top of page

Privacy Policy

The following are responsible for data processing:

 

Alexandra Frot
Gollierplatz 16
80339 Munich
Germany

 

alexandra@frot.de

Telephone: 0152-53602974

 

Anke Lang

Mombacher Str. 68

55122 Mainz

Germany

 

mail@ankelang.com
Telephone: 0177-2708272

We appreciate your interest in our website. Protecting your privacy is very important to us. Below, we provide detailed information about how we handle your data.

1. Access Data and Hosting

You may visit our website without providing any personal information. Each time a page is accessed, the web server automatically stores a server log file containing information such as the name of the requested file, your IP address, date and time of the request, data volume transferred, and the requesting provider (access data). This access data is evaluated solely for the purpose of ensuring smooth operation of the website and improving our services. This serves our legitimate interests, which prevail in the context of a balancing of interests, in the correct presentation of our services in accordance with Art. 6(1)(f) GDPR. All access data is processed only for as long as necessary for the purposes described above.

Hosting

Hosting and website presentation services are provided in part by our service providers as processors on our behalf. Unless otherwise explained in this Privacy Policy, all access data and all data collected via forms on this website are processed on their servers. If you have questions about our service providers and the basis of our cooperation with them, please contact us using the contact details provided in this Privacy Policy.

Our service providers are located in and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection: Israel, United Kingdom, USA. The adequacy decision for the USA serves as the basis for transfers to third countries, provided the respective service provider is certified. Certification is in place.

Our service providers are located in and/or use servers in the following countries: Brazil, Mexico, India, Ukraine. No adequacy decision by the European Commission exists for these countries. Our cooperation with them is based on the following safeguards: Standard Contractual Clauses of the European Union.

2. Data Processing

2.1 Contact

When you contact us (e.g. via contact form or email), we collect personal data on the basis of Art. 6(1)(b) GDPR in order to process your enquiry. Required fields are marked as such, as we need this information to handle your request. Once your enquiry has been fully processed, your data will be deleted, unless you have expressly consented to further use or we are entitled to retain it on another legal basis. After full completion of your customer enquiry, your data will be restricted from further processing and deleted upon expiry of the statutory retention periods pursuant to Art. 6(1)(c) GDPR.

2.2 Applications and Registration for Training Programmes

Prospective participants may apply for our training programmes via forms on our website. These forms are provided by Tally (Tally BV, Antwerpsesteenweg 19, 9080 Lochristi, Belgium). The data you submit (e.g. name, contact details, information on professional qualifications) is transmitted to Tally and forwarded to us from there. The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures). Data is stored for as long as necessary to process your application and is then deleted, unless statutory retention obligations apply.

2.3 Applicant Database

Applicant data is managed in our central database, which we operate using Airtable (Formagrid Inc. dba Airtable, 799 Market St., Suite 500, San Francisco, CA 94103, USA). Transfers to the USA are made on the basis of the EU Standard Contractual Clauses (Art. 46(2)(c) GDPR). We have entered into a Data Processing Agreement with Airtable. Only data necessary for processing your application and programme participation is stored. The legal basis is Art. 6(1)(b) GDPR. Data will be deleted once it is no longer required for the respective purpose, and no later than upon expiry of the statutory retention periods.

2.4 Storage of Sensitive Personal Data

Where we receive sensitive personal data in the course of the application process — in particular information on professional qualifications and therapeutic training — we treat this data with special care and in accordance with applicable law. Where there are indications of legal violations or ongoing investigations, we are obliged to pass this information on to the competent authorities.

2.5 Cooperation with the IFS Institute

We share personal data such as names, email addresses and information on course attendance with the IFS Institute (Foundation for Self Leadership, USA) for the purposes of certification and community development. As the IFS Institute is based in the USA, processing your data may involve a transfer outside the EU. Such transfers are made on the basis of the Standard Contractual Clauses of the European Union pursuant to Art. 46(2)(c) GDPR.

2.6 Storage and Access to Personal Data

All electronic information is stored on secure servers or in secured cloud environments and protected by passwords. Access is restricted to authorised personnel.

You may at any time request that your data be ported, corrected or deleted. Such requests will be processed within one month. For complex requests requiring more time, we will inform you of the reasons and the timeframe.

3. Delivery of Training Programmes

3.1 Video Conferencing and Online Trainings: Zoom

We use Zoom (Zoom Video Communications, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA) to deliver our online and hybrid trainings. Connection data and, depending on settings, audio, video and chat data may be processed. Transfers to the USA are made on the basis of the EU-US Data Privacy Framework as well as, supplementarily, the EU Standard Contractual Clauses. The legal basis is Art. 6(1)(b) GDPR. Recordings are only made with the explicit consent of participants (Art. 6(1)(a) GDPR). For further information, please refer to Zoom's privacy policy at zoom.us/privacy.

