Information about the processing of personal data by Antonella Kramer in accordance with Art. 13 GDPR

 

I attach great importance to protecting your data. I therefore only process your personal data in accordance with the content of this data protection declaration as well as the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other applicable laws. The following data protection information applies to the processing of the data of participants in my coaching, workshops and retreats (in The following only refers to “coaching”, unless explicitly stated otherwise) as well as for data processing that takes place via my website.

1. Name and contact details of the data controller

Antonella Kramer
Oberhachingerstrasse 23
82031 Grünwald

Telephone: +49 160 98296659
Email: hallo@gluecksmentorin.de

2. Processing of personal data when contacting you as well as when booking and carrying out my coaching sessions, workshops and retreats

If you provide me with personal data by contacting me, e.g. by email or by entering your data in my contact form (?), I will process your data in accordance with Art. 6 Para. 1 Sentence 1 b) GDPR for the purpose of Fulfillment of the contract or to carry out pre-contractual measures that are carried out at your request or in accordance with Art. 6 Para. 1 Sentence 1 f) GDPR due to my legitimate interest in answering your request.

During my consulting services, I take notes about what we discuss. I will store these notes for a period of 3 months after the last consultation appointment, unless you agree that I may store these notes for longer.

The legal basis for making the notes is in accordance with Art. 6 Paragraph 1 Sentence 1 b) GDPR, as this is necessary for the purpose of fulfilling the contract. The storage of 3 months is based on my legitimate interest (legal basis is Art. 6 Para. 1 S. 1 f) GDPR) in being able to have it ready again within a certain period of time if the customer needs further advice from me would like to claim.

During my coaching sessions, I make image, video and sound recordings after consultation with all participants, the use of which I also coordinate with the participants and obtain the appropriate consent for this.

3. Processing of personal data when booking my coaching sessions, workshops and retreats online

If you book coaching services (e.g. coaching, workshops and retreats) via my website, I process the following personal data purely for the purpose of being able to fulfill the contract with you: your name, your email addresseat, your postal address, your order and your payment details, although I do not have access to your PayPal details or your credit card details. These are only processed by the payment service providers. Your payment details will be passed on to my house bank, from which I will have the direct debit carried out. If you make a bank transfer, I can also see your bank details in my account.

The data processing described above all takes place on the basis of Article 6 Paragraph 1 Sentence 1 b) GDPR, as the processing is necessary for the fulfillment of a contract to which you are a party.

4. Use of audio and video conferencing solutions; Use of providers in third countries

For my online coaching and workshops and retreats as well as for discussing your personal energy image, I offer you the Zoom solution from Zoom Video Communications, Inc., or the Webex solution from Cisco Systems, Inc. Both providers are based in the USA, where they also regularly process data. The processing of your data also takes place in a third country, i.e. in a country that may not have the same level of data protection as the EU.

I have concluded order processing contracts with both providers in accordance with Art. 28 GDPR, as well as an agreement in accordance with the EU standard clauses, which ensures the appropriate level of data protection even when data is processed in the USA (Art. 46 GDPR). As additional protective measures, I have configured both solutions so that only data centers in the EU, the EEA or safe third countries such as Canada or Japan are used to conduct “online meetings”.

When using the audio or video conferencing solutions, different types of data are processed, namely master and contact data. The scope of the data also depends on what data you provide before or when participating in an audio or video conference. In order to take part in an “online meeting” or enter the “meeting room”, you must at least provide information about your name.

Meeting metadata such as titles and descriptions of the meeting, participant IP addresses, device/hardware information, and, for recordings, MP4 files of all video, audio and presentation recordings, M4A files of all audio recordings, and finally text files are also included Use of the chat functions saved. If you dial in using your telephone, information about the incoming and outgoing phone number, country name, start and end time and, if necessary, connection data such as the IP address of the device are saved.

If you access the provider's website, they are responsible for the data processing that takes place. You must visit the website to download the provider's app or - if you do not want or cannot do this - to use the browser version.
If we want to record “online meetings”, we will inform you transparently in advance and – if necessary – ask for your consent. The same applies if we log chat content.

Automated decision-making within the meaning of Art. 22 GDPR is not used.

The legal basis for data processing when conducting “online meetings” is Article 6 Paragraph 1 Sentence 1 b) GDPR, insofar as the meetings are carried out within the framework of contractual relationships. Outside of contracts that have already been concluded, the legal basis is Art. 6 Paragraph 1 Sentence 1 f) GDPR because we have a legitimate interest in conducting “online meetings”. Of course speakWe would also be happy to talk to you by phone.

5. Processing your data using log files

When you access my website, the browser used on your device automatically sends information to our website server. ThisInformation is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted, usually after one week:

​

• IP address of the requesting computer,

• Date and time of access,

• for further administrative purposes.

• Name and URL of the retrieved file,

• Website from which access is made (referrer URL),

• browser used and, if applicable, the operating system of your computer as well as the name of your access provider

 

The data mentioned will be processed for the following purposes:

​

• Ensuring a smooth connection to the website,

• Ensuring comfortable use of my website,

• Evaluation of system security and stability,

• Clarification perhapsger abusiveherePage accesses (DoS/DDoS attacks or similar) as well as

• for further administrative purposes.

The legal basis for data processing is Article 6 Paragraph 1 Sentence 1 f) GDPR. My legitimate interest follows from the data collection purposes listed above. As a rule, I do not use the data collected for the purpose of drawing conclusions about you personally. I reserve this for the case that:This is necessary to investigate abusive page access.

