Privacy Policy

The protection of your personal data is of particular concern to us. We therefore process your data in accordance with the European General Data Protection Regulations (GDPR). In this privacy policy, we inform you about the most important aspects of data processing concerning our website. This information is directed at our existing and former customers/participants, interested parties, as well as contract processors, suppliers and cooperation partners and their respective shareholders or other employees.

Contact Details


This privacy policy applies to the data collection and data processing of MagnoliaTree, with owner Sabine Gromer as the data protection officer (in the following simply MagnoliaTree). MagnoliaTree can be reached by mail at Porzellangasse 19/18, 1090 Vienna. The e-mail address is: [email protected].


In the event of violations of data protection law, the person affected by the data collection and/or data processing has a right of appeal to a competent supervisory authority. The competent supervisory authority for data protection issues is the österreichische Datenschutzbehörde (Austrian Data Protection Authority). However, a complaint may also be lodged with the data protection agency responsible for the data subject’s usual place of residence or work.


When using this website

When you access the website, the browser used on your terminal device automatically sends information to MagnoliaTree’s server. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and is stored until it is automatically deleted:

  • IP address of the requesting computer,
  • date and time of access,
  • name and URL of the retrieved file,
  • website from which the access takes place (referrer URL),
  • the browser used and, if applicable, the operating system of your computer and the name of your access provider.

The above-mentioned data will be processed by us for the following purposes:

  • to ensure a smooth connection of the website,
  • guarantee a comfortable use of our website,
  • evaluation of system security and stability,
  • for other administrative purposes.

The legal basis for data processing is Article 6(1)(f) of the GDPR. The legitimate interest of our company follows from the above-mentioned purposes for data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person. Furthermore, we use cookies and analysis services when you visit our website. You will find more detailed explanations on this under points 4 and 5 of this data protection declaration.

When you commission MagnoliaTree, we collect the following information:

  • master data such as your name, address, date of birth, telephone number, email address, fax
  • if applicable, bank details and UID number, FN number
  • contract data
  • data from consulting/coaching/training activities
  • image and sound data (e.g. photos in CVs and for documentation during coaching sessions, video recordings for practice sessions)

For what purposes and on what legal basis are your personal data processed?

Your personal data are processed lawfully based on Article 6(1) of the GDPR for the following purposes:

  • Processing and transmission of data in the context of the provision of pre-contractual measures such as the offering of products and services [Article 6(1)(b) GDPR]
  • In order to fulfil our contractual obligations to provide consulting, training and coaching services to clients/participants and those involved in the consulting process, including computer-assisted creation and archiving of text documents (such as minutes, correspondence) in this matter [Article 6(1)(b) GDPR]
  • To fulfil legal obligations such as tax law [Article 6(1)(c) GDPR]
  • For the purpose of legitimate interests of our company or due to legitimate interests of third parties, namely for the purpose of advertising MagnoliaTree products/services (digital, website and analogue) or for the purpose of internal administration [Article 6(1)(f) GDPR]
  • Within the scope of your express consent [Article 6(1)(a) GDPR]: provided that you have given us your consent to do so, processing of data will also be carried out for the purposes and to the extent specified in the consent. Such consent can be revoked by you at any time. Revocation of the consent does not, however, affect the lawfulness of data processing carried out on the basis of the consent prior to revocation.

You can revoke consent at any time. A revocation of consent has the consequence that we will no longer process your data for the above-mentioned purposes from this point on.

Please contact us for a revocation: Sabine Gromer, [email protected]

Who receives your data?

In order to fulfill the requirements of our services, it may be necessary to transfer your data to the following recipients: tax consultants, tax authorities, licensors in the case of potential analyses, possibly seminar room landlords, IT and email service, website providers and support staff, banks/legal representatives/courts/administrative, and authorities/collection agencies in the event of an incident.

How long will your data be stored?

We will only store your data for as long as it is necessary to complete the purposes for which we have collected your data. In this context, it should be noted that for tax law reasons, contracts and other documents from our contractual relationship must always be retained for a period of 7 years. In individual cases, for example in the case of pending official proceedings, this storage period can also be longer than 7 years. Apart from these individual cases, we will in any case delete your data after these 7 years or 5 years after our last contact should we no longer be able to contact you (depending on which event occurs first).

