Privacy Policy

[last updated May 15, 2023]

Note: The one legally binding version of the privacy policy is published (in German language) here:

www.corneliahelga.de/datenschutz/

General information on data protection

The operator of these pages takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

 

Data collection on this website

Responsible for data collection on this website

Data processing on this website is carried out by the website operator. You can find his contact details in the section “Note on the responsible party” in this privacy policy.

 

Collection of data in general

Your data is collected on the one hand by you providing it to us. This can be, for example, data that you enter in a contact form.

Other data is collected automatically or after your consent when you visit the website by our IT systems. This is mainly technical data (e.g. Internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.

 

Overview of processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

– Inventory data (e.g. names, addresses).

– Content data (e.g. entries in online forms).

– Contact data (e.g. e-mail, telephone numbers).

– Meta/communication data (e.g. device information, IP addresses).

– Usage data (e.g. websites visited, interest in content, access times).

– Contract data (e.g. subject matter of contract, term, client category).

– Payment data (e.g. bank details, invoices, payment history).

 

Special categories of data

– Data revealing racial and ethnic origin.

 

Categories of data subjects

– Employees (e.g., employees, applicants, former employees).

– Business and contractual partners.

– Interested parties.

– Communication partners.

– Clients.

– Users (e.g. website visitors, users of online services).

 

Purposes of processing

– Provision of our online offer and user-friendliness.

– Conversion measurement (measuring the effectiveness of marketing activities).

– Office and organizational procedures.

– Direct marketing (e.g., via email or postal mail).

– Feedback (e.g. collecting feedback via online form).

– Marketing.

– Contact requests and communication.

– Profiles with user-related information (creation of user profiles).

– Reach measurement (e.g. access statistics, recognition of returning visitors).

– Provision of contractual services and client services.

– Administration and response to inquiries.

 

Relevant legal basis

Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Furthermore, should more specific legal bases be relevant in individual cases, we will inform you of these in the data protection declaration.

– Consent (Art. 6 para. 1 p. 1 lit. a. DSGVO) – The data subject has given his/her consent to the processing of personal data relating to him/her for a specific purpose or purposes.

– Performance of a contract and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. DSGVO) – Processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures carried out at the data subject’s request.

– Legal obligation (Art. 6 (1) p. 1 lit. c. DSGVO) – Processing is necessary for compliance with a legal obligation to which the controller is subject.

– Legitimate interests (Art. 6 (1) p. 1 lit. f. DSGVO) – Processing is necessary for the purposes of the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

 

National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection apply in Germany. These include, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for employment purposes (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships as well as the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.

 

Security measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, assurance of availability of and segregation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, the deletion of data, and responses to data compromise. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software as well as procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

SSL encryption (https): In order to protect your data transmitted via our online offer, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

 

Transmission of personal data

In the course of our processing of personal data, it may happen that the data is transferred to or disclosed to other bodies, companies, legally independent organizational units or persons. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

 

Data processing in third countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, entities or companies, this will only be done in accordance with the legal requirements.

Subject to express consent or contractually or legally required transfer, we only process or have data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

 

Special note on data transfer to the USA

Among other things, we use tools from companies specifically based in the USA. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries.

For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

 

Deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this data has ceased to apply or it is not required for the purpose).

If the data are not deleted because they are required for other and legally permissible purposes, their processing will be limited to these purposes. That is, the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person.

Our data protection notices may also contain further details on the retention and deletion of data, which take priority for the respective processing operations.

 

Objection to advertising e-mails, advertising calls, sale, rental and exploitation of data from this website to third parties

The use of contact data published within the framework of the imprint obligation for the a) transmission of not expressly requested advertising and information materials is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

The use of contact and business data published within the framework of the imprint obligation for b) sale, rental and exploitation to third parties is hereby prohibited.

 

Reference to the responsible person

Cornelia Helga Schulze,

Bundesallee 53, c/o Coaching Xperience

D 10715 Berlin Germany

xxx49176xxx3161xxx3251

E-mail address: mail[at]corneliahelgaschulze[dot]com (spam protection)

 

Provision of the online offer and web hosting

In order to provide our online offer securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security services and technical maintenance services.

The data processed as part of the provision of the hosting offer may include all information relating to the users of our online offer, which is generated as part of the use and communication. This regularly includes the IP address, which is necessary to deliver the contents of online offers to browsers, and all entries made within our online offer or from websites.

 

Collection of access data and log files: We ourselves (or our web hosting provider) collect data on each access to the server (so-called server log files). The server log files may include the address and name of the web pages and files accessed, the date and time of access, the volume of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.

The server log files may be used, on the one hand, for security purposes, e.g., to prevent server overload (especially in the event of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure the utilization of the servers and their stability.

 

E-mail dispatch and hosting: The web hosting services we use also include the dispatch, receipt and storage of e-mails. For these purposes, the addresses of the recipients and senders as well as further information regarding the e-mail dispatch (e.g. the providers involved) and the contents of the respective e-mails are processed. The aforementioned data may also be processed for SPAM detection purposes. Please note that e-mails are generally not sent encrypted on the Internet. As a rule, e-mails are encrypted in transit, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore not assume any responsibility for the transmission path of the e-mails between the sender and the reception on our server.

– Types of data processed: Content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

– Data subjects: Users (e.g., website visitors, users of online services).

– Purposes of processing: provision of our online offer and user-friendliness, provision of contractual services and client services.

– Legal grounds: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Services used and service providers:

– prohost networks GmbH, Wilhelm-Külz-Str. 69, 14532 Stahnsdorf (b. Berlin), DE, Authorized representative: Roger Mayer.

