Consulting

Training

Products

Projects

TheDive

Schedule a meeting

Consulting

Training

Products

Projects

TheDive

Schedule a meeting

We support you in five central areas as you transform your organization.

Get in touch for a consultation

Consulting

Organizational Development We design strategies, structures, and cultures that enable change and support the future.

Adaptability We help organizations stay agile, resilient, and capable of learning.

New Finance We develop governance models that combine purpose, agility, and economic stability.

Leadership & Collaboration We support leaders and teams in gaining clarity and delivering impact.

Regenerative Economy We connect economic performance with responsibility—for people, society, and the planet.

Learn to shape the future—with our training programs and workshops.

To the dates

Training

Loop Fellow Our train-the-trainer program around the Loop Approach: systemic, practice-oriented, and deeply effective.

TheDive Transform Our training program in systemic and integral organizational development.

SpaceBeyond The training program in Nonviolent Communication: for greater clarity and connection.

Stellar Practitioner The advanced training for anyone who wants to embed regenerative practices in their work.

Stellar Fellow for Loop Fellows Our advanced training program for certified Loop Fellows, with a focus on regenerative business.

More Trainings Our individually bookable modules on transformation, regeneration, and effective collaboration.

Our toolkit of methods for a life-serving economy.

All products

Products

The Loop Approach^® Our framework for effective and vibrant collaboration. For teams that want to grow together.

Blended Loop The Loop Approach in a blended learning format—flexible, scalable, and practice-oriented.

Loop E-Onboarding Get up to speed with the Loop way of working—quickly and flexibly—with a digital 8-week program.

The Stellar Approach^® A structured process framework for regenerative transformation in organizations.

SEED A sprint-based culture development process that sparks change where it truly makes an impact.

New Finance Financial management reimagined. New Finance connects economic clarity with purpose, impact, and responsibility.

How TheDive Works in Practice: Insights from Our Transformation Projects.

All projects

Projects

Deutsche Telekom How does a large corporation manage to establish a new model of collaboration across departments?

Dr. Oetker How can a global family-owned company navigate the transition toward an agile, self-organized future?

Unilever What happens when employees decide for themselves what the workplace of the future should look like?

Universität Hamburg How can a genuine cultural transformation succeed at one of Germany’s largest universities?

Klinikum Aschaffenburg-Alzenau What happens when collaboration in hospitals follows new paradigms?

InterStellar Learning Journey What does the economic system look like in a desirable future, and how can we shape it?

Transformation consulting. Training platform. Community. Since 2015.

TheDive Hive

TheDive

About us With our work and our impulses, we help shape a life-serving economy.

Community Our hive for exchange, shared learning, and collective development.

Blog Insights, perspectives, and practical knowledge from our work with organizations.

Our Team The Divers and Co-Divers: Get to know the diverse people behind TheDive.

Dates & Events Workshops, trainings, and community events around leadership and transformation.

Press Latest publications, interviews, and background information on TheDive.

Shop

Jobs

Contact

Base¹ Berlin

Base⁷ Esslingen

Base⁸ München

LinkedIn Instagram

Privacy Policy

Stand: 2. März 2023

Consulting

Training

Products

Projects

TheDive

Schedule a meeting

With this privacy policy, we would like to inform you about which types of personal data (hereinafter also referred to as “data”) we process, for which purposes and to what extent. The privacy policy applies to all personal data processing carried out by us, both in the context of the provision of our services and, in particular, on our websites, in mobile applications and within external online presences, such as our social media profiles (collectively referred to as the “Online Offering”).

The terms used are not gender-specific.

Table of Contents

• Preamble
• Controller
• Contact Data Protection Officer
• Overview of Processing
• Legal Bases
• Security Measures
• Disclosure of Personal Data
• Data Processing in Third Countries
• Deletion of Data
• Use of Cookies
• Business Services
• Providers and Services Used in the Course of Business
• Provision of the Online Offering and Web Hosting
• Video Conferences, Online Meetings, Webinars and Screen Sharing
• Audio Content
• Application Procedure
• Cloud Services
• Newsletter and Electronic Notifications
• Surveys and Questionnaires
• Online Marketing
• Social Media Presences
• Plugins and Embedded Functions and Content

Controller
Dr. Simon Berkler, Uli Schoop, Andreas Lerche

Authorized Representatives
Dr. Simon Berkler, Uli Schoop, Andreas Lerche
E-mail address: hello@thedive.com

Contact Data Protection Officer
Gregor Klar
E-mail: datenschutz@thedive.com

Overview of Processing
The following overview summarizes the types of data processed, the purposes of processing, and the affected persons.

