Privacy Notice
1. Introduction
This privacy notice is intended to inform you as the user of this website about the type, scope and purpose of the collection and use of personal data by the website operator.
Responsible:
Lisa Jara
Espenweg 10
50259 Pulheim
Germany
E-mail: lisa@lisa-jara.com
Phone: 0049-160-6736136
The website operator takes your data protection very seriously and treats your personal data confidentially and in accordance with the statutory provisions. As new technologies and the constant further development of this website may result in changes to this privacy notice, we recommend that you read it at regular intervals.
The privacy notice applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications and within external online presences, such as our profiles in social media (hereinafter referred to collectively as “online offer”).
The terms used are not gender-specific.
Definitions of the terms used (e.g. “personal data” or “processing”) can be found in Art. 4 GDPR.
2. General Information on Data Processing
2.1 Collection and Processing of Personal Data
The website operator collects, uses and passes on your personal data only if this is permitted by law or if you consent to the collection of data.
Personal data are all information which serve to determine your person and which can be traced back to you – for example your name, your e-mail address and telephone number.
You can also visit this website without providing any personal information. However, to improve our online offer, we store (without personal reference) your access data to this website. This access data includes, for example, the file you requested or the name of your internet provider. The anonymisation of the data does not allow any conclusions to be drawn about your person.
2.2 Access Data
We, the website operator or page provider, collect data on accesses to the website on the basis of our legitimate interest in improving the stability and functionality of our website (see Art. 6 § 1 letter f. GDPR) and store these data as “server log files” on the website server. When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
- Visited website
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you reached the site
- Used browser
- Operating system
- IP address (possibly in anonymised form)
The server log files are stored for a maximum of 7 days and then deleted. The data is stored for security reasons, e.g. to be able to clarify cases of abuse. If data must be kept for reasons of evidence, they are excluded from deletion until the incident has been finally clarified.
2.3 Legal Basis for the Processing of Personal Data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 § 1 letter a General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
When processing personal data which is necessary for the performance of a contract to which the data subject is a party, Art. 6 § 1 letter b GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.
Insofar as processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 § 1 letter c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 § 1 letter d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 § 1 letter f GDPR serves as the legal basis for the processing.
2.4 Duration of the Storage of Personal Data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if relevant – additionally by the respective legal retention period (e.g. retention periods under commercial and tax law).
When personal data are processed on the basis of express consent pursuant to Art. 6 § 1 letter a GDPR, these data are stored until the person concerned revokes his or her consent.
If there are legal retention periods for data which are processed within the framework of legal or similar obligations based on Art. 6 § 1 letter b GDPR, these data are routinely deleted after the retention periods have expired, provided that they are no longer required for the fulfilment or initiation of a contract and/or we have no legitimate interest in their further storage.
When personal data are processed on the basis of Art. 6 § 1 letter f GDPR, these data are stored until the person concerned exercises his or her right to object in accordance with Art. 21 § 1 GDPR, unless we can prove compelling reasons for processing worthy of protection which outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert, exercise or defend legal claims.
When personal data are processed for the purpose of direct advertising on the basis of Art. 6 § 1 letter f GDPR, these data are stored until the data subject exercises his or her right of objection under Art. 21 § 2 GDPR.
Unless otherwise stated in the other information on specific processing situations in this privacy notice, stored personal data will be deleted if they are no longer necessary for the purposes for which they were collected or otherwise processed.
3. Provision of the Online Offer and Web Hosting
3.1 General Information
In order to provide our online offer securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online services can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, and security and technical maintenance services.
The data processed within the framework of the provision of the hosting offer may include all data relating to the users of our online offer, which are generated in the course of use and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of online offers to browsers, and all entries made within our online offer or from websites, e.g. content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in contents, access times) and meta/communication data (e.g. device information).
Personal data is processed in order to optimise our online offer and on the basis of our legitimate interest (Art. 6 § 1 letter f. GDPR).
