Privacy Policy

In the fol­lo­wing, we inform you about the pro­ces­sing of your per­so­nal data by us and the claims and rights to which you are entit­led accor­ding to the data pro­tec­tion regulations.

This data pro­tec­tion decla­ra­tion informs you about the type, scope and pur­pose of the pro­ces­sing of per­so­nal data within our web­sites,,,,,,, https://phaenomanie.de and (her­ein­af­ter jointly refer­red to as the “web­site”). The Pri­vacy Policy applies regard­less of the domains, sys­tems and devices used (e.g. desk­top, mobile, etc.). Infor­ma­tion about our company’s pre­sence on other web­sites or social media plat­forms can be found sepa­ra­tely below in sec­tion 15.

Per­so­nal data is all data that can be rela­ted to you per­so­nally, e.g. name, address, e‑mail addres­ses, user beha­vior. Which data is pro­ces­sed in detail and how it is used depends lar­gely on the ser­vices used by us.

1. Who is responsible for data processing and whom can I contact?

Respon­si­ble entity is:

Monika Heimann, Michael Schütz
Pol­ler Kirch­weg 78–90
51105 Colo­gne, Germany
Phone: +49 (0)221 1699 6356
Fax: +49 (0) 221 9779 4045

You can reach our com­pany data pro­tec­tion offi­cer at:

Lawyer Asmus Eggert
mip Con­sult GmbH
Wil­helm-Kabus-Str. 9
10829 Ber­lin, Germany
Phone: +49 (0)221 1699 6356

2. What sources and data do we use?

We pro­cess per­so­nal data that we receive from you in the course of using our web­site and, if appli­ca­ble, our busi­ness relationship.

In the case of purely infor­ma­tio­nal use of the web­site, i.e. if you do not regis­ter or other­wise trans­mit infor­ma­tion to us, we only coll­ect the per­so­nal data that your brow­ser trans­mits to our ser­ver. When you access our web­site, we coll­ect the fol­lo­wing access data, which is tech­ni­cally neces­sary for us to dis­play our web­site to you and to ensure sta­bi­lity and secu­rity. The access data includes the IP address, date and time of the request, time zone dif­fe­rence to Green­wich Mean Time (GMT), con­tent of the request (i.e. name of the spe­ci­fic web­site acces­sed), access status/HTTP sta­tus code, amount of data trans­fer­red in each case, refer­rer URL (pre­viously visi­ted page), brow­ser type and ver­sion, ope­ra­ting sys­tem and its inter­face, lan­guage and ver­sion of the brow­ser soft­ware, noti­fi­ca­tion of suc­cessful retrieval.

Fur­ther­more, we receive your per­so­nal data if you cont­act us by e‑mail. Per­so­nal data here are e.g. name, address, e‑mail, tele­phone num­ber (her­ein­af­ter refer­red to as “cont­act data”).

3. What do we process your data for (purpose of processing) and on what legal basis?

We pro­cess per­so­nal data in accordance with the pro­vi­si­ons of the Gene­ral Data Pro­tec­tion Regu­la­tion (GDPR / DS-GVO) and the Bun­des­da­ten­schutz­ge­setz (BDSG) on the basis of the fol­lo­wing legal grounds:

3.1 You have given consent to the processing of your personal data for one or more specific purposes (Art. 6 para. 1 lit. a DS-GVO)

Inso­far as you have given us con­sent to pro­cess per­so­nal data for cer­tain pur­po­ses (e.g. when cont­ac­ting us by e‑mail for pro­ces­sing and hand­ling the inquiry, sen­ding news­let­ters, infor­ma­tion on events, adver­ti­sing approach by phone, e‑mail, SMS, etc.), the lawful­ness of this pro­ces­sing is based on your con­sent. Con­sent given can be revo­ked at any time. Please note that the revo­ca­tion is only effec­tive for the future. Pro­ces­sing that took place before the revo­ca­tion is not affected.

3.2 Processing is necessary for the performance of a contract to which you are party or in order to take steps at the request of you prior to entering into a contract (Art. 6 Abs. 1 lit. b DS-GVO)

When cont­ac­ting us (by e‑mail), your infor­ma­tion will be pro­ces­sed in addi­tion to any con­sent given for the pro­ces­sing of the cont­act request and its hand­ling also on the basis of the imple­men­ta­tion of pre-con­trac­tual mea­su­res, Art. 6 para. 1b DS-GVO.

