Privacy Policy

Stand: 27.04.2026

1. Controller

The controller responsible for data processing on this website is:

Colla & Gen Verlag und Service UG (haftungsbeschränkt) & Co. KG
Hauptstr. 65
59439 Holzwickede
Germany
E-mail: redaktion@philopulse.com

Further legal information can be found in our Imprint.

2. General Information on Data Processing

We process personal data only to the extent necessary to provide this website, operate our online shop, process orders, provide digital content, manage paid memberships, communicate with users and customers, ensure technical security, comply with legal obligations or pursue legitimate interests.

Personal data means any information relating to an identified or identifiable natural person. This may include, for example, name, address, e-mail address, IP address, order data, payment data, account data, membership status, usage data and communication content.

Data processing is carried out in particular on the basis of:

• Art. 6(1)(a) GDPR, where consent has been given;
• Art. 6(1)(b) GDPR, where processing is necessary for the performance of a contract or pre-contractual measures;
• Art. 6(1)(c) GDPR, where processing is necessary to comply with a legal obligation;
• Art. 6(1)(f) GDPR, where processing is necessary for the purposes of legitimate interests.

3. Purpose of the Website

Philopulse Magazine is an English-language website and online shop offering books, digital publications, PDFs, ePubs, editorial content and paid memberships.

Printed books may be produced and shipped through external print-on-demand and fulfilment partners, in particular Bookvault. Digital products are provided electronically.

4. Hosting

Our website is hosted by:

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany

When you visit our website, the hosting provider processes technically necessary data, including in particular:

• IP address
• date and time of access
• page or file accessed
• amount of data transferred
• browser used
• operating system used
• referrer URL
• server status messages

This processing is necessary to provide the website, ensure secure operation, detect errors and prevent attacks or misuse.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure and stable operation of our website.

We have concluded a data processing agreement with the hosting provider where required.

5. SSL / TLS Encryption

Our website uses SSL or TLS encryption. Data transmitted through our website is therefore encrypted. You can recognise an encrypted connection by “https://” in your browser’s address bar.

6. Cookies and Consent Management

Our website uses cookies and similar technologies.

Some cookies are technically necessary to operate the website, shopping cart, checkout, customer account, membership area, security functions or download functions. Other cookies or comparable technologies are used only if you have given your consent.

We use DSGVO All in One as our consent management tool. This tool allows you to give, refuse or later change consent for individual services.

The processing of technically necessary cookies is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in the technically reliable and user-friendly operation of the website.

Where cookies or services require consent, processing is based on Art. 6(1)(a) GDPR.

7. Contacting Us

If you contact us by e-mail, contact form or another communication channel, we process the data you provide in order to handle and respond to your enquiry.

This may include:

• name
• e-mail address
• content of the message
• date and time of contact
• order number or customer data, where relevant
• technical data related to the transmission

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in responding to your enquiry.

If your enquiry relates to a contract or pre-contractual measures, Art. 6(1)(b) GDPR is an additional legal basis.

We delete enquiries once they have been finally processed, unless statutory retention obligations or legitimate interests require further storage.

8. Customer Account

You may create a customer account on our website.

For this purpose, we process the data necessary to create and manage the account, including in particular:

• name
• e-mail address
• billing and shipping address, where required
• username
• password in encrypted form
• order history
• download permissions
• membership status
• access rights to protected content

The legal basis is Art. 6(1)(b) GDPR.

You may request deletion of your customer account at any time. Deletion will take place unless statutory retention obligations, ongoing contractual relationships or legitimate interests prevent deletion.

9. Orders in the Online Shop

When you place an order, we process the data required to process the order.

This may include:

• name
• billing address
• shipping address, where required
• e-mail address
• payment method
• products ordered
• order number
• order date
• payment status
• shipping status
• download permissions
• membership access, where applicable

The legal basis is Art. 6(1)(b) GDPR.

We also process order and invoice data to comply with commercial and tax retention obligations. The legal basis is Art. 6(1)(c) GDPR.

10. WooCommerce

Our online shop is operated with WooCommerce.

WooCommerce processes data required for shopping cart, checkout, customer account, order processing, digital downloads and membership-related functions within our WordPress installation.

This includes in particular:

• shopping cart contents
• order data
• customer account data
• payment status
• shipping data
• download permissions
• membership-related access rights

The legal basis is Art. 6(1)(b) GDPR.

11. Digital Products and Downloads

If you purchase digital content such as PDFs, ePubs, digital books or other digital publications, we process your order data in order to provide access or download.

