PRIVACY POLICY

Last updated February 21, 2024



This privacy notice for Tessa Joy Garrelts ("we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:
  • Engage with us in other related ways, including any sales, marketing, or events
Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at hallo@joyful-transformation.de.


SUMMARY OF KEY POINTS

This summary provides key points from our privacy notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.

Do we process any sensitive personal information? We do not process sensitive personal information.

Do we receive any information from third parties? We do not receive any information from third parties.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information.

In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties. Learn more about when and with whom we share your personal information.

How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Learn more about how we keep your information safe.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.

How do you exercise your rights? The easiest way to exercise your rights is by submitting a data subject access request, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.

Want to learn more about what we do with any information we collect? Review the privacy notice in full.


TABLE OF CONTENTS



1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:
  • names
  • email addresses
  • mailing addresses
  • contact preferences
  • debit/credit card numbers
  • billing addresses
Sensitive Information. We do not process sensitive information.

Payment Data. We may collect data necessary to process your payment if you make purchases, such as your payment instrument number, and the security code associated with your payment instrument. All payment data is stored by Zoho - TrainerCentral. You may find their privacy notice link(s) here: https://www.zoho.com/privacy.html.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
  • To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.
  • To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
  • To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.

  • To send you marketing and promotional communications. We may process the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You can opt out of our marketing emails at any time. For more information, see "WHAT ARE YOUR PRIVACY RIGHTS?" below.
  • To save or protect an individual's vital interest. We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:
  • Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. Learn more about withdrawing your consent.
  • Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
  • Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:
  • Send users information about special offers and discounts on our products and services
  • Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
  • Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

If you are located in Canada, this section applies to you.

We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.

In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:
  • If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way
  • For investigations and fraud detection and prevention
  • For business transactions provided certain conditions are met
  • If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim
  • For identifying injured, ill, or deceased persons and communicating with next of kin
  • If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse
  • If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province
  • If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records
  • If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced
  • If the collection is solely for journalistic, artistic, or literary purposes
  • If the information is publicly available and is specified by the regulations

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share information in specific situations described in this section and/or with the following third parties.

We may need to share your personal information in the following situations:
  • Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.

6. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

7. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

8. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at hallo@joyful-transformation.de.

9. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: In some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time.

In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" below.

We will consider and act upon any request in accordance with applicable data protection laws.
 
If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" below.

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, or by contacting us using the details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" below. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.

Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services.

If you have questions or comments about your privacy rights, you may email us at hallo@joyful-transformation.de.

10. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

11. USE OF CUSTOMER DATA FOR CONTACTING & DIRECT MARKETING PURPOSES

1. Calendly For the provision of an online appointment booking function, we use the services of the following provider: Calendly, LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA. For the purpose of scheduling an appointment, first and last name as well as e-mail address (and telephone number, if a telephone appointment is desired) are collected in accordance with Art. 6 Para. 1 lit. b GDPR and transmitted to the provider in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in effective customer management and efficient appointment management and stored there for the appointment organization. After the appointment has been held or after the agreed appointment period has expired, your data will be deleted by the provider. We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties. For the transfer of data to the USA, the provider invokes standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection. 2. Registration for our e-mail newsletter If you register for our e-mail newsletter, we will send you regular information about our offers. The only mandatory data for sending the newsletter is your e-mail address. The provision of further data is voluntary and will be used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you will only receive newsletters if you have expressly confirmed your consent to receive the newsletter by activating a verification link sent to the specified e-mail address. By activating the verification link, you give us your consent to use your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. In doing so, we store your IP address entered by the Internet service provider (ISP) as well as the date and time of registration in order to be able to track any possible misuse of your e-mail address at a later date. The data we collect when you register for the newsletter is used strictly for the intended purpose. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the person responsible mentioned at the beginning. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration. 3. ActiveCampaign Our e-mail newsletters are sent via this provider: ActiveCampaign, LLC, 150 N. Michigan Ave Suite 1230, Chicago, IL, US. Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on your data provided during newsletter registration to this provider in accordance with Art. 6 (1) GDPR so that they can take over the newsletter dispatch on our behalf. Subject to your express consent pursuant to Art. 6 (1)a GDPR, the provider also carries out a statistical evaluation of the success of newsletter campaigns by means of web beacons or tracking pixels in the emails sent, which can measure opening rates and specific interactions with the contents of the newsletter. In the process, end device information (e.g. time of call, IP address, browser type and operating system) is also collected and evaluated, but not merged with other data sets. You can revoke your consent to newsletter tracking at any time with effect for the future. We have concluded an order processing agreement with the provider, which protects the data of our site visitors and prohibits the transfer of data to third parties. For the transfer of data to the US, the provider invokes standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