3.2 Training Materials: Google Drive

We use Google Drive (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to share training materials between participants, trainers and our team. Personal data (e.g. names and email addresses in connection with shared files) may be processed on servers in the USA. Transfers are made on the basis of the EU-US Data Privacy Framework. We have entered into a Data Processing Agreement with Google. The legal basis is Art. 6(1)(b) GDPR. Files will be deleted after completion of the respective programme once they are no longer required for the respective purpose, and no later than upon expiry of the statutory retention periods.

3.3 Group Communication: Signal

For communication within training groups, we use Signal (Signal Messenger LLC, 650 Castro St., Suite 120-223, Mountain View, CA 94041, USA). Your phone number is processed in order to add you to a training group. Signal is end-to-end encrypted and processes minimal metadata. Participation in the group chat is entirely voluntary. Transfers to the USA are made on the basis of the EU Standard Contractual Clauses. The legal basis is Art. 6(1)(a) GDPR (consent). You may leave the group chat at any time.

4. Payment Processing

We offer PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, 2449 Luxembourg) as a payment option. When you pay via PayPal, your payment data is transmitted to PayPal, which may use it for credit checks. The legal basis is Art. 6(1)(b) GDPR. PayPal's privacy policy is available at paypal.com/de/webapps/mpp/ua/privacy-full.

5. Cookies and Other Technologies

To make visiting our website an attractive experience and to enable certain functions, we use cookies. Cookies are small text files that are automatically stored on your device. Session cookies are deleted when you close your browser; persistent cookies remain on your device and allow us to recognise your browser on your next visit.

Technically necessary cookies required to provide our website do not require your consent. For non-essential cookies, your consent is required pursuant to Art. 6(1)(a) GDPR. You may withdraw any consent given at any time by adjusting your browser settings.

6. Email Marketing

6.1 Newsletter

When you subscribe to our newsletter, we use the data provided to send you our newsletter on a regular basis based on your consent pursuant to Art. 6(1)(a) GDPR. You may unsubscribe at any time via the unsubscribe link in any newsletter or by contacting us directly. Upon unsubscription, we will delete your email address from the mailing list.

We draw your attention to the fact that we analyse your user behaviour when sending the newsletter (newsletter tracking). We evaluate open rates and click rates using single-pixel technologies (e.g. tracking pixels). Data processed in this context includes, among other things, the referrer URL, date and time of access, browser and device type, IP address and email address. This data is stored for as long as you remain subscribed to the newsletter. If you do not wish to be tracked, you may unsubscribe from the newsletter at any time.

6.2 Newsletter Distribution: Brevo

The newsletter is sent via Brevo (Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany). Your email address and any other data you provide will be stored on Brevo's servers. If you have questions about our service providers, please contact us using the contact details provided in this Privacy Policy.

Our service providers are located in and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection: Israel, United Kingdom, USA. The adequacy decision for the USA serves as the basis for transfers to third countries, provided the respective service provider is certified. Certification is in place.

Our service providers are located in and/or use servers in the following countries: Brazil, Mexico, India, Ukraine. No adequacy decision by the European Commission exists for these countries. Our cooperation with them is based on the following safeguards: Standard Contractual Clauses of the European Union.

7. Social Media

We maintain a company page on LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland). Information about your use of our LinkedIn presence is generally transferred to and stored on servers of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA. Where you have given your consent to LinkedIn, your data may be processed for market research and advertising purposes. For further information, please refer to LinkedIn's privacy policy.

Our service providers are located in and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection: USA. The adequacy decision for the USA serves as the basis for transfers to third countries, provided the respective service provider is certified. Certification is in place.

8. Your Rights as a Data Subject

8.1 Your Rights

As a data subject, you have the following rights:

  • pursuant to Art. 15 GDPR, the right to obtain information about your personal data processed by us;

  • pursuant to Art. 16 GDPR, the right to obtain without undue delay the rectification of inaccurate data or the completion of incomplete data;

  • pursuant to Art. 17 GDPR, the right to erasure of your stored data, unless further processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;

  • pursuant to Art. 18 GDPR, the right to restriction of processing;

  • pursuant to Art. 20 GDPR, the right to data portability;

  • pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority, generally in the member state of your habitual residence, place of work or our place of business.

Right to Object

Where we process personal data on the basis of a balancing of interests, you may object to such processing with effect for the future. Where processing is carried out for direct marketing purposes, you may exercise this right at any time. For other purposes, the right to object is only available where you can demonstrate grounds arising from your particular situation. Following the exercise of your right to object, we will cease processing your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, or the processing serves the establishment, exercise or defence of legal claims.

8.2 Contact

For questions about the collection, processing or use of your personal data, as well as for requests relating to information, rectification, restriction, erasure, withdrawal of consent or objection to a specific use of your data, please contact us directly using the contact details provided in our legal notice (Impressum).

9. Updates to this Privacy Policy

This Privacy Policy is dated 1 May 2026. We reserve the right to update it as necessary to ensure it continues to comply with current legal requirements.

bottom of page