Types of Data Processed

• Master data
• Payment data
• Contact data
• Content data
• Contract data
• Usage data
• Meta, communication and procedural data
• Applicant data
• Image and/or video recordings
• Event data (Facebook)

Special Categories of Data

• Health data
• Data concerning sex life or sexual orientation
• Religious or philosophical beliefs
• Data revealing racial or ethnic origin

Categories of Affected Persons

• Customers
• Employees
• Prospects
• Communication partners
• Users
• Applicants
• Business and contractual partners
• Students/participants
• Participants
• Depicted persons

Purposes of Processing

• Provision of contractual services and customer service
• Contact requests and communication
• Security measures
• Direct marketing
• Reach measurement
• Tracking
• Office and organizational procedures
• Conversion measurement
• Target group formation
• Management and response to inquiries
• Application procedure
• Feedback
• Marketing
• User profile creation
• Provision and user-friendliness of our online offering
• IT infrastructure

Legal Bases

Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the GDPR, national data protection provisions in your or our country of residence may apply. If more specific legal bases are applicable in individual cases, we will inform you accordingly in this privacy policy.

• Consent (Art. 6(1)(a) GDPR)
• Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR)
• Legal obligation (Art. 6(1)(c) GDPR)
• Legitimate interests (Art. 6(1)(f) GDPR)
• Application procedure as a pre-contractual or contractual relationship (Art. 6(1)(b) GDPR)

If special categories of personal data are processed, the legal basis is Art. 9(2)(b) GDPR, or Art. 9(2)(c), (h) GDPR, or explicit consent under Art. 9(2)(a) GDPR.

In addition to the GDPR, national laws apply in Germany, especially the Federal Data Protection Act (BDSG), which includes special rules on rights of access, deletion, objection, special categories of data, and processing in employment relationships (§ 26 BDSG). State data protection laws may also apply.

Security Measures

We take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including confidentiality, integrity and availability of data, access control, transfer control, and measures for handling rights requests, deletion, and response to risks. We also follow the principles of data protection by design and default.

TLS encryption (https): We use TLS encryption to protect the data transmitted via our online offering.

Disclosure of Personal Data

Data may be disclosed to other parties (e.g., IT service providers, providers of embedded services) where necessary. We ensure compliance with legal requirements and conclude appropriate contracts.

Data Processing in Third Countries

If data is processed in a third country (outside the EU/EEA), this only occurs in compliance with legal requirements (e.g., adequacy decision, standard contractual clauses, certifications, or explicit consent).

Deletion of Data

Data is deleted when consent is withdrawn or when processing permissions cease (e.g., when the purpose no longer exists). If deletion is not possible due to legal obligations, data will be restricted (blocked).

Use of Cookies

Cookies are small text files stored on end devices. They are used for functionality, security, comfort, and analysis.

We use cookies in compliance with legal requirements and obtain consent where required.
Cookies may be session or persistent cookies (up to two years).

Users may withdraw consent and object to processing (Art. 21 GDPR). Browser settings can also be used to block cookies.

Business Services

We process data of contractual and business partners for contractual performance, communication and administration. Data is stored in accordance with legal retention periods (e.g., 6 or 10 years for commercial and tax documents).

Data Types

• Master data
• Payment data
• Contact data
• Contract data

Legal Bases

• Contract performance (Art. 6(1)(b) GDPR)
• Legal obligation (Art. 6(1)(c) GDPR)
• Legitimate interests (Art. 6(1)(f) GDPR)

Providers and Services Used in the Course of Business

We use additional services for business and organizational purposes.

DATEV

Software for accounting and communication with tax advisors and authorities.
Legal basis: legitimate interests (Art. 6(1)(f) GDPR).
Data processing agreement: provided by the provider.

Provision of the Online Offering and Web Hosting

We process user data to provide our online services, including IP address processing.

Data Types

• Usage data
• Meta, communication and procedural data

Legal Basis

• Legitimate interests (Art. 6(1)(f) GDPR)

Additional Notes

Server log files are stored for a maximum of 30 days unless needed for evidence.