– WordPress.com: hosting platform for blogs / websites; service provider: Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA; Website: https://wordpress.com; Privacy policy: https://automattic.com/de/privacy/.

 

Storage period

Unless a more specific storage period has been specified within this data protection declaration, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.

 

Cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. The primary purpose of a cookie is to store information about a user during or after his or her visit within an online offering. Stored information may include, for example, language settings on a website, login status, a shopping cart, or where a video was watched. The term cookies also includes other technologies that perform the same functions as cookies (e.g., when user information is stored using pseudonymous online identifiers, also known as “user IDs”).

The following cookie types and functions are distinguished:

– Temporary cookies (also: session cookies): temporary cookies are deleted at the latest after a user has left an online offer and closed his browser.

– Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the interests of users used for reach measurement or marketing purposes can be stored in such a cookie.

– First-party cookies: First-party cookies are set by ourselves.

– Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.

– Necessary (also: essential or absolutely necessary) cookies: Cookies may be absolutely necessary for the operation of a website (e.g. to store logins or other user input or for security reasons).

– Statistical, marketing and personalization cookies: Furthermore, cookies are generally also used in the context of range measurement and when a user’s interests or behavior (e.g. viewing certain content, using functions, etc.) on individual websites are stored in a user profile. Such profiles are used, for example, to show users content that matches their potential interests. This process is also referred to as “tracking”, i.e., tracking the potential interests of users. Insofar as we use cookies or “tracking” technologies, we will inform you separately in our data protection declaration or in the context of obtaining consent.

Notes on legal bases: the legal basis on which we process your personal data using cookies depends on whether we ask you for consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is your declared consent. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests (e.g. in the business operation of our online offer and its improvement) or, if the use of cookies is necessary to fulfill our contractual obligations.

Storage period: If we do not provide you with explicit information on the storage period of permanent cookies (e.g. as part of a so-called cookie opt-in), please assume that the storage period can be up to two years.

General information on revocation and objection (opt-out): depending on whether the processing is based on consent or legal permission, you have the option at any time to revoke any consent you have given or to object to the processing of your data by cookie technologies (collectively referred to as “opt-out”). You can initially declare your objection by means of your browser settings, e.g. by deactivating the use of cookies (whereby this may also restrict the functionality of our online offer). An objection to the use of cookies for online marketing purposes can also be declared by means of a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, you can obtain further instructions on how to object in the context of the information on the service providers and cookies used.

Processing of cookie data based on consent: We use a cookie consent management procedure in which the consent of users to the use of cookies, or the processing and providers mentioned in the cookie consent management procedure, can be obtained and managed and revoked by users. Here, the declaration of consent is stored in order not to have to repeat its query and to be able to prove the consent in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or with the help of comparable technologies), in order to be able to assign the consent to a user or their device. Subject to individual information on the providers of cookie management services, the following information applies: The duration of the storage of consent can be up to two years. Here, a pseudonymous user identifier is formed and stored with the time of consent, information on the scope of consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and end device used.

– Types of data processed: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

– Data subjects: Users (e.g., website visitors, users of online services).

– Legal basis: consent (Art. 6 para. 1 p. 1 lit. a. DSGVO), legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Services used and service providers:

– BorlabsCookie: cookie consent management; service provider: Borlabs; Website: https://de.borlabs.io/borlabs-cookie/; An individual user ID, language as well as types of consents and the time of their submission are stored on the server side and in the cookie on the user’s device.

Change Intitial Cookie selections

 

Business offer

We process data of our contractual and business partners, e.g. clients and prospective clients (collectively referred to as “contractual partners”) in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractual), e.g. to answer inquiries.

We process this data to fulfill our contractual obligations, to secure our rights and for the purposes of the administrative tasks associated with this information as well as for business organization. Within the framework of applicable law, we only disclose the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations, or with the consent of the data subjects (e.g. to participating telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Contractual partners will be informed about further forms of processing, e.g. for marketing purposes, within the scope of this data protection declaration.

We inform the contractual partners which data is required for the aforementioned purposes before or during data collection, e.g. in online forms, by means of special marking (e.g. colors) or symbols (e.g. asterisks or similar), or in person.

We delete the data after expiry of legal warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a client account, e.g., as long as it must be retained for legal archiving reasons (e.g., for tax purposes generally 10 years). We delete data disclosed to us by the contractual partner in the context of an order in accordance with the specifications of the order, generally after the end of the order.

Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms shall apply in the relationship between the users and the providers.

 

Coaching Services: We process the data of our clients as well as interested parties and other clients or contractual partners (uniformly referred to as “clients”) in order to be able to provide services to them. The data processed, the type, scope, purpose and necessity of their processing are determined by the underlying contractual and client relationship.

Within the scope of our activities, we may also process special categories of data, in this case in particular information on the health of clients, possibly with reference to their sex life or sexual orientation, as well as data revealing racial and ethnic origin, political opinions, religious or ideological beliefs or trade union membership. For this purpose, we obtain explicit consent from clients where necessary and otherwise process the special categories of data where this serves the health of clients, the data is public or other legal permissions exist.

If it is necessary for our contractual performance, for the protection of vital interests or required by law, or if the clients’ consent has been obtained, we disclose or transfer the clients’ data to third parties or agents, such as public authorities, medical institutions, laboratories, billing offices, as well as in the field of IT, office or comparable services, in compliance with the requirements of professional law.

Further information on commercial services: We process the data of our clients as well as principals (hereinafter uniformly referred to as “Clients”) in order to enable them to select, acquire or commission the selected services or works as well as related activities as well as their payment and delivery or execution or performance.