3.2 E-mail Dispatch and Hosting
The web hosting services we use also include the sending, receiving and storage of e-mails. For these purposes, the addresses of the recipients and senders as well as other information concerning the sending of e-mails (e.g. the providers involved) and the contents of the respective e-mails are processed. The aforementioned data may also be processed for the purpose of SPAM detection. Please note that e-mails on the internet are generally not sent in encrypted form. As a rule, e-mails are encrypted in transit, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore not assume any responsibility for the transmission path of the e-mails between the sender and the reception on our server.
3.3 Collection of Access Data and Log Files
We ourselves (or our web hosting provider) collect data on every access to the server (so-called server log files). Server log files may include the address and name of the web pages and files accessed, date and time of access, data volume transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.
The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure the capacity utilisation of the servers and their stability.
3.4 Content Delivery Network
We use a “Content Delivery Network” (CDN). A CDN is a service that allows the content of an online offer, especially large media files such as graphics or program scripts, to be delivered faster and more securely with the help of regionally distributed servers connected via the Internet.
4. Contact and Communication
4.1 General Information
Personal data is collected when contacting us (e.g. via contact form or e-mail). Which kind of data is collected in the case of a contact form can be seen from the respective form. In this context, the data will not be passed on to third parties. These data are stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Art. 6 § 1 letter f GDPR. If your contact is aimed at the conclusion of a contract, an additional legal basis for the processing is Art. 6 § 1 letter b GDPR. Your data will be deleted after final processing of your request. This is the case if it can be deduced from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
4.2 Contact and Communication via Messenger
We use messenger services for communication purposes and therefore ask you to observe the following information regarding the functionality of the messengers, encryption, use of the metadata of the communication and your right to object.
You can also contact us in alternative ways, e.g. by telephone or e-mail. Please use the contact information provided to you or the contact options provided within our online offer.
In the case of end-to-end encryption of content (i.e. the content of your message and attachments), we would like to point out that the communication content (i.e. the content of the message and attached images) is encrypted from end to end. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use a current version of the respective messenger with encryption enabled, to ensure that the message content is encrypted. However, we would also like to point out to our communication partners that although the messenger providers cannot view the content, they can find out that and when communication partners communicate with us, as well as technical information about the communication partner’s device and, depending on the settings of their device, location information (so-called metadata) is processed.
Information on legal bases: If we ask communication partners for permission before communicating with them via messenger, the legal basis for our processing of their data is their consent. Otherwise, if we do not ask for your consent and you contact us, e.g. on your own initiative, we will use the messenger in relation to our contractual partners as well as in the context of contract preparation as a contractual measure and in the case of other interested parties and communication partners on the basis of our legitimate interests in fast and efficient communication and meeting the needs of our communication partners for communication via messenger. Furthermore, we would like to point out that we will not transmit the contact data provided to us to the messengers for the first time without your consent.
Revocation, objection and deletion: You can revoke your consent at any time and object to communication with us via messenger at any time. In the case of communication via messenger, we delete the messages in accordance with our general deletion guidelines (i.e. as described above, for example, after the end of contractual relationships, in the context of archiving requirements etc.) and otherwise as soon as we can assume that we have answered any requests by the communication partners, if no reference to a previous conversation is to be expected and no legal storage obligations stand in the way of deletion.
Reservation of reference to other communication channels: Finally, we would like to point out that for reasons of your security we reserve the right not to answer inquiries via messenger. This is the case if, for example, internal contractual matters require special confidentiality or if a reply via messenger does not meet the formal requirements. In such cases we will refer you to more adequate communication channels.
Used services and service providers:
Facebook Messenger: Facebook Messenger with end-to-end encryption (Facebook Messenger’s end-to-end encryption requires activation unless it should be enabled by default); Service Provider: https://www.facebook.com, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.facebook.com; privacy statement: https://www.facebook.com/about/privacy; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; opt-out: https://www.facebook.com/settings?tab=ads.
Skype: Skype Messenger with end-to-end encryption (Note: Skype’s end-to-end encryption requires that it be enabled, unless it is enabled by default); Service Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Website: https://www.skype.com/de/; Privacy Statement: https://privacy.microsoft.com/de-de/privacystatement, Security Notice: https://www.microsoft.com/de-de/trustcenter; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active.