Providers

STRATO

Sentry

Video Conferences, Online Meetings, Webinars and Screen Sharing

We use conference platforms (e.g., Zoom, Slack). Data processed depends on the conference settings (names, email, audio/video, chat). Recording is only carried out with prior notice and consent where required.

Legal Basis

• Legitimate interests (Art. 6(1)(f) GDPR)
• Contract performance (Art. 6(1)(b) GDPR)
• Consent for recordings (Art. 6(1)(a) GDPR)

Audio Content

We use hosting and analysis services to offer audio content and obtain statistics (e.g., SoundCloud).

Application Procedure

Applicants provide the necessary data for evaluation. Special categories of data are only requested if necessary and with legal basis or consent.

Data Retention

• Unsuccessful applications: max. 6 months
• Successful applications: as part of employment records

Provider

Kenjo

Cloud Services

We use cloud services (e.g., Google Workspace, Google Cloud, Google Photos) for storage and processing.

Newsletter and Electronic Notifications

Newsletters are sent only with consent (double opt-in). The registration process is logged for proof.

Provider
Mailchimp
Surveys and Questionnaires
Surveys are evaluated anonymously. Personal data is processed only to provide and technically conduct the survey.
Providers
Google Forms
Typeform

Online Marketing
We process data for online marketing, including profiling and conversion tracking (e.g., Facebook Pixel). IP masking is used.

Opt-out is possible via provider settings or browser settings.

Social Media Presences
(Section to be expanded based on the networks used.)

Plugins and Embedded Functions
(Section to be expanded based on the plugins used.)

Google Ad Manager / Google Marketing Platform

We use the Google Marketing Platform (including services such as Google Ad Manager) to place advertisements within the Google advertising network (e.g. in search results, videos, on websites, etc.).
The Google Marketing Platform is characterized by the fact that advertisements are displayed in real time based on users’ presumed interests. This allows us to display advertisements for and within our online offering in a more targeted manner, presenting users only with advertisements that are likely to match their interests.

For example, if a user is shown advertisements for products they have previously shown interest in on other online offerings, this is referred to as “remarketing.”

Service provider:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Legal basis:
Legitimate interests (Art. 6(1)(f) GDPR)

Website:
https://marketingplatform.google.com

Further information:
Types of processing and data processed:
https://privacy.google.com/businesses/adsservices

Data processing terms for Google advertising products, including information on controller-to-controller data processing and standard contractual clauses for third-country data transfers:
https://business.safety.google/adscontrollerterms

Where Google acts as a processor, data processing terms for Google advertising products and standard contractual clauses for third-country data transfers:
https://business.safety.google/adsprocessorterms

Pardot (Salesforce)

Marketing automation for the acquisition and management of contacts, audience targeting and conversion measurement.

Service provider:
salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany

Legal basis:
Consent (Art. 6(1)(a) GDPR)

Website:
https://www.salesforce.com

Data Processing Agreement:
https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf

Standard Contractual Clauses (to ensure an adequate level of data protection for third-country processing):
https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/scc-amendment.pdf

Further information:
Data Transfer Impact Assessment & Salesforce Services:
https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Privacy/dpia-and-salesforce-services.pdf

Social Media Presences

We maintain online presences within social networks and process user data in this context in order to communicate with users active on these platforms or to provide information about us.

Please note that user data may be processed outside the European Union. This may pose risks for users, as the enforcement of their rights may be more difficult.

In addition, user data within social networks is generally processed for market research and advertising purposes. For example, usage behavior and resulting interests may be used to create user profiles. These profiles can then be used to display advertisements within and outside the networks that presumably correspond to users’ interests.

For these purposes, cookies are generally stored on users’ devices in which usage behavior and interests are stored. Furthermore, user profiles may contain data independent of the devices used by users (especially if users are members of the respective platforms and are logged in).

For a detailed description of the respective processing activities and opt-out options, we refer to the privacy policies and information provided by the operators of the respective networks.

With regard to requests for information and the assertion of data subject rights, we point out that these can be exercised most effectively directly with the providers. Only the providers have access to the user data and can take appropriate action or provide information directly. If you nevertheless require assistance, you are welcome to contact us.

