Product Leaders Consulting GmbH - Privacy Policy

Legal

Privacy Policy of Product Leaders Consulting GmbH

Effective date: January 1, 2026

1. Controller

Product Leaders Consulting GmbH
4020 Linz, Austria
Email: office@productleaders.com
Website: https://www.productleaders.com

(“PLC”, “we”, “us”)

2. General Information

We take the protection of personal data very seriously. Personal data is processed in accordance with applicable data protection laws, in particular the General Data Protection Regulation (GDPR) of the European Union. Personal data means any information relating to an identified or identifiable natural person.

3. Hosting

Our website is hosted by:

Hetzner Online GmbH Industriestr. 25
91710 Gunzenhausen Germany

All servers are located in Germany. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and efficient website operation). A data processing agreement pursuant to Art. 28 GDPR has been concluded with Hetzner.

4. Server Log Data

When visiting our website, the hosting provider automatically collects server log data including:

IP address
date and time of request
pages or files accessed
referrer URL
browser type and operating system

This data is used exclusively to ensure the technical operation, security and stability of the website.

Legal basis: Art. 6(1)(f) GDPR.

Our website uses cookies. Cookies are small text files stored on your device.

Strictly necessary cookies

These cookies are required to operate the website (e.g. session cookies, login functions).

Legal basis: Art. 6(1)(f) GDPR and § 25(2) TTDSG where applicable.

Analytics cookies

Analytics cookies are only used after you have given explicit consent.

Legal basis: Art. 6(1)(a) GDPR.

You may withdraw or change your consent at any time via the cookie settings on our website.

6. Google Analytics

We use Google Analytics, a web analytics service provided by:

Google Ireland Limited
Dublin, Ireland

Google Analytics uses cookies to analyze how our website is used.

Data processed may include:

anonymized IP address
page views
session duration
click paths
device information (browser, operating system)

Legal basis: your consent (Art. 6(1)(a) GDPR).

Data transfers to the United States may occur. Google relies on appropriate safeguards such as EU Standard Contractual Clauses.

7. Google Fonts

We use Google Fonts hosted locally on our servers. No personal data (including IP addresses) is transmitted to Google.

If you subscribe to our newsletter, we process personal data to send information about our trainings, events and content.

Double Opt-In

Registration takes place using a double opt-in procedure.

Data processed

email address
name (optional)
timestamp of registration and confirmation
IP address (for proof of consent)

Legal basis: Art. 6(1)(a) GDPR.

Email service provider

Emails are sent using:

Postmark (Wildbit LLC)
USA

Transfers are safeguarded via appropriate mechanisms such as EU Standard Contractual Clauses.

You can unsubscribe at any time via the unsubscribe link included in every email.

9. Contact Requests

If you contact us (e.g. via email), we process your information in order to handle your request.

This may include:

name
email address
phone number (optional)
message content

Legal basis: Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR.

10. Consulting and Training Services

To deliver consulting, coaching and training services, we process personal data of customers and participants.

This may include:

name and contact details
company affiliation
billing information
participation and training data
community contributions on platforms

Legal basis: Art. 6(1)(b) GDPR.

11. Tools and Service Providers

To deliver our services we use the following tools:

Zoom (video conferencing)
Miro (digital whiteboards)
Circle (community platform)
Notion (documentation and collaboration)
Google Workspace (email, calendar, documents)
internal CRM system
internal training management system
Postmark (email delivery)

Where required, we have concluded data processing agreements in accordance with Art. 28 GDPR.

12. Scrum Alliance (Certifications)

For certain trainings we cooperate with Scrum Alliance (USA) for certification purposes.

Purpose

Personal data is transferred exclusively for the purpose of issuing certifications.

Data transferred

name
email address

Legal basis

Data is transferred only with your explicit consent pursuant to Art. 6(1)(a) GDPR.

Without this consent, certification may not be possible.

As Scrum Alliance is located in the United States, data transfers to a third country may occur. These transfers are safeguarded through appropriate mechanisms such as EU Standard Contractual Clauses.

13. Transfers to Third Countries

Some service providers are located in the United States or process data there.

Transfers occur only if appropriate safeguards are in place, including:

EU Standard Contractual Clauses
EU-US Data Privacy Framework (where applicable)

14. Data Retention

We store personal data only as long as necessary for the respective purpose or as required by statutory retention obligations.

For example, Austrian tax law typically requires retention periods of seven years.

Consent-based data (e.g. newsletters) is stored until consent is withdrawn.

15. Your Rights

You have the right to:

access (Art. 15 GDPR)
rectification (Art. 16 GDPR)
erasure (Art. 17 GDPR)
restriction of processing (Art. 18 GDPR)
data portability (Art. 20 GDPR)
objection (Art. 21 GDPR)
withdrawal of consent (Art. 7(3) GDPR)

To exercise your rights, please contact:

office@productleaders.com

16. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority.

Austrian Data Protection Authority
Barichgasse 40–42
1030 Vienna

17. Data Security

We implement appropriate technical and organizational measures to protect personal data (e.g. TLS encryption, access controls).

18. Updates

We may update this privacy policy if legal requirements change or if our services change.

Current version: January 1, 2026.