CoachHub Compliance Center

The GDPR as our Joint Opportunity

Taking the strict German privacy and data protection laws to the next level, since May 2018 the General Data Protection Regulation (GDPR) revolutionizes and unifies European Union (EU) and European Economic Area (EEA) data protection laws. Further, as the forerunner and gold standard in data protection, the GDPR inspires data protection laws across the globe, such as the California Consumer Privacy Act, due to its successful ideas.

What’s different under the GDPR?

Important changes due to the GDPR include more rights for EU individuals, extensive data breach notification duties, strict security requirements, cross-border data protection, extensive accountability, and easier enforcement. The GDPR allows for a fine of up to 4% of the global corporate group turnover. Consistent application matters: The European Court of Justice and the entire chapter 7 ensure the GDPR is applied cooperatively and consistently across the EEA. And the GDPR supports the common data market, allowing for easier flows of personal data within the EEA and with third countries with comparable data protection standards. Measures such as Binding Corporate Rules, Privacy Shield certifications, and data protection model clauses secure processing of personal data in third countries with lower data protection standards. Please refer to our banking industry standard data processing addendum for details.

Security is CoachHub Corporate Culture

At CoachHub, we care about security as a matter of corporate culture: We use technical and organizational measures at online banking level, PCI DSS Level 1, ISO 9001, and ISO 27001 certified data centers. We use multi-factor authentication, password managers, and other good security practices, because without security there is no privacy or confidentiality. For details, please refer to our materials below or contact us. Please be aware that for legal and security reasons, detailed documentation on technical and organizational measures of CoachHub and its partners is only be available under a non-disclosure agreement.

CoachHub: Data Protection Designed in Germany

We design our software and related compliance and data protection measures in Germany so you enjoy our digital coaching experience and leave the rest to us: As your number one digital coaching platform, CoachHub provides highly confidential digital coachings that effortlessly scale across global corporate groups. You can opt to receive GDPR-compliant fully anonymous statistics on coaching success. You transparently control your data. We take consent seriously: You’re free to share what you want. And we don’t stop at GDPR compliance: We aim to go further and implement important privacy and confidentiality features even if they’re not legally required. We’re happy to comply with the GDPR even where it doesn’t apply to you. Further, we gladly assist our clients in complying with applicable foreign and international law.

“At CoachHub, we are enthusiastic about and committed to your compliance as well as ours. We deeply care about strict confidentiality and full compliance with applicable privacy and data protection laws, in particular the GDPR.”
General Counsel | Data Privacy

Dennis Jansen, LL.M.

CoachHub Compliance

Presentations and more

Please contact us for details on CoachHub’s Corporate Compliance and TOMs.

Frequently Asked



DataCo GmbH
Dachauer Str. 65
80335 München

Yes, CoachHub meets the requirements of the GDPR: We’re data protection compliant as an organisation and as a platform according to DSGVO. We have been and continue to be regularly audited by DataGuard. We’ve may use the DataGuard Seal.

Yes, we use state-of-the-art SSL encryption in combination with an Extended Validation SSL Certificate.

No. The specification of a profile picture is not mandatory. We would like to point out that, even if it was, non-personal pictures would be possible.

An SSO implementation is a very high priority on our roadmap. It is expected that Active Directory (ADFS) will also be supported.

The service agreement is the combination of our offer and our Platform conditions:

Only the main establishment in Berlin processes personal data for the platform and web site. Other establishments may process personal data for sales purposes.

A list of contractors with further information on processing can be found in our data protection declaration:
Insofar as the data is processed in GDPR third countries, we ensure the level of data protection through various measures in accordance with chapter V GDPR.

Yes. We use cloud service providers such as Amazon AWS, which are safe, ISO-certified and regularly audited.

Our view on acting as controller in light of recent case law: Generally, as the customer, you act as controller and we act as processor. You also act as controller and we act as processor for the anonymisation for your purposes, for example for anonymous statistics about CoachHub in your company we create on your behalf. Once anonymization is complete, data is no longer personal and the GDPR no longer applies to it.

Data processing operations in third countries, as far as they occur, are GDPR-compliant. We have generally selected EU located/GDPR-compliant servers. We have concluded a DPA. In the event that an international data transfer is not covered e. g. by Privacy Shield,  the DPA provides for a subsidiary relapse to binding corporate rules and standard contractual clauses pursuant to Art. 46 GDPR. We constantly monitor current case law and adapt our processing procedures accordingly.

This website uses cookies - esp. from Facebook, Google, Microsoft, and HubSpot to improve your experience, for tracking, analysis, and marketing.

See details