Skip to content

Privacy Policy

Deutsche Version

1. Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you.

Data Collection on This Website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find the operator's contact details in the Legal Notice section of this website.

How do we collect your data?
Your data is collected when you provide it to us. This could be data you enter in a contact form, for example. Other data is collected automatically by our IT systems when you visit the website. This is primarily technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.

What do we use your data for?
Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?
You have the right to receive information about the origin, recipient, and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. For this purpose and for further questions on the subject of data protection, you can contact us at any time at the address given in the Legal Notice. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

2. Hosting

External Hosting

The static website (HTML, CSS, images) is hosted by Gandi SAS, 63-65 Boulevard Masséna, 75013 Paris, France (Gandi Simple Hosting, data center in France). Personal data generated automatically when visiting the site (IP addresses, browser information, referrer URLs, timestamps, and other server log data) is stored on Gandi's servers.

Our API backend (api.aideci.de), which receives form submissions, manages the email queue, and processes Zoom webhooks, runs separately on a virtual server at Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (Nuremberg data center). Data processed there includes server log files, form submissions during processing, and webinar registration queues retained on the server until the retention periods described in Section 4 have elapsed.

External hosting is carried out for the purpose of contract fulfillment towards our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of secure, fast, and efficient provision of our online offer by professional providers (Art. 6 para. 1 lit. f GDPR). Data is processed by both providers exclusively within the EU. Data processing agreements are in place with both.

3. General Information and Mandatory Information

Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.g., when communicating by email) may have security gaps. Complete protection of data against access by third parties is not possible.

Information About the Responsible Party

The party responsible for data processing on this website is:

Nils Boeffel
Management Consulting
Böhmerwaldstr. 9
85570 Markt Schwaben
Germany

Phone: +49 8121 250 6418
Email: info@boeffel.net

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration

Unless a more specific storage period has been stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, deletion will take place after these reasons cease to apply.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. An informal message by email to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged violation. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Information, Deletion, and Correction

Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipient, and the purpose of data processing, and, if applicable, a right to correction or deletion of this data at any time. For this purpose and for further questions on the subject of personal data, you can contact us at any time at the address given in the Legal Notice.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. For this purpose, you can contact us at any time at the address given in the Legal Notice.

Objection to Promotional Emails

We hereby object to the use of contact data published within the scope of the imprint obligation for the purpose of sending unsolicited advertising and information materials. The operators of this website expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.

4. Data Collection on This Website

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of server request
  • IP address

This data is not merged with other data sources. The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of their website - for this purpose, the server log files must be collected.

Inquiry by Email or Contact Form

If you contact us by email or contact form, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR if your inquiry is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this was requested.

The data you send to us via contact inquiries will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Online Forms

This website offers several forms that collect personal data:

  • AI Readiness Assessment — collects your email address, name (optional), and your responses to six assessment questions (scores from 1 to 5). Used to provide your personalized assessment results and, if requested, to send them by email.
  • Book notification — collects your email address and name (optional). Used to notify you when the book becomes available.
  • Webinar registration — collects your email address, name, and session preferences. Used to confirm your registration and send webinar access details.

Each form requires your explicit consent via a checkbox before submission. Newsletter subscription is always offered as a separate, optional opt-in with its own checkbox.

When you submit a form, your data is transmitted via our API backend (Hetzner VPS, see Section 2) to Brevo, our email service provider, where it is stored for the purposes described above (see Section 5: Data Processors).

Legal basis: Art. 6 para. 1 lit. a GDPR (consent) for newsletter subscriptions. Art. 6 para. 1 lit. b GDPR (contract performance) for delivering assessment results, book notifications, and webinar registration confirmations.

Consent logging: With every consent we store the following evidentiary data on the Brevo contact record: (1) a timestamp of the consent act (CONSENT_DATE); (2) the privacy-policy version identifier (CONSENT_VERSION, e.g. v2026-04.1, matching the "Last updated" date at the bottom of this page); (3) a cryptographic SHA-256 fingerprint of the exact checkbox consent text you saw (CONSENT_TEXT_HASH); and (4) the IP address from which the consent was given (CONSENT_IP). Legal basis for this logging is Art. 7(1) GDPR (controller's burden of proof that consent was given). This data is retained only for this purpose and deleted with the contact if you request deletion or when the retention periods stated in this policy expire.

Retention: Assessment contacts are retained until you request deletion or for up to 3 years of inactivity. Book notification contacts are deleted within 30 days after the notification has been sent. Webinar contacts are retained for up to 6 months after the webinar. Newsletter subscribers remain until they unsubscribe. You can request deletion at any time by contacting us.

5. Data Processors

We use the following third-party service providers (data processors within the meaning of Art. 28 GDPR) to operate this website and deliver our services:

Brevo (Sendinblue SAS)

We use Brevo (Sendinblue SAS, 106 boulevard Haussmann, 75008 Paris, France) for email marketing and contact management. When you submit a form on this website, your data (email address, name, and form-specific data such as assessment scores) is stored in Brevo to deliver the requested service (assessment results, book notifications, webinar confirmations) and, if you opted in, newsletter emails.