12. PAYMENT SERVICE PROVIDERS

1. Paypal One or more online payment methods of the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. If you select a payment method of the provider where you make an advance payment (such as credit card payment), your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be disclosed to them in accordance with Art. 6 (1) lit. b GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose. When selecting a payment method for which the provider makes advance payments (such as invoice or installment purchase or direct debit), you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, e-mail address, telephone number, if applicable, data on an alternative means of payment) during the ordering process. In order to safeguard our legitimate interest in determining the solvency of our customers, this data is forwarded by us to the provider for the purpose of a credit check in accordance with Art. 6 (1) lit. f GDPR. The provider checks on the basis of the personal data provided by you as well as other data (such as shopping cart, invoice amount, order history, payment experience) whether the payment option selected by you can be granted with regard to payment and/or bad debt risks. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual processing of payments. 2. Stripe On this website, one or more online payment methods of the following provider are available: Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. If you choose a payment method of the provider where you make an advance payment (such as credit card payment), your payment data (including name, address, bank and payment card information, currency and transaction number) and information about the content of your order will be disclosed to the provider in accordance with Art. 6 para. 1 lit. b GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only insofar as it is necessary for this purpose. When selecting a payment method for which the provider makes advance payments (such as invoice or installment purchase or direct debit), you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, e-mail address, telephone number, if applicable, data on an alternative means of payment) during the ordering process. In order to safeguard our legitimate interest in determining the solvency of our customers, this data is forwarded by us to the provider for the purpose of a credit check in accordance with Art. 6 (1) lit. f GDPR. The provider checks on the basis of the personal data provided by you as well as other data (such as shopping cart, invoice amount, order history, payment experience) whether the payment option selected by you can be granted with regard to payment and/or bad debt risks. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary to process payments in accordance with the contract.

13. ONLINE COACHING & WORKSHOPS

Zoom For conducting online meetings, video conferences and/or webinars, we use this provider: Zoom Video Communications Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA. The provider processes different data, and the amount of data processed depends on what data you provide before or during participation in an online meeting, video conference or webinar. Your data as a communication participant is processed and stored on servers of the provider. In particular, this may be your login data (name, e-mail address, telephone number (optional) and password) and session data (topic, participant IP address, device information, description (optional)). In addition, participants’ image and sound contributions as well as voice input in chats may be processed. For the processing of personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 (1) lit. b DSGVO serves as the legal basis. If you have given us consent to process your data, the processing is based on Art. 6 (1) a DSGVO. You can revoke your consent at any time with effect for the future. In addition, the legal basis for data processing when conducting online meetings, video conferences or webinars is our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO in the effective conduct of the online meeting, webinar or video conference. We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties. For the transfer of data to the USA, the provider invokes standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