Threema: Threema Messenger with end-to-end encryption; service provider: Threema GmbH, Churerstrasse 82, 8808 Pfäffikon SZ, Switzerland; Website: https://threema.ch/en; Privacy Shield: https://threema.ch/de/privacy.
WhatsApp: WhatsApp Messenger with end-to-end encryption; service provider: WhatsApp Inc. WhatsApp Legal 1601 Willow Road Menlo Park, California 94025, USA; Web site: https://www.whatsapp.com/; Privacy Policy: https://www.whatsapp.com/legal; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000TSnwAAG&status=Active.
Google Hangouts: Messenger and conferencing software; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://hangouts.google.com/; privacy policy: https://policies.google.com/privacy; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
Signal: Signal Messenger with end-to-end encryption; service provider: Privacy Signal Messenger, LLC 650 Castro Street, Suite 120-223 Mountain View, CA 94041, USA; Website: https://signal.org/; Privacy Policy/Privacy Shield: https://signal.org/legal.
4.3 Online Scheduling
For the online scheduling of discovery calls and coaching sessions, we use the GDPR-compliant tool TidyCal. This is operated by Sumo Group, Inc., USA. When you book through this tool, the information you enter is transmitted for the purpose of processing the appointment request. This gives us the opportunity to remind and inform you about your agreed appointments and you can reschedule or cancel your appointments made with us online. However, you are not obliged to use this tool and can also book appointments by email, telephone or messenger services.
Further information on the data protection declaration can be found here: https://tidycal.com/privacy-policy
5. Cookies
In order to make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages, which are transferred to the user’s browser either from our server or the server of a third party. Cookies are small files which are stored on your end device. Your browser accesses these files. The use of cookies increases the user-friendliness and security of this website.
The following cookie types and functions are distinguished:
- Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his browser.
- Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. The interests of users used for reach measurement or marketing purposes can also be stored in such a cookie. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. The duration of the respective cookie storage can be found in the overview of the cookie settings of your web browser.
- First-party cookies: First-party cookies are set by us.
- Third party cookies: Third party cookies are mainly used by advertisers (so-called third parties) to process user information.
- Necessary (also: essential or required) cookies: Cookies may be absolutely necessary for the operation of a website (e.g. to store logins or other user input or for security reasons).
- Statistical, marketing and personalisation cookies: Furthermore, cookies are generally also used in the context of range measurement and when the interests of a user or his behaviour (e.g. viewing certain content, using functions etc.) are stored in a user profile on individual web pages. Such profiles are used to show users e.g. content that corresponds to their potential interests. This procedure is also known as “tracking”, i.e. following the potential interests of users. If we use cookies or “tracking” technologies, we will inform you separately in our privacy notice or when you give your consent.
In some cases, cookies are used to simplify processes by saving settings (e.g. remembering the time at which a video was interrupted in order to continue it at this point during a later visit to the website). Insofar as personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 § 1 letter b GDPR for the purpose of implementing the contract, in accordance with Art. 6 § 1 letter a GDPR in the case of a granted consent or in accordance with Art. 6 § 1 letter f GDPR for the purpose of safeguarding our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.
If you do not want cookies to be stored on your end device for range measurement, common browsers offer the setting option that you will be informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how to change your cookie settings.
Please note that if you do not accept cookies, the functionality of our website may be limited.
6. Web Analysis
6.1 Matomo
Based on our legitimate interests, this website uses the open source tool “Matomo” for the optimisation and analysis of our online offer according to Art. 6 § 1 letter f GDPR, which we operate on our own website server. In order to track activity on this site and to identify any problems, anonymised data on time and duration of visits, title and URL of the visited page, shortened IP (the last 2 bytes are omitted), duration of page load, screen resolution, browser language and form interactions are stored.
Matomo is executed in Cookie-less mode, so no tracking cookies are used. In addition, the do-not-track settings of the browser are also taken into account. If the do-not-track isn’t activated in your browser, but you still don’t want to be tracked, you can object to tracking on this site in the tracking status box below this paragraph. For this setting to be saved, a cookie is set on your end device for this purpose, so that only the objection and no further data can be tracked for the next visit.