The required data are identified as such in the context of the order, purchase order or comparable contract conclusion and include the data required for the provision of services and billing as well as contact information in order to be able to hold any consultations.

– Types of data processed: inventory data (e.g., names, addresses), payment data (e.g., bank details, invoices, payment history), contact data (e.g., e-mail, telephone numbers), contract data (e.g., subject matter of contract, term, client category).

– Special categories of personal data: Health data (Art. 9(1) DGSVO), Data concerning sex life or sexual orientation (Art. 9(1) DGSVO), Religious or philosophical beliefs (Art. 9(1) DGSVO), Data revealing racial or ethnic origin.

– Data subjects: Interested parties, business and contractual partners.

– Purposes of processing: provision of contractual services and client services, contact requests and communication, office and organizational procedures, administration and response to requests.

– Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legal obligation (Art. 6 para. 1 p. 1 lit. c. DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

 

Communication

Inquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests sent to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO) if this has been requested.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory Legal regulations – in particular legal retention periods – remain unaffected.

 

Contact form

If you send us inquiries via the contact form, your data from the inquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO) if this has been requested.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions – in particular retention periods – remain unaffected.

 

Communication via Messenger

We use messengers for communication purposes and therefore ask you to observe the following instructions on the functionality of the messengers, encryption, use of the metadata of the communication and your objection options.

You can also contact us by alternative means, e.g. via telephone or e-mail. Please use the contact options provided to you or the contact options provided within our online offer.

In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we point out that the communication content (i.e., the content of the message and attached images) is encrypted from end to end. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use a current version of the messenger with encryption enabled to ensure that the message content is encrypted.

However, we additionally point out to our communication partners that although the messenger providers cannot view the content, they can learn about other data.

– Types of data processed: contact data (e.g., email, phone numbers), usage data (e.g., web pages visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).

– Data subjects: Communication partners.

– Purposes of processing: contact requests and communication, direct marketing (e.g., by e-mail or postal mail).

– Legal basis: consent (Art. 6 para. 1 p. 1 lit. a. DSGVO), legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Services used and service providers:

– WhatsApp Business:

We offer existing clients the possibility to communicate with us via the messaging service WhatsApp of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a subsidiary of Facebook, and to receive corresponding feedback on your request. For this purpose, we use the so-called “business version” of WhatsApp.

If you contact us via WhatsApp on the occasion of a specific transaction (for example, an appointment/booking), we store and use the mobile phone number you use on WhatsApp and – if provided – your first and last name in accordance with Art. 6 Para. 1 lit. b. DSGVO to process and respond to your request. On the basis of the same legal basis, we may ask you to provide further data (order number, customer number, address or email address) via WhatsApp Business in order to be able to assign your request to a specific process.

If you use our WhatsApp contact for general inquiries (such as about the range of services, availability or our website), we store and use the mobile phone number you use on WhatsApp and – if provided – your first name and surname in accordance with Art. 6 (1) lit. f DSGVO based on our legitimate interest in the efficient and timely provision of the requested information. Your data will only ever be used to respond to your request via WhatsApp.

A transfer to third parties by us does not take place. Please note that WhatsApp Business receives access to the address book of the mobile device we use for this purpose and automatically transmits phone numbers stored in the address book to a server of the parent company Facebook Inc. in the USA. For the operation of our WhatsApp business account, we use a mobile device in whose address book only the WhatsApp contact data of those users who have also contacted us via WhatsApp are stored.

Communication via WhatsApp usually takes place on the initiative of the client. The latter thus declares that he is aware that WhatsApp, Inc. receives personal data (in particular metadata of the communication), which is also processed on servers in states outside the EU (e.g. USA). WhatsApp shares this data with other companies within and outside the Facebook group of companies. Further information can be found in WhatsApp’s privacy policy (https://www.whatsapp.com/legal/#privacy-policy). Cornelia Helga Schulze has neither precise knowledge nor influence on the data processing by WhatsApp, Inc.

The basis for this processing and the transmission to WhatsApp in this context is Art. 6 para. 1 p. 1 b) DSGVO, insofar as your request relates to an existing contractual relationship with us or serves to initiate such a contractual relationship. Otherwise, this data processing is based on Art. 6 para. 1 p. 1 f) DSGVO, whereby our legitimate interest is the careful processing of your respective request and the solution of any technical problems. We take your interests into account by the fact that communication via WhatsApp only exists as an additional option.

– Facebook Messenger service

Thank you for your interest in our Facebook Messenger channel. Facebook Messenger is a text, audio and video communication application from Facebook Inc. for sharing text and voice messages as well as images, videos and other formats. In the following, we inform you about the handling of your personal data. This means individual data relating to an identified or identifiable natural person (“data subject”).

The data controller within the meaning of the General Data Protection Regulation (GDPR) is Cornelia Helga Schulze, insofar as we exclusively process the data you send us via Facebook Messenger ourselves.

Insofar as personal data is processed in connection with our Facebook Messenger channel and Facebook alone decides on the purposes and means of the processing, Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, is the sole data controller within the meaning of the DSGVO.

 

For contacting and communicating, we use, among other things, Facebook Messenger. In the course of contacting us, personal data is processed that is derived from the use of Facebook Messenger. For the use of Facebook Messenger, a registration on Facebook is necessary. Facebook grants us access to your “public information”, such as name, profile and cover picture, gender, networks, username and the Facebook ID, which are stored on Facebook. We use this information exclusively to be able to operate a communication in such a way that, for example, a personal address is possible.