Access may be provided by:

• download link by e-mail
• customer account
• protected content area
• another electronic method indicated during checkout or on the product page

Data processed for this purpose may include:

• name
• e-mail address
• order number
• purchased digital product
• date and time of purchase
• download status
• technical log data related to download provision

The legal basis is Art. 6(1)(b) GDPR.

12. PDF Ink Lite

Where digital PDF products are personalised or marked with customer-related information, we may use PDF Ink Lite.

In this process, order data such as name, e-mail address, order number or purchase date may be technically inserted into a PDF file in order to assign the copy to the respective purchase.

The processing is carried out for contract performance and to protect our copyrighted digital content.

The legal bases are Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR. Our legitimate interest lies in protecting digital content against unauthorised distribution.

13. Printed Books and Bookvault Fulfilment

Printed books may be produced and shipped through external print-on-demand and fulfilment partners, in particular Bookvault / Printondemand-worldwide.

Bookvault is used to print books on demand and ship them directly to customers. Bookvault states that it can connect with e-commerce platforms such as WooCommerce for automated fulfilment and that books can be shipped worldwide.

For the purpose of producing, fulfilling and shipping printed books, the following data may be transmitted to Bookvault or the respective fulfilment partner:

• name
• shipping address
• order details
• product title and format
• quantity ordered
• shipping method
• contact data, where required for delivery
• technical order and fulfilment data

The legal basis is Art. 6(1)(b) GDPR.

Where Bookvault or another fulfilment partner acts as a processor, we enter into the required contractual arrangements. Where a fulfilment partner acts as an independent controller for specific processing operations, the respective provider’s own privacy information may also apply.

Depending on the destination country, data may be processed outside the European Union or the European Economic Area, in particular where local print or shipping partners are used. Such transfers take place only where necessary for contract performance or on another suitable legal basis.

14. Payment Processing

We use external payment service providers to process payments.

Depending on the payment method selected, payment data may be transmitted to the respective provider.

PayPal

If you choose PayPal, payment data is transmitted to PayPal.

Provider:

PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal
L-2449 Luxembourg

Processed data may include:

• name
• e-mail address
• billing amount
• order data
• payment status
• transaction data

The legal basis is Art. 6(1)(b) GDPR.

WooPayments / Stripe and Integrated Payment Methods

For credit card payments and other payment methods, we use WooPayments. WooPayments is technically processed via Stripe and/or the payment service providers integrated into the respective checkout process.

Depending on availability during checkout, payment methods may include:

• credit card
• Apple Pay
• Google Pay
• Klarna
• SEPA or other payment methods
• further payment methods shown during checkout

Processed data may include:

• name
• billing address
• e-mail address
• payment data
• transaction data
• order data
• IP address
• technical data required for payment processing

The legal basis is Art. 6(1)(b) GDPR.

Where data is transferred to the USA or other third countries, this is done on the basis of appropriate safeguards, in particular an adequacy decision, certification under the EU-U.S. Data Privacy Framework or standard contractual clauses, where applicable.

15. E-mail Notifications Related to Orders

As part of order processing, you may receive automated e-mails, for example order confirmations, payment information, shipping information, download links or membership access information.

The processing is carried out for contract performance.

The legal basis is Art. 6(1)(b) GDPR.

16. Paid Memberships and Protected Content

We offer paid memberships and protected content areas.

For the administration of memberships, we process data required to create, manage, renew, cancel and provide access to memberships.

This may include:

• name
• e-mail address
• customer account
• membership level
• membership status
• start and end date of membership
• billing period
• payment status
• access rights
• protected content accessed
• cancellation status

The legal basis is Art. 6(1)(b) GDPR.

Where data is processed to comply with statutory retention obligations, the legal basis is Art. 6(1)(c) GDPR.

Where data is processed for technical administration, fraud prevention or security of the membership area, the legal basis is Art. 6(1)(f) GDPR.

17. Paid Memberships Pro

We use Paid Memberships Pro and related add-ons to manage paid memberships and protected content.

The plugin processes membership-related data within our WordPress installation, including membership status, access rights, billing information and account-related data.

The legal basis is Art. 6(1)(b) GDPR.

If a recurring membership is cancelled, membership-related data may still be stored where necessary for documentation, accounting, legal claims or statutory retention obligations.

18. Customer Reviews

Where the review function is enabled, customer reviews may be submitted only by logged-in users.

