Privacy policy
Status: 09.09.2025
We are committed to the security of personal data. We take appropriate security measures to limit the misuse of and unauthorized access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected and that our security measures are regularly reviewed.
1. controller (Art. 4 No. 7 GDPR)
D.I.M. GmbH – Deutsches Institut für Motivation
Paulinstraße 89, 54292 Trier, Germany
Phone: +49 651 991 943 97
E-mail: info@dim.sc
Authorized representative: Andrea Badry
2. data protection officer (Art. 37 ff. GDPR)
A data protection officer has not been appointed as the legal requirements are not currently met.
3. general information on data processing
- Purposes: Operation and provision of the website, communication, administration of memberships, organization of events/webinars, newsletter dispatch, fulfillment of legal obligations.
- Legal bases: Art. 6 para. 1 lit. a (consent), lit. b (contract/membership-related measures), lit. c (legal obligation), lit. f (legitimate interest), possibly Art. 9 para. 2 (special categories, only in exceptional cases).
- Recipients/categories: IT service providers/hosters, payment service providers/banks, tax consultants, newsletter and video conference providers, processors pursuant to Art. 28 GDPR.
- Third country transfer: See section 10.
- Obligation to provide: If required for conclusion of contract/membership; without provision, a contract/membership application cannot be processed.
- Automated decisions/profiling: do not take place (Art. 22 GDPR).
4. visiting our website (server logs)
Data types: IP address, date/time, time zone, URL, referrer URL, user agent (browser/OS), provider if applicable.
Purpose: Ensuring technical functionality, IT security (defense against attacks), error analysis.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in secure operation).
Storage period: 7 days; beyond this only in individual cases if events require longer storage for evidence purposes.
Recipient: hosting.de (order processing according to Art. 28 GDPR).
5. cookies, local storage & consent management
We use necessary cookies/LocalStorage/SessionStorage to provide the website and – with consent – optional cookies (e.g. statistics, external media).
Legal basis:
- Necessary: Art. 6 para. 1 lit. f GDPR in conjunction with § 25 para. 2 no. 2 TTDSG.
- Optional: Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG (consent via consent tool).
Consent tool: We use Complianz. You can change/revoke your consent in the consent tool at any time with effect for the future.
Storage duration: varies depending on the tool and cookie; details in the consent tool under “Cookie details”.
Note: Deactivation purely on the browser side does not replace the obligation to consent to optional cookies.
6. services & integrations used
Read section 10 with US providers.
6.1 Google Fonts
- Variant A (locally hosted): We use Google Fonts locally. There is no connection to Google servers.
6.2 Embedding external media (e.g. YouTube videos, Vimeo)
- Purpose: Presentation of moving image content.
- Data types: IP address, device/browser data, cookie IDs if applicable.
- Legal basis: Consent (Art. 6 para. 1 lit. a GDPR; § 25 para. 1 TTDSG).
- Third country transfer: possible; see section 10.
- Note: We use the data protection-friendly “no-cookie mode” where possible (where available).
6.3 Web analysis
- Google Analytics 4: Use only with consent; IP anonymization; Order processing; Data transfer to third countries if necessary; Legal basis: Art. 6 para. 1 lit. a GDPR; § 25 para. 1 TTDSG.
7. contact (e-mail, forms)
Data types: Name, contact data, content data, metadata.
Purpose: Processing the request, communication, documentation.
Legal basis: Art. 6 para. 1 lit. b (pre-contractual/contractual), lit. f (general communication).
Storage period: according to purpose; correspondence with business reference generally up to 6 years (§ 257 HGB).
8. registration/membership & SEPA direct debit
Data types: Master data (name, title, address, country), communication data (e-mail, telephone), bank data (IBAN/BIC), membership category, subscription periods, correspondence.
Purposes: Initiation/establishment/execution/termination of membership; debiting and administration of membership fees; accounting/tax; member communication.
Legal bases:
- Art. 6 para. 1 lit. b GDPR (contract/membership),
- Art. 6 para. 1 lit. c GDPR (statutory retention obligations, e.g. AO/HGB),
- Art. 6 para. 1 lit. f GDPR (internal administration, prevention of abuse).
Recipient: Bank/payment service provider, IT/membership administration service provider if applicable (order processing), tax consultancy.
Storage period: Contracts and tax-relevant documents generally 10 years; other contract data until the expiry of any claims (regularly 3 years from the end of the year).
Mandatory information: Bank details are required for SEPA direct debit; without these, the membership fee cannot be collected.
9 Newsletter & electronic communication
Registration (double opt-in): We will send you a confirmation e-mail after registration. Only then will you receive the newsletter.
Data types: e-mail address, optional name; technical measurement data (e.g. openings/clicks) to measure success only with consent.
Legal basis: Art. 6 para. 1 lit. a GDPR; § 7 UWG.
Service provider: MailerLite, order processing; location EU; see section 10 for third country transfer.
Revocation: at any time via the unsubscribe link or e-mail to us; the legality until revocation remains unaffected.
Storage period: until revocation; proof of consent (opt-in protocols) up to 3 years from revocation (Art. 6 para. 1 lit. f GDPR, evidence purposes).
10. data transfers to third countries (Art. 44 et seq. GDPR)
If we use services from providers outside the EEA (e.g. USA):
- Transfers only take place if an adequacy decision (e.g. EU-US Data Privacy Framework) exists or suitable guarantees within the meaning of Art. 46 GDPR (in particular EU standard contractual clauses) have been agreed and – if necessary – additional measures have been implemented.