To the best of our knowledge, the content of the conversations is not evaluated by third parties for advertising or market research purposes. We refer here to the terms of use of Facebook (https://www.facebook.com/terms) as well as data protection information of Facebook: https://www.facebook.com/privacy/explanation/.

If your contact aims at the conclusion of a contract or concerns the processing of an already concluded contract, the legal basis for the processing is Art. 6 (1) lit. b DSGVO.

In all other cases, the legal basis for processing is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f DSGVO. Your data will be deleted after final processing of your request, unless there are storage obligations to the contrary.

If you wish to assert rights concerning the processing of data for which we are the sole controller within the meaning of the DSGVO, you may assert these rights against us. However, if your rights concern the processing of data for which Facebook is solely or jointly responsible with us within the meaning of the GDPR, we ask you to contact Facebook directly.

With a complaint concerning the processing of data for which Facebook is solely or jointly responsible within the meaning of the Data Protection Regulation, you may also contact your local supervisory authority or Facebook’s lead supervisory authority for data protection: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland, online contact form: https://forms.dataprotection.ie/contact

– Instagram

Cornelia Helga Schulze uses the technical platform and services of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland for the information service offered on Instagram at https://www.instagram.com/corneliahelgaschulze/.

We would like to point out that you use this Instagram page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also access parts of the information offered via this page on our website at www.corneliahelga.de.

Collection of personal data on Instagram

When you visit our Instagram page, Instagram and the associated company Facebook collect, among other things, your IP address and other information that is present in the form of cookies on your PC. This information is used to provide us, as operators of the Instagram pages, with statistical information about the use of the Instagram page. Facebook provides more detailed information on this at the following link: https://help.instagram.com/519522125107875?helpref=page_content.

In the following, we inform you about the handling of your personal data. Here, personal data is all data with which you can be personally identified. Please carefully check which personal data you share with us via Instagram and Facebook. As long as you are logged into your Instagram account and visit our Instagram profile, Instagram can associate this with your Instagram profile. We expressly point out that Instagram and thus Facebook stores the data of its users (e.g. personal information, IP address, etc.) and may also use it for business purposes. For more information on Instagram’s data processing, please refer to Instagram’s privacy policy at https://help.instagram.com/196883487377501?ref=dp.

Instagram’s full data policy can be found here: https://help.instagram.com/519522125107875?helpref=page_content

We have no influence on the data collection and further processing by Instagram. Furthermore, it is not recognizable for us to what extent, at which location and for how long the data is stored, to what extent Instagram and Facebook comply with existing deletion obligations, which evaluations and links are made with the data and to whom the data is passed on. If you would like to avoid that Instagram and Facebook processes personal data transmitted by you to us, please contact us by other means. Our full contact details can be found in our imprint on Instagram.

The data collected about you in this context is processed by Facebook Ireland Ltd. and may be transferred to countries outside the European Union in the process. What information Instagram/ Facebook receives and how it is used is described in general terms by Instagram/ Facebook in its data usage guidelines. There you will also find information on how to contact Facebook and on the settings options for advertisements. The data usage guidelines are available at the following link:

https://help.instagram.com/196883487377501?ref=dp

The full data policy of Instagram can be found here: https://help.instagram.com/519522125107875?helpref=page_content

In what way Instagram & Facebook uses the data from the visit of Instagram pages for its own purposes, to what extent activities on the Instagram and Facebook page are assigned to individual users, how long Instagram & Facebook stores this data and whether data from a visit to the Instagram page is passed on to third parties, is not conclusively and clearly named by Instagram & Facebook and is not known to us.

The person responsible for data processing within the meaning of the General Data Protection Regulation (DSGVO) is Cornelia Helga Schulze, insofar as we exclusively process the data transmitted to us by you via Instagram or Facebook ourselves. Insofar as the data you provide to us via Instagram or Facebook is also or exclusively processed by Facebook, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is also the data controller within the meaning of the DSGVO in addition to us.Video Conferencing, Online Meetings, Webinars and Screen Sharing

 

Distribution via online marketplaces and platforms

We offer our services on online platforms operated by other service providers. In this context, the data protection notices of the respective platforms apply in addition to our data protection notices. This applies in particular with regard to the execution of the payment process and the procedures used on the platforms for reach measurement and interest-based marketing.

– Types of data processed: inventory data (e.g., names, addresses), payment data (e.g., bank details, invoices, payment history), contact data (e.g., e-mail, telephone numbers), contract data (e.g., subject matter of contract, term, client category), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).

– Data Subjects: Clients.

– Purposes of processing: provision of contractual services and client services.

– Legal Grounds: Contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Services used and service providers:

– Podia, order processing via the service of podia, 198 East 7th Street, New York, NY 10009, USA. www.podia.com (“Podia”), which is certified for the Privacy Shield Agreement under the DSGVO. This agreement guarantees compliance with the European level of data protection. The mail address and, if applicable, the first name and surname of the customer are passed on to Podia in accordance with Art. 6 Para. 1 lit. b DSGVO exclusively for the processing of online orders. The transfer of your data is done by yourself and only as far as this is actually necessary for the processing of the order. To the extent that you make an online purchase through Podia, you agree to the terms contained in Podia’s EU Data Processing Addendum, which is available at https://www.podia.com/dpa.

All information regarding Podia’s privacy policy collects: https://www.podia.com/privacy.

 

Payment Procedures

In the context of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer data subjects efficient and secure payment options and use other service providers for this purpose in addition to banks and credit institutions (collectively, “payment service providers”).

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. I.e., we do not receive any account or credit card related information, but only information with confirmation or negative information of the payment. Under certain circumstances, the payment service providers may transmit the data to credit agencies. The purpose of this transmission is to Identity and credit check. In this regard, we refer to the terms and conditions and the data protection notices of the payment service providers.