3.3 Processing is necessary for the purposes of our legitimate interests (Art. 6 Abs. 1 lit. f DS-GVO)

So the ext­ent neces­sary, we pro­cess your data to pro­tect legi­ti­mate inte­rests of us or of third par­ties. In par­ti­cu­lar, we pur­sue the fol­lo­wing legi­ti­mate interests:

  • Ensu­ring IT secu­rity, in par­ti­cu­lar the secu­rity of the web­site (see data lis­ted above under point 2);
  • Asser­tion of legal claims and defense in legal disputes;
  • Adver­ti­sing for our ser­vices, inso­far as you have not objec­ted to the use of your data.

4. Who gets my data?

Within the com­pany, access to your data is gran­ted to those depart­ments that need it to ful­fill our con­trac­tual and legal obligations.

Pro­ces­sors used by us (Art. 28 DS-GVO) may also receive data for the pur­po­ses men­tio­ned above. These are com­pa­nies in the IT ser­vices cate­gory (Inter­net ser­vice pro­vi­ders, video chat pro­vi­ders). Where we use pro­ces­sors to pro­vide our ser­vices, we take appro­priate legal pre­cau­ti­ons and cor­re­spon­ding tech­ni­cal and orga­niza­tio­nal mea­su­res to ensure the pro­tec­tion of per­so­nal data in accordance with the rele­vant legal requirements.

Data is only pas­sed on to third par­ties as requi­red by law. We only pass on users’ data to third par­ties if this is neces­sary, for exam­ple, on the basis of Art. 6 para. 1 lit. b DS-GVO for con­trac­tual pur­po­ses or on the basis of legi­ti­mate inte­rests pur­su­ant to Art. 6 para. 1 lit. f. DS-GVO in an eco­no­mic and effec­tive ope­ra­tion of our busi­ness or you have con­sen­ted to the trans­fer of data. In the case of purely infor­ma­tio­nal use of the web­site, we do not pass on any data to third par­ties as a mat­ter of principle.

5. How long will my data be stored?

For secu­rity reasons (e.g. to cla­rify acts of abuse or fraud), log file infor­ma­tion is stored for a maxi­mum of seven days and then dele­ted (see point 2 above). Data whose fur­ther sto­rage is requi­red for evi­den­tiary pur­po­ses is exempt from dele­tion until final cla­ri­fi­ca­tion of the respec­tive incident.

To the ext­ent neces­sary, we pro­cess and store your per­so­nal data for the dura­tion of our busi­ness rela­ti­onship, which includes, for exam­ple, the initia­tion and exe­cu­tion of a con­tract by e‑mail.

In addi­tion, we are sub­ject to various sto­rage and docu­men­ta­tion obli­ga­ti­ons, which result, among other things, from the tax laws. The peri­ods spe­ci­fied there for sto­rage or docu­men­ta­tion are two to ten years.

Finally, the sto­rage period is also asses­sed accor­ding to the sta­tu­tory limi­ta­tion peri­ods, which, for exam­ple, accor­ding to §§ 195 et seq. of the Ger­man Civil Code (BGB), gene­rally amount to three years, but in cer­tain cases can also be up to thirty years, wher­eby the regu­lar limi­ta­tion period is three years.

Inso­far as you assert your rights as a data sub­ject, we will store the infor­ma­tion pro­vi­ded to you in this regard until the expiry of the sta­tu­tory limi­ta­tion period pur­su­ant to Sec­tion 31 (2) No. 1 OWiG, Sec­tion 41 (1) BDSG, Article 83 (5) lit b DSGVO for 3 years. This period may be exten­ded if the sta­tu­tory limi­ta­tion period is exten­ded due to inter­rup­ti­ons of the limi­ta­tion period (e.g. in the con­text of inqui­ries by the super­vi­sory authorities).

6. Is data transferred to a third country or to an international organization?

We do not trans­fer data to third count­ries (count­ries out­side the Euro­pean Union — EU).

If you com­mu­ni­cate with us on social net­works, then you leave our own pages. Then your data may also be pro­ces­sed out­side the Euro­pean Union (EU). You can find more infor­ma­tion about this sepa­ra­tely below in point 15.

