Privacy Policy
Last updated: 22.06.2026
This Privacy Policy explains how LINO Consulting & Research GmbH processes personal data when you use our website, contact us, use our services, participate in consulting, market research or training activities, use our app Certive.io, or interact with our publications.
1. Controller
The controller responsible for processing personal data is:
LINO Consulting & Research GmbH
Represented by: Jean Michael Urday García
Cosimastraße 121
81925 Munich
Germany
Email: office@lino-consulting-research.com
Telephone: +49 89 200 000 410
Commercial Register: Local Court of Munich, HRB 299783
VAT ID: DE453682686
No data protection officer has been appointed. You may contact us at the email address above for all privacy-related matters.
2. Scope of this Privacy Policy
This Privacy Policy applies to:
our website at lino-consulting-research.com;
contact by email or contact form;
consulting, market research and executive training services;
job applications sent to us;
our app Certive.io;
interactions connected with books or publications, where we process data ourselves.
This Privacy Policy does not apply to third-party platforms that process data under their own responsibility, such as Google Play, Amazon KDP, Tolino Media, LinkedIn, Instagram, YouTube or other external platforms.
3. General principles
We process personal data only where this is necessary, legally permitted and proportionate. We do not sell personal data. We do not knowingly process children’s data. Our services are primarily directed at business customers and professional users. Where we use service providers, we select them with appropriate care and use contractual safeguards where required.
4. Website hosting and server logs
Our website is hosted by Hostinger. When you access the website, technical data may be processed automatically, including:
IP address;
date and time of access;
requested pages and files;
browser type and version;
operating system;
referrer URL;
device and connection data;
error and security logs.
We process this data to provide the website, maintain security, prevent abuse and ensure technical stability.
Legal basis: Art. 6(1)(f) GDPR, our legitimate interest in secure and functional website operation. Where access to information on your device is technically necessary, processing is based on Section 25(2) TDDDG.
Retention: Server logs are stored only as long as necessary for security and operational purposes, usually for a short technical period, unless longer storage is required to investigate abuse, attacks or legal claims.
5. Contact by email or contact form
If you contact us by email or through our contact page, we process the data you provide, such as:
name;
email address;
telephone number;
company or organization;
role or function;
message content;
metadata of the communication.
We use this data to respond to your enquiry, prepare offers, communicate with you and document business communication.
Legal basis: Art. 6(1)(b) GDPR if your enquiry relates to a contract or pre-contractual steps; otherwise Art. 6(1)(f) GDPR, our legitimate interest in business communication.
Retention: Enquiries are deleted when no longer required, unless they become part of a contractual, tax, accounting or legal record.
6. Consulting, research and training services
For consulting, market research and executive training, we may process regular business contact and project data, including:
name, business email, telephone number;
company, department, role and professional contact details;
contract, offer and billing data;
communication and project documentation;
training participation data;
survey and interview responses;
workshop inputs and feedback;
client business information;
employee-related information provided by client companies.
We process this data to provide our services, manage projects, communicate with clients, prepare deliverables, conduct research, document results and fulfil contractual and legal obligations.
Legal basis: Art. 6(1)(b) GDPR for contracts and pre-contractual steps; Art. 6(1)(c) GDPR for legal obligations; Art. 6(1)(f) GDPR for legitimate business interests, documentation, quality assurance and defence of legal claims.
Where we process personal data on behalf of a client, the client is usually the controller and we act as processor or sub-processor. In such cases, processing is governed by a separate data processing agreement where required.
7. Market research
In market research projects, data may be processed in identifiable, pseudonymized or anonymized form, depending on the project design. We may process:
participant contact data;
survey answers;
interview notes;
audio or video recordings;
transcripts;
demographic or professional background information;
consent records;
research results and analysis.
Where possible and appropriate, we anonymize or aggregate research results. Anonymized data is not personal data and may be used for research, analysis, internal improvement and reporting.
Legal basis: Art. 6(1)(a) GDPR where participation is based on consent; Art. 6(1)(b) GDPR where participation is contract-based; Art. 6(1)(f) GDPR for legitimate interests in professional market research and project documentation.
We do not intentionally collect special categories of personal data unless this is necessary for the specific project and legally permitted. If special categories of data are processed, this will be based on explicit consent or another applicable legal basis under Art. 9 GDPR.
8. Recordings, transcripts and productivity tools
We may record meetings, interviews, workshops or training sessions only where this is announced or agreed. Recordings may be used to prepare transcripts, summaries, reports, training material or project documentation. We may use professional productivity, cloud, transcription and AI-supported tools to support our work. These tools may process data on our behalf or under their own terms, depending on the service and use case.
Important: We do not use confidential client data in public prompts, public training material or public case studies unless expressly agreed.
Legal basis: Art. 6(1)(a) GDPR where consent is required; Art. 6(1)(b) GDPR for contractual performance; Art. 6(1)(f) GDPR for documentation, quality assurance and efficient service delivery.
Retention: Recordings and transcripts are deleted or anonymized as soon as they are no longer necessary for the project, unless retention is required for contractual documentation, legal defence or statutory obligations.