For payment transactions, the terms and conditions and the data protection notices of the respective payment service providers apply, which can be accessed within the respective websites or transaction applications. We also refer to these for the purpose of further information and assertion of revocation, information and other data subject rights.

– Types of data processed: inventory data (e.g., names, addresses), payment data (e.g., bank details, invoices, payment history), contract data (e.g., subject matter of contract, term, client category), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).

– Data subjects: Clients, interested parties.

– Purposes of processing: provision of contractual services and client services.

– Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Services used and service providers:

– PayPal: payment services and solutions (e.g. PayPal, PayPal Plus, Braintree); service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; website: https://www.paypal.com/de; privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

– Stripe Inc, 510 Townsend Street, San Francisco, CA 94103, USA, Website: https://stripe.com/us, Privacy Policy: https://stripe.com/us/privacy

– Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland, Website: https://stripe.com/us, Privacy Policy: https://stripe.com/us/privacy

 

 

Newsletters and electronic notifications

We send newsletters, e-mails and other electronic notifications (hereinafter “newsletter”) only with the consent of the recipients or a legal permission. If the contents of a newsletter are specifically described in the course of a registration, they are decisive for the consent of the users. Otherwise, our newsletters contain information about our services and us.

In order to subscribe to our newsletters, it is generally sufficient to provide your e-mail address. However, we may ask you to provide a name, for the purpose of personal address in the newsletter, or further information, if this is necessary for the purposes of the newsletter.

Double opt-in procedure: The registration for our newsletter is always carried out in a so-called double opt-in process. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Likewise, changes to your data stored with the dispatch service provider are logged.

Deletion and restriction of processing: We may store unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove consent previously given. The processing of this data will be limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the e-mail address in a block list (so-called “block list”) for this purpose alone.

The logging of the registration process takes place on the basis of our legitimate interests for the purpose of proving its proper course. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in an efficient and secure sending system.

Notes on legal basis: The newsletter is sent on the basis of the recipients’ consent or, if consent is not required, on the basis of our legitimate interests in direct marketing, if and to the extent that this is permitted by law, e.g. in the case of existing-client advertising. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests. The registration process is recorded on the basis of our legitimate interests to demonstrate that it has been carried out in accordance with the law.

Contents: Information about us, our services, promotions and offers.

– Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. email, phone numbers), meta/communication data (e.g. device information, IP addresses).

– Data subjects: Communication partners.

– Purposes of processing: direct marketing (e.g., via email or postal mail).

– Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a. DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

– Opt-out: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options listed above, preferably e-mail, for this purpose.

 

Video conferencing, online meetings, webinars and screen sharing

We use third-party platforms and applications (hereinafter referred to as “conferencing platforms”) for purposes of conducting video and audio conferences, webinars and other types of video and audio meetings (hereinafter collectively referred to as “conference”). When selecting the conference platforms and their services, we observe the legal requirements.

– Types of data processed: inventory data (e.g., names, addresses), contact data (e.g., e-mail, phone numbers), content data (e.g., entries in online forms), usage data (e.g., web pages visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).

– Data subjects: Communication partners, users (e.g., website visitors, users of online services).

– Purposes of processing: provision of contractual services and client services, contact requests and communication, office and organizational procedures.

– Legal bases: consent (Art. 6 para. 1 p. 1 lit. a. DSGVO), contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO), legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

– User profiles).

Services used and service providers:

– Zoom

We use the video conferencing tool Zoom of the American software company Zoom Video Communications, San Jose, 55 Almaden Boulevard, 6th Floor, CA 95113. Thanks to “Zoom”, we can hold a video conference with customers, business partners, clients and also employees without installing any software.

It is important for us to be able to communicate with you quickly and easily. And this is exactly what Zoom offers us. The software program also works directly through a browser. We can send you a link and start a joint video conference.

When you use Zoom, data is also collected from you so that Zoom can provide its services. On the one hand, this is data that you consciously provide to the company. This includes, for example, name, telephone number or your e-mail address. However, data is also automatically transmitted to Zoom and stored. This includes, for example, technical data of your browser or your IP address.

If you provide data such as your name, your user name, your e-mail address or your telephone number, this data will be stored by Zoom. Content that you upload while using Zoom is also stored. This includes, for example, files or chat logs.

In addition to the IP address already mentioned above, the technical data that Zoom automatically stores includes the MAC address, other device IDs, device type, which operating system you are using, which client you are using, camera type, microphone type, and speaker type. Your approximate location is also determined and stored. Furthermore, Zoom also stores information about how you use the service. So, for example, whether you “zoom” via desktop or smartphone, whether you use a phone call or VoIP, whether you participate with or without video, or whether you request a password. Zoom also records so-called metadata such as duration of the meeting/call, start and end of meeting participation, meeting name and chat status.

Zoom mentions in its own privacy policy that the company does not use advertising cookies or tracking technologies for its services. Only on its own marketing websites, such as www.zoom.us, these tracking methods are used. Zoom does not resell personal data or use it for advertising purposes.

Zoom does not disclose a specific time frame, how long and where the data will be stored, but emphasizes that the collected data will be stored as long as it is necessary to provide the services or for its own purposes. Data will only be stored longer if required for legal reasons.

In principle, Zoom stores the collected data on American servers, but data can arrive at different data centers around the world.

If you do not want data to be stored during Zoom meetings, you must opt out of online meetings. However, you always have the right and option to have your personal data deleted by zoom. If you have a zoom account, please visit https://support.zoom.us/hc/en-us/articles/201363243-How-Do-I-Delete-Terminate-My-Account for instructions on how to delete your account.