Current status:
7. Surveys and Questionnaires
The surveys and questionnaires we conduct (hereinafter referred to as “surveys”) are evaluated anonymously. Personal data will only be processed to the extent necessary for the provision and technical implementation of the surveys (e.g. processing of the IP address to display the survey in the user’s browser or to enable resuming the survey by means of a temporary cookie (session cookie)) or users have consented to this.
The data processed in the course of the survey conducted may include information entered by the user when participating, e.g. contact data (e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses).
Personal data is processed for the purposes of contact enquiries and communication, direct marketing (e.g. by e-mail or post), tracking (e.g. interest/behaviour-related profiling, use of cookies), feedback (e.g. collection of feedback via online form) and to optimise our online offering.
If we ask the participants to consent to the processing of their data, this is the legal basis for the processing (Art. 6 § 1 letter a GDPR), otherwise the processing of the participants’ data is based on our legitimate interest in conducting an objective survey (Art. 6 § 1 letter f. GDPR).
Services and service providers used:
Google form: Google cloud forms; service providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://firebase.google.com; privacy policy: https://policies.google.com/privacy; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; opt-out: opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=en, advertising display settings: https://adssettings.google.com/authenticated.
8. Plug-ins and Embedded Functions and Content
In our online offer we include functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as “third party providers”). These can be, for example, graphics, videos or social media buttons and contributions (hereinafter referred to uniformly as “content”).
The integration always presupposes that the third party providers of these contents process the IP address of the users, as without the IP address they would not be able to send the contents to their browsers. The IP address is therefore required for the display of these contents or functions. We make every effort to use only such content whose respective providers use the IP address only to deliver the content. Third party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain technical information about the browser and operating system, the websites to be linked, the time of visit and other details about the use of our online offer, as well as being linked to such information from other sources.
We integrate third-party software, scripts or frameworks (e.g. jQuery) into our online offer, which we call up from servers of other providers (e.g. function libraries, which we use for the purpose of displaying or making our online offer user-friendly). The respective providers collect the IP address of the users and can process it for the purpose of transmitting the software to the user’s browser and for security purposes, as well as for the evaluation and optimisation of their offer.
The data processed within the framework of the embedded functions can include, for example, usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data (data indicating the location of an end user’s terminal device), inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos).
Personal data is processed for the purposes of providing our online services and user-friendliness, security measures, administration and answering of enquiries, contact requests and communication, direct marketing (e.g. by e-mail or post), tracking (e.g. interest/behavioural profiling, use of cookies) and interest-based and behavioural marketing.
If we ask the participants for their consent to the processing of their data, this is the legal basis for the processing (Art. 6 § 1 letter a GDPR), otherwise the processing of the participants’ data is based on our legitimate interest in conducting an objective survey (Art. 6 § 1 letter f. GDPR).
Services and service providers used:
YouTube: Video Content; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, Parent Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opt-Out: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for the display of advertisements: https://adssettings.google.com/authenticated.
This website uses the YouTube embedding function to display and play videos from the provider “YouTube”, which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
In this case, the extended data protection mode is used, which, according to the provider, only triggers the storage of user information whe the video/videos is/are played. When the playback of embedded YouTube videos is started, the provider “YouTube” uses cookies to collect information about user behavior. According to information from “YouTube”, these are used, among other things, to collect video statistics, to improve the user experience and to prevent abusive behavior. If you are logged in to Google, your data is directly associated with your account when you click on a video. If you do not want this to be associated with your YouTube profile, you must log out before activating the button.
Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation is carried out in particular in accordance with Art. 6 § 1 letter f. GDPR on the basis of Google’s legitimate interests in the display of personalized advertising, market research and / or needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. In the course of using YouTube, personal data may also be transmitted to the servers of Google LLC. in the USA.
In case that personal data is transferred to Google LLC., which is based in the USA, Google LLC. has certified itself for the US-European data protection agreement “Privacy Shield”, which ensures compliance with the level of data protection applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
Further information on data protection at “YouTube” can be found in the provider’s privacy policy at: https://policies.google.com/privacy?hl=en
As far as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 § 1 letter a. GDPR. You can revoke your consent at any time with effect for the future. To exercise your revocation, please follow the above described option for making an objection.