Processed data types

• Contact data (e.g. email addresses, telephone numbers)
• Content data (e.g. entries in online forms)
• Usage data (e.g. visited websites, interest in content, access times)
• Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, consent status)

Affected persons

• Users (e.g. website visitors, users of online services)

Purposes of processing

• Contact requests and communication
• Feedback (e.g. collection of feedback via online forms)
• Marketing

Legal basis

• Legitimate interests (Art. 6(1)(f) GDPR)

Further information on processing activities, procedures and services
Instagram

Social network
Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Website: https://www.instagram.com

Facebook Pages

Profiles within the social network Facebook.
We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not further processing) of data from visitors to our Facebook page (“fan page”).

This data includes information about the types of content users view or interact with, or actions they take (see “Things you and others do and provide” in Facebook’s Data Policy: https://www.facebook.com/policy
), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see “Device Information” in the Facebook Data Policy).

As explained in Facebook’s Data Policy under “How do we use this information?”, Facebook also collects and uses this information to provide analytics services (“Page Insights”) to page operators, enabling them to gain insights into how people interact with their pages and related content.

We have entered into a specific agreement with Facebook (“Page Insights Information”, https://www.facebook.com/legal/terms/page_controller_addendum
), which regulates, among other things, the security measures Facebook must observe and confirms Facebook’s obligation to fulfill data subject rights (e.g. users may direct access or deletion requests directly to Facebook).

User rights (in particular the right to access, deletion, objection and complaint to a supervisory authority) are not restricted by this agreement. Further information can be found in the “Page Insights Information”:
https://www.facebook.com/legal/terms/information_about_page_insights_data

Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Website: https://www.facebook.com

Standard Contractual Clauses:
https://www.facebook.com/legal/EU_data_transfer_addendum

The joint controllership is limited to the collection and transmission of data to Meta Platforms Ireland Limited (EU). Further processing, including transfer to Meta Platforms, Inc. in the USA, is the sole responsibility of Meta Platforms Ireland Limited and is based on standard contractual clauses.

Social network
Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Website: https://www.linkedin.com

Data Processing Agreement: https://legal.linkedin.com/dpa

Standard Contractual Clauses: https://legal.linkedin.com/dpa

Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Twitter (X)

Social network
Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland
Parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Privacy Policy: https://twitter.com/privacy

Settings: https://twitter.com/personalization

Plugins and Embedded Content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (“third-party providers”), such as graphics, videos or maps (“content”).

Integration requires that the third-party providers process users’ IP addresses, as the content cannot otherwise be delivered to users’ browsers. The IP address is therefore necessary to display this content.

We endeavor to use only content whose providers use the IP address solely for delivery purposes. Third-party providers may also use pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags allow information such as visitor traffic to be evaluated. Pseudonymous information may also be stored in cookies on users’ devices and may include technical information about browsers and operating systems, referring websites, visit times, and other information related to the use of our online offering.

Processed data types

• Usage data
• Meta, communication and procedural data
• Master data
• Contact data
• Content data

Affected persons

• Users (e.g. website visitors, users of online services)

Purposes of processing

• Provision of our online offering and user-friendliness
• Creation of user profiles

Legal basis

• Legitimate interests (Art. 6(1)(f) GDPR)

Further information on specific services
Google Fonts

Fonts are loaded from Google servers to ensure technically secure, maintenance-free and efficient font usage. The user’s IP address is transmitted to Google. According to Google, IP addresses are not logged or stored and are not analyzed.

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Website: https://fonts.google.com

Further information: https://developers.google.com/fonts/faq/privacy

YouTube Videos

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Website: https://www.youtube.com

Opt-out:
https://tools.google.com/dlpage/gaoptout

https://adssettings.google.com/authenticated

Vimeo

Service provider: Vimeo Inc., 555 West 18th Street, New York, NY 10011, USA
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Website: https://vimeo.com

Note: Vimeo may use Google Analytics. See Google’s privacy policy and opt-out options:
https://policies.google.com/privacy

https://tools.google.com/dlpage/gaoptout

SoundCloud Music Player Widget

Service provider: SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Website: https://soundcloud.com

New things are constantly emerging at TheDive.
With our newsletter, you’ll stay up to date.

Subscribe now

Privacy Policy

New things are constantly emerging at TheDive. With our newsletter, you’ll stay up to date.

New things are constantly emerging at TheDive. With our newsletter, you’ll stay up to date.

New things are constantly emerging at TheDive.
With our newsletter, you’ll stay up to date.

New things are constantly emerging at TheDive.
With our newsletter, you’ll stay up to date.