14. WEBSITE TOOLS

1. Cookie Consent Tool This website uses a so-called “cookie consent tool” to obtain effective user consent for cookies and cookie-based applications that require consent. The “Cookie Consent Tool” is displayed to users in the form of an interactive user interface when they call up the page, on which consent for certain cookies and/or cookie-based applications can be given by ticking the appropriate box. By using the tool, all cookies/services requiring consent are only loaded if the respective user grants the corresponding consent by setting a check mark. This ensures that such cookies are only set on the respective user’s end device if consent has been granted. The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed in this context. If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 (1) f DSGVO on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website. Further legal basis for the processing is Art. 6 para. 1 lit. c DSGVO. As the responsible party, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent. We have concluded an order processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties. Further information on the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website. 2. Wordfence For security purposes, this website uses the “Wordfence” plugin, a service provided by Defiant Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter “Wordfence”). The plugin protects the website and related IT infrastructure from unauthorized third-party access, cyber attacks, and viruses and malware. Wordfence collects the IP addresses of users and, if necessary, other data about your behavior on our website (in particular, URLs accessed and header information) in order to detect and prevent illegitimate page accesses and threats. In the process, the captured IP address is compared with a list of known attackers. If the captured IP address is identified as a security risk, Wordfence can automatically block it for page access. The information collected in this way is transferred to a server of Defiant Inc. in the USA and stored there. The described data processing is carried out pursuant to Art. 6 (1) lit. f GDPR on the basis of our legitimate interests in protecting the website from harmful cyber attacks and in maintaining structural and data integrity and security. Defiant Inc. invokes the standard data protection clauses according to Art. 46 sentence 2 lit. c GDPR as the legal basis for the transfer of data to the USA. If visitors to the website have login rights, Wordfence also sets cookies (= small text files) on the respective end device used by the visitor. With the help of the cookies, certain location and device information can be read, which enables an assessment of whether the login-authorized access originates from a legitimate person. At the same time, access rights can be evaluated via the cookies and released via a site-internal firewall according to the authorization level. Finally, the cookies are used to register irregular access by site administrators from new devices or new locations and to notify other administrators about this. These cookies are set only if a user has login privileges. Wordfence does not set cookies for site visitors without login authority. If personal data is processed via the cookies, the processing is carried out in accordance with Art. 6 Para.1 lit f. GDPR on the basis of our legitimate interest in preventing illegitimate access to the site administration and defense against unauthorized administrator access. We have concluded a data processing agreement with Defiant Inc., which obliges the company to protect the data of site visitors and not to pass it on to third parties. For more information about Defiant Inc.’s data use for Wordfence, please see Wordfence’s privacy policy at https://www.wordfence.com/privacy-policy/.

15. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

16. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at hallo@joyful-transformation.de or contact us by post at:

Tessa Joy Garrelts
R. Luís Monteiro, 1900 Lisboa, Portugal
Lisboa, Lisboa 1900-310
Portugal

17. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it. To request to review, update, or delete your personal information, please fill out and submit a data subject access request.
This privacy policy was created using Termly's Privacy Policy Generator.

Privacy Policy

1) Introduction and contact details of the responsible person

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we will inform you about how we handle your personal data when you use our website. Personal data in this context is all data with which you can be personally identified.

1.2 The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Tessa Garrelts, Rua Luís Monteiro 18, 1900-310 Lisboa, Portugal, Tel: 004915228717899, e-mail: hallo@joyful-transformation.de. The controller of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or requests to the controller). You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser line.

2) Data collection when visiting our website

During the mere informational use of our website, i.e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to the page server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

Our visited website
Date and time at the time of access
Amount of data sent in bytes
Source/reference from which you reached the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to check the server log files retrospectively should concrete indications point to illegal use.

3) Cookies

In order to make visiting our website more attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your terminal device. In some cases, these cookies are automatically deleted after the browser is closed (so-called “session cookies”), in other cases, these cookies remain on your end device for a longer period of time and allow page settings to be saved (so-called “persistent cookies”). In the latter case, you can find the storage period in the overview of the cookie settings of your web browser.

If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b DSGVO either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a DSGVO in the case of consent given, or in accordance with Art. 6 para. 1 lit. f DSGVO to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

You can set your browser in such a way that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be limited.

4) Contacting

4.1 Calendly

For the provision of an online appointment booking function, we use the services of the following provider: Calendly, LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA.

