k11e Digital Health Senior Advisor

Pricacy Policy (Datenschutz)

Privacy Policy for K11E Executive Digital Health Advisory
(Compliant with GDPR and applicable German data protection law)

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection laws is:

K11E – Executive Digital Health Advisor (sole proprietor)
Dr. Klaus Nitschke
Offenbachstr. 9, 53173 Bonn, Germany
Email: klausnitschke@mail.de · Tel: +49 151 1426 9193
Domain name: k11.eu
VAT ID: DE 309670025 · Tax number: 206/5128/2636 [Full Name / Company Name]
If you have any questions regarding this Privacy Policy or the processing of your personal data, please contact us using the details above.

2. Scope of This Privacy Policy

This Privacy Policy explains how we process personal data when:

  • you visit our website,

  • you contact us (e.g. via email, phone, contact form, LinkedIn, other),

  • you book or receive our executive digital health advisory, -coaching services,

  • you engage with us regarding advisory or board governance roles,

  • you participate in online meetings, workshops or events hosted by us,

  • you interact with our professional profiles or content on platforms such as LinkedIn.

We primarily work business-to-business (B2B) with founders, executives, investors, and companies in the health and digital health sector. Nevertheless, the GDPR applies to any processing of personal data of identifiable individuals.

3. Categories of Data, Purposes and Legal Bases

3.1 Website Access (Server Log Files)

When you visit our website, our hosting provider automatically processes:

  • IP address

  • date and time of access

  • time zone

  • accessed pages / files

  • referrer URL

  • browser type and version

  • operating system

  • amount of data transferred

  • http status code

Purpose: ensuring technical operation, security, error analysis, prevention of misuse.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure, stable website operation).
Log files are typically stored for a limited period and then deleted or anonymized, unless further storage is required for evidential reasons.

3.2 Contact via Email, Phone, Contact Form, LinkedIn

If you contact us, we process:

  • name, role, company

  • contact details (email, phone, LinkedIn profile)

  • content of your inquiry

  • related project or mandate data

Purpose: handling your inquiry, preparing and performing a mandate or cooperation.
Legal bases:

  • Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures), and

  • Art. 6(1)(f) GDPR (legitimate interests in professional communication & documentation).

We store your request as long as necessary to process it and in line with statutory retention periods (e.g. commercial and tax law).

3.3 Advisory-, Coaching Services

In the context of our services for digital health startups, health tech companies, investors and SMEs in healthcare, we may process:

  • contact and identification data of founders, executives, employees and stakeholders,

  • organizational data (company, position, responsibilities),

  • meeting notes, strategic project information, planning data,

  • limited personal data relating to professional roles (not health records).

We do not request or systematically process patient data or special categories of health data for our own purposes. If exceptionally necessary in a project context, this is done only:

  • with a clear legal basis,

  • under strict confidentiality,

  • on anonymized or pseudonymized datasets.

Purpose: planning and delivering our consulting, coaching and governance services.
Legal basis: Art. 6(1)(b) GDPR (contract), Art. 6(1)(f) GDPR (legitimate interest in high-quality B2B services and documentation), and where applicable Art. 6(1)(c) GDPR (legal obligations).

3.4 Board, Supervisory Board & Advisory Roles

For board or advisory mandates, we may process:

  • personal master data (name, contact details),

  • CV and professional background information,

  • contractual and compliance-related information as required by law or corporate governance rules.

Purpose: initiation and performance of board mandates, compliance with legal duties.
Legal bases: Art. 6(1)(b), Art. 6(1)(c) GDPR (e.g. company law, documentation), and Art. 6(1)(f) GDPR (legitimate interest in proper governance).

3.5 Online Meetings & Digital Tools

We may use common video conferencing or collaboration tools (e.g. Microsoft Teams, Zoom, Google Meet, or similar). In this context we process:

  • meeting invitations and metadata,

  • display names, email addresses,

  • audio/video data where applicable.

Purpose: conducting online advisory, coaching sessions and board-related meetings.
Legal basis: Art. 6(1)(b) GDPR (contract), Art. 6(1)(f) GDPR (efficient remote collaboration).

The specific providers act as processors or independent controllers according to their own privacy policies; where required we conclude Data Processing Agreements (Art. 28 GDPR).

3.6 Newsletter / Updates (if implemented)

If we offer a newsletter or email updates and you subscribe:

  • we process your email address and possibly your name,

  • and store your opt-in (time, IP, consent text).