9. Social Media
We also use social media to provide additional information. This website contains links to these channels in social media, but no so-called “social plug-ins” are used (such as the Facebook “Like” button). The links are only integrated into the web analysis. We link to our website in the following channels:
- Facebook: https://www.facebook.com/lisa.jara.1650
- Instagram: https://www.instagram.com/lisa.jara.coaching
- YouTube: https://www.youtube.com/channel/UCG3IUe0ROGTtuw8r3Pmwz9Q
The social media platforms are independent information offerings and independent of this website. Further information on the purpose and scope of data collection and the further processing and use of the data by the respective social media service can be found on the internet at the following URLs
- Facebook privacy policy: https://www.facebook.com/policy
- Instagram Privacy Policy: https://help.instagram.com/519522125107875
- YouTube Privacy Policy: https://policies.google.com/privacy?hl=en
We point out that user data may be processed outside the European Union. This may result in risks for the users, because the enforcement of the users’ rights could be made more difficult. With regard to US providers that are certified under the Privacy Shield or offer comparable guarantees of a secure level of data protection, we would like to point out that they thereby undertake to comply with the data protection standards of the EU.
Furthermore, user data within social networks is generally processed for market research and advertising purposes. Thus, for example, user profiles can be created on the basis of user behaviour and the resulting interests of the users. The user profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behaviour and interests of the users are stored. Furthermore, data may also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
For a detailed description of the respective forms of processing and the possibilities of objection (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.
10. Newsletter „Mo(o)nday Musings“
The website operator offers you a newsletter through which you will receive weekly-ish personal emails containing reflection questions, ideas, links to new blog articles and interviews as well as information about upcoming events and offers. If you want to subscribe to the newsletter, you only need to provide a valid email address. The provision of further data is voluntary and will be used to address you personally.
For the subscription to the newsletter we use the so-called double opt-in process. That means we will only send you the e-mail newsletter if you have explicitly confirmed that you agree to receive the newsletter. We will therefore send you a confirmation e-mail in which you will be asked to confirm that you wish to receive the newsletter in the future by clicking on a corresponding link. By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 § 1 letter a. GDPR. When you register for the newsletter, we store your IP address entered by your Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date.
The newsletter is sent via our own server, therefore no personal data is transmitted to a third-party provider.
Revocation and Cancellation: You can unsubscribe from the newsletter at any time via the link provided in the newsletter for this purpose, or by sending a message to the responsible person mentioned above. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use your data for any other purpose that is permitted by law and about which we inform you in this statement.
11. Coaching Agreements
11.1 Purpose of Data Processing
The processing of your data in the coaching context is based on legal requirements in order to fulfil our coaching agreement as well as the corresponding obligations.
The collection and processing of your personal data is carried out solely to the extent necessary and for the following purposes:
- for the execution of the contract (especially the preparation and follow-up of sessions)
- for your care and support
- for bookkeeping and invoicing
11.2 Processing, Forwarding and Storage
I use all personal data collected exclusively for the preparation, implementation and follow-up of the coaching sessions. The processing and storage is limited to the necessary minimum, anonymised as far as possible and applies to the following data:
- Title, first names, surnames, date of birth, availability (e-mail addresses, postal addresses, telephone and fax numbers, Skype names if applicable)
- Contracts, agreements, privacy notices
- Date and information about telephone calls, notes of conversations, e-mail correspondence (including any new and/or changed contact details provided therein, if applicable), agreements, (change) requests, goals, visions, your topics, as well as your answers from preparation forms, questionnaires and feedback forms
- if necessary, also medical data which you have voluntarily provided in order to guarantee the best possible cooperation
- Invoices and outstanding payments
I will only forward your personal data to third parties if this is required by law (e.g. within the framework of tax law to tax offices).