For the purpose of scheduling an appointment, first and last name as well as e-mail address (and telephone number, if a telephone appointment is desired) are collected in accordance with Art. 6 Para. 1 lit. b DSGVO and transmitted to the provider in accordance with Art. 6 Para. 1 lit. f DSGVO on the basis of our legitimate interest in effective customer management and efficient appointment management and stored there for the appointment organization.

After the appointment has been held or after the agreed appointment period has expired, your data will be deleted by the provider.

We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.

For the transfer of data to the USA, the provider invokes standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

4.2 In the context of contacting us (e.g. via contact form or e-mail), personal data is processed – exclusively for the purpose of processing and responding to your request and only to the extent necessary for this purpose.

The legal basis for processing this data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f DSGVO. If your contact is aimed at a contract, the additional legal basis for processing is Art. 6 (1) lit. b DSGVO. Your data will be deleted when the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

5) Data processing when opening a customer account.

Pursuant to Art. 6 (1) lit. b DSGVO, personal data will continue to be collected and processed to the extent necessary in each case if you provide us with this data when opening a customer account. You can find out which data is required for opening an account from the input mask of the corresponding form on our website.

Deletion of your customer account is possible at any time and can be done by sending a message to the above address of the responsible person. After deletion of your customer account, your data will be deleted, provided that all contracts concluded via it have been fully processed, no legal retention periods are opposed and no legitimate interest on our part in the continued storage exists.

6) Use of customer data for direct marketing purposes

6.1 Registration for our e-mail newsletter

If you register for our e-mail newsletter, we will send you regular information about our offers. The only mandatory data for sending the newsletter is your e-mail address. The provision of further data is voluntary and will be used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you will only receive newsletters if you have expressly confirmed your consent to receive the newsletter by activating a verification link sent to the specified e-mail address.

By activating the verification link, you give us your consent to use your personal data in accordance with Art. 6 Para. 1 lit. a DSGVO. In doing so, we store your IP address entered by the Internet service provider (ISP) as well as the date and time of registration in order to be able to track any possible misuse of your e-mail address at a later date. The data we collect when you register for the newsletter is used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the person responsible mentioned at the beginning. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

6.2 ActiveCampaign

Our e-mail newsletters are sent via this provider: ActiveCampaign, LLC, 150 N. Michigan Ave Suite 1230, Chicago, IL, USA.

Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on your data provided during newsletter registration to this provider in accordance with Art. 6 (1) lit. f DSGVO so that they can take over the newsletter dispatch on our behalf.

Subject to your express consent pursuant to Art. 6 (1) lit. a DSGVO, the provider also carries out a statistical evaluation of the success of newsletter campaigns by means of web beacons or tracking pixels in the emails sent, which can measure opening rates and specific interactions with the contents of the newsletter. In the process, end device information (e.g. time of call, IP address, browser type and operating system) is also collected and evaluated, but not merged with other data sets.

You can revoke your consent to newsletter tracking at any time with effect for the future.

We have concluded an order processing agreement with the provider, which protects the data of our site visitors and prohibits the transfer of data to third parties.

For the transfer of data to the USA, the provider invokes standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

7) Data processing for order processing

7.1 Insofar as necessary for the processing of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 Para. 1 lit. b DSGVO.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we will process the contact data (name, address, e-mail address) provided by you when placing the order in order to inform you personally about upcoming updates within the legally stipulated period within the framework of our legal information obligations pursuant to Art. 6 (1) lit. c DSGVO by suitable means of communication (e.g. by post or e-mail). Your contact data will be used strictly for the purpose of informing you about updates owed by us and will only be processed by us for this purpose to the extent necessary for the respective information.

In order to process your order, we also work together with the service provider(s) listed below, who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

7.2 Use of payment service providers (payment services)

– Paypal

One or more online payment methods of the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

If you select a payment method of the provider where you make an advance payment (such as credit card payment), your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be disclosed to them in accordance with Art. 6 (1) lit. b DSGVO. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

When selecting a payment method for which the provider makes advance payments (such as invoice or installment purchase or direct debit), you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, e-mail address, telephone number, if applicable, data on an alternative means of payment) during the ordering process.

