This privacy notice is intended to inform the users of this website about the type, scope and purpose of the collection and use of personal data by the website operator.
The website operator takes your data protection very seriously and treats your personal data confidentially and in accordance with the statutory provisions. As new technologies and the constant further development of this website may result in changes to this privacy notice, we recommend that you read it at regular intervals.
The privacy notice applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications and within external online presences, such as our profiles in social media (hereinafter referred to collectively as “online offer”).
The terms used are not gender-specific.
Definitions of the terms used (e.g. “personal data” or “processing”) can be found in Art. 4 GDPR.
2. General Information on Data Processing
2.1 Collection and Processing of Personal Data
The website operator collects, uses and passes on your personal data only if this is permitted by law or if you consent to the collection of data.
Personal data are all information which serve to determine your person and which can be traced back to you – for example your name, your e-mail address and telephone number.
You can also visit this website without providing any personal information. However, to improve our online offer, we store (without personal reference) your access data to this website. This access data includes, for example, the file you requested or the name of your internet provider. The anonymisation of the data does not allow any conclusions to be drawn about your person.
2.2 Access Data
We, the website operator or page provider, collect data on accesses to the website on the basis of our legitimate interest in improving the stability and functionality of our website (see Art. 6 § 1 letter f. GDPR) and store these data as “server log files” on the website server. When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
- Visited website
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you reached the site
- Used browser
- Operating system
- IP address (possibly in anonymised form)
The server log files are stored for a maximum of 7 days and then deleted. The data is stored for security reasons, e.g. to be able to clarify cases of abuse. If data must be kept for reasons of evidence, they are excluded from deletion until the incident has been finally clarified.
2.3 Legal Basis for the Processing of Personal Data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 § 1 letter a General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
When processing personal data which is necessary for the performance of a contract to which the data subject is a party, Art. 6 § 1 letter b GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.
Insofar as processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 § 1 letter c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 § 1 letter d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 § 1 letter f GDPR serves as the legal basis for the processing.
2.4 Duration of the Storage of Personal Data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if relevant – additionally by the respective legal retention period (e.g. retention periods under commercial and tax law).
When personal data are processed on the basis of express consent pursuant to Art. 6 § 1 letter a GDPR, these data are stored until the person concerned revokes his or her consent.
If there are legal retention periods for data which are processed within the framework of legal or similar obligations based on Art. 6 § 1 letter b GDPR, these data are routinely deleted after the retention periods have expired, provided that they are no longer required for the fulfilment or initiation of a contract and/or we have no legitimate interest in their further storage.
When personal data are processed on the basis of Art. 6 § 1 letter f GDPR, these data are stored until the person concerned exercises his or her right to object in accordance with Art. 21 § 1 GDPR, unless we can prove compelling reasons for processing worthy of protection which outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert, exercise or defend legal claims.
When personal data are processed for the purpose of direct advertising on the basis of Art. 6 § 1 letter f GDPR, these data are stored until the data subject exercises his or her right of objection under Art. 21 § 2 GDPR.
Unless otherwise stated in the other information on specific processing situations in this privacy notice, stored personal data will be deleted if they are no longer necessary for the purposes for which they were collected or otherwise processed.
3. Provision of the Online Offer and Web Hosting
3.1 General Information
In order to provide our online offer securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online services can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, and security and technical maintenance services.
The data processed within the framework of the provision of the hosting offer may include all data relating to the users of our online offer, which are generated in the course of use and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of online offers to browsers, and all entries made within our online offer or from websites, e.g. content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in contents, access times) and meta/communication data (e.g. device information).
Personal data is processed in order to optimise our online offer and on the basis of our legitimate interest (Art. 6 § 1 letter f. GDPR).
3.2 E-mail Dispatch and Hosting
The web hosting services we use also include the sending, receiving and storage of e-mails. For these purposes, the addresses of the recipients and senders as well as other information concerning the sending of e-mails (e.g. the providers involved) and the contents of the respective e-mails are processed. The aforementioned data may also be processed for the purpose of SPAM detection. Please note that e-mails on the internet are generally not sent in encrypted form. As a rule, e-mails are encrypted in transit, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore not assume any responsibility for the transmission path of the e-mails between the sender and the reception on our server.
3.3 Collection of Access Data and Log Files
We ourselves (or our web hosting provider) collect data on every access to the server (so-called server log files). Server log files may include the address and name of the web pages and files accessed, date and time of access, data volume transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.
The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure the capacity utilisation of the servers and their stability.
