Information about the processing of personal data by Antonella Kramer according to Art. 13 DS-GVO
I attach great importance to the protection of your data. I therefore only process your personal data in accordance with the content of this data protection declaration and the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other applicable laws. The following data protection information applies to the processing of the data of the participants in my coaching sessions, workshops, soul journeys and retreats (hereinafter referred to as “coaching sessions”, unless explicitly stated otherwise) as well as to the data processing that takes place on my website.
1. Name and contact details of the data controller
Telephone: 01515 11 88 999
2. Processing of personal data when contacting me and when booking and conducting my coaching, workshops, soul journeys and retreats
If you provide me with personal data by contacting me, e.g. by email or by entering your data in my contact form, I will process your data in accordance with Art. 6 Para. 1 S. 1 b) GDPR for the purpose of fulfilling the contract or to carry out pre-contractual measures, which are carried out at your request or in accordance with Art. 6 Para. 1 S. 1 f) DS-GVO due to my legitimate interest in answering your request.
In my consulting services, I take notes of what we discuss. I save these notes for a period of 3 months after the end of the last consultation appointment, unless you agree that I may save these notes longer.
The legal basis for making the notes is Art. 6 para. 1 sentence 1 b) GDPR, as this is necessary for the purpose of fulfilling the contract. The storage of 3 months is based on my legitimate interest (legal basis is Art. 6 Para. 1 S. 1 f) DS-GVO) in being able to have it ready again within a certain period of time if the customer requests further advice from me in want to claim.
In my coaching sessions, after consultation with all participants, I make image, video and sound recordings, the use of which I also coordinate with the participants and obtain the appropriate consent for this.
3. Processing of personal data when purchasing my products via my web shop and when booking my coaching sessions, workshops, soul journeys and retreats online
If you buy products or book coaching services (e.g. coaching, workshops, soul journeys and retreats) via my web shop, I process the following personal data purely for the purpose of being able to fulfill the contract with you: your name, your e-mail address , your postal address, your order and your payment details, although I do not have access to your PayPal details or your credit card details. These are only processed by the payment service providers. Your payment details will be passed on to my house bank, which will carry out the direct debit. If you make a bank transfer, I can also see your bank details in my account.
If you let me paint an individual picture of your heart, I also need further information from you, which you will give me personally after your purchase.
The data processing described above is all based on Art. 6 para. 1 S. 1 b) DS-GVO, since the processing is necessary for the performance of a contract to which you are a party.
I store the information that you give me to create the heart picture on the basis of my legitimate interest (Art. 6 Para. 1 S. 1 f) DS-GVO) in the event that you assert claims against me until Expiry of the warranty period, ie up to two years after the transfer of risk.
4. Use of audio and video conferencing solutions; Use of providers in third countries
I offer you the Zoom solution from Zoom Video Communications, Inc., or the Webex solution from Cisco Systems, Inc. for my online coaching and workshops, soul journeys and retreats, as well as for discussing your personal energy picture. Both providers are based in the USA, where they also regularly process data. Your data will therefore also be processed in a third country, ie in a country that may not have the same level of data protection as the EU. I have concluded order processing contracts with both providers in accordance with Art. 28 DS-GVO, as well as an agreement based on the EU standard clauses, which ensures the appropriateness of the data protection level even when data is processed in the USA (Art. 46 DS-GVO). As an additional protective measure, I have configured both solutions so that only data centers in the EU, the EEA or safe third countries such as Canada or Japan are used for conducting “online meetings”.
When using the audio or video conference solutions, various types of data are processed, namely master and contact data. The scope of the data also depends on what data you make before or during participation in an audio or video conference. In order to take part in an “online meeting” or to enter the “meeting room”, you must at least provide information about your name.
Furthermore, meeting metadata such as the title and description of the meeting, participant IP addresses, device/hardware information, in the case of recordings, additional MP4 files for all video, audio and presentation recordings, M4A files for all audio recordings, and finally text files for Use of the chat functions saved. If you dial in with the telephone, information on the incoming and outgoing phone number, country name, start and end time and, if applicable, connection data such as the IP address of the device will be saved.
If you call up the website of the providers, they are responsible for the data processing that takes place. It is necessary to call up the website in order to download the provider’s app or – if you do not want or are unable to do so – to use the browser version.
If we want to record “online meetings”, we will inform you beforehand and – if necessary – ask for your consent. The same applies when we log chat content.
Automated decision-making within the meaning of Art. 22 GDPR is not used.
The legal basis for data processing when conducting “online meetings” is Art. 6 para. 1 S. 1 b) GDPR, insofar as the meetings are held within the framework of contractual relationships. Outside of contracts that have already been concluded, the legal basis is Art. 6 para. 1 S. 1 f) GDPR, because we have a legitimate interest in conducting “online meetings”. Of course we are also happy to talk to you over the phone.