Please note that when using this tool, data about you may be stored and processed outside the EU. Most third countries (including the USA) are not considered secure under current European data protection law. So data to insecure third countries may not simply be transferred, stored and processed there unless there are suitable safeguards (such as EU standard contractual clauses) between us and the non-European service provider.

If you have consented that data from you can be processed and stored by the video or streaming solution zoom, this consent is considered the legal basis of the data processing (Art. 6 (1) lit. a DSGVO). In addition, we may also offer a video conference as part of our services if this has been contractually agreed with you in advance (Art. 6 (1) lit. b DSGVO). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f DSGVO) in fast and good communication with you or other customers and business partners, but only if you have at least consented to this.

Zoom also processes data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the lawfulness and security of data processing.

As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular the USA) or a data transfer there, Zoom uses standard contractual clauses approved by the EU Commission (= Art. 46. para. 2 and 3 DSGVO). These clauses oblige Zoom to comply with the EU level of data protection when processing relevant data outside the EU.

We hope to have provided you with an overview of Zoom’s data processing. It is also possible that the company’s data protection policies may change. Therefore, we also recommend that you visit Zoom’s privacy policy at https://zoom.us/de-de/privacy.html for more information.

 

Music and Podcasts

We use hosting and analytics services provided by service providers to offer our audio content for listening or downloading and to obtain statistical information about the retrieval of the audio content.

– Types of Data Processed: Usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

– Data subjects: Users (e.g., website visitors, users of online services).

– Purposes of processing: reach measurement (e.g. access statistics, recognition of returning visitors), conversion measurement (measurement of the effectiveness of marketing measures), profiles with user-related information (creation of user profiles).

Services used and service providers:

– Soundcloud: Soundcloud – Music Hosting; Service Provider: SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany; website: https://soundcloud.com; privacy policy: https://soundcloud.com/pages/privacy.

 

Cloud services

We use software services accessible via the Internet and running on the servers of their providers (so-called “cloud services”, also referred to as “software as a service”) for the following purposes: document storage and management, calendar management, e-mailing, spreadsheets and presentations, exchange of documents, content and information with specific recipients or publication of web pages, forms or other content and information, as well as chats and participation in audio and video conferences.

In this context, personal data may be processed and stored on the servers of the providers to the extent that they are part of communication processes with us or are otherwise processed by us as set out in the context of this Privacy Policy.

– Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

– Data subjects: Clients, employees (e.g., employees, applicants, former employees), interested parties, communication partners.

– Purposes of processing: office and organizational procedures.

– Legal bases: consent (Art. 6 para. 1 p. 1 lit. a. DSGVO), contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. DSGVO), legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Services used and service providers:

– Google Drive

We use Google Drive to provide certain services to prospective and existing customers. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Drive enables us to offer an upload and download area, but this is not connected to the website. In certain individually agreed cases, content is uploaded there for coaching clients for their further use and made available for retrieval. If you upload content there yourself, it will be stored on Google Drive servers.

If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

When using Google Drive, the following data may be processed: –

Map your profile to your personal data on Google-Retrieve personal data, including any data you have made publicly available-Retrieve email address-Retrieve and manage Google Drive files and folders opened or created with this app. This data is only used within your browser or cached for a short period of time to technically enable further transfer to Google Drive. In your Google account, you can view or remove access permissions at any time. Google’s data protection information can be found here: https://policies.google.com/privacy?gl=CH&hl=de, the terms of use here: https://policies.google.com/terms?gl=CH&hl=de.

 

Web analysis, monitoring and optimization

Web analytics (also referred to as “reach measurement”) is used to evaluate the flow of visitors to our online offering and may include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can see, for example, at what time our online offer or its functions or content are most frequently used or invite re-use. Likewise, we can understand which areas require optimization.

In addition to web analysis, we may also use test procedures, for example, to test and optimize different versions of our online offer or its components.

For these purposes, so-called user profiles may be created and stored in a file (so-called “cookie”) or similar procedures may be used with the same purpose. This information may include, for example, content viewed, web pages visited and elements used there and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, this may also be processed, depending on the provider.

The IP addresses of users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. In general, we do not store any clear user data (such as e-mail addresses or names) for the purposes of web analysis, A/B testing and optimization, but rather pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

Notes on legal bases: If we ask users for their consent to use the third-party providers, the legal basis for processing data is consent. Otherwise, users’ data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this Privacy Policy.

– Types of data processed: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

– Data subjects: Users (e.g., website visitors, users of online services).

– Purposes of processing: reach measurement (e.g. access statistics, recognition of returning visitors), profiles with user-related information (creation of user profiles).

– Security measures: IP masking (pseudonymization of the IP address).

– Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a. DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Services used and service providers:

– Google Analytics: reach measurement and web analytics; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplatform.google.com/intl/de/about/analytics/; privacy policy: https://policies.google.com/privacy.

 

Online marketing

We process personal data for online marketing purposes, which may include, in particular, marketing advertising space or displaying promotional and other content (collectively, “content”) based on users’ potential interests and measuring its effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar procedures are used, by means of which the information about the user relevant for the presentation of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, this may also be processed.

The IP addresses of users are also stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored as part of the online marketing process, but pseudonyms. This means that we, as well as the providers of the online marketing procedures, do not know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in the cookies or by means of similar procedures. These cookies can later generally be read on other websites that use the same online marketing procedure and analyzed for the purpose of displaying content as well as supplemented with further data and stored on the server of the online marketing procedure provider.