When a review is submitted, we may process:

• customer account
• name or display name
• e-mail address
• review text
• rating points
• date and time of review
• product or content reviewed

The processing is carried out to provide the review function and display customer reviews.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in presenting product experiences transparently and improving our offer.

We reserve the right not to publish or to remove reviews that contain unlawful content, insults, spam, irrelevant content, obvious false statements or content that violates third-party rights.

19. Comments

Comments are currently disabled on this website.

If comment functions are activated in the future, this Privacy Policy will be updated accordingly.

20. Newsletter / MailPoet

A newsletter is currently not actively used.

If we offer a newsletter subscription in the future, we may use MailPoet to send newsletters.

In that case, the following data may be processed:

• e-mail address
• name, if provided
• date and time of registration
• IP address at registration
• confirmation in the double opt-in process
• newsletter preferences
• opening and click data, where consent has been given

The legal basis for newsletter delivery is Art. 6(1)(a) GDPR.

You may withdraw your consent at any time with effect for the future, for example via the unsubscribe link in the newsletter or by contacting us.

If MailPoet or Automattic acts as a service provider, processing is carried out under a data processing agreement where required.

21. Koko Analytics / Website Statistics

If a privacy-friendly statistics tool such as Koko Analytics is used, it serves to evaluate website usage statistically.

Koko Analytics is generally designed to work without personal identifiers and without tracking individual users.

Depending on configuration, processed data may include:

• page views
• referrers
• approximate visit statistics
• technical usage data

Where the tool is operated without personal data, cookies or comparable identifiers, processing may be based on Art. 6(1)(f) GDPR. Our legitimate interest lies in understanding and improving the use of our website.

Where cookies, personal identifiers or comparable technologies requiring consent are used, processing is based on Art. 6(1)(a) GDPR.

22. Google Services

Google services may be technically present on the website but are currently not actively used for tracking or analytics according to our current configuration.

If Google Analytics, Google Ads conversion tracking, Google Tag Manager or similar Google services are activated in the future, this Privacy Policy will be updated and such services will be integrated into the consent management tool where required.

23. Meta Pixel

No Meta Pixel is currently set on this website.

If Meta Pixel, Meta conversion tracking, custom audiences or comparable Meta services are activated in the future, this Privacy Policy will be updated and such services will be used only with the required consent where applicable.

24. Social Media Links and Sharing Functions

Our website may contain links to social media profiles or sharing functions.

Simple links to social media profiles do not transmit personal data to the respective provider until you click the link and leave our website.

If active social plugins, embedded feeds or comparable social media functions are used in the future, this Privacy Policy will be updated accordingly and consent will be obtained where required.

25. Jetpack, Jetpack Boost and Jetpack Social

Our website may use individual functions from the Jetpack product family, including Jetpack, Jetpack Boost or Jetpack Social.

Provider:

Automattic Inc.
60 29th Street #343
San Francisco, CA 94110-4929
USA

Depending on the active function, Jetpack may be used for security, performance optimisation, technical support, automated social publishing or website administration.

Processed data may include:

• IP address
• browser information
• page access data
• technical device information
• security-related events
• content or metadata processed in the WordPress administration, where applicable

The legal basis is Art. 6(1)(f) GDPR where processing is necessary for security, technical optimisation or efficient website administration.

Where Jetpack functions involve tracking, analytics, social publishing or comparable services requiring consent, processing is based on Art. 6(1)(a) GDPR.

Where data is transferred to the USA, this is done on the basis of appropriate safeguards, in particular an adequacy decision, certification under the EU-U.S. Data Privacy Framework or standard contractual clauses, where applicable.

26. Wordfence

For website security, we use Wordfence.

Provider:

Defiant Inc.
800 5th Ave Ste 4100
Seattle, WA 98104
USA

Wordfence protects our website against attacks, malware, unauthorised access and misuse.

Processed data may include:

• IP address
• accessed URLs
• date and time of access
• browser and header information
• login attempts
• security-related events

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in protecting our website, systems and data.

Where data is transferred to the USA, this is done on the basis of appropriate safeguards, in particular an adequacy decision, certification under the EU-U.S. Data Privacy Framework or standard contractual clauses, where applicable.

27. Cloudflare Turnstile

We may use Cloudflare Turnstile to protect forms, login areas and other functions against spam, automated access and misuse.

Provider:

Cloudflare, Inc.
101 Townsend St.
San Francisco, CA 94107
USA

Cloudflare Turnstile checks whether an input is made by a natural person or by automated means.

Processed data may include:

• IP address
• browser and device information
• interaction data
• technical verification data

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in protecting the website against spam, misuse and attacks.

