Privacy policy

1. Data protection at a glance

General information

The following notes provide a simple overview of what happens to your personal data when you visit our website. Personal data is any data by which you can be personally identified. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.

Data collection on our website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find his contact details in the imprint of this website.

How do we collect your data?
Your data is collected on the one hand by you providing it to us. This can be, for example, data that you enter in a contact form.

Other data is automatically collected by our IT systems when you visit the website. This is mainly technical data (e.g., internet browser, operating system, or time of page view). The collection of this data takes place automatically as soon as you enter our website.

What do we use your data for?
Part of the data is collected to ensure error-free provision of the website. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking, or deletion of this data. For this purpose as well as for further questions on the subject of data protection, you can contact us at any time at the address given in the imprint. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

Third-party analytics and tools

When visiting our website, your surfing behaviour can be statistically evaluated. This is done primarily with cookies and with so-called analysis programs. The analysis of your surfing behaviour is usually anonymous; the surfing behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. You can find detailed information on this in the following data protection declaration.

You can object to this analysis. We will inform you about the objection options in this privacy policy.

2. General information and mandatory information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

When you use this website, various personal data are collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission on the Internet (e.g., communication by email) can have security gaps. A complete protection of the data against access by third parties is not possible.

Note on the responsible body

The data controller for this website is:

Spirit Link GmbH
Röthelheimallee H5
Allee am Röthelheimpark 41
D-91052 Erlangen
Phone: +49 (0) 91 31 / 97 792-0

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke an already given consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right of appeal to the competent supervisory authority

In the event of violations of data protection law, the person concerned has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection issues is the state data protection commissioner of the federal state in which our company is based. A list of the data protection officers and their contact details can be found at the following link:

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Information, blocking, deletion

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if necessary, a right to correction, blocking, or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.

Objection to advertising mails

The use of contact data published within the framework of the imprint obligation for the purpose of sending advertising and information material not expressly requested is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

3. Data protection officer

Data protection officer required by law

Spirit Link GmbH
Gunther Tutein
Allee am Röthelheimpark 41
D-91052 Erlangen

Phone: +49 (0) 91 31 / 97 792-0

4. Data collection on our website


The internet pages partly use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies". They are automatically deleted after the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies enable us to recognise your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g., shopping cart function) are stored on the basis of Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g., cookies to analyse your surfing behaviour) are stored, these will be treated separately in this data protection declaration.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • operating system used
  • referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources.

The basis for data processing is Art. 6 (1) lit. f DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.


This website is hosted on Webflow's Content Delivery Network (CDN). This is a service of Webflow Inc, 398 11th Street, 2nd Floor, San Francisco, California, 94103. The Webflow CDN makes duplicates of a website's data available on various Webflow servers distributed worldwide. This results in faster website loading times, higher reliability, protection against brute force attacks and increased protection against data loss. A large part of the elements and the source code of this website are retrieved from the Webflow CDN when the page is called up. Through this retrieval, your IP address is transferred anonymously to Webflow servers in other EU countries and stored there for 24 hours. This anonymised storage for 24 hours serves as protection against brute force attacks. Tracking or other further processing of this data does not take place. The use of the Webflow CDN is in the interest of higher reliability of the website, increased protection against data loss, protection against brute force attacks and better loading speed of this website. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO.

Webflow Inc. with headquarters in the USA is certified for the us-European data protection agreement "Privacy Shield", which guarantees compliance with the level of data protection applicable in the EU.

You can find Webflow's current privacy policy at:

5. Analysis tools and advertising


Scope of the processing

We use Matomo to analyze the behavior of website visitors to identify potential threats, "Not Found" pages, or search engine indexing issues, or to find out what content is most popular. Once the data is processed (e.g., number of visitors hitting a "Not Found" page, those viewing only a single page, etc.), Matomo generates reports based on which Spirit Link can take action, such as changing the layout of pages, publishing new content ... etc. If you call up individual pages on our website, the following data is processed: IP address, custom dimensions, user location, date and time, title of page viewed, URL of page viewed, URL of page viewed before current page, screen resolution, time in local time zone, country, region, city, main browser language, browser product, and version information (user agent), session record, mouse events (movements, content forms and clicks), and form interactions.

Purpose and legal basis

The processing of the above-mentioned personal data serves the purpose of analysing the usage behaviour and habits of our users so that we can further develop the website and increase its attractiveness, in particular the findability of interesting content and user-friendliness. Our legitimate interest in processing the data lies in these purposes.

Duration of storage and transfer

A storage of personal data does not take place because of the immediate anonymization (see above). Matomo is operated exclusively on our own servers, so no data is transmitted to third parties.

6. Plugins and tools


Our website uses plugins of the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.

When you visit one of our pages equipped with a Vimeo plugin, a connection to the Vimeo servers is established. In the process, the Vimeo server is informed which of our pages you have visited. In addition, Vimeo obtains your IP address. This also applies if you are not logged in to Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the USA.

If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Vimeo account.

For more information on how Vimeo handles user data, please see Vimeo's privacy policy at:

7. Online presence in social media

We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there.

We would like to point out that user data may be processed outside the European Union. This may result in risks for the users, because it could, for example, make it more difficult to enforce the rights of the users. With regard to US providers certified under the Privacy Shield, we point out that they thereby undertake to comply with the data protection standards of the EU.