Exceptionally, clear data may be associated with the profiles. This is the case, for example, if the users are members of a social network whose online marketing procedures we use and the network links the users’ profiles with the aforementioned data. We ask to note that users may make additional arrangements with the providers, e.g., by giving consent as part of the registration process.

In principle, we only receive access to summarized information about the success of our advertisements. However, as part of so-called conversion measurements, we can check which of our online marketing processes have led to a so-called conversion, i.e., for example, to a contract being concluded with us. The conversion measurement is used solely to analyze the success of our marketing measures.

Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years.

Notes on legal bases: if we ask users for their consent to use third-party providers, the legal basis for processing data is consent. Otherwise, users’ data is processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

Settings/ -Opposition:

Services and procedures for online marketing purposes via the Facebook pixel ??? Is blocked in the generator

– Types of data processed: Usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

– Data subjects: Users (e.g., website visitors, users of online services).

– Purposes of processing: marketing, profiling with user-related information (creating user profiles).

– Security measures: IP masking (pseudonymization of the IP address).

– Legal grounds: consent (Art. 6 para. 1 p. 1 lit. a. DSGVO), legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

– Option to object (opt-out): We refer to the data protection notices of the respective providers and the options for objection given to the providers (so-called “opt-out”). If no explicit opt-out option has been specified, you have the option of disabling cookies in your browser settings. However, this may restrict functions of our online offer. We therefore recommend the following additional opt-out options, which are offered in summary for the respective areas: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-territory: https://optout.aboutads.info.

Services used and service providers:

– Facebook Pixel Privacy Policy

We use the Facebook pixel from Facebook on our website. For this purpose, we have implemented a code on our website. The Facebook pixel is a snippet of JavaScript code that loads a collection of functions that allow Facebook to track your user actions, provided you have come to our website via Facebook ads. For example, when you purchase a product on our website, the Facebook pixel is triggered and stores your actions on our website in one or more cookies. These cookies allow Facebook to track your user data (customer data such as IP address, user ID) with the data of your Facebook account. Then Facebook deletes this data again. The collected data is anonymous and not visible to us and can only be used in the context of ad placements. If you yourself are a Facebook user and are logged in, the visit to our website is automatically assigned to your Facebook user account.

We want to show our services or products only to those people who are really interested in them. With the help of Facebook pixels, our advertising measures can be better tailored to your wishes and interests. Thus, Facebook users (if they have allowed personalized advertising) get to see suitable advertising. Furthermore, Facebook uses the collected data for analysis purposes and its own advertisements.

If you are logged in to Facebook, you can change your settings for ads yourself at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. If you are not a Facebook user, you can basically manage your usage-based online advertising on http://www.youronlinechoices.com/de/praferenzmanagement/. There you have the option to deactivate or activate providers.

We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. The data processing is essentially carried out by Facebook Pixel. This may result in data not being processed and stored anonymously where applicable. Furthermore, US government authorities may be able to access individual data. It may also happen that this data is linked to data from other Facebook services where you have a user account.

If you want to learn more about Facebook’s privacy practices, we recommend that you read the company’s own data policies at https://www.facebook.com/policy.php.

Facebook Automatic Enhanced Matching Privacy Policy

We have also enabled Automatic Advanced Matching as part of the Facebook Pixel feature. This feature of the Pixel allows us to send hashed emails, name, gender, city, state, zip code, and date of birth or phone number as additional information to Facebook if you have provided us with this data. This activation enables us to tailor advertising campaigns on Facebook even more precisely to people who are interested in our services or products.

 

Presence taking place in social networks (social media).

We maintain online presences within social networks and process user data in this context in order to communicate with users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users’ rights.

Furthermore, user data is usually processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on the usage behavior and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behavior and interests of the users are stored. Furthermore, data independent of the devices used by the users may also be stored in the usage profiles (especially if the users are members of the respective platforms and are logged in to them).

For a detailed presentation of the respective forms of processing and the options to object (opt-out), we refer to the privacy statements and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we also point out that these can be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us. Facebook: We are jointly responsible with Facebook Ireland Ltd. for the collection (but not further processing) of data from visitors to our Facebook page (known as a “Fan Page”). This data includes information about the types of content users view or interact with, or the actions they take (see under “Things You and Others Do and Provide” in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices users use (e.g., IP addresses, operating system, browser type, language settings, cookie data; see under “Device Information” in the Facebook Data Policy Statement: https://www.facebook.com/policy). As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, called “Page Insights,” to Page operators to provide them with insights into how people interact with their Pages and with content associated with them. We have entered into a special agreement with Facebook (“Page Insights Information,” https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfill the data subject rights (i.e., users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority), are not restricted by the agreements with Facebook. Further information can be found in the “Information on Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data).

– Types of data processed: contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

– Data subjects: Users (e.g., website visitors, users of online services).

– Purposes of processing: contact requests and communication, feedback (e.g. collecting feedback via online form), marketing.

– Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Services used and service providers:

– Instagram: social network; service provider: Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.instagram.com; privacy policy: https://instagram.com/about/legal/privacy.

– Facebook: Social network; service provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy; Opt-out: Ads settings: https://www.facebook.com/adpreferences/ad_settings (login to Facebook is required).

– YouTube: Social network and video platform; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; privacy policy: https://policies.google.com/privacy; opt-out: https://adssettings.google.com/authenticated.

– Clubhouse, social network app. Service provider is the American company Alpha Exploration Co., Inc, 548 Market St, PMB 72878, San Francisco, California 94104-5401, USA. Clubhouse also processes data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the lawfulness and security of data processing. As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. especially in the USA) or a data transfer there, Clubhouse uses standard contractual clauses approved by the EU Commission (= Art. 46. para. 2 and 3 DSGVO). These clauses oblige Clubhouse to comply with the EU level of data protection when processing relevant data outside the EU. You can learn more about the data processed by using Clubhouse in the Privacy Policy at https://joinclubhouse.notion.site/Privacy-Policy-cd4b415950204a46819478b31f6ce14f.