Where data is transferred to the USA, this is done on the basis of appropriate safeguards, in particular an adequacy decision, certification under the EU-U.S. Data Privacy Framework or standard contractual clauses, where applicable.

28. Rank Math SEO

We use Rank Math SEO to technically optimise our content for search engines.

As a rule, Rank Math SEO does not process personal data of website visitors for tracking or analytics purposes.

Where individual functions process personal data, processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in the technical optimisation and findability of our website.

29. VG Wort

We may use the “Scalable Central Measurement Method” of Verwertungsgesellschaft WORT (VG WORT) to determine statistical parameters for the copy probability of texts.

Provider:

Verwertungsgesellschaft WORT (VG WORT)
Untere Weidenstraße 5
81543 Munich
Germany

For this purpose, anonymous or pseudonymous measurement values may be collected. Depending on the technical implementation, a session cookie or a signature generated from browser information may be used. IP addresses are processed only in anonymised form where possible.

The processing serves to determine the copy probability of individual texts and to substantiate remuneration claims of authors and publishers.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the assertion and allocation of statutory remuneration claims.

Where consent is legally required, processing is based on Art. 6(1)(a) GDPR.

30. Accounting with Lexoffice

To fulfil tax and commercial law obligations, we process and store invoice, payment and order data.

For accounting, we use Lexoffice, a service of:

Haufe-Lexware GmbH & Co. KG
Munzinger Straße 9
79111 Freiburg
Germany

Processed data may include:

• name and address
• invoice data
• payment data
• order data
• tax-relevant documents
• communication data, where required for accounting

The processing is carried out for proper accounting, fulfilment of tax and commercial law obligations and documentation of business transactions.

The legal basis is Art. 6(1)(c) GDPR. Where processing also serves efficient organisation of our accounting, Art. 6(1)(f) GDPR is an additional legal basis.

A data processing agreement is concluded where required.

Tax and commercial law data are stored in accordance with statutory retention periods.

31. Data Retention

We store personal data only for as long as necessary for the respective purpose.

Data required for contract performance are stored for the duration of the contractual relationship and thereafter within the scope of statutory retention obligations.

Tax and commercial law data are stored in accordance with statutory retention periods.

Data processed on the basis of consent are stored until consent is withdrawn, unless another legal basis allows or requires further storage.

Data processed on the basis of legitimate interests are stored only for as long as the respective legitimate interest exists and no overriding interests of the data subject prevent storage.

32. Recipients of Personal Data

Personal data may be transferred, where necessary, to the following categories of recipients:

• hosting providers
• payment service providers
• print-on-demand and fulfilment partners
• shipping and delivery providers
• IT and security service providers
• membership and shop system providers
• newsletter service providers, where used
• analytics or statistics providers, where used
• accounting and tax service providers
• public authorities, where legally required

Data is transferred only where necessary, legally permitted or covered by consent.

33. International Data Transfers

Some service providers may be located outside the European Union or the European Economic Area or may process data there.

Where personal data is transferred to third countries, this takes place only if an appropriate legal basis exists. This may include:

• an adequacy decision by the European Commission;
• certification under the EU-U.S. Data Privacy Framework;
• standard contractual clauses issued by the European Commission;
• necessity for performance of a contract, where applicable;
• another lawful transfer mechanism under the GDPR.

34. Your Rights

Under the GDPR, you have the following rights, subject to the statutory requirements:

• right of access under Art. 15 GDPR;
• right to rectification under Art. 16 GDPR;
• right to erasure under Art. 17 GDPR;
• right to restriction of processing under Art. 18 GDPR;
• right to data portability under Art. 20 GDPR;
• right to object under Art. 21 GDPR;
• right to withdraw consent under Art. 7(3) GDPR;
• right to lodge a complaint with a supervisory authority under Art. 77 GDPR.

35. Right to Object

Where we process personal data on the basis of Art. 6(1)(f) GDPR, you may object to such processing on grounds relating to your particular situation.

Where personal data is processed for direct marketing purposes, you may object at any time.

36. Withdrawal of Consent

You may withdraw consent at any time with effect for the future.

The lawfulness of processing carried out before withdrawal remains unaffected.

37. Automated Decision-Making

We do not use automated decision-making that produces legal effects concerning you or similarly significantly affects you within the meaning of Art. 22 GDPR.

38. Changes to this Privacy Policy

We may update this Privacy Policy if technical, legal or organisational changes make this necessary.

The version published on this website applies.