data; payment data; contract data; usage data; meta, communication and procedural data.

Legal bases: Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Further Notes

PayPal: Payment services. Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

Shopify Payments: Payment services via Shopify’s integrated payment platform, enabling customers to use various supported payment methods depending on the region. Service provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

Provision of the Online Offering and Web Hosting

We process users’ data in order to be able to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary in order to transmit the content and functions of our online services to the user’s browser or end device.

Processed data types: Usage data; meta, communication and procedural data; log data; content data.

Data subjects: Users.

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further Notes

Provision of online offering on leased server space: For the provision of our online offering, we use server space, computing capacity and software that we lease or otherwise obtain from a server provider (also referred to as a ‘web host’).

Collection of access data and log files: Access to our online offering is logged in the form of so-called ‘server log files’. Log files may include the address and name of the retrieved websites and files, date and time of retrieval, data volumes transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL and, as a rule, IP addresses and the requesting provider. Log files are stored for a maximum period of 30 days and then deleted or anonymised.

ALL-INKL: Services in the field of IT infrastructure provision and related services. Service provider: ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany.

Private Email (Namecheap): Hosting and sending of e-mails via a custom domain. Service provider: Namecheap, Inc., 4600 East Washington Street, Suite 305, Phoenix, AZ 85034, USA. Transfer basis: Standard Contractual Clauses.

WordPress.com: Hosting and software for creating, providing and operating websites, blogs and other online offerings. Service provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland.

Use of Cookies

The term ‘cookies’ encompasses functions that store and retrieve information on users’ end devices. Cookies may be used for various purposes, including for the functionality, security and convenience of online offerings and for the creation of analyses of visitor flows. We use cookies in accordance with statutory requirements. Where required, we obtain users’ prior consent. Where consent is not necessary, we rely on our legitimate interests. This applies where the storage and retrieval of information is indispensable in order to provide content and functions that have been expressly requested. These include the storage of settings and ensuring the functionality and security of our online offering. Consent may be withdrawn at any time.

Notes on the legal bases for data protection purposes: Whether we process personal data using cookies depends on consent. Where consent exists, it serves as the legal basis. In the absence of consent, we rely on our legitimate interests as described above.

Storage Periods

Temporary cookies (session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their end device (e.g. browser or mobile application).

Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved and preferred content can be displayed directly when the user revisits a website. Equally, the user data collected via cookies may be used for reach measurement purposes. Unless we provide users with explicit information on the type and storage period of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and that the storage period may be up to two years.

Further Notes

Processing of cookie data on the basis of consent: We use a consent management solution to obtain users’ consent to the use of cookies or to the procedures and providers named in the consent management solution. This procedure is used to obtain, record, manage and revoke consents, particularly with regard to the use of cookies and comparable technologies. Legal basis: Consent (Art. 6(1)(a) GDPR).

BorlabsCookie: Storage and management of consents, recording of user decisions, display of data protection and cookie notices, enabling withdrawal or adjustment of consents.

Registration, Login and User Accounts

Users may create a user account. As part of the registration process, users are informed of the required mandatory information, which is processed for the purpose of providing the user account on the basis of contractual obligation. The data processed includes in particular login information (username, password and an e-mail address).

As part of the use of our registration and login functions and the use of the user account, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests and those of the users in protection against misuse and other unauthorised use.

Processed data types: Inventory data; contact data; content data; usage data; log data.

Legal bases: Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Blogs and Publication Media

We use blogs or comparable means of online communication and publication (hereinafter ‘publication media’). Readers’ data is processed for the purposes of the publication medium only to the extent necessary for its presentation and for communication between authors and readers, or for security reasons.

Processed data types: Inventory data; contact data; content data; usage data; meta, communication and procedural data.

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further Notes

WordPress Emoji and Smilies: Within our WordPress blog, graphical emojis (or smilies), i.e. small graphic files expressing emotions, are used for efficient integration of content elements and are retrieved from external servers. The providers of the servers collect the IP addresses of users. Service provider: Aut O’Mattic A8C Ireland Ltd.

Akismet Anti-Spam Check: On the basis of our legitimate interests, we use the ‘Akismet’ service to distinguish genuine comments from spam. For this purpose, all comment details are sent to a server in the USA, where they are analysed and stored for comparison purposes for four days. Service provider: Aut O’Mattic A8C Ireland Ltd.

Contact and Enquiry Management

When contacting us (e.g. by post, contact form, e-mail, telephone or via social media) and in the context of existing user and business relationships, we process the information of the enquiring persons to the extent necessary to respond to the contact enquiries and any measures requested.

Processed data types: Contact data; content data; meta, communication and procedural data.

Data subjects: Communication partners.

Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR).

