Privacy Policy

DTHgroup – Systemic Transformation for People and Organizations
Status: November 2025

1. Data Controller

Simone Unger
An der Waage 4
97264 Helmstadt
Germany
Email: contact@dth-group.com

2. General Information

The protection of your personal data is important to us. We process data exclusively in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

The use of this website is generally possible without providing personal data. Personal data is processed only if:

  • you voluntarily provide it (e.g. via forms, newsletters, registrations), or
  • processing is technically necessary.

3. Server Log Files

When visiting this website, our hosting provider ALL-INKL.COM – Neue Medien Münnich automatically collects the following information:

  • browser type and version
  • operating system
  • referrer URL
  • IP address (shortened)
  • date and time of access
  • pages accessed

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure operation of the website).

4. Cookies & Consent Management

This website uses a consent management tool (e.g. Complianz) to store your cookie preferences and obtain legally compliant consent.

Legal basis:

  • Art. 6(1)(c) GDPR (legal obligation)
  • Art. 6(1)(a) GDPR (consent for optional cookies)

You may revoke your consent at any time via the cookie settings.

5. Web Analytics – Matomo (Self-Hosted)

We use Matomo on our own server.

  • No data is transmitted to third parties.

Collected data includes:

  • anonymised IP address
  • page views
  • duration of visits
  • technical data (browser, device)

IP addresses are anonymised immediately.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in optimisation).

6. Local Fonts

All web fonts used are hosted locally.
No connection to external providers (e.g. Google Fonts) is established.

Legal basis: Art. 6(1)(f) GDPR

7. Forms, Surveys, Project Participation & Scientific Support (Formidable Forms)

We use Formidable Forms for contact requests, project registrations, feedback, pilot project applications and scientific surveys. Data is stored exclusively on our server at ALL-INKL.COM.

Processed data (depending on the form):

  • first and last name
  • email address
  • telephone number
  • information about schools, organisations or institutions
  • project-related information
  • responses in surveys and evaluation forms
  • free-text entries

Purposes of processing:

  • handling enquiries
  • conducting joint projects
  • planning pilot phases
  • internal scientific support
  • research, effectiveness measurement and quality development
  • creation of anonymised evaluations

Scientific support:

  • data is evaluated in pseudonymised or anonymised form
  • no transfer of personal data to third parties

Legal basis:

  • Art. 6(1)(b) GDPR (project/contract)
  • Art. 6(1)(a) GDPR (consent, e.g. for surveys)
  • Art. 6(1)(f) GDPR (legitimate interest)

Storage period:
As long as required for the project or statutory retention obligations.

Revocation:
Possible at any time by contacting: contact@dth-group.com

8. Community / Member Areas (BuddyBoss)

For internal community areas we use BuddyBoss.

Processed data includes:

  • registration data (name, email, password)
  • profile data (photo, information, posts)
  • interactions (comments, messages, groups)
  • technical data (logins, IP addresses)

Data is stored exclusively on our servers.

Legal basis: Art. 6(1)(b) GDPR

9. AI-Supported Tools (FlowBuddy / ChatGPT Integration)

FlowBuddy uses GPT technology provided by OpenAI.

During use, the following data may be transmitted:

  • text inputs
  • technical metadata (timestamps, IP address)

Specific notice:
Please do not enter sensitive health data.

Legal basis: Art. 6(1)(f) GDPR

OpenAI privacy policy:
https://openai.com/policies

10. Online Meetings (Zoom)

We use Zoom for workshops and digital events.

Processed data includes:

  • name, email address
  • IP address
  • audio and video data, where applicable

Zoom may transfer data to the USA based on Standard Contractual Clauses (SCCs).

Zoom privacy policy:
https://explore.zoom.us/de/privacy/

Legal basis: Art. 6(1)(b) GDPR

11. Payment Processing (Stripe, PayPal, Invoice)

11.1 Stripe

Data: name, email address, payment data
Privacy policy: https://stripe.com/de/privacy
Legal basis: Art. 6(1)(b) GDPR

11.2 PayPal

Data: PayPal may transfer data to credit agencies
Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Legal basis: Art. 6(1)(b) GDPR

11.3 Payment by Invoice

Data: name, address, email address, payment status

Legal bases:

  • Art. 6(1)(b) GDPR
  • Art. 6(1)(c) GDPR (tax obligations)

12. Digital Products, Licences & Academy

When purchasing licences or training programmes, we process the following data:

  • name, email address
  • payment data
  • login data
  • learning progress
  • certification status

No data is passed on to third parties.