7. What data protection rights do I have?

Every data sub­ject has

  • the right to request accor­ding to Art. 15 DSGVO (i.e. you have the right to request infor­ma­tion about your per­so­nal data stored by us at any time),
  • the right to rec­ti­fi­ca­tion in accordance with Art. 16 DSGVO (i.e. in the event that your per­so­nal data is incor­rect or incom­plete, you may request that it be rectified),
  • the right to era­sure under Art. 17 DSGVO and the right to rest­ric­tion of pro­ces­sing under Art. 18 DSGVO (i.e. you may have the right to request era­sure or rest­ric­tion of pro­ces­sing of your per­so­nal data if, for exam­ple, there is no lon­ger a legi­ti­mate busi­ness pur­pose for such pro­ces­sing and legal reten­tion obli­ga­ti­ons do not require con­tin­ued storage),
  • the right to data por­ta­bi­lity from Art. 20 DSGVO (i.e. you may have the right to receive the per­so­nal data con­cer­ning you that you have pro­vi­ded to us in a struc­tu­red, com­mon and machine-rea­da­ble for­mat and to trans­fer this data to ano­ther con­trol­ler wit­hout hindrance).

Fur­ther­more, you may revoke cons­ents, in prin­ci­ple with effect for the future.

Fur­ther­more, you have the right to lodge a com­plaint with a data pro­tec­tion super­vi­sory aut­ho­rity (Art. 77 DS-GVO in con­junc­tion with § 19 BDSG).

In addi­tion, we would like to point out your right of objec­tion accor­ding to Art. 21 DS-GVO:

Infor­ma­tion about your right to object accor­ding to Art. 21 DS-GVO

You have the right to object at any time, on grounds rela­ting to your par­ti­cu­lar situa­tion, to the pro­ces­sing of per­so­nal data con­cer­ning you which is car­ried out on the basis of Ar. 6 (1) (e) DS-GVO (data pro­ces­sing in the public inte­rest) and Ar. 6 (1) (f) DS-GVO (data pro­ces­sing on the basis of a balance of inte­rests); this also applies to pro­fil­ing based on this pro­vi­sion within the mea­ning of Art. 4 No. 4 DS-GVO which we use for adver­ti­sing purposes.

If you object, we will no lon­ger pro­cess your per­so­nal data unless we can demons­trate com­pel­ling legi­ti­mate grounds for the pro­ces­sing which over­ride your inte­rests, rights and free­doms, or the pro­ces­sing ser­ves the pur­pose of asser­ting, exer­cis­ing or defen­ding legal claims.

In indi­vi­dual cases, we pro­cess your per­so­nal data to con­duct direct mar­ke­ting. You have the right to object at any time to the pro­ces­sing of per­so­nal data con­cer­ning you for the pur­po­ses of such adver­ti­sing; this also applies to pro­fil­ing, inso­far as it is rela­ted to such direct adver­ti­sing. If you object to pro­ces­sing for direct mar­ke­ting pur­po­ses, we will no lon­ger pro­cess your per­so­nal data for these purposes.

The objec­tion can be made form-free and no trans­mis­sion costs other than those accor­ding to the prime rates will be incurred.

If pos­si­ble, the objec­tion should be addres­sed to:

Monika Heimann, Michael Schütz
Pol­ler Kirch­weg 78–90
51105 Colo­gne, Germany
Phone: 0221 1699 6356

8. To what extent is there automated decision-making in individual cases, including profiling?

In the con­text of acces­sing our web­site or in the con­text of cont­ac­ting us by form or e‑mail, we do not use fully auto­ma­ted decis­ion-making pur­su­ant to Art. 22 DS-GVO. Should we use these pro­ce­du­res in indi­vi­dual cases, we will inform you about this sepa­ra­tely if this is requi­red by law.

We do not pro­cess your data auto­ma­ti­cally with the aim of eva­lua­ting cer­tain per­so­nal aspects (pro­fil­ing).

9. Is there an obligation for me to provide data?

Within the scope of our web­site, you must pro­vide the per­so­nal data that is requi­red for the use of our web­site for tech­ni­cal or IT secu­rity reasons. If you do not pro­vide the afo­re­men­tio­ned data, you will not be able to use our website.

When cont­ac­ting us by e‑mail, you only have to pro­vide the per­so­nal data that is requi­red to pro­cess your inquiry. Other­wise, we will not be able to pro­cess your request.

10. Cookies & Google Analytics — are not used

We do not use coo­kies on our web­sites to reco­gnize visi­tors. We do not use any tools to mea­sure reach or ana­lyze visitors.

11. Links to social media platforms via the “Shariff” solution

We offer you the option of using so-cal­led “social media but­tons” on our web­site. To pro­tect your data, we rely on the “Sha­riff” solu­tion for imple­men­ta­tion. This means that these but­tons are only inte­gra­ted on the web­site as a gra­phic that con­ta­ins a link to the cor­re­spon­ding web­site of the but­ton pro­vi­der. By cli­cking on the gra­phic, you are thus redi­rec­ted to the ser­vices of the respec­tive pro­vi­der. Only then will your data be sent to the respec­tive providers.

Unless you click on the gra­phic, no exch­ange of any kind takes place bet­ween you and the pro­vi­ders of the social media but­tons. Infor­ma­tion about the coll­ec­tion and use of your data in the social net­works can be found in the respec­tive terms of use of the cor­re­spon­ding pro­vi­ders. You can find more infor­ma­tion about the Sha­riff solu­tion here:

We have inte­gra­ted the social media but­tons of the fol­lo­wing com­pa­nies on our website:

  • Face­book Inc. (1601 S. Cali­for­nia Ave — Palo Alto — CA 94304 — USA)
  • XING AG (Gän­se­markt 43 — 20354 Ham­burg — Germany)
  • Twit­ter Inc. (795 Fol­som St. — Suite 600 — San Fran­cisco — CA 94107 — USA)
  • Lin­ke­dIn Cor­po­ra­tion (2029 Stier­lin Court — Moun­tain View — CA 94043 — USA)

12. Embedded YouTube videos via WP YouTube Lyte

We may use embedded You­Tube videos. You­Tube is a ser­vice of Google Inc, Amphi­theatre Park­way, Moun­tain View, CA 94043, USA. We use the WP You­Tube Lyte plug-in for this pur­pose. This means that on the pages where videos are embedded, you will only see a pre­view image that is stored on our own ser­vers. This means that sim­ply visi­ting a page on which videos are embedded does not pass on any per­so­nal data to YouTube.

The plugin only estab­lishes a con­nec­tion to You­Tube when you as a user actively click the play but­ton. Google its­elf is respon­si­ble for the data pro­ces­sing descri­bed below. When you click the play but­ton, You­Tube recei­ves the infor­ma­tion that you have acces­sed the cor­re­spon­ding sub­page of our web­site and data on loca­tion (GPS data), IP address and devices used, inclu­ding infor­ma­tion about objects near your device, such as WLAN access points, radio masts and Blue­tooth-enab­led devices, as well as sen­sor data from your device. This is done regard­less of whe­ther you are log­ged in to Google or You­Tube. If you are log­ged in, howe­ver, your data may be assi­gned to your account. If you do not want the assign­ment with your pro­file on You­Tube, you must log out before acti­vat­ing a video. You­Tube stores your data in the event that you are log­ged in as user pro­files and uses them for pur­po­ses of pro­vi­ding the ser­vices, main­tai­ning and impro­ving the ser­vices, mea­su­ring per­for­mance, deve­lo­ping new ser­vices and pro­vi­ding per­so­na­li­zed ser­vices, inclu­ding con­tent and adver­ti­se­ments. You have the right to object to the crea­tion of these user pro­files, and you must cont­act You­Tube to exer­cise this right.

In accordance with Art. 6 Para. 1 lit. a DS-GVO, the data is only pro­ces­sed on the basis of your express consent.

The pro­ces­sing of data also takes place in the USA within the scope of this ser­vice. The infor­ma­tion is usually trans­fer­red to a Google ser­ver in the USA and stored there. There are cor­re­spon­ding risks asso­cia­ted with the pro­ces­sing of your data in the USA. By giving your con­sent, by cli­cking on an embedded You-Tube video, you con­sent to the pro­ces­sing of your data in the USA, despite poten­tial access by US aut­ho­ri­ties, Art. 49 para. 1 lit. a DS-GVO.

For more infor­ma­tion on the pur­pose and scope of data coll­ec­tion and its pro­ces­sing by You­Tube, please refer to Google’s pri­vacy infor­ma­tion at An opt-out from per­so­na­li­zed adver­ti­sing is available under

13. Online group discussions or one-on-one interviews, meetings, and webinars via Zoom

For online mee­tings (one-on-one, group mee­tings or work­shops), online mee­tings and web­i­nars, we use “Zoom Mee­tings” and “Zoom Web­i­nars”, pro­ducts of Zoom Video Com­mu­ni­ca­ti­ons Inc, 55 Alma­den Blvd, Suite 600, San Jose, CA 95113, USA ( We chose this pro­ces­sor after revie­w­ing a great many ven­dors because it offers the best com­bi­na­tion of qua­lity, func­tion­a­lity, ease of use, and pri­vacy friendliness.

  • Zoom Video Com­mu­ni­ca­ti­ons Inc. under­ta­kes to com­ply with all pro­vi­si­ons in accordance with the Euro­pean Data Pro­tec­tion Regu­la­tion (GDPR) (more infor­ma­tion).
  • All calls through Zoom are also secu­red by encryp­tion and pass­word pro­tec­ted. The pri­vacy policy of Zoom Video Com­mu­ni­ca­ti­ons Inc. can be found here:
  • There is a data pro­ces­sing agree­ment bet­ween INNCH and Zoom Video Com­mu­ni­ca­ti­ons Inc. based on the EU stan­dard con­trac­tual clau­ses, which obli­gate the con­trac­tual part­ner to com­ply with the Euro­pean level of data protection.
  • As com­ple­men­tary safe­guards, we have fur­ther con­fi­gu­red our Zoom to pro­cess data only via Euro­pean ser­vers and secure third count­ries for the pur­pose of con­duc­ting online mee­tings and webinars.

When using “Zoom”, your login data (first name, last name, e‑mail address) is pro­ces­sed by Zoom. In addi­tion, the pro­ces­sor only coll­ects data that is neces­sary for the tech­ni­cal pro­vi­sion of the ser­vice. This may include your IP address, the ope­ra­ting sys­tem you use and other device details, as well as mee­ting meta­data (e.g. date, time and dura­tion of the mee­ting). Howe­ver, the pro­ces­sor does not coll­ect any infor­ma­tion or con­tent trans­mit­ted during con­ver­sa­ti­ons or chats.

You may have the option to use the chat or ques­tion and ans­wer func­tion in a web­i­nar. The text input you pro­vide may be picked up in the web­i­nar (read aloud and ans­we­red by us) and used for the pur­pose of fol­lo­wing up on the webinar.

For online group dis­cus­sions and indi­vi­dual inter­views, the legal basis for pro­ces­sing data via the pro­ces­sors is Art. 6 (1) lit. a DS-GVO, i.e. your express writ­ten con­sent. If the inter­views are recor­ded — with your expli­cit and writ­ten con­sent — then they will be secu­rely stored exclu­si­vely on our own com­pu­ters and only used in accordance with the pur­po­ses agreed with you. They will be dele­ted as soon as the pur­pose has been fulfilled.

For online mee­tings, the legal basis is Art. 6 (1) lit. b DS-GVO, inso­far as the mee­tings are held in the con­text of con­trac­tual relationships.

If no con­trac­tual rela­ti­onships exist for online mee­tings or web­i­nars, the legal basis is Art. 6 (1) lit. f DS-GVO. Here, our inte­rest is in the effec­tive imple­men­ta­tion of online mee­tings and webinars.

14. Comment function

If you leave a com­ment in our blog Kul-Tick, in addi­tion to your com­ment, the time of crea­tion and, if appli­ca­ble, the name or pseud­onym vol­un­t­a­rily used by you will be stored and published on the web­site. In addi­tion, your IP address is stored on the basis of our legi­ti­mate inte­rests within the mea­ning of Art. 6 para. 1 lit. f. DS-GVO will be stored for 7 days. This is done for our secu­rity in case someone lea­ves unlawful con­tent in comm­ents and posts (insults, pro­hi­bi­ted poli­ti­cal pro­pa­ganda, etc.). In this case, we our­sel­ves can be pro­se­cu­ted for the com­ment or post and are the­r­e­fore inte­res­ted in the iden­tity of the author.