Brevo stores data on servers within the EU. A data processing agreement is in place as part of Brevo's terms of service. For more information, see Brevo's Terms of Use.

Gandi SAS (website hosting)

The static website content is served by Gandi SAS, 63-65 Boulevard Masséna, 75013 Paris, France (Gandi Simple Hosting). Gandi receives IP addresses, browser information, referrer URLs, and timestamps in the form of server log files when visitors access the site.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in reliable website operation).

Data is processed exclusively within the EU (France). A data processing agreement is in place. For more information, see Gandi's Terms of Service.

Hetzner Online GmbH (API hosting)

Our API backend (api.aideci.de) runs on a virtual server at Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (Nuremberg data center). Form submissions are received by this server and forwarded to Brevo. Server log files (IP addresses, timestamps, request metadata) accumulate on the server. Webinar registration queues are also retained on the server until the corresponding messages are delivered and the retention periods in Section 4 have elapsed.

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance) and Art. 6 para. 1 lit. f GDPR (legitimate interest in secure, performant infrastructure).

Data is processed exclusively within the EU (Germany). A data processing agreement is in place. For more information, see Hetzner's Privacy Policy.

Zoom Video Communications

We use Zoom (Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA) to conduct online webinars. When you register for a webinar on this website, you receive a Zoom meeting link by email. Participation takes place in the Zoom application or web client — no Zoom content is embedded on this website.

When you join a Zoom meeting, Zoom processes the following data: your name and email address (as provided during registration), IP address, device and browser information, and, if applicable, audio and video data. We receive participant reports from Zoom after each meeting (email address, join/leave times) to track attendance.

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance — delivering the webinar you registered for).

Data transfer: Zoom is a US-based company. Data transfers to the US are safeguarded by Standard Contractual Clauses (SCCs) as part of Zoom's Global Data Processing Addendum. For more information, see Zoom's Privacy Policy.

Migadu-Mail GmbH (email hosting for @aideci.de)

Our email mailboxes under @aideci.de (including info@, webinar@, noreply@) are hosted by Migadu-Mail GmbH, Rohnen 587, CH-9414 Schachen, Switzerland. When you send an email to an @aideci.de address, your message (sender address, subject, content) is received and stored on Migadu's mail servers.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in operating business email communication).

Data is processed in Switzerland. Switzerland is covered by an adequacy decision of the European Commission (Art. 45 GDPR), so the level of data protection is deemed equivalent to that of the EU. A data processing agreement is in place. For more information, see Migadu's Privacy Policy.

INWX (email hosting for @boeffel.net)

Mailboxes under the @boeffel.net domain — including info@boeffel.net, the contact address listed in the Legal Notice — are hosted by INWX (INWX GmbH & Co. KG, Zweigniederlassung Berlin, Koppenstr. 42, 10243 Berlin, Germany). For example, when you send a privacy request to info@boeffel.net, INWX receives and stores your message.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in operating business email communication).

Data is processed exclusively within the EU (Germany). A data processing agreement is in place. For more information, see INWX Privacy Policy.

Anthropic, PBC (AI assistant for operational tasks)

As part of day-to-day operations, the controller (Nils Boeffel) uses the AI assistant Claude, provided by Anthropic, PBC, San Francisco, CA, USA, for tasks such as drafting content, classifying incoming messages, and administration/automation work. Personal data you have shared with us (e.g. name, email address, message content) may be transmitted to Anthropic where necessary for the specific task. Transmission happens on a per-task basis and is limited to what is needed for that step.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient operation of a small consulting / content business).

Data transfer: Anthropic is a US-based company. Transfers to the US are safeguarded by Standard Contractual Clauses (SCCs, Art. 46 GDPR) under the Anthropic Data Processing Addendum.

Training use and retention: Under Anthropic's API terms, customer data submitted via the API is not used by default to train models. Anthropic retains API data for up to 30 days for trust and safety purposes and then deletes it. For more information, see Anthropic's Commercial Terms of Service and Data Processing Addendum.

6. Social Media

Social Media Links

Links to our profiles on social networks are included on our website (e.g., LinkedIn, YouTube, Substack). These links are designed as simple hyperlinks and do not load any content or tracking scripts from the respective platforms as long as you do not click on the link. Only when you click on such a link and visit the corresponding platform do their privacy policies apply.

7. Cookies and Tracking

This website does not set any cookies for marketing, analytics, or tracking purposes. We do not use tracking services such as Google Analytics, Matomo, or Facebook Pixel. Strictly necessary session cookies (e.g., to protect admin areas) may be set without consent under § 25 para. 2 TTDSG.

Last updated: April 2026 (version v2026-04.1)