Legal basis: Art. 6(1)(b) GDPR

13. Distance Learning (FernUSG)

For certified distance learning programmes, certain data must be transmitted to the supervisory authority.

Legal basis: Art. 6(1)(c) GDPR

14. HRflow (Digital Applications)

The HRflow (Beta) app processes exclusively pseudonymised usage data, such as:

  • interaction patterns
  • usage duration
  • colour and movement patterns from CFC/EDPlay
  • anonymous development indicators

No identification of natural persons takes place.

Legal basis: Art. 6(1)(f) GDPR (functional provision and research)

15. ColorFlowCycle™ – HR Dashboard, Employee Inputs & Human Sustainability Reporting

We provide companies with the ColorFlowCycle™ system, consisting of:

  • CFC Corporate Dashboard
  • CFC Payroll Input Tool
  • CFC Employee Input Interface
  • automated reports (Human Sustainability Report)

15.1 Controller for Employee Inputs

Within the meaning of the GDPR, the responsible controller is exclusively the respective company using the system.

We (DTHgroup) process data on behalf of and in accordance with the instructions of the company (Art. 28 GDPR).

15.2 Type of Data Processed

The system does not process personal data, but exclusively:

  • anonymous functional data (colour proportions, scores)
  • time of measurement
  • organisation ID
  • HR indicators (FTE, labour costs per FTE, sick days per FTE, etc.)
  • technical metadata (timestamps, browser behaviour, solely to ensure functionality)

No processing of:

  • names
  • email addresses
  • employee IDs
  • performance data
  • diagnoses
  • health data
  • psychological profiles of natural persons
  • tracking or profiling

15.3 Purpose of Processing

Data is processed exclusively for:

  • measurement of psychological human sustainability indicators
  • creation of anonymised organisational profiles
  • generation of human sustainability reports
  • internal development management within organisations
  • scientific quality assurance (anonymised)

Re-identification of individual persons is technically excluded.

15.4 No Identification of Individuals

The system does not store personal identifiers.
Even the company itself cannot determine which individual made which input.

15.5 Legal Bases

  • Art. 6(1)(f) GDPR (legitimate interest in organisational development and prevention of psychosocial risks)
  • Art. 28 GDPR (data processing agreement – DTHgroup as technical service provider)

15.6 Storage Period

  • anonymous CFC data: 36 months
  • HR indicators: in accordance with statutory retention obligations of the company

No personal data → no deletion request required.

15.7 No Transfer to Third Parties

No data is transferred to:

  • third parties
  • external research
  • marketing
  • analytics platforms

15.8 Security

  • data storage exclusively on European servers
  • encrypted transmission (SSL/HTTPS)
  • access restricted to authorised persons
  • ongoing security audits
  • separation of organisational and system data

An information sheet pursuant to Art. 13 GDPR for employees can be downloaded here.

Notice:
This document must be presented to the works council and made available to all employees before using the app.

A data processing agreement pursuant to Art. 28 GDPR is available to companies upon request.

16. Rights of Data Subjects

You have the following rights:

  • right of access (Art. 15 GDPR)
  • right to rectification (Art. 16 GDPR)
  • right to erasure (Art. 17 GDPR)
  • right to restriction of processing (Art. 18 GDPR)
  • right to data portability (Art. 20 GDPR)
  • right to object (Art. 21 GDPR)

Requests may be addressed to: contact@dth-group.com

17. Right to Lodge a Complaint

Competent authority:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 27, 91522 Ansbach, Germany
https://www.lda.bayern.de

18. SSL Encryption

This website uses SSL encryption (“https://”). Data transmitted cannot be read by third parties.

19. Updates to This Privacy Policy

Status: November 2025
We reserve the right to amend this privacy policy where necessary.

Scroll to Top