Furthermore, user data is usually processed for market research and advertising purposes. For example, usage profiles can be created from the usage behaviour and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the computers of the users, in which the usage behaviour and the interests of the users are stored. Furthermore, data may also be stored in the usage profiles regardless of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them).

The processing of the personal data of the users is based on our legitimate interests in effective information of the users and communication with the users pursuant to Art. 6 para. 1 lit. f. DSGVO. If the users are asked by the respective providers of the platforms for consent to the aforementioned data processing, the legal basis of the processing is Art. 6 para. 1 lit. a., Art. 7 DSGVO.

For a detailed description of the respective processing and the possibilities of objection (opt-out), we refer to the following linked information of the providers.

Also in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, you can contact us.

Facebook, pages, groups, (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on the basis of an agreement on joint processing of personal data – Privacy Policy:,
specifically for pages:,
opt out:
Privacy Shield:

LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) – Privacy Policy,
opt out:,
Privacy Shield:

Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) – Privacy Policy/ Opt Out:

8. Newsletter

Newsletter data

If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the specified email address and agree to receive the newsletter. Further data will not be collected or will only be collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent to the storage of the data, the email address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe from the newsletter. Data that has been stored by us for other purposes (e.g., email addresses for the member area) remains unaffected by this.


This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. CleverReach is a service with which the newsletter dispatch can be organised and analysed. The data you enter for the purpose of receiving newsletters (e.g., email address) is stored on CleverReach's servers in Germany or Ireland.

Our newsletters sent with CleverReach allow us to analyze the behavior of newsletter recipients. Among other things, we can analyze how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analysed whether a predefined action (e.g., purchase of a product on our website) has taken place after clicking on the link in the newsletter. For more information on data analysis through CleverReach newsletters, please visit:

The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

If you do not want any analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can also unsubscribe directly on the website.

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of CleverReach after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.

For more details, please see CleverReach's privacy policy at:

Conclusion of a contract on order processing

We have concluded an order processing contract with CleverReach and fully implement the strict requirements of the German data protection authorities when using CleverReach.

Members:inside management


In our online offering, we use the membership management service Memberstack for our online course "Masterclass Pharma Omnichannel". This is a service of Memberstack LLC, 104 Sagamore Williamsburg, VA, 23188, USA ("Memberstack").

We use Memberstack to technically enable the log-in to our protected member area.

Memberstack processes the following data:

  1. First and last name
  2. E-mail address
  3. Registration date

In principle, Memberstack does not pass on any collected data to third parties. We store your profile data in our login/member area only as long as you do not delete your profile with us yourself.

If you not only have a profile with us, but have also made purchases, then after deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after expiry of these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved on our part, about which we will inform you accordingly. If you are registered with us as a customer, we will block all details of purchases made more than three years ago in the purchase history and delete them at the latest after 10 years from the date of purchase. You can give us your consent to show you in the purchase history data on purchases made more than three years ago, but not more than 10 years ago. We will delete your data at the latest upon expiry of the statutory retention period (Section 147 (3) AO), i.e. after 10 years, starting with the conclusion of the contract. Upon expiry of this retention period, we will immediately delete this data without you having to request us to do so.

We have concluded an order processing contract with Memberstack for the aforementioned purposes, in which we oblige Memberstack to protect our customers' data and not to pass it on to third parties.

We have concluded a contract with Memberstack in accordance with the EU's standard data protection clauses.

You can find Memberstack's privacy policy at:

Payment processing

‍6Whywe use service providers for order processing‍

To process your order, we work together with the following service providers, who support us in whole or in part in the execution of concluded contracts. These are service providers who support us in the context of payment processing or the shipment of goods.

We transmit your personal data to these service providers only for the purpose of fulfilling our contractual obligations to you. On the one hand, this is done for the purpose of processing the payment transaction, on the other hand, for the purpose of delivering the goods to you and to the extent that is absolutely necessary in each case. During the payment process, you can select the type of payment and the associated payment service provider yourself. This data transfer is justified according to Art. 6(1)(b) DSGVO. Each service provider receives only those data that are necessary for the provision of the respective service. These service providers are obliged to handle your data confidentially.


If you choose to pay via Stripe, we will share your order information with Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter "Stripe") for the purpose of processing your payment. In the USA, the service is provided by Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA.

During the ordering process, we transmit the following information about your order to Stripe, as well as the corresponding selected payment provider (Visa, Mastercard):

  1. Name
  2. Address
  3. Account number
  4. Bank code
  5. possibly credit card number
  6. Invoice amount
  7. Currency
  8. Transaction number
  9. Transaction date

Your data will only be passed on for the purpose of processing payments with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose.

Stripe reserves the right to conduct a credit check. For this purpose, your payment data may be disclosed to credit agencies pursuant to Art. 6(1)(f) DSGVO on the basis of Stripe's legitimate interest in determining your solvency. Stripe uses the result of the credit check in terms of the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The creditworthiness information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, these have their basis in a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.

You can object to this processing of your data at any time by sending a message to Stripe. However, Stripe may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

We have concluded a contract with Stripe in accordance with the EU's standard data protection clauses.

You can find Stripe's privacy policy here: