Privacy Policy

circle institute GmbH

Last updated: May 2026

1. General Information

We appreciate your interest in our company and our educational services. The protection of your personal data is of great importance to circle institute GmbH.

This Privacy Policy explains the nature, scope, and purpose of the processing of personal data in connection with:

  • visiting our website,
  • booking and participating in educational courses,
  • observerships and online trainings,
  • using the CMR-ORBIT platform,
  • contacting our company,
  • and other services provided by circle institute GmbH.

Personal data is processed in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other applicable data protection laws.

2. Data Controller

Controller within the meaning of the GDPR:

circle institute GmbH
Robert-Rössle-Strasse 10, House D85
13125 Berlin
Germany

Phone: +49 (0)30 9489 2250
E-Mail: info@circle-institute.com

3. Hosting and Server Log Files

Our website is hosted by IONOS SE.

When you visit our website, the web server automatically collects certain information, including:

  • browser type and version,
  • operating system,
  • referrer URL,
  • accessed pages,
  • date and time of access,
  • IP address (possibly anonymized),
  • access status,
  • amount of data transferred.

The processing is carried out to ensure system security, stability, and technical administration of the website.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest).

A data processing agreement pursuant to Art. 28 GDPR has been concluded with the hosting provider.

4. Contacting Us

If you contact us by e-mail, contact form, telephone, or mail, we process the personal data you provide for the purpose of handling your request.

This may include in particular:

  • name,
  • contact details,
  • institution/practice/hospital,
  • communication content.

Legal basis:

  • 6 para. 1 lit. b GDPR (pre-contractual measures),
  • 6 para. 1 lit. f GDPR (legitimate interest in communication).

The data will be deleted once it is no longer required for the respective purpose and no legal retention obligations apply.

5. Booking Courses, Events, and Observerships

When booking our services, we process personal data necessary for contract performance.

This may include:

  • name,
  • title,
  • address,
  • e-mail address,
  • phone number,
  • medical specialty/profession,
  • billing information,
  • VAT number (optional),
  • course and booking data,
  • continuing education numbers,
  • certification or CME-related information.

The processing is carried out for:

  • contract fulfillment,
  • participant administration,
  • invoicing,
  • course organization,
  • issuance of certificates of attendance,
  • reporting to medical associations or professional societies where applicable.

Legal basis: Art. 6 para. 1 lit. b GDPR.

Statutory retention obligations remain unaffected.

6. Payment Processing via Stripe

We use Stripe Payments Europe Ltd., Ireland, for payment processing.

When using Stripe, personal data may be processed, including:

  • name,
  • billing address,
  • e-mail address,
  • payment information,
  • transaction data,
  • IP address,
  • technical device information.

The processing is carried out for payment handling, fraud prevention, and compliance with legal obligations.

Legal basis: Art. 6 para. 1 lit. b GDPR.

A transfer of data to third countries, particularly the United States, cannot be excluded. According to Stripe, appropriate safeguards pursuant to Art. 46 GDPR are implemented.

Further information: https://stripe.com/privacy

7. Digital Contract Conclusion and Withdrawal Management

Within the electronic booking process, we store information regarding the conclusion of the contract and submitted declarations of consent.

This includes in particular:

  • consent to the immediate start of services,
  • acknowledgement of the loss of the statutory right of withdrawal for digital content,
  • time and date of consent,
  • technical protocol data,
  • IP address,
  • booking history.

The processing serves the legally compliant documentation of the contract conclusion.

Legal basis:

  • Art. 6 para. 1 lit. b GDPR,
  • Art. 6 para. 1 lit. c GDPR,
  • Art. 6 para. 1 lit. f GDPR.

8. Use of the CMR-ORBIT Platform

When using the CMR-ORBIT platform, we process personal data necessary for providing the digital learning platform and conducting educational activities.

This may include:

  • user account/login data,
  • name and contact details,
  • profession/specialty,
  • course and usage data,
  • learning progress,
  • submitted answers and test results,
  • training certificates,
  • access times,
  • IP address,
  • technical usage data,
  • support requests.

The processing is carried out for:

  • providing the platform,
  • conducting educational programs,
  • quality assurance,
  • issuing participation and performance certificates,
  • technical security,
  • prevention of misuse,
  • support handling.

Legal basis:

  • Art. 6 para. 1 lit. b GDPR,
  • Art. 6 para. 1 lit. f GDPR.

The platform is intended exclusively for registered users.

The disclosure of access credentials and the unauthorized reproduction or distribution of content (e.g., screenshots, downloads, screen recordings) is prohibited.

9. Newsletter

If you subscribe to our newsletter, we use your e-mail address exclusively for sending information about our services, events, and educational programs.

Registration is carried out using the double opt-in procedure.

Legal basis: Art. 6 para. 1 lit. a GDPR.

Consent may be withdrawn at any time with future effect.

10. Cookies and Consent Management

Our website uses cookies and similar technologies.

We distinguish between:

  • technically necessary cookies,
  • statistical/analytics cookies,
  • and, where applicable, external media or services.

Non-essential cookies are only used with your consent.

Legal basis:

  • 6 para. 1 lit. a GDPR,
  • Section 25 para. 1 TTDSG.

Technically necessary cookies are processed based on:

  • 6 para. 1 lit. f GDPR,
  • Section 25 para. 2 TTDSG.

Your settings can be adjusted at any time via the consent management tool.

11. Web Analytics with Matomo

We use Matomo for statistical analysis of website usage.

Matomo is operated on our own servers (on-premise).

The following data may be processed:

  • anonymized IP address,
  • visited pages,
  • click behavior,
  • device information,
  • referrer data,
  • duration of visits.

The processing takes place without disclosure to third parties.

Legal basis: Art. 6 para. 1 lit. f GDPR.

You may object to the analysis at any time.

12. IONOS WebAnalytics

In addition, we use IONOS WebAnalytics to technically optimize our website.

The analysis is performed without the use of personal cookies.

Legal basis: Art. 6 para. 1 lit. f GDPR.

13. Social Media and External Services

Our website may contain content or links to external services, including:

  • LinkedIn,
  • professional societies,
  • external educational providers,
  • video platforms.

When accessing such content, personal data may be transmitted to third-party providers.

The respective providers are solely responsible for their own data processing activities.

14. Transfer of Data to Third Countries

Personal data may be transferred to countries outside the European Union or the European Economic Area if:

  • appropriate safeguards pursuant to Art. 46 GDPR exist,
  • standard contractual clauses are used,
  • or legal requirements permit such transfer.

This may particularly apply to international service providers or social media platforms.

15. Retention Period

We store personal data only for as long as necessary for the respective purposes or as required by statutory retention obligations.

Afterwards, the data will be deleted or blocked.

16. Your Rights

Under the GDPR, you have the following rights in particular:

  • right of access (Art. 15 GDPR),
  • right to rectification (Art. 16 GDPR),
  • right to erasure (Art. 17 GDPR),
  • right to restriction of processing (Art. 18 GDPR),
  • right to data portability (Art. 20 GDPR),
  • right to object (Art. 21 GDPR),
  • right to withdraw consent at any time (Art. 7 para. 3 GDPR).

You also have the right to lodge a complaint with a supervisory authority.

17. Data Security

We implement technical and organizational security measures to protect personal data against loss, manipulation, unauthorized access, or other unauthorized processing.

Our security measures are regularly reviewed and adapted to technological developments.

18. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy if necessary due to legal, technical, or organizational changes.

The current version published on our website shall apply.