- Note: Risks may remain in individual cases despite measures (e.g. official access under US law).
Specific information can be found in the sections on the respective services and in the consent tool.
11. order processing (Art. 28 GDPR)
We use carefully selected processors and have concluded contracts with them in accordance with Art. 28 GDPR. Categories: Hosting & infrastructure, maintenance/support, newsletter distribution, member administration, video conferencing, web analytics, consent management.
12. security of the processing (Art. 32 GDPR)
We take technical and organizational measures (TOM), including access restrictions/roles, encryption (TLS), pseudonymization where possible, data backups, logging, deletion concepts, need-to-know principle, confidentiality agreements and regular awareness-raising.
13. storage period/deletion (Art. 5 para. 1 lit. e GDPR)
We only process personal data for as long as it is necessary for the purpose or as long as there are statutory retention periods (in particular AO/HGB). Once the purpose has been achieved/the deadline has expired, data is deleted or anonymized; if necessary, processing is restricted.
14. obligation to provide personal data
Certain information is required for membership, SEPA direct debit or contractual relationships. Without this information, it is not possible to conclude a contract or provide services.
15. rights of the data subjects (Art. 12-22 GDPR)
You have – under the legal requirements – the right to:
- Access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection to processing on the basis of Art. 6(1)(e/f) (Art. 21) and withdrawal of consent (Art. 7(3)).
- You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR), e.g. the State Commissioner for Data Protection of Rhineland-Palatinate.
Objection pursuant to Art. 21 GDPR:
You can object at any time, on grounds relating to your particular situation, to processing which we base on Art. 6 (1) (f) GDPR; this also applies to profiling based on this. In the case of direct advertising, you have the right to object at any time without giving reasons.
Contact for exercising rights: by e-mail to info@dim.sc or by post (see responsible person).
16. social media presences (Art. 26 GDPR – joint responsibility)
We maintain appearances on [LinkedIn/YouTube/…]. When visiting them, the respective terms of use and privacy policies of the providers apply.
Data types: Usage/interaction data, communication content, profile and statistical data (insights).
Legal basis: Art. 6 para. 1 lit. f (communication/public relations), if applicable lit. a (consent).
Shared responsibility (e.g. page insights with Meta/LinkedIn): Information on the distribution of roles is provided by the respective provider.
17. events, online meetings & webinars
Provider: Zoom
Data types: master and contact data, meeting metadata (topic, time, duration), content data (chat, audio/video – only if activated), dial-in data.
Purpose: Organization of lectures, meetings, workshops/webinars.
Legal basis: Art. 6 para. 1 lit. b (contractual/participation-related), lit. f (organization), possibly lit. a (recording with consent).
Third country transfer: possible depending on the provider; see section 10.
Recording: only takes place after prior, transparent information and express consent.
18. minors
Our offers are not aimed at children under the age of 16. The consent of minors requires the consent of their legal guardian (Art. 8 GDPR).
19. changes to this privacy policy
We will adapt this declaration if the legal situation, services or processes change. The version available on this website applies.
Appendix A: Cookie/storage overview
| Provider/tool | Purpose | Type | Storage duration | Legal basis |
| Compliance | Consent management | Cookie/LocalStorage | 1 year | Art. 6 para. 1 lit. c/f; § 25 para. 2 TTDSG |
| WordPress Session | Session management/CSRF protection | Session cookie | Session | Art. 6 para. 1 lit. f; § 25 para. 2 TTDSG |
The following cookies are technically necessary cookies.
Cookies from WordPress
| NAME | PURPOSE | VALIDITY |
| wordpress_test_cookie | This cookie determines whether the use of cookies has been deactivated in the browser. Storage duration: Until the end of the browser session (is deleted when you close your Internet browser). | Session |
| PHPSESSID | This cookie saves your current session with regard to PHP applications and thus ensures that all functions of this website that are based on the PHP programming language can be displayed in full. Storage duration: Until the end of the browser session (is deleted when you close your Internet browser). | Session |
| wordpress_akm_mobile | These cookies are only used for the WordPress administration area. | 1 year |
| wordpress_logged_in_akm_mobile | These cookies are only used for the administration area of WordPress and do not apply to other site visitors. | Session |
| wp-settings-akm_mobile | These cookies are only used for the administration area of WordPress and do not apply to other site visitors. | Session |
| wp-settings-time-akm_mobile | These cookies are only used for the administration area of WordPress and do not apply to other site visitors. | Session |
| from | is used for A/B testing of new functions. | Session |
| akm_mobile | Saves whether the visitor wants the mobile version of a website to be displayed. | 1 day |
Cookies from DSGVO AIO for WordPress
| NAME | PURPOSE | VALIDITY |
| dsgvoaio | This LocalStorage key / value stores which services the user has agreed to or not. | variable |
| _uniqueuid | This LocalStorage key / value stores a generated ID so that the opt-in / opt-out actions of the user can be documented. The ID is stored anonymously. | variable |
| dsgvoaio_create | This LocalStorage key / value saves the time at which _uniqueuid was generated. | variable |
| dsgvoaio_vgwort_disable | This LocalStorage Key / value stores whether the VG Wort Standard service is permitted or not (setting of the site operator). | variable |
| dsgvoaio_ga_disable | This LocalStorage key / value stores whether the Google Analytics Standard service is permitted or not (setting of the website operator). | variable |