3.4 Content Delivery Network
We use a “Content Delivery Network” (CDN). A CDN is a service that allows the content of an online offer, especially large media files such as graphics or program scripts, to be delivered faster and more securely with the help of regionally distributed servers connected via the Internet.
4.1 General Information
Personal data is collected when contacting us (e.g. via contact form or e-mail). Which kind of data is collected in the case of a contact form can be seen from the respective form. In this context, the data will not be passed on to third parties. These data are stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Art. 6 § 1 letter f GDPR. If your contact is aimed at the conclusion of a contract, an additional legal basis for the processing is Art. 6 § 1 letter b GDPR. Your data will be deleted after final processing of your request. This is the case if it can be deduced from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
4.2 Communication via Messenger
We use messenger services for communication purposes and therefore ask you to observe the following information regarding the functionality of the messengers, encryption, use of the metadata of the communication and your right to object.
You can also contact us in alternative ways, e.g. by telephone or e-mail. Please use the contact information provided to you or the contact options provided within our online offer.
In the case of end-to-end encryption of content (i.e. the content of your message and attachments), we would like to point out that the communication content (i.e. the content of the message and attached images) is encrypted from end to end. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use a current version of the respective messenger with encryption enabled, to ensure that the message content is encrypted. However, we would also like to point out to our communication partners that although the messenger providers cannot view the content, they can find out that and when communication partners communicate with us, as well as technical information about the communication partner’s device and, depending on the settings of their device, location information (so-called metadata) is processed.
Information on legal bases: If we ask communication partners for permission before communicating with them via messenger, the legal basis for our processing of their data is their consent. Otherwise, if we do not ask for your consent and you contact us, e.g. on your own initiative, we will use the messenger in relation to our contractual partners as well as in the context of contract preparation as a contractual measure and in the case of other interested parties and communication partners on the basis of our legitimate interests in fast and efficient communication and meeting the needs of our communication partners for communication via messenger. Furthermore, we would like to point out that we will not transmit the contact data provided to us to the messengers for the first time without your consent.
Revocation, objection and deletion: You can revoke your consent at any time and object to communication with us via messenger at any time. In the case of communication via messenger, we delete the messages in accordance with our general deletion guidelines (i.e. as described above, for example, after the end of contractual relationships, in the context of archiving requirements etc.) and otherwise as soon as we can assume that we have answered any requests by the communication partners, if no reference to a previous conversation is to be expected and no legal storage obligations stand in the way of deletion.
Reservation of reference to other communication channels: Finally, we would like to point out that for reasons of your security we reserve the right not to answer inquiries via messenger. This is the case if, for example, internal contractual matters require special confidentiality or if a reply via messenger does not meet the formal requirements. In such cases we will refer you to more adequate communication channels.
Used services and service providers:
Facebook Messenger: Facebook Messenger with end-to-end encryption (Facebook Messenger’s end-to-end encryption requires activation unless it should be enabled by default); Service Provider: https://www.facebook.com, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.facebook.com; privacy statement: https://www.facebook.com/about/privacy; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; opt-out: https://www.facebook.com/settings?tab=ads.
Skype: Skype Messenger with end-to-end encryption (Note: Skype’s end-to-end encryption requires that it be enabled, unless it is enabled by default); Service Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Website: https://www.skype.com/de/; Privacy Statement: https://privacy.microsoft.com/de-de/privacystatement, Security Notice: https://www.microsoft.com/de-de/trustcenter; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active.
Threema: Threema Messenger with end-to-end encryption; service provider: Threema GmbH, Churerstrasse 82, 8808 Pfäffikon SZ, Switzerland; Website: https://threema.ch/en; Privacy Shield: https://threema.ch/de/privacy.
4.3 Online Scheduling
For the online scheduling of exploration sessions and coaching sessions, we use the GDPR-compliant tool Acuity Scheduling. This is operated by Acuity Scheduling, Inc, a subsidiary of Squarespace, Inc, 225 Varick Street, 12th Floor, New York, NY 10014 USA. When you book through this tool, the information you enter is transmitted for the purpose of processing the appointment request. This gives us the opportunity to remind and inform you about your agreed appointments and you can reschedule or cancel your appointments made with us online. However, you are not obliged to use this tool and can also book appointments by email, telephone or messenger services.
Further information on the data protection declaration can be found here: https://acuityscheduling.com/privacy.php or at https://www.squarespace.com/privacy
The following cookie types and functions are distinguished:
- Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his browser.
- Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. The interests of users used for reach measurement or marketing purposes can also be stored in such a cookie. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. The duration of the respective cookie storage can be found in the overview of the cookie settings of your web browser.
- First-party cookies: First-party cookies are set by us.
- Third party cookies: Third party cookies are mainly used by advertisers (so-called third parties) to process user information.
- Necessary (also: essential or required) cookies: Cookies may be absolutely necessary for the operation of a website (e.g. to store logins or other user input or for security reasons).
In some cases, cookies are used to simplify processes by saving settings (e.g. remembering the time at which a video was interrupted in order to continue it at this point during a later visit to the website). Insofar as personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 § 1 letter b GDPR for the purpose of implementing the contract, in accordance with Art. 6 § 1 letter a GDPR in the case of a granted consent or in accordance with Art. 6 § 1 letter f GDPR for the purpose of safeguarding our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.
If you do not want cookies to be stored on your end device for range measurement, common browsers offer the setting option that you will be informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how to change your cookie settings.
Please note that if you do not accept cookies, the functionality of our website may be limited.
6. Web Analysis
6.1 Google Analytics
On the basis of our legitimate interests and for the optimisation and analysis of our online offer in the sense of Art. 6 § 1 letter f. GDPR, this website uses the service “Google Analytics”, which is provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The service (Google Analytics) uses “cookies” – text files which are stored on your end device. The information collected by the cookies is usually sent to a Google server in the USA and stored there.
Google LLC complies with European data protection law and is certified under the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
If it is possible for us or if it is not necessary to save the IP address, IP anonymisation is used on this website. This means that your IP address will be shortened within the member states of the EU and the European Economic Area and in the other contracting states of the agreement. Only in individual cases is the IP address initially transferred in full to a Google server in the USA and shortened there. In the case of shortening the IP address, also known as “IP masking”, the last octet, i.e. the last two numbers of an IP address, are deleted (the IP address in this context is an identifier individually assigned to an internet connection by the online access provider). The purpose of shortening the IP address is to prevent or make it considerably more difficult to identify a person on the basis of their IP address. The user’s IP address transmitted by the browser is not combined with other data stored by Google.
Within the framework of the agreement on commissioned data, which we, as website operator, have concluded with Google Inc., the latter uses the information collected to create an evaluation of website use and website activity and provides services associated with internet use.
The data collected by Google on our behalf is used to evaluate the use of our online offer by individual users, e.g. to create reports on website activity in order to improve our online offer.
You have the option of preventing the storage of cookies on your device by making the appropriate settings in your browser. It cannot be guaranteed that you will be able to access all functions of this website without restrictions if your browser does not allow cookies.
Furthermore, you can use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to Google Inc. and used by Google Inc. The following link will take you to the appropriate plug-in: https://tools.google.com/dlpage/gaoptout?hl=de
Alternatively, by clicking on this link (IMPORTANT: insert opt-out link), you prevent Google Analytics from collecting data about you within this website. By clicking on the link above, you download an “opt-out cookie”. Your browser must therefore allow the storage of cookies for this purpose. If you delete your cookies regularly, you will need to click on the link again each time you visit this website.
Here you will find further information on the use of data by Google Inc:
https://policies.google.com/privacy/partners?hl=de (data collected by Google partners)
https://adssettings.google.de/authenticated (settings via advertisements that are displayed to you)
6.2 Google Tag Manager
7. Surveys and Questionnaires
The surveys and questionnaires we conduct (hereinafter referred to as “surveys”) are evaluated anonymously. Personal data will only be processed to the extent necessary for the provision and technical implementation of the surveys (e.g. processing of the IP address to display the survey in the user’s browser or to enable resuming the survey by means of a temporary cookie (session cookie)) or users have consented to this.
The data processed in the course of the survey conducted may include information entered by the user when participating, e.g. contact data (e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses).
If we ask the participants to consent to the processing of their data, this is the legal basis for the processing (Art. 6 § 1 letter a GDPR), otherwise the processing of the participants’ data is based on our legitimate interest in conducting an objective survey (Art. 6 § 1 letter f. GDPR).
Services and service providers used:
8. Plug-ins and Embedded Functions and Content
In our online offer we include functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as “third party providers”). These can be, for example, graphics, videos or social media buttons and contributions (hereinafter referred to uniformly as “content”).