Further Notes

Contact form: When contacting us via our contact form, by e-mail or via other communication channels, we process the personal data transmitted to us in order to respond to and deal with the respective matter. This generally includes information such as name, contact details and, where applicable, further information provided to us and necessary for appropriate handling. We use this data exclusively for the stated purpose of making contact and for communication.

Artificial Intelligence (AI)

We use Artificial Intelligence (AI), whereby personal data is processed. The specific purposes and our interest in using AI are set out below. We understand AI, in accordance with the concept of an ‘AI system’ within the meaning of Article 3(1) of the AI Act, as a machine-based system designed to operate with varying degrees of autonomy, which may be adaptive after deployment, and which, from the inputs it receives, generates outputs such as predictions, content, recommendations or decisions that can influence physical or virtual environments.

Our AI systems are used in strict compliance with statutory requirements, including specific AI regulations and data protection requirements. We comply in particular with the principles of lawfulness, transparency, fairness, human control, purpose limitation, data minimisation, integrity and confidentiality. We ensure that the processing of personal data is always based on a legal ground, whether the consent of the data subjects or a statutory permission.

Processed data types: Content data; usage data.

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further Notes

ChatGPT: AI-based service designed to understand and generate natural language and related inputs and data, analyse information and make predictions. Service provider: OpenAI Ireland Ltd, 117-126 Sheriff Street Upper, D01 YC43 Dublin 1, Ireland.

Claude API: AI-powered service designed to understand and generate natural language and related inputs, analyse information and make predictions. Service provider: Anthropic PBC, 548 Market Street, PMB 90375, San Francisco, CA 94104, USA. Transfer basis: Standard Contractual Clauses.

Video Conferences, Online Meetings, Webinars and Screen Sharing

We use platforms and applications provided by other providers (hereinafter ‘conferencing platforms’) for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings (hereinafter collectively ‘conferences’). In selecting conferencing platforms and their services, we comply with statutory requirements.

Data processed by conferencing platforms in the context of participation in a conference includes: personal data (first name, last name), contact information (e-mail address, telephone number), access data (access codes or passwords), profile pictures, professional information, IP address of the internet connection, end device information, operating system, browser settings, information on communication content (chat inputs, audio and video data), and usage of other available functions.

Processed data types: Inventory data; contact data; content data; usage data; image and/or video recordings; audio recordings; log data.

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further Notes

Zoom: Video conferences, online meetings, webinars, screen sharing, optional session recording, chat function. Service provider: Zoom Video Communications, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA. Transfer basis: Data Privacy Framework (DPF); Standard Contractual Clauses.

Cloud Services

We use software services accessible over the internet and executed on the servers of their providers (so-called ‘cloud services’, also referred to as ‘Software as a Service’) for the storage and management of content (e.g. document storage and management, exchange of documents, content and information with specific recipients or publication of content and information).

Processed data types: Inventory data; contact data; content data; usage data.

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further Notes

Apple iCloud: Cloud storage service. Service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA.

Google Workspace: Cloud-based application software, cloud storage and cloud infrastructure services. Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland. Transfer basis: Data Privacy Framework (DPF); Standard Contractual Clauses.

Microsoft 365 and Microsoft Cloud Services: Provision of applications, data protection and IT systems. Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. Transfer basis: Data Privacy Framework (DPF); Standard Contractual Clauses.

Newsletter and Electronic Notifications

We send newsletters, e-mails and other electronic notifications (hereinafter ‘newsletter’) exclusively with the consent of the recipients or on the basis of a statutory authorisation. Where the contents of a newsletter are described as part of the sign-up process, they are determinative for the user’s consent. Normally, providing your e-mail address is sufficient to subscribe to our newsletter.

Deletion and restriction of processing: We may retain e-mail addresses of persons who have unsubscribed for up to three years on the basis of our legitimate interests before deleting them, in order to be able to demonstrate consent previously given. The processing of this data is restricted to the purpose of potentially defending against claims.

Newsletter Content

Information on nursery place and school choice in Frankfurt, tips on educational support, news about digital products and consultancy services from FutureKids Consulting.

Processed data types: Inventory data; contact data; meta, communication and procedural data; usage data.

Legal bases: Consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Right to withdraw: You may cancel your newsletter subscription at any time, i.e. withdraw your consent or object to further receipt. A link to cancel the newsletter is provided at the end of each newsletter or you may use the contact details provided above, preferably by e-mail.

Further Notes

Measurement of open and click rates: Our newsletters contain a so-called ‘web beacon’, i.e. a pixel-sized file which, when the newsletter is opened, is retrieved from our server or, if we use a dispatch service provider, from their server. Technical information is collected as part of this retrieval, including browser and system information, IP address and time of retrieval. Legal basis: Consent (Art. 6(1)(a) GDPR).