In order to safeguard our legitimate interest in determining the solvency of our customers, this data is forwarded by us to the provider for the purpose of a credit check in accordance with Art. 6 (1) lit. f DSGVO. The provider checks on the basis of the personal data provided by you as well as other data (such as shopping cart, invoice amount, order history, payment experience) whether the payment option selected by you can be granted with regard to payment and/or bad debt risks.

The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
– Stripe

On this website, one or more online payment methods of the following provider are available: Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.

If you choose a payment method of the provider where you make an advance payment (such as credit card payment), your payment data (including name, address, bank and payment card information, currency and transaction number) and information about the content of your order will be disclosed to the provider in accordance with Art. 6 para. 1 lit. b DSGVO. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only insofar as it is necessary for this purpose.

When selecting a payment method for which the provider makes advance payments (such as invoice or installment purchase or direct debit), you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, e-mail address, telephone number, if applicable, data on an alternative means of payment) during the ordering process.

In order to safeguard our legitimate interest in determining the solvency of our customers, this data is forwarded by us to the provider for the purpose of a credit check in accordance with Art. 6 (1) lit. f DSGVO. The provider checks on the basis of the personal data provided by you as well as other data (such as shopping cart, invoice amount, order history, payment experience) whether the payment option selected by you can be granted with regard to payment and/or bad debt risks.

The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary to process payments in accordance with the contract.

8) Site functionalities

8.1 Instagram plugins

Plugins of the social network of the following provider are used on our website: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

These plugins enable direct interactions with content on the social network.

To increase the protection of your data when visiting our website, the plugins are initially deactivated by means of so-called “2-click” or “Shariff” solution integrated into the page.

This integration ensures that when you call up a page of our website that contains such plugins, no connection is yet established with the provider’s servers.

This integration ensures that when you call up a page of our website that contains such plugins, no connection is yet established with the provider’s servers.

Only when you activate the plugins and thus give your consent to the data transfer in accordance with Art. 6 (1) a DSGVO, your browser establishes a direct connection to the provider’s servers. Here, independent of a login into an existing user profile, information about your used end device (including your IP address), your browser and your page history will be transmitted to the provider to a certain extent and processed there if necessary.

If you are logged into an existing user profile on the provider’s social network, information about interactions carried out via the plugins will also be published there and displayed to your contacts.
You can revoke your consent at any time by deactivating the activated plugin by clicking on it again. However, the revocation does not affect the data that has already been transferred to the provider.

Data may also be transferred to: Meta Platforms Inc, USA.

We have concluded an order processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

For the transfer of data to the USA, the provider invokes standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

8.2 Zoom

For conducting online meetings, video conferences and/or webinars, we use this provider: Zoom Video Communications Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA.

The provider processes different data, and the amount of data processed depends on what data you provide before or during participation in an online meeting, video conference or webinar. Your data as a communication participant is processed and stored on servers of the provider. In particular, this may be your login data (name, e-mail address, telephone number (optional) and password) and session data (topic, participant IP address, device information, description (optional)).

In addition, participants’ image and sound contributions as well as voice input in chats may be processed.
For the processing of personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 (1) lit. b DSGVO serves as the legal basis. If you have given us consent to process your data, the processing is based on Art. 6 (1) a DSGVO. You can revoke your consent at any time with effect for the future.

In addition, the legal basis for data processing when conducting online meetings, video conferences or webinars is our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO in the effective conduct of the online meeting, webinar or video conference.

We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.

For the transfer of data to the USA, the provider invokes standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

9) Tools and Other

9.1 Cookie Consent Tool

This website uses a so-called “cookie consent tool” to obtain effective user consent for cookies and cookie-based applications that require consent. The “Cookie Consent Tool” is displayed to users in the form of an interactive user interface when they call up the page, on which consent for certain cookies and/or cookie-based applications can be given by ticking the appropriate box. By using the tool, all cookies/services requiring consent are only loaded if the respective user grants the corresponding consent by setting a check mark. This ensures that such cookies are only set on the respective user’s end device if consent has been granted.