9. App: Certive.io
We operate the app Certive.io through Google Play under the developer account of LINO Consulting & Research GmbH. The app may be used with an optional account. Depending on your use of the app, we may process:
name and email address;
login/account data;
device identifiers;
app usage data;
training progress;
quiz results;
certificate or completion data;
subscription status;
crash and diagnostic data;
push notification tokens;
advertising identifiers, where applicable.
The app may use Google services for analytics, crash/diagnostic information, subscriptions, advertising and Google Play distribution.
We use this data to provide the app, manage accounts, enable training functions, store progress, process subscriptions, send notifications, improve the app, prevent fraud and ensure technical security.
Legal basis: Art. 6(1)(b) GDPR for app use, accounts and subscriptions; Art. 6(1)(a) GDPR for optional analytics, advertising, push notifications or consent-based processing; Art. 6(1)(f) GDPR for security, diagnostics, fraud prevention and service improvement; Art. 6(1)(c) GDPR for legal obligations.
The app is not directed at children and does not knowingly collect children’s data.
Users may request deletion of their account and associated data. Data that must be retained for legal, billing, fraud prevention or security reasons may be retained only for the required period.
10. Cookies, analytics and marketing technologies
Our website uses cookies and similar technologies. Some are technically necessary. Others are used for analytics, marketing, embedded content or advertising. We may use:
technically necessary cookies;
Hostinger analytics or website statistics;
Google Analytics;
Google advertising or marketing technologies;
LinkedIn marketing or insight technologies;
embedded YouTube content;
embedded Instagram content;
Google Maps;
embedded LinkedIn posts or content.
Non-essential cookies, analytics and marketing technologies must only be activated after consent. You may withdraw consent at any time through the cookie settings on the website.
Legal basis: Art. 6(1)(a) GDPR and Section 25(1) TDDDG for analytics, marketing and non-essential cookies; Art. 6(1)(f) GDPR and Section 25(2) TDDDG for technically necessary cookies.
If third-party content is embedded, the provider may receive technical data, such as your IP address and device information. Some providers may process data outside the EU/EEA.
11. Job applications
If you apply for a position by email, we process the data you send, including:
name and contact details;
CV and application documents;
qualifications and professional background;
communication data;
any additional information you provide.
We process this data only for recruitment and application handling.
Legal basis: Section 26 BDSG and Art. 6(1)(b) GDPR for employment-related decision-making; Art. 6(1)(f) GDPR for legal defence; Art. 6(1)(a) GDPR if we ask to keep your application for future openings.
Retention: Rejected applications are deleted after the legally necessary period for potential claims, unless you consent to longer retention.
12. Books and publications
We publish books through platforms such as Amazon KDP and Tolino Media. If you buy books through these platforms, the platform operator processes purchase and customer data under its own responsibility.
We do not receive personal customer data from these platforms unless you contact us directly.
If you contact us about a book or publication, we process your message and contact details to respond to you.
13. Recipients of personal data
We may share personal data with the following categories of recipients where necessary:
hosting and IT service providers;
cloud and productivity service providers;
analytics and marketing technology providers;
app store, billing, analytics, crash reporting and advertising service providers;
payment and banking providers where applicable;
tax advisers, accountants and legal advisers;
subcontractors or project partners where contractually required;
public authorities where legally required.
We disclose personal data only where this is legally permitted, contractually necessary or required by law.
14. International data transfers
Some service providers or platform operators may process data outside the EU/EEA. Where this occurs, we rely on appropriate transfer mechanisms, such as:
an adequacy decision of the European Commission;
EU Standard Contractual Clauses;
contractual, technical and organizational safeguards;
consent, where required.
15. Retention periods
We retain personal data only as long as necessary for the relevant purpose. Typical retention periods are:
website logs: short technical period, unless needed for security incidents;
contact enquiries: until the enquiry is completed, unless legally relevant;
contract and project data: for the duration of the project and thereafter as required for legal claims or statutory retention;
accounting, invoice and tax data: according to German statutory retention periods;
research recordings and raw data: only as long as necessary for analysis, validation and legal documentation;
app account data: until account deletion, unless statutory or security-related retention applies;
application data: only for the legally necessary period after completion of the application process, unless longer retention is agreed.
16. Your rights
Subject to legal requirements, you have the following rights:
right of access;
right to rectification;
right to erasure;
right to restriction of processing;
right to data portability;
right to object;
right to withdraw consent at any time with future effect;
right not to be subject to automated decision-making where legally applicable;
right to lodge a complaint with a supervisory authority.
The competent supervisory authority for private companies in Bavaria is generally:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
Website: lda.bayern.de
17. No automated individual decision-making
We do not use automated individual decision-making within the meaning of Art. 22 GDPR.
18. Security
We use appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse or alteration. However, no internet-based service can be guaranteed to be completely secure.
19. Changes to this Privacy Policy
We may update this Privacy Policy when our services, tools, legal obligations or processing activities change. The current version is published on our website.
We turn market complexity into executive decisions
Get in Touch
© 2026. All rights reserved.