Privacy Policy

Effective Date: 02.03.2026
Last Updated: 02.03.2026

1. Controller (Verantwortlicher)

The controller responsible for data processing under Article 4(7) GDPR is:

Dr. Birthe Macdonald
Einzelunternehmen
Am Berge 22
31535 Neustadt am Rübenberge
Email: info@birthemacdonald.com

2. Scope of Application

This Privacy Policy applies to:

  • Visitors of our website

  • Users registering for webinars

  • Subscribers to our journal club

  • Customers purchasing digital services

3. Legal Basis for Processing (Art. 6 GDPR)

We process personal data on the following legal grounds:

  • Art. 6(1)(b) GDPR – Performance of a contract (webinar access, subscription services)

  • Art. 6(1)(c) GDPR – Compliance with legal obligations (tax and accounting law)

  • Art. 6(1)(f) GDPR – Legitimate interests (IT security, fraud prevention, service improvement)

  • Art. 6(1)(a) GDPR – Consent (newsletter marketing, non-essential cookies)

Where processing is based on consent, you may withdraw consent at any time with future effect.

4. Categories of Personal Data Collected

4.1 Data You Provide

  • First and last name

  • Email address

  • Billing address

  • Payment details

  • Account login information

  • Professional credentials (if applicable)

  • Communications and support inquiries

4.2 Data Collected Automatically

  • IP address

  • Date and time of access

  • Browser type and version

  • Operating system

  • Referrer URL

  • Accessed pages

This data is processed to ensure website security and functionality.

5. Purposes of Processing

We process personal data to:

  • Provide webinar access

  • Administer journal club subscriptions

  • Process payments

  • Provide customer support

  • Send transactional communications

  • Send newsletters (with consent)

  • Ensure website security

  • Fulfill legal retention obligations

6. Data Recipients

We share data only when necessary with:

  • Payment service providers

  • Webinar hosting platforms

  • IT hosting providers

  • Email marketing providers

  • Tax and accounting service providers

  • Public authorities (if legally required)

All processors are bound by Data Processing Agreements (Art. 28 GDPR).

7. International Data Transfers

If personal data is transferred outside the EU/EEA, we ensure appropriate safeguards under Chapter V GDPR, including:

  • EU Standard Contractual Clauses (SCCs)

  • Adequacy decisions by the European Commission

8. Data Retention

We retain personal data:

  • Contract data: for the duration of the contract plus statutory retention periods (typically 6–10 years under German commercial and tax law)

  • Marketing data: until consent is withdrawn

  • Technical log data: typically up to 14 days unless required for security investigations

9. Cookies and Consent Management (TTDSG & GDPR)

9.1 What Are Cookies?

Cookies are small text files stored on your device.

Under the TTDSG §25, storing or accessing information on your device requires consent unless strictly necessary.

9.2 Types of Cookies We Use

A) Strictly Necessary Cookies (No Consent Required)

Legal basis: Art. 6(1)(f) GDPR
These enable:

  • Website functionality

  • Login sessions

  • Security measures

  • Payment processing

These cookies cannot be disabled.

B) Functional Cookies (Consent Required)

Legal basis: Art. 6(1)(a) GDPR

Examples:

  • Language preferences

  • Embedded webinar tools

C) Analytics Cookies (Consent Required)

Legal basis: Art. 6(1)(a) GDPR

Used to:

  • Measure website performance

  • Analyze usage patterns

These are only activated after your explicit consent.

D) Marketing Cookies (Consent Required)

Legal basis: Art. 6(1)(a) GDPR

Used to:

  • Send personalized advertising

  • Track marketing effectiveness

9.3 Cookie Consent Banner

When you first visit our website, you are presented with a consent banner that allows you to:

  • Accept all cookies

  • Reject non-essential cookies

  • Customize cookie settings

Consent is:

  • Voluntary

  • Specific

  • Informed

  • Revocable at any time

You may withdraw consent via the “Cookie Settings” link on our website.

We store proof of consent in accordance with Art. 7 GDPR.

10. Your Rights Under GDPR

You have the following rights:

  • Right of access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (“right to be forgotten”) (Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to object (Art. 21 GDPR)

  • Right to withdraw consent (Art. 7(3) GDPR)

To exercise your rights, contact: info@birthemacdonald.com

11. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

The competent authority in Germany is typically the data protection authority of your federal state (Landesdatenschutzbehörde).

A list of German supervisory authorities can be found via:

Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit

12. Data Security

We implement appropriate technical and organizational measures (Art. 32 GDPR), including:

  • SSL/TLS encryption

  • Secure hosting

  • Access restrictions

  • Regular system updates

13. Automated Decision-Making

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.

14. Obligation to Provide Data

Providing personal data for contractual purposes is necessary to conclude a contract. Failure to provide required data may prevent us from providing services.

15. Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy to comply with legal requirements or reflect changes in our services.