The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed in this context.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 (1) f DSGVO on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.

Further legal basis for the processing is Art. 6 para. 1 lit. c DSGVO. As the responsible party, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.

We have concluded an order processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

Further information on the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.

9.2 Wordfence
For security purposes, this website uses the “Wordfence” plugin, a service provided by Defiant Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter “Wordfence”). The plugin protects the website and related IT infrastructure from unauthorized third-party access, cyber attacks, and viruses and malware. Wordfence collects the IP addresses of users and, if necessary, other data about your behavior on our website (in particular, URLs accessed and header information) in order to detect and prevent illegitimate page accesses and threats. In the process, the captured IP address is compared with a list of known attackers. If the captured IP address is identified as a security risk, Wordfence can automatically block it for page access. The information collected in this way is transferred to a server of Defiant Inc. in the USA and stored there.
The described data processing is carried out pursuant to Art. 6 (1) lit. f DSGVO on the basis of our legitimate interests in protecting the website from harmful cyber attacks and in maintaining structural and data integrity and security.
Defiant Inc. invokes the standard data protection clauses according to Art. 46 sentence 2 lit. c DSGVO as the legal basis for the transfer of data to the USA.
If visitors to the website have login rights, Wordfence also sets cookies (= small text files) on the respective end device used by the visitor. With the help of the cookies, certain location and device information can be read, which enables an assessment of whether the login-authorized access originates from a legitimate person. At the same time, access rights can be evaluated via the cookies and released via a site-internal firewall according to the authorization level. Finally, the cookies are used to register irregular access by site administrators from new devices or new locations and to notify other administrators about this.
These cookies are set only if a user has login privileges. Wordfence does not set cookies for site visitors without login authority.
If personal data is processed via the cookies, the processing is carried out in accordance with Art. 6 Para.1 lit f. DSGVO on the basis of our legitimate interest in preventing illegitimate access to the site administration and defense against unauthorized administrator access.
We have concluded a data processing agreement with Defiant Inc., which obliges the company to protect the data of site visitors and not to pass it on to third parties.
For more information about Defiant Inc.’s data use for Wordfence, please see Wordfence’s privacy policy at https://www.wordfence.com/privacy-policy/.

10) Rights of the Data Subject

10.1 The applicable data protection law grants you the following data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the stated legal basis for the respective exercise prerequisites:

Right to information pursuant to Art. 15 DSGVO;
Right to rectification pursuant to Art. 16 DSGVO;
Right to erasure pursuant to Art. 17 DSGVO;
Right to restriction of processing pursuant to Art. 18 DSGVO;
Right to information pursuant to Art. 19 DSGVO;
Right to data portability pursuant to Art. 20 DSGVO;
Right to withdraw consent given pursuant to Art. 7(3) DSGVO;
Right to lodge a complaint pursuant to Art. 77 DSGVO.

10.2 RIGHT OF OBJECTION

IF WE PROCESS YOUR PERSONAL DATA WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH MARKETING. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

11) Duration of storage of personal data

The duration of the storage of personal data is measured on the basis of the respective legal basis, the purpose of processing and – if relevant – additionally on the basis of the respective statutory retention period (e.g. retention periods under commercial and tax law).

When processing personal data on the basis of explicit consent pursuant to Art. 6 (1) a DSGVO, the data concerned will be stored until you revoke your consent.

If there are legal retention periods for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6 (1) (b) DSGVO, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for the fulfillment or initiation of a contract and/or there is no legitimate interest on our part to continue storing it.

When processing personal data on the basis of Art. 6 (1) f DSGVO, this data will be stored until you exercise your right to object pursuant to Art. 21 (1) DSGVO, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

When processing personal data for the purpose of direct marketing on the basis of Article 6 (1) (f) DSGVO, this data will be stored until you exercise your right to object pursuant to Article 21 (2) DSGVO.

Unless otherwise stated in the other information in this statement about specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.