Executive Inner Work
EN DE

EXECUTIVE INNER WORK

Privacy Policy

Last updated: May 11, 2026

Thank you for your interest in VERTICAL Development. Protecting personal data is important to us. In this Privacy Policy, we explain which data we process when you visit our website, contact us, book appointments, subscribe to our newsletter, or interact with our services.

1. Controller

The controller responsible for data processing on this website is:

VERTICAL Development GmbH
Schinkestr. 9
12047 Berlin
Germany

Email: hello@vertical-development.de

Managing Director: Achim Feige

2. General Information on Processing

We process personal data only where there is a legal basis for doing so. Depending on the situation, we process data in particular on the basis of:

Art. 6(1)(a) GDPR, where you give us consent, for example for analytics services or the newsletter.
Art. 6(1)(b) GDPR, where processing is necessary for pre-contractual steps or the performance of a contract, for example for inquiries, briefings, or programs.
Art. 6(1)(c) GDPR, where we are legally required to process data, for example to comply with documentation, accounting, or retention obligations.
Art. 6(1)(f) GDPR, where we have a legitimate interest, for example in operating a secure, stable, and user-friendly website.

Where we use cookies, similar technologies, or access information on your device, we also comply with Section 25 of the German Telecommunications Digital Services Data Protection Act (TDDDG). We use non-essential technologies only with your consent.

3. Website Access and Hosting

Our website is hosted by united-domains GmbH, Gautinger Strasse 10, 82319 Starnberg, Germany. When you access the website, technically necessary data is processed so that the website can be displayed and operated securely. This may include in particular:

IP address in shortened or anonymized form
date and time of access
URL or file accessed
amount of data transferred
referrer URL
browser, operating system, and device type
HTTP status codes and technical error data

This processing is necessary to deliver the website, detect attacks, resolve technical issues, and ensure website stability. The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest is the secure and reliable operation of the website.

According to the general privacy information provided by united-domains, log files and temporary storage data, where generated, are often stored between a few days and a maximum of 60 to 90 days, depending on the specific security or operational requirement. Where we process log data ourselves, we delete or anonymize it as soon as it is no longer required for the purposes stated above.

4. Cookies and Consent Management with Usercentrics

We use Usercentrics as a consent management platform to obtain, document, and manage consent for optional services. The provider is Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany.

In this context, the following data may be processed in particular:

consent and rejection decision
consent ID
time of consent or rejection
version of the consent interface
language and technical device information
referrer URL, user agent, and IP address

The processing serves to store your decision and to meet our documentation obligations under Art. 7(1) GDPR. The legal basis is Art. 6(1)(c) GDPR. According to Usercentrics, the data is stored for 1 year.

You can change or withdraw your consent at any time with effect for the future by reopening the cookie or privacy settings on the website.

5. Google Analytics, Google Tag, and Google Site Kit

We use Google Analytics 4, integrated via Google Tag and Google Site Kit, to understand how our website is used and to improve our content. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company is Google LLC, USA.

Google Analytics may process the following information in particular:

page views and interactions
approximate geographic information
browser, operating system, screen resolution, and device type
referrer URL
technical identifiers and cookie IDs, if you have given consent

According to Google, Google Analytics 4 does not store individual IP addresses. IP addresses are used to derive rough location data and are then discarded.

We use Google Consent Mode. For visitors from the EU or EEA, analytics and marketing storage are disabled by default until the relevant consent has been given. Without consent, technical consent signals may be transmitted to Google, but without analytics cookies.

The legal basis for Google Analytics is your consent under Art. 6(1)(a) GDPR and Section 25(1) TDDDG. You can withdraw your consent at any time via the consent settings.

Where personal data is transferred to the United States, Google relies, where applicable, on the EU-U.S. Data Privacy Framework or on standard contractual clauses.

6. Google Fonts

Our website currently loads fonts via the Google Fonts API, for example DM Sans, Montserrat, Roboto, and Roboto Slab. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When the fonts are loaded, your browser contacts Google servers. This may transmit your IP address, the page accessed, browser and device information, and technical HTTP headers to Google. According to Google, the Google Fonts API does not set cookies and does not log cookies.

The integration serves to provide a consistent, performant, and brand-compliant presentation of the website. The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest is a consistent and technically stable presentation of our website.

Note: From a data protection perspective, local hosting of fonts is often preferable. If the fonts are hosted locally, no request to Google Fonts is made when the fonts are loaded.

7. YouTube Videos

We embed YouTube videos on individual pages or link to our YouTube channel. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

If you play an embedded YouTube video or click a YouTube link, data may be transmitted to Google or YouTube. This may include your IP address, technical device information, the page visited, usage data, and, where applicable, cookie information. If you are logged into YouTube or Google, Google may associate the use with your account.

Embedded videos are played only when you use the relevant function or provide the required consent. The legal basis is Art. 6(1)(a) GDPR and Section 25(1) TDDDG.

8. Appointment Booking via Calendly

We link to Calendly for appointment and briefing bookings. The provider is Calendly LLC, USA.

If you book an appointment via Calendly, the data you enter is processed. This may include in particular:

name
email address
selected appointment time
time zone
answers to form questions
technical data such as IP address, browser, and device data

We use this data to schedule, prepare, and conduct the appointment. The legal basis is Art. 6(1)(b) GDPR, where the processing relates to pre-contractual or contractual communication. Where Calendly uses optional cookies or analytics functions, Calendly’s own consent and privacy notices apply.