6. Processing of your data using cookies and Google Analytics

(1) Essential cookies: When you access my website, so-called cookies - these are small text files - are automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.). On the one hand, these are so-called session cookies, which expire when you close your browser window. I need this so that you can fill the shopping cart in my online shopping cart. These cookies are stored on the basis of Art. 6 Paragraph 1 Sentence 1 b) GDPR because they are necessary for the fulfillment of a contract to which you are a party or to carry out pre-contractual measures at your request.

Finally, we use a persistent cookie that stores your selection in the cookie banner, i.e. which cookies you have consented to or not. We store this cookie on the basis of Art. 6 Paragraph 1 Sentence 1 f) GDPR because we have a legitimate interest in making the use of the website more attractive for you by not having to search for it every time you access the website your consent will be asked.

(2) Cookies after consent: For the purposes of needs-based design and continuous optimization of my website, I use Google Analytics, a web analysis service provided by Google Ireland Limited, based on your consent (Art. 6 Para. 1 S. 1 a) GDPR). Gordon House, Barrow Street, Dublin 4, Ireland. When you access our website, a window appears in which you can either click on “Save” without ticking any further boxes, which means that only the essential cookies listed under section 8 (1) will be set. However, you can also select all or individual cookies and thereby give your consent to data processing by the selected cookies.

As part of the processing described below, data is also regularly transmitted to Google LLC, based in the USA. Google Ireland Limited and Google LLC are hereinafter collectively referred to as “Google”. There is an agreement with Google in accordance with the EU standard contractual clauses, which ensures the adequacy of data protection even when processed in the USA and other third countries (Art. 46 GDPR). By activating it, you also give your express consent to the data transfer (Art. 49 Para. 1 a) GDPR).

Google Analytics creates pseudonymized usage profiles for me. Google also uses cookies for this purpose when you visit this website. The cookie stores information that arises in connection with the specific end device used. However, this does not mean that we receive direct knowledge of your identity. These cookies are deleted after 2 years.

The Google Analytics cookie generates information about your use of this website such as

​

• browser type/version,

• operating system used,

• Referrer URL (the previously visited page),

• Host name of the accessing computer (IP address),

• Time of server request.

 

This data is transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet use for the purposes of market research and the needs-based design of these websites. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of you. Under no circumstances will your IP address be merged with other Google data. The IP addresses are regularly anonymized within the European Union or within the EEA and only then transferred to the USA, so that assignment is not possible (IP masking).

You can revoke your consent at any time by clicking the “Cookie Settings” button in the privacy policy of my website and consentn deactivate again.

Cookie settings

You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by enteringDownload browser add-on and install.

Further information on data protection in connection with Google Analytics can be found in theGoogle Analytics Help.

(3) You can set your browser so that it prevents the setting of cookies and only allows them from certain websites. Please note that my webshop will not function properly if you do not allow cookies.

7. Notes on the security of your data

I have taken technical and organizational security measures to protect your data from loss, destruction, manipulation and unauthorized access. All people involved in my data processing are obliged to comply with the GDPR, the new BDSG and other data protection-related laws and to handle personal data confidentially.

If personal data is collected and processed, the information is transmitted in encrypted form to prevent misuse of the data by third parties. Our security measures are continually revised in line with technological developments.

8. Categories of data recipients; Data transfers to a third country

In addition to the service providers and third-party providers named in this data protection declaration, other service providers and vicarious agents used by me in connection with the website and my systems, e.g. host providers, agencies and IT service providers, may have access to your personal data. However, to the extent that these service providers and vicarious agents work on my behalf, they only act in accordance with instructions and are contractually obliged by us accordingly. This also applies to service providers located in a third country (a country outside the EU or EEA). Unless there are other guarantees for compliance with an appropriate level of data protection (e.g. an adequacy decision by the EU Commission), such data transfers only take place on the basis of Art. 49 GDPR (e.g. based on your consent).

9. Your Rights

In accordance with Article 15 of the GDPR, you have the right, upon request, to receive information free of charge about the personal data that has been stored about you. In accordance with Articles 16, 17 and 18 GDPR, you also have the right to correct incorrect data and to block and delete your personal data. Under the conditions set out in Article 20 of the GDPR, you are also entitled to receive the personal data relating to you that has been stored in a structured, common and machine-readable format and to transmit this data to another person responsible without hindrance from me. In addition, in accordance with Article 21 Paragraph 1 of the GDPR, you are entitled to object to the processing of personal data concerning you, which is carried out on the basis of Article 6 Paragraph 1 Sentence 1 e) or f) of the GDPR, including profiling to lodge an objection for reasons arising from your particular situation. If your personal data is processed for the purposes of direct advertising, you have the right to object at any time to the processing of your data for such advertising, including profiling to the extent that it is related to such direct advertising, in accordance with Article 21 Paragraph 2 of the GDPR.

I will fulfill your aforementioned rights to the extent that the legal requirements for asserting the rights are met.

Where I have asked you for your consent, you can revoke it at any time as explained in each case. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its revocation.

Any request regarding your personal information should be directed to the contact information provided at the beginning of this Privacy Policy.

Everyone affected also has the right to lodge a complaint about my processing of data with a data protection supervisory authority.

10. Duration of storage and routine deletion

Unless expressly stated in this data protection declaration, I process and store personal data only for the period necessary to achieve the purpose of the processing or if this is provided for in laws or regulations to which I am subject.
If the storage purpose no longer applies or a legally required storage period expires, the personal data will be routinely blocked or deleted in accordance with legal regulations.