top of page


Privacy policy for users of the evoach web application

In the following, we inform you about the type, scope and purpose of the processing of your personal data when using the evoach web application (hereinafter referred to as "app"). Personal data is any information relating to an identified or identifiable natural person.

§ 1 - Controller

The controller ("Controller") within the meaning of the EU General Data Protection Regulation (GDPR) is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data. The controller within the meaning of the GDPR for the personal data we process is:

evoach GmbH

Haid-und-Neu-Strasse 7

76131 Karlsruhe

Phone +49 (0) 171 2918067


(hereinafter referred to as "evoach").

§ 2 - Internal Data Protection Officer, Data Protection Authority

(1) evoach has appointed Ms. Anke Paulick as its internal data protection officer.

(2) The data protection authority locally responsible for evoach is

The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg

P.O. Box 10 29 32, 70025 Stuttgart

Königstraße 10a, 70173 Stuttgart

Tel.: 0711/61 55 41 - 0

Fax: 0711/61 55 41 - 15



§ 3 - Registration and use of the app

(1) Employees of companies can register as coachees for the use of the evoach web application (hereinafter "webapp").

(2) Employees who use the webapp are hereinafter referred to as "Coachees". As coachees, you can only use the webapp after registering. To register, you are required to provide the following personal information in the app: First name, last name and email address. You cannot not register the webapp without providing this information.

(3) Coachees can additionally provide personal data as part of the onboarding process after registration for a better user experience, such as preferred language, desired coaching topics, etc. which will be stored in the user profile.

(4) Coachees go through the actual coaching process in protected chat rooms accessible only to them. The chat protocols are only available to the user and are accessible via the user profile.

(5) Registration data, user profile and chat logs will be kept for three months after the expiration of the user license and then deleted.

§ 4 - Anonymized data use

(1) During the contractual relationship, evoach will collect the following information for the use of the webapp:

(a) First and last names of all coachees who have registered to use the webapp,

(b) Anonymized data on the frequency of use of the various coaching modules.

(c) Anonymized ratings of the webapp by the coachees in the form of 5-Star Rating and Net Promotor Score.

(2) With the anonymous input "situation description" we learn to identify different coaching concerns using intent recognition.


§ 5 - Contact by e-mail

(1) If you contact evoach by e-mail, your message will be processed together with your contact details (your name, e-mail address and any other information).

(2) This data processing is based on evoach's legitimate interest in processing your request and any follow-up messages (Article 6(1)(f) GDPR).

(3) Data transfer between mail servers is encrypted as long as your email provider supports encryption.

§ 6 - Processors and recipients of personal data

(1) Processor according to Article 28 GDPR.

(a) In order to receive, store and send e-mails, evoach uses services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

(b) For the processing of personal customer data, evoach uses software services from Encharge, Mailchimp and Pipedrive. In doing so, personal data may be transferred to the USA, a third country for which no adequacy decision has been issued by the Commission of the European Union. The data transfer therefore takes place in accordance with Article 46 par. 2 GDPR on the basis of the EU standard contractual clauses.

§ 7 - Your rights

(1) With respect to your personal data that evoach processes, you have the following rights:

(a) To obtain confirmation as to whether evoach is processing the personal data concerning you. If yes, evoach will inform you about the personal data stored about you and the further information pursuant to Article 15 para. 1. 1 and 2 GDPR.

(b) To have your inaccurate personal data rectified or incomplete data completed without undue delay.

(c) To request the erasure of your personal data under the conditions of Article 17 para. 1 GDPR without undue delay, to the extent that its processing is not required under Article 17 para. 1 GDPR.

(d) To request the restriction of the processing of your data if one of the requirements of Article 18(1) GDPR is met. In particular, you may request restriction instead of erasure. evoach will communicate any rectification or erasure of your personal data to all recipients to whom your personal data has been disclosed, unless this proves impossible or disproportionately burdensome.

(e) To preserve the personal data you provide to evoach in a structured, commonly used and machine-readable format.

(f) Insofar as data processing is based on consent given by you, to revoke your consent at any time. The revocation of consent does not affect the lawfulness of data processing based on consent prior to its revocation.

(g) To object to the processing of your personal data at any time; this right applies to processing pursuant to Article 6 (1) f DPRG that is necessary for the purposes of the legitimate interests pursued by evoach or a third party, unless such processing is overridden by your interests or the fundamental rights and freedoms of the data subject which require the protection of personal data. If you exercise your right to object, evoach will no longer process the personal data concerned unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims. This applies in particular to the use of your personal data for marketing purposes, with the consequence that evoach will no longer process your data for these purposes.

(2) If you believe that the processing of your personal data violates the GDPR, you may lodge a complaint with a supervisory authority, in particular in the Member State where you have your habitual residence, your place of work or the place of the alleged infringement. This does not preclude other administrative or judici.

bottom of page