The data pro­vi­ded in the con­text of comm­ents and posts, will be stored by us until the objec­tion of the user permanently.

15. Online offers on other websites and social networks

In addi­tion to our own web­sites lis­ted above in this state­ment, you will also find pre­sen­ces of our com­pany on web­sites of other pro­vi­ders or in social net­works. These include our pro­files on Xing, Lin­ke­dIn, Insta­gram, You­Tube, ent­ries in online busi­ness direc­to­ries such as Google Search/Google Maps and the decen­tra­li­zed net­work Mast­o­don (none of these ser­vices, howe­ver, is inte­gra­ted into our own pages, so that no data is coll­ec­ted by the services/networks when you use our pages).

We use these ser­vices and net­works on the basis of our legi­ti­mate inte­rest pur­su­ant to Art. 6 (1) lit. f DS-GVO to pre­sent our com­pany publicly, to publish news and cont­act infor­ma­tion about our com­pany and to give users the oppor­tu­nity to enter into a direct exch­ange with us. Under cer­tain cir­cum­s­tances, you have given con­sent to the plat­form ope­ra­tor to pro­cess your data, in which case the legal basis is Art. 6 (1) lit. a DS-GVO.

Please note: If you use these ser­vices or social net­works, then the pro­vi­ders may also use your data for their own pur­po­ses, inclu­ding for their own adver­ti­sing and mar­ket rese­arch pur­po­ses or to create usage pro­files in order to play per­so­na­li­zed adver­ti­sing to you. For this pur­pose, coo­kies may also be stored on your com­pu­ter when you browse the pages of these pro­vi­ders, with the help of which your usage beha­vior is recor­ded. Under cer­tain cir­cum­s­tances, data pro­ces­sing may also affect per­sons who are not regis­tered as users with the respec­tive social media plat­form. The pro­ces­sing may also take place out­side the Euro­pean Union. This is asso­cia­ted with risks for users, as it may be more dif­fi­cult to enforce their own rights. We have no influence over the type and scope of data pro­ces­sing by these services/platforms for their own pur­po­ses. US services/platforms that offer gua­ran­tees for a secure level of data pro­tec­tion under­take to com­ply with the stan­dards of Euro­pean data pro­tec­tion (DS-GVO).

In part, gene­ral sta­tis­ti­cal (anony­mous) data is also retrie­va­ble for us. The use of this data is based on our legi­ti­mate inte­rest accor­ding to Art. 6 para. 1 lit. f DS-GVO. For more infor­ma­tion about data pro­ces­sing in con­nec­tion with the use of our offers on social media plat­forms, your opti­ons to object (opt-out) and the asser­tion of your rights to infor­ma­tion, please refer to the data pro­tec­tion state­ments of the rele­vant plat­form ope­ra­tors lis­ted below. You are also wel­come to cont­act us directly if you need help with this.

XING AG, Damm­tor­straße 29–32, 20354 Ham­burg, Germany
Pri­vacy policy:

Lin­ke­dIn Ire­land Unli­mi­ted Com­pany, Wil­ton Place, Dub­lin 2, Irland
Pri­vacy policy:

Google LLC, 1600 Amphi­theatre Park­way, Moun­tain View, CA 94043, USA
Pri­vacy policy:

Insta­gram, Meta Plat­forms Ire­land Ltd., 4 Grand Canal Square, Grand Canal Har­bour, Dub­lin 2, Ireland
Pri­vacy policy:

Mast­o­don gGmbH, Müh­len­straße 8a, 14167 Ber­lin, Germany
Pri­vacy policy:
Mastodon-Server:, 302 Man­hat­tan place, 130 Bree St, Cape Town, 8001, Wes­tern Cape, South Africa
Pri­vacy policy:

If you do not wish your data to be pro­ces­sed by the pro­vi­ders of the afo­re­men­tio­ned services/platforms, you can also com­mu­ni­cate with us at any time by other means, e.g. directly by e‑mail or tele­phone, or via the com­ment func­tion on our own pages.