 

Plugins and embedded functions and content

We incorporate into our online offering functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These can be, for example, graphics, videos or city maps (hereinafter uniformly referred to as “content”).

The integration always requires that the third-party providers of this content process the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus required for the display of this content or functionality. We strive to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer as well as be linked to such information from other sources.

Notes on legal basis: If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent. Otherwise, users’ data is processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this Privacy Policy.

– Types of data processed: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms).

– Data subjects: Users (e.g. website visitors, users of online services).

– Purposes of processing: provision of our online offer and user-friendliness, provision of contractual services and client services.

– Legal grounds: legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO), consent (Art. 6 para. 1 p. 1 lit. a. DSGVO), contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. DSGVO).

Services used and service providers:

– Google Fonts: We do NOT integrate the fonts (“Google Fonts”). Google Fonts are integrated locally. Since this solution does not require a connection to Google servers because the processing takes place on the company’s own servers, neither user education nor mention in the privacy policy is required.

– Google Maps: We integrate the maps of the service “Google Maps” of the provider Google. The data processed may include, in particular, IP addresses and location data of the users, which, however, are not collected without their consent (usually executed as part of the settings of their mobile devices); service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://cloud.google.com/maps-platform; privacy policy: https://policies.google.com/privacy; opt-out: opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, ad display settings: https://adssettings.google.com/authenticated.

– OpenStreetMap: We integrate the maps of the service “OpenStreetMap”, which are offered on the basis of the Open Data Commons Open Database License (ODbL) by the OpenStreetMap Foundation (OSMF). The data of the users are used by OpenStreetMap exclusively for the purpose of displaying the map functions and for the temporary storage of the selected settings. This data may include, in particular, IP addresses and location data of the users, which, however, are not collected without their consent (usually executed as part of the settings of their mobile devices). Service Provider: OpenStreetMap Foundation (OSMF); website: https://www.openstreetmap.de; privacy policy: https://wiki.openstreetmap.org/wiki/Privacy_Policy.

– Soundcloud Music Player Widget: Soundcloud Music Player Widget; Service provider: SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany; website: https://soundcloud.com; privacy policy: https://soundcloud.com/pages/privacy.

– YouTube videos: Video content; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://www.youtube.com; privacy policy: https://policies.google.com/privacy; opt-out: opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, ad display settings: https://adssettings.google.com/authenticated.

 

Management, organization and support tools

We use services, platforms and software from other providers (hereinafter referred to as “third-party providers”) for the purposes of organizing, managing, planning as well as providing our services. When selecting third-party providers and their services, we observe the legal requirements.

In this context, personal data may be processed and stored on the servers of the third-party providers. This may involve various data that we process in accordance with this privacy policy. This data may include, in particular, master data and contact data of users, data on transactions, contracts, other processes and their contents.

If users are referred to the third-party providers or their software or platforms in the course of communication, business or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization or marketing purposes. We therefore ask you to observe the data protection notices of the respective third-party providers.

Notes on legal basis: If we ask users for their consent to use the third-party providers, the legal basis for processing data is consent. Furthermore, their use may be a component of our (pre)contractual services, provided that the use of the third-party providers has been agreed within this framework. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

– Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

– Data subjects: Communication partners, users (e.g., website visitors, users of online services).

– Purposes of processing: contact requests and communication.

– Legal bases: consent (Art. 6 para. 1 p. 1 lit. a. DSGVO), contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. DSGVO), legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Services used and service providers:

– Calendly: online appointment scheduling, appointment and contact management; service provider: Calendly, LLC, 3423 Piedmont Road NE, Atlanta, GA 30305-1754, United States. Information about Calendly and Calendly’s privacy policy can be viewed here: https://calendly.com/pages/privacy.

– WeTransfer: transfer of files over the Internet; service provider: WeTransfer BV, Oostelijke Handelskade 751, Amsterdam, 1019 BW, Netherlands; Website: https://wetransfer.com; Privacy Policy: https://wetransfer.com/legal/privacy.

Rights of the data subjects

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

– Right to object: you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions (EXPRESS OPPOSITION UNDER ART. 21(1) DSGVO). If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing (right of objection under Art. 21 Para. 1 of the German Data Protection Regulation).

– Right to withdraw consent: You have the right to revoke any consent given at any time.

– Right to information: you have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with the legal requirements.

– Right to rectification: you have the right, in accordance with the law, to request that data concerning you be completed or that inaccurate data concerning you be rectified.

– Right to erasure and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be deleted without delay, or alternatively, in accordance with the legal requirements, to demand restriction of the processing of the data.

– Right to data portability: You have the right to receive data concerning you, which you have provided to us, in a structured, common and machine-readable format in accordance with the legal requirements, or to demand its transfer to another responsible party.

– Complaint to supervisory authority: without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the requirements of the GDPR.

 

Amendment and update of the privacy policy

We ask you, especially since you are a person with legal capacity, to inform yourself regularly about the content of our privacy policy. We will adapt the privacy policy as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy statement, please note that the addresses may change over time and please check the information before contacting us.

Note: The one legally binding version of the privacy policy is published (in German language) here:
www.corneliahelga.de/datenschutz/

Created according to the stipulations of RA Dr. Thomas Schwenke, IT-Recht-Kanzlei, AdSimple and e-recht24.de.