The integration always presupposes that the third party providers of these contents process the IP address of the users, as without the IP address they would not be able to send the contents to their browsers. The IP address is therefore required for the display of these contents or functions. We make every effort to use only such content whose respective providers use the IP address only to deliver the content. Third party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain technical information about the browser and operating system, the websites to be linked, the time of visit and other details about the use of our online offer, as well as being linked to such information from other sources.
We integrate third-party software, scripts or frameworks (e.g. jQuery) into our online offer, which we call up from servers of other providers (e.g. function libraries, which we use for the purpose of displaying or making our online offer user-friendly). The respective providers collect the IP address of the users and can process it for the purpose of transmitting the software to the user’s browser and for security purposes, as well as for the evaluation and optimisation of their offer.
The data processed within the framework of the embedded functions can include, for example, usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data (data indicating the location of an end user’s terminal device), inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos).
If we ask the participants for their consent to the processing of their data, this is the legal basis for the processing (Art. 6 § 1 letter a GDPR), otherwise the processing of the participants’ data is based on our legitimate interest in conducting an objective survey (Art. 6 § 1 letter f. GDPR).
Services and service providers used:
9. Social Media
We also use social media to provide additional information. This website contains links to these channels in social media, but no so-called “social plug-ins” are used (such as the Facebook “Like” button). The links are only integrated into the web analysis. We link to our website in the following channels:
- Facebook: https://www.facebook.com/lisa.jara.1650
- Xing: http://www.xing.com/
The social media platforms are independent information offerings and independent of this website. Further information on the purpose and scope of data collection and the further processing and use of the data by the respective social media service can be found on the internet at the following URLs
We point out that user data may be processed outside the European Union. This may result in risks for the users, because the enforcement of the users’ rights could be made more difficult. With regard to US providers that are certified under the Privacy Shield or offer comparable guarantees of a secure level of data protection, we would like to point out that they thereby undertake to comply with the data protection standards of the EU.
Furthermore, user data within social networks is generally processed for market research and advertising purposes. Thus, for example, user profiles can be created on the basis of user behaviour and the resulting interests of the users. The user profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behaviour and interests of the users are stored. Furthermore, data may also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
For a detailed description of the respective forms of processing and the possibilities of objection (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.
10. Legal Rights of the User
The applicable data protection law grants you comprehensive data subject rights (rights of information and intervention) vis-à-vis the person responsible for processing your personal data. If you wish to correct, block, delete or obtain information about the personal data stored about you, or if you have any questions regarding the collection, processing or use of your personal data, or if you wish to revoke any consents granted, please contact the following e-mail address: firstname.lastname@example.org.
10.1 Right of Access according to Art. 15 GDPR
In particular, you have the right to be informed about your personal data processed by us, the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed and the planned storage period or the criteria for determining the storage period.
10.2 Right to Rectification under Art. 16 GDPR
You have the right to demand the immediate correction of incorrect data concerning you and/or the completion of your incomplete data stored with us.
10.3 Right to Erasure and Restriction of Processing in accordance with Articles 17 and 18 GDPR
Unless your request conflicts with a legal obligation to retain data (e.g. data retention), you have the right to have your data deleted. Data stored by us will be deleted if they are no longer required for their intended purpose and if there are no statutory retention periods. If deletion cannot be carried out because the data is required for permissible legal purposes, data processing will be restricted (in particular in the case of data that must be retained for commercial or tax law reasons or that must be stored to assert, exercise or defend legal claims or to protect the rights of another natural or legal person). In this case the data will be blocked and not processed for other purposes.
10.4 Right to Notification in accordance with Art. 19 GDPR
If you have asserted the right to rectify, erase or limit the processing vis-à-vis the responsible person, she is obliged to notify all recipients of this rectification, erasure or limitation of processing to whom the personal data concerning you have been disclosed, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients.
10.5 Right to Data Portability pursuant to Art. 20 GDPR
You have the right to receive your personal data, which you have provided us with, in a structured, common and machine-readable format in accordance with the legal requirements or to request that it be transferred to another person responsible, insofar as this is technically feasible.
10.6 Right of Withdrawal of Consents granted pursuant to Art. 7 § 3 GDPR
You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned, unless further processing cannot be based on a legal basis for processing without consent.
10.7 Right to Object pursuant to Art. 21 GDPR
As a user of this website you have the right to object to the processing of your personal data at any time. In this case we will stop processing the data concerned.
Even if the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of such data for the purpose of such marketing.
10.8 Right to Lodge a Complaint pursuant to Art. 77 GDPR
In accordance with the statutory provisions, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of suspected infringement, if you believe that the processing of personal data concerning you is in breach of the GDPR.