Brevo: E-mail sending and automation services. Service provider: Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany.

Advertising Communication via E-mail, Post, Fax or Telephone

We process personal data for the purposes of advertising communication, which may take place via various channels, such as e-mail, telephone, post or fax, in accordance with statutory requirements.

Recipients have the right to withdraw consents given at any time or to object to advertising communication at any time free of charge using the contact options provided above.

Processed data types: Inventory data; contact data; content data.

Legal bases: Consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Web Analytics, Monitoring and Optimisation

Web analytics (also referred to as ‘reach measurement’) serves to evaluate visitor flows to our online offering and may include information on the behaviour, interests or demographic characteristics of visitors, such as age or gender, as pseudonymous values. By means of reach analysis, we can, for example, identify at what time our online offering or its functions or content is used most frequently, or which areas require optimisation.

In addition to web analytics, we may also use testing procedures to test and optimise different versions of our online offering or its components. Unless otherwise stated below, profiles (data compiled in relation to a usage process) may be created for these purposes, and information may be stored and subsequently read in a browser or on an end device.

Processed data types: Usage data; meta, communication and procedural data.

Security measures: IP masking (pseudonymisation of IP address).

Legal bases: Consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Further Notes

Google Analytics: We use Google Analytics to measure and analyse the use of our online offering. Google Analytics logs and stores no individual IP addresses for EU users. Analytics provides approximate geographical location data derived from IP address metadata. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Legal basis: Consent (Art. 6(1)(a) GDPR). Opt-out: https://tools.google.com/dlpage/gaoptout.

Jetpack (WordPress Stats): Analytics functions for WordPress software. Service provider: Aut O’Mattic A8C Ireland Ltd. Legal basis: Consent (Art. 6(1)(a) GDPR).

Customer Reviews and Rating Procedures

We participate in review and rating procedures in order to evaluate, optimise and promote our services. Where users rate us via the rating platforms or procedures involved or otherwise provide feedback, the general terms and conditions or terms of use and the privacy notices of the respective providers apply in addition.

Processed data types: Contract data; usage data; meta, communication and procedural data.

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further Notes

Rating widget: We integrate so-called ‘rating widgets’ into our online offering. A widget is a functional and content element integrated into our online offering that displays variable information, for example in the form of a seal or similar element. The widget content is displayed within our online offering but is retrieved from the servers of the respective widget provider. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Google Customer Reviews: Service for obtaining and/or displaying customer satisfaction and opinions. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Transfer basis: Data Privacy Framework (DPF).

Social Media Presences

We maintain online presences within social networks and process users’ data in this context in order to communicate with the users active there or to provide information about us.

We note that user data may be processed outside the European Union in this context. This may create risks for users, for example because the enforcement of users’ rights may be more difficult.

Furthermore, user data within social networks is typically processed for market research and advertising purposes. For example, usage profiles may be created on the basis of users’ usage behaviour and the resulting interests. These profiles may in turn be used to place advertisements within and outside the networks that presumably correspond to users’ interests.

Processed data types: Contact data; content data; usage data; meta, communication and procedural data; inventory data.

Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); consent (Art. 6(1)(a) GDPR).

Further Notes

Instagram: Social network enabling the sharing of photos and videos, commenting and favouriting of posts, direct messaging and subscription to profiles and pages. Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. Transfer basis: Data Privacy Framework (DPF).

LinkedIn: Social network. We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not the further processing) of data from visitors used to create ‘Page Insights’ for our LinkedIn profiles. Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Dublin 2, Ireland. Transfer basis: Data Privacy Framework (DPF); Standard Contractual Clauses.

TikTok: Social network enabling the sharing of photos and videos, commenting and favouriting of posts, direct messaging and subscription to accounts. Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

YouTube: Social network and video platform. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Transfer basis: Data Privacy Framework (DPF).

Plugins and Embedded Functions and Content

We integrate functional and content elements into our online offering that are retrieved from the servers of their respective providers (hereinafter ‘third-party providers’). These may include, for example, graphics, videos or city maps (hereinafter uniformly referred to as ‘content’).

Integration always requires the third-party providers of this content to process the IP addresses of users, since they could not send the content to their browsers without an IP address. The IP address is therefore required for the display of this content or these functions. We endeavour to use only content whose respective providers use the IP address solely for the delivery of the content.

Legal bases: Consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Further Notes

Google Fonts (self-hosted): Provision of font files for user-friendly display of our online offering. The Google Fonts are hosted on our own server; no data is transmitted to Google. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Instagram plugins and content: Instagram plugins and content — including images, videos or texts and buttons enabling users to share content within Instagram. Joint controllership with Meta Platforms Ireland Limited for the collection and receipt of event data. Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

LinkedIn plugins and content: LinkedIn plugins and content including images, videos or texts and buttons enabling users to share content within LinkedIn. Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Dublin 2, Ireland. Legal basis: Consent (Art. 6(1)(a) GDPR).