I will keep your personal data and records for as long as it is necessary for the coaching process. The records of your sessions will be deleted after 2 years, in case you decide to book further coaching sessions with me before then. In addition, I am obliged to comply with the statutory retention requirements of 10 years for tax-relevant records. After this period, they will also be deleted.
12. Payment Service Providers
In the context of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer you efficient and secure payment options and use other payment service providers for this purpose in addition to banks and credit institutions (collectively “payment service providers”).
The data processed by the payment service providers may include:
- Inventory data (e.g. name and address)
- Payment data (e.g. bank details such as account numbers or credit card numbers, passwords, TANs)
- Contract data (e.g. subject matter of contract, duration, customer category)
- Usage data (e.g. websites visited, interest in content, access times)
- Meta/communication data (e.g. device information, IP addresses)
The information is required in order to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them, i.e., we do not receive any account or credit card related information, but only information with confirmation or negative information of the payment. Under certain circumstances, the payment service providers transmit the data to credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard, we refer to the terms and conditions and the privacy notices of the respective payment service providers.
For payment transactions, the terms and conditions and privacy notice of the respective payment service providers apply, which can be accessed within the respective websites or transaction applications. We also refer to these for the purpose of further information and assertion of revocation, information and other data protection rights.
The legal basis for the collection and processing of personal data is the legitimate interest in contract fulfillment and communication for pre-contractual inquiries pursuant to Art. 6 § 1 letter b. GDPR and Art. 6 § 1 letter f. GDPR.
Services and service providers used:
PayPal: Payment Services and Solutions (e.g. PayPal, PayPal Plus, Braintree); service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Website: https://www.paypal.com/de; Privacy Policy: https://www.paypal.com/lu/webapps/mpp/ua/privacy-full.
13. Legal Rights of the User
The applicable data protection law grants you comprehensive data subject rights (rights of information and intervention) vis-à-vis the person responsible for processing your personal data. If you wish to correct, block, delete or obtain information about the personal data stored about you, or if you have any questions regarding the collection, processing or use of your personal data, or if you wish to revoke any consents granted, please contact the following e-mail address: lisa@lisa-jara.com.
13.1 Right of Access according to Art. 15 GDPR
In particular, you have the right to be informed about your personal data processed by us, the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed and the planned storage period or the criteria for determining the storage period.
13.2 Right to Rectification under Art. 16 GDPR
You have the right to demand the immediate correction of incorrect data concerning you and/or the completion of your incomplete data stored with us.
13.3 Right to Erasure and Restriction of Processing in accordance with Articles 17 and 18 GDPR
Unless your request conflicts with a legal obligation to retain data (e.g. data retention), you have the right to have your data deleted. Data stored by us will be deleted if they are no longer required for their intended purpose and if there are no statutory retention periods. If deletion cannot be carried out because the data is required for permissible legal purposes, data processing will be restricted (in particular in the case of data that must be retained for commercial or tax law reasons or that must be stored to assert, exercise or defend legal claims or to protect the rights of another natural or legal person). In this case the data will be blocked and not processed for other purposes.
13.4 Right to Notification in accordance with Art. 19 GDPR
If you have asserted the right to rectify, erase or limit the processing vis-à-vis the responsible person, she is obliged to notify all recipients of this rectification, erasure or limitation of processing to whom the personal data concerning you have been disclosed, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients.
13.5 Right to Data Portability pursuant to Art. 20 GDPR
You have the right to receive your personal data, which you have provided us with, in a structured, common and machine-readable format in accordance with the legal requirements or to request that it be transferred to another person responsible, insofar as this is technically feasible.
13.6 Right of Withdrawal of Consents granted pursuant to Art. 7 § 3 GDPR
You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned, unless further processing cannot be based on a legal basis for processing without consent.
13.7 Right to Object pursuant to Art. 21 GDPR
As a user of this website you have the right to object to the processing of your personal data at any time. In this case we will stop processing the data concerned.
Even if the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of such data for the purpose of such marketing.
13.8 Right to Lodge a Complaint pursuant to Art. 77 GDPR
In accordance with the statutory provisions, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of suspected infringement, if you believe that the processing of personal data concerning you is in breach of the GDPR.