For transfers of data to the United States, Calendly states that it uses appropriate data protection safeguards, in particular data processing agreements, subprocessor lists, and, where applicable, standard contractual clauses or applicable adequacy mechanisms.

9. Newsletter and Forms via Pipedrive

On our website, we link to a Pipedrive web form for signing up to the Sunday Brief or newsletter. The provider is Pipedrive OÜ or the Pipedrive group of companies.

According to the publicly available form configuration, the current form collects your email address as a required field. By clicking “Subscribe”, you consent to our processing of your email address in order to send you the newsletter.

The legal basis is your consent under Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future, for example via an unsubscribe link in the newsletter or by emailing hello@vertical-development.de.

Pipedrive processes the data as a service provider for lead and contact management. Technical data such as IP address, browser information, timestamps, and security data may also be processed. Pipedrive may use technical services such as content delivery networks and security mechanisms to provide the form.

10. Contact by Email or Phone

If you contact us by email, phone, or through an external booking link, we process the data you provide in order to respond to your inquiry. This may include your name, contact details, company, role, content of the inquiry, and communication history.

The legal basis is Art. 6(1)(b) GDPR if the inquiry relates to a contract or pre-contractual steps. In all other cases, the legal basis is Art. 6(1)(f) GDPR. Our legitimate interest is the handling and documentation of your inquiry.

We delete inquiries once they are no longer required, unless statutory retention obligations or legitimate interests justify longer storage.

11. Programs, Diagnostics, and Customer Data

If you or your company work with VERTICAL, we process data required for the preparation, delivery, evaluation, and follow-up of our programs. This may include in particular:

contact details and professional information
information about roles, teams, and organizations
communication and scheduling data
information provided in workshops, coaching sessions, diagnostics, or feedback processes
evaluation results, progress data, and program-specific documentation

Where special categories of personal data, biometric data, or health-related data are processed as part of individual programs, this is done only on the basis of separate information and, where required, explicit consent under Art. 9(2)(a) GDPR or another applicable legal basis.

If AI-supported dashboards, external diagnostics tools, or additional platforms are used, we inform the affected persons in advance about providers, data categories, purposes, retention periods, and legal bases.

12. External Links and Social Media

Our website contains links to external services, for example LinkedIn, YouTube, and Calendly. If you click an external link, you leave our website. The respective provider is generally responsible for any subsequent processing of personal data.

We currently do not embed social media plugins that transmit data to social networks as soon as our website loads. Data is generally transferred to external platforms only when you click the relevant link or actively use embedded content.

13. Recipients and Processors

We share personal data only where this is necessary for the purposes stated, where a legal basis exists, or where we are legally required to do so. Recipients may include in particular:

hosting and IT service providers
consent management providers
analytics and tagging service providers
appointment booking and CRM providers
communication and email service providers
tax advisors, legal advisors, and authorities, where required

Where service providers process personal data on our behalf, we conclude data processing agreements under Art. 28 GDPR where required.

14. Third-Country Transfers

Some of the services we use are based outside the EU or EEA or may transfer data there, in particular to the United States. Where personal data is transferred to third countries, we ensure appropriate safeguards under Art. 44 et seq. GDPR. These include, in particular, adequacy decisions by the European Commission, the EU-U.S. Data Privacy Framework for certified companies, or the European Commission’s standard contractual clauses.

Despite these safeguards, it cannot be ruled out that authorities in third countries may access data under local law. We take this risk into account when selecting and configuring our service providers.

15. Retention Periods

We store personal data only for as long as necessary for the respective purposes or where statutory retention obligations apply. After that, the data is deleted or anonymized.

Typical retention periods are:

consent data: according to Usercentrics, 1 year
server log data: according to united-domains, often between a few days and a maximum of 60 to 90 days, depending on the specific security or operational requirement
contact inquiries: until final processing and beyond where retention obligations or legitimate interests apply
newsletter data: until you withdraw your consent or unsubscribe
contract and accounting documents: according to statutory retention periods, usually 6 to 10 years
program data: for the duration of the collaboration and thereafter only where required for documentation, billing, quality assurance, or legal obligations

16. Your Rights

Subject to the requirements of the GDPR, you have the following rights:

right of access under Art. 15 GDPR
right to rectification under Art. 16 GDPR
right to erasure under Art. 17 GDPR
right to restriction of processing under Art. 18 GDPR
right to data portability under Art. 20 GDPR
right to object to processing based on Art. 6(1)(e) or (f) GDPR under Art. 21 GDPR
right to withdraw consent under Art. 7(3) GDPR
right to lodge a complaint with a data protection supervisory authority under Art. 77 GDPR

The supervisory authority generally responsible for VERTICAL is:

Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59-61
10555 Berlin
Germany
Email: mailbox@datenschutz-berlin.de
Website: https://www.datenschutz-berlin.de/

If you would like to exercise your rights, you can contact us at any time at hello@vertical-development.de.

17. Right to Object under Art. 21 GDPR

Where we process personal data on the basis of Art. 6(1)(f) GDPR, you have the right to object to this processing at any time on grounds relating to your particular situation.

If you object, we will no longer process the personal data concerned unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless the processing serves the establishment, exercise, or defense of legal claims.