Purpose: sending information on digital health strategy, events and services.
Legal basis: Art. 6(1)(a) GDPR (consent).
You may withdraw your consent at any time with effect for the future.

3.7 Analytics & Cookies

We may use cookies and similar technologies.

  • Essential cookies: required for website operation (session management, security).

    • Legal basis: Art. 6(1)(f) GDPR.

  • Non-essential / analytics / marketing cookies: e.g. web analytics tools, LinkedIn Insight Tag or similar.

    • Legal basis: Art. 6(1)(a) GDPR (your consent via cookie banner).

You can manage your preferences via the cookie banner (if in use) or via your browser settings. Non-essential tools are only activated after your explicit consent.

Details on specific tools (e.g. provider, function, storage period, third country transfer) should be listed in a separate section once you decide which tools you actually use.

3.8 Social Media & LinkedIn

We maintain professional profiles/pages, particularly on LinkedIn, to communicate with the digital health community and potential clients.

When visiting those platforms, the respective provider’s privacy policy applies. Depending on the platform, we and the provider may be joint controllers (e.g. for page insights). We process:

  • interaction data (likes, comments, messages),

  • profile information visible to us.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in professional visibility & communication).

We recommend you check your privacy settings directly on the platforms.

4. Recipients of Data

We only share personal data with third parties if:

  • necessary for the performance of a contract (e.g. invoicing, collaboration partners),

  • we use service providers (hosting, email, IT support, video conference, CRM, analytics) who process data on our behalf under Art. 28 GDPR,

  • required by law or public authorities, or

  • you have given consent.

All processors are carefully selected and contractually bound to act according to GDPR.

5. Third Country Transfers

If service providers or platforms outside the EU/EEA (e.g. some cloud, collaboration or video tools, LinkedIn, etc.) are used, data may be transferred to third countries.

In such cases, we ensure appropriate safeguards in accordance with Art. 44 et seq. GDPR, such as:

  • adequacy decisions by the European Commission, and/or

  • EU Standard Contractual Clauses plus additional safeguards where necessary.

You may request further information about these safeguards using the contact details above.

6. Storage Period

We store personal data only for as long as necessary to fulfill the respective purpose or as required by statutory retention obligations.

Criteria:

  • inquiries: as long as needed for processing plus standard limitation periods,

  • contractual data: according to commercial and tax law (usually 6–10 years),

  • log files: typically a few weeks/months unless needed for security evidence,

  • consents: stored for the duration of use plus limitation periods,

  • newsletters: until you withdraw your consent.

After expiry of these periods, data is deleted or anonymized.

7. Your Rights as Data Subject

You have the following rights under the GDPR (subject to conditions under applicable law):

  • Right of access (Art. 15 GDPR): information about your stored data.

  • Right to rectification (Art. 16 GDPR): correction of inaccurate data.

  • Right to erasure (Art. 17 GDPR): deletion of your data, where legally permitted.

  • Right to restriction of processing (Art. 18 GDPR).

  • Right to data portability (Art. 20 GDPR).

  • Right to object (Art. 21 GDPR): in particular against processing based on Art. 6(1)(f) GDPR.

  • Right to withdraw consent (Art. 7(3) GDPR): with effect for the future.

To exercise your rights, please contact us via the contact details above.

You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement. In Germany, this may be your regional Data Protection Authority.

8. Obligation to Provide Data

In the context of our contractual relationships, you may need to provide certain personal data which is necessary for the preparation, conclusion or performance of the mandate or cooperation. Without such data, we may not be able to enter into or execute the contract.

There is no legal obligation to provide data when simply visiting the website; however, certain functions may require specific data (e.g. contact form).

9. Data Security

We take appropriate technical and organizational measures in accordance with Art. 32 GDPR to protect personal data against loss, misuse, unauthorized access, disclosure, alteration or destruction, considering the state of the art, implementation costs and the nature, scope, context and purposes of processing.

10. No Automated Decision-Making

We do not use your data for automated decision-making or profiling within the meaning of Art. 22 GDPR.

11. Professional Confidentiality

We treat all information relating to your business, projects, strategies and stakeholders with strict confidentiality. Contractual confidentiality obligations and governance standards applicable to advisory and board roles remain unaffected and may go beyond this Privacy Policy.

12. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical or business developments. The current version is always available on our website.[Full Name /

Contact

Dr. Klaus Nitschke

© 2025. All rights reserved.

Imprint

Privacy Policy