YouTube videos: Video content. Service provider: Google Ireland Limited. Legal basis: Consent (Art. 6(1)(a) GDPR).

TikTok plugins and content: TikTok plugins and content including images, videos or texts and buttons. Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. Legal basis: Consent (Art. 6(1)(a) GDPR).

Management, Organisation and Auxiliary Tools

We use services, platforms and software from third-party providers for the purposes of organising, managing, planning and providing our services, in compliance with statutory requirements. In this context, personal data may be processed and stored on the servers of the third-party providers.

Processed data types: Content data; usage data; meta, communication and procedural data; contact data.

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further Notes

Calendly: Online appointment scheduling and management. Service provider: Calendly LLC., 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA. Transfer basis: Standard Contractual Clauses.

Changes and Updates

We ask you to regularly inform yourself about the content of our Privacy Policy. We adapt the Privacy Policy as soon as changes in the data processing activities carried out by us make this necessary. We will inform you as soon as the changes require a participation act on your part (e.g. consent) or other individual notification.

Where we provide addresses and contact information of companies and organisations in this Privacy Policy, please note that the addresses may change over time and we ask you to verify the information before making contact.

Definitions

Employees: Employees are persons in an employment relationship, whether as workers, employees or in similar positions. Employee data covers all information relating to these persons in the context of their employment, including personal identification data, identification numbers, salary and bank data, working hours, holiday entitlements, health data and performance assessments.

Inventory data: Inventory data encompasses essential information necessary for the identification and management of contractual partners, user accounts, profiles and similar assignments. This data may include personal and demographic details such as names, contact information (addresses, telephone numbers, e-mail addresses), dates of birth and specific identifiers (user IDs).

Content data: Content data encompasses information generated in the course of creating, editing and publishing content of all kinds. This category may include texts, images, videos, audio files and other multimedia content published on various platforms and media.

Contact data: Contact data is essential information enabling communication with persons or organisations, including telephone numbers, postal addresses and e-mail addresses, as well as communication means such as social media handles and instant messaging identifiers.

Artificial Intelligence (AI): The purpose of processing data using Artificial Intelligence includes the automated analysis and processing of user data to recognise patterns, make predictions and improve the efficiency and quality of our services. This is carried out exclusively with the consent of users or on the basis of statutory permissions.

Meta, communication and procedural data: Meta, communication and procedural data are categories containing information on the manner in which data is processed, transmitted and managed. Metadata describes the context, origin and structure of other data. Communication data covers the exchange of information between users. Procedural data describes processes and procedures within systems or organisations.

Usage data: Usage data refers to information capturing how users interact with digital products, services or platforms, including pages visited, functions used, length of visits, click paths, usage frequency, timestamps, IP addresses, device information and location data.

Personal data: ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Profiles with user-related information: The processing of ‘profiles with user-related information’, or ‘profiles’ for short, encompasses any form of automated processing of personal data consisting of the use of such personal data to evaluate, analyse or predict certain personal aspects relating to a natural person. Cookies and web beacons are frequently used for profiling purposes.

Log data: Log data is information about events or activities logged in a system or network, typically including timestamps, IP addresses, user actions, error messages and other details about system usage or operation.

Reach measurement: Reach measurement (also referred to as web analytics) serves to evaluate visitor flows to an online offering and may include information on the behaviour or interests of visitors in certain information, such as the content of websites.

Tracking: ‘Tracking’ refers to the ability to trace users’ behaviour across multiple online offerings. Behavioural and interest information in relation to the online offerings used is typically stored in cookies or on the servers of tracking technology providers (so-called profiling). This information may subsequently be used, for example, to display advertisements to users that presumably correspond to their interests.

Controller: The ‘controller’ is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processing: ‘Processing’ is any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data, whether the collection, analysis, storage, transmission or deletion of data.

Contract data: Contract data is specific information relating to the formalisation of an agreement between two or more parties. It documents the conditions under which services or products are provided, exchanged or sold, and may include start and end dates, the nature of agreed services or products, pricing arrangements, payment terms, termination rights and special conditions or clauses.

Payment data: Payment data encompasses all information required for the processing of payment transactions between buyers and sellers, including credit card numbers, bank account details, payment amounts, transaction data, verification numbers and billing information.

Target group formation: ‘Target group formation’ (also known as ‘Custom Audiences’) refers to the determination of target groups for advertising purposes. Cookies and web beacons are typically used for target group formation and the creation of similar audiences (‘Lookalike Audiences’).