Rights of Legal Appeal

You are fundamentally entitled to the rights of information, correction, deletion, restriction, data transferability and revocation. Please contact us for this purpose. If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in any way, you can complain to the supervisory authority. In Austria, the Datenschutzbehörde (Data Protection Authority) is responsible for such cases.


External hosting by Host-Europe 

This website is hosted by an external service provider (hoster). The host is Host Europe GmbH, Hansestraße 111, 51149 Cologne (hereinafter referred to as “Host Europe”). Personal data that is recorded on this website is stored on Host Europe’s servers. This can include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.

Host Europe is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit.b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 Paragraph 1 lit.f GDPR).

Host Europe will only process your data insofar as this is necessary to fulfil its performance obligations, and follow our instructions with regard to this data. Further processing on servers other than those mentioned above by Host Europe will only take place within the framework specified below.

In order to ensure data protection-compliant processing, we have completed an order processing contract with Host Europe. You can find more information on handling user data in Host Europe’s data protection declaration:


We use cookies on our website. These are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your terminal device, do not contain viruses, Trojans, or other malware.

Information is stored in the cookie that is related to the specific terminal device used. This does not mean, however, that we obtain direct knowledge of your identity.

The use of cookies serves on the one hand to make the use of our services more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted when you leave our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our site again to make use of our services, we will automatically recognize that you have already been with us and what entries and settings you have made so that you do not have to enter them again.

We also use cookies to record statistics about the use of our website and to evaluate it for the purpose of optimizing our offer for you (see Section 5). These cookies enable us to automatically recognize that you have already been with us when you visit our site again. These cookies are automatically deleted after a pre-defined time.

The data processed by cookies is required for the above-mentioned purposes to protect our legitimate interests and those of third parties in accordance with Article 6(1)(f) of the GDPR.

Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, disabling cookies completely may mean that you will not be able to use all the features of our website.


We send newsletters, e-mails and other electronic notifications containing information (hereinafter referred to as “newsletters”) only with the consent of the recipients or with legal permission. Our newsletters contain information about our work, current publications and references to our offers.

Managing contacts and sending messages.
These types of services allow managing a database of email contacts, phone numbers or any other contact information in order to communicate with the user.
The services may also collect data on what date and time message was read by the user, as well as when the user interacts with incoming messages, for example, by clicking on links contained in them.

SendinBlue Email (SendinBlue SAS).
SendinBlue is a service provided by SendinBlue SAS for managing email addresses and sending messages.

Personal data collected: Cookie; email; usage data.

Processing location: France
Privacy policy:

User database management
These types of services allow the provider to create user profiles by first using the email address, name or other information submitted by the user to this application, as well as tracking user activity through analytics functionalities. This personal data may also be matched with publicly available information about the user (such as social media profiles) and used to build a personal profile that the provider can display and use to improve this application.
Some of these services may also provide for the sending of timed messages to the user, such as emails that this application links to specific actions.

SendinBlue Marketing Automation (SendinBlue SAS).
SendinBlue is a user database management service provided by SendinBlue SAS.

Personal data collected: Cookie; email; usage data.

Processing location: France
Privacy policy:

Conclusion of a contract for order processing
We have entered into a contract with SendinBlue in which we require SendinBlue to protect our customers’ data and not to disclose it to third parties.

Data Processing through social networks

We maintain publicly accessible profiles on social networks. The social networks used by us in detail can be found below.

Social networks such as Facebook, Twitter, etc. can generally analyze your user behavior extensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media presences triggers numerous processing operations relevant to data protection. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your terminal device or by means of recording of your IP address. With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or were logged in.

Please also note that we cannot track all processing on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis

Our social media presences are intended to ensure the most comprehensive presence possible on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. The analysis processes initiated by the social networks may be based on different legal bases, which are to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) lit. a DSGVO).

Responsible party and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both vis-à-vis us and vis-à-vis the operator of the respective social media portal (e.g. vis-à-vis Facebook).

Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

Storage period

The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Our appearances at a glance

When you visit our Instagram page, Instagram and the associated company Facebook collect, among other things, your IP address and other information that is present in the form of cookies on your PC. This information is used to provide us, as operators of the Instagram pages, with statistical information about the use of the Instagram page. Facebook provides more detailed information on this at the following link:

In the following, we inform you about the handling of your personal data. Here, personal data is all data with which you can be personally identified. Please check carefully what personal data you share with us via Instagram and Facebook. As long as you are logged into your Instagram account and visit our Instagram profile, Instagram can associate this with your Instagram profile. We expressly point out that Instagram and thus Facebook stores the data of its users (e.g. personal information, IP address, etc.) and may also use it for business purposes. For more information on Instagram’s data processing, please refer to Instagram’s privacy policy at

Instagram’s full data policy can be found here:

We have no influence on the data collection and further processing by Instagram. Furthermore, it is not recognizable for us to what extent, at which location and for how long the data is stored, to what extent Instagram and Facebook comply with existing deletion obligations, which evaluations and links are made with the data and to whom the data is passed on. If you would like to avoid that Instagram and Facebook processes personal data transmitted by you to us, please contact us by other means. Our full contact details can be found in our imprint on Instagram.
The data collected about you in this context is processed by Facebook Ireland Ltd. and may be transferred to countries outside the European Union in the process. What information Instagram/ Facebook receives and how it is used is described in general terms by Instagram/ Facebook in its data usage guidelines. There you will also find information on how to contact Facebook and on the settings options for advertisements. The data usage guidelines are available at the following link:

Instagram’s full data policies can be found here:
In what way Instagram & Facebook uses the data from the visit of Instagram pages for its own purposes, to what extent activities on the Instagram and Facebook pages are assigned to individual users, how long Instagram & Facebook stores this data and whether data from a visit to the Instagram page is passed on to third parties, is not conclusively and clearly stated by Instagram & Facebook and is not known to us.

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you would like to disable LinkedIn advertising cookies, please use the following link:
For details on their handling of your personal data, please refer to LinkedIn’s privacy policy:

We have a channel on YouTube. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
For details on their handling of your personal data, please refer to the privacy policy of


You have the right:

  • To request information about your personal data processed by us in accordance with Article 15 of the GDPR. In particular, you may request information on the processing of personal data, the category of personal data collected, the recipients to whom your data have been or will be disclosed, the planned storage period, the right to rectify inaccurate data, cancellation, restriction of data processing, the right of appeal, the origin of your data (if not collected by us), and the existence of automated decision making including profiling and, if applicable, meaningful information on the details of data collected.
  • In accordance with Article 16 of the GDPR, to demand without delay the correction of incorrect or incomplete personal data stored by us.
  • In accordance with Article 17 of the GDPR, to demand the deletion of your personal data stored with us, unless processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, and to exercise or defend legal claims.
  • In accordance with Article 20 of the GDPR, to receive your personal data that you have provided us with in a structured, common, and machine-readable format or to request its transfer to another responsible party.
  • In accordance with Article 7(3) of the GDPR to revoke your consent with us at any time. As a result, we may no longer continue data processing based on this consent for the future or complain to a supervisory authority in accordance with Article 77 of the GDPR. As a rule, you can turn to the supervisory authority of your usual place of residence/workplace or to the supervisory authority of our company headquarters.


If your personal data is processed on the basis of legitimate interests in accordance with Article 6(1)(f), you have the right to object to the processing of your personal data in accordance with Article 21 of the GDPR if there are reasons for doing so arising from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without indicating any special situation. If you wish to exercise your right of revocation or objection, simply send an e-mail to [email protected].


We use common SSL (Secure Socket Layer) procedure within our website and the highest encryption level supported by your browser. Usually this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is being transmitted in encrypted form by the display of the key or lock symbol in the lower status bar of your browser.

We also use suitable technical and organizational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.


We hereby object to the use of contact data published to send advertising and information material not expressly requested. Should the operator receive unsolicited promotional material, such as spam etc., the operator expressively reserves the right to take legal action.


This data protection declaration is currently valid and dated May 2020. Due to the further development of our website and offers above, or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on our website.