5. Processing of personal data when submitting a review
If you leave a review on our website, the data you provide (score rating, review, name and e-mail address) will be processed in order to be able to verify that the review is genuine, ie that the/ the evaluator actually ordered something through my webshop. Therefore, in addition to the rating, the name is also publicly visible so that other customers and interested parties can see that only real customers are allowed to submit a rating. This data processing on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR. You can ask me at any time to delete your rating and thereby revoke your consent. Just write to me using the contact details given under point 1. Please also read section 8 on cookies.
6. Processing of personal data for sending my newsletter (heart mail)
You can subscribe to my heart mail on my website, with which I will keep you up to date about other offers and services from me, but also about information about coaching. If you subscribe to the Herzenpost, the data will be processed on the basis of your consent. All you have to do is enter your e-mail address. Entering your name is voluntary and is only requested so that we can address you personally in the heart mail. By subscribing to the Herzenspost, you also agree that we can store your IP address in order to be able to prove your consent. You will receive after submitting your request
a confirmation e-mail in which you have to click on a link to actually receive the heart mail. This confirmation e-mail is necessary so that I can verify you as the owner of the e-mail address entered. Only after clicking on this link will you receive the heart mail. By subscribing to the Herzenspost, you also agree that I can evaluate the click and opening rates of the Herzenspost, ie I can save who opened it and who clicked on which link in it.
You will also receive the heart mail if you have already booked services with me or have purchased products via my web shop and have not objected to receiving the heart mail. In this case, the legal basis for processing your e-mail address and your name is Section 7 Para. 3 UWG. You can then object to the use of your data for sending the Herzenspost at any time without incurring any costs other than the transmission costs according to the basic tariffs. The evaluation of the click and opening rates of the heart mail, i.e. that I save who opened it and who clicked on which link in it, is based on Art. 6 para. 1 p. 1 f) GDPR, because I have a legitimate interest in measuring and analyzing the success of my newsletter, for example to be able to adjust content and frequency accordingly.
You can unsubscribe from further communications at any time and thus revoke your consent or object to receiving it by clicking on the unsubscribe link in every heart letter. If the sending was based on your consent, the revocation of your consent by unsubscribing from further communications has no effect on the legality of the data processing up to the time of revocation. If you unsubscribe from the heart mail, the data stored by me for the purpose of sending the heart mail will be deleted, unless the deletion contradicts data protection storage obligations.
7. Processing of your data using log files
When you visit my website, the browser used on your device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information is recorded without any action on your part and stored until it is automatically deleted, usually after one week:
• IP address of the requesting computer,
• date and time of access,
• Name and URL of the retrieved file,
• Website from which access is made (referrer URL),
• Browser used and, if applicable, the operating system of your computer and the name of your access provider
The data mentioned are processed for the following purposes:
• Ensuring a smooth connection establishment of the website,
• Ensuring comfortable use of my website,
• Evaluation of system security and stability,
• Clarification of any improper page access (DoS/DDoS attacks or similar) and
• for other administrative purposes.
The legal basis for data processing is Art. 6 para. 1 p. 1 f) GDPR. My legitimate interest follows from the data collection purposes listed above. As a rule, I do not use the collected data for the purpose of drawing conclusions about your person. I reserve the right to do so in the event that this becomes necessary to clear up abusive page views.
8. Processing of your data using cookies and Google Analytics
(1) Essential cookies: When you visit my website, so-called cookies – small text files – are automatically created by your browser and stored on your end device (laptop, tablet, smartphone, etc.). On the one hand, there are so-called session cookies, which expire when you close your browser window. I need this so that you can fill the shopping cart in my online basket. These cookies are based on Art. 6 para. 1 S. 1 b) DS-GVO because they are necessary for the performance of a contract to which you are a party or for the implementation of pre-contractual measures that are taken at your request.
Persistent cookies are also used if you submit a review as a logged-in owner. This storage is based on Art. 6 para. 1 sentence 1 f) GDPR, because we have a legitimate interest in being able to assign your rating to your order (see also section 5).
Finally, we use a persistent cookie that stores your selection in the cookie banner, i.e. which cookies you have consented to or not. We store this cookie on the basis of Art. 6 Para. 1 sentence 1 f) GDPR, because we have a legitimate interest in making the use of the website more attractive for you by not asking you for your consent every time you visit the website.
(2) Cookies after consent: For the purpose of the needs-based design and continuous optimization of my website, I use Google Analytics, a web analysis service of Google Ireland Limited, on the basis of your consent (Art. 6 Para. 1 S. 1 a) DS-GVO). Gordon House, Barrow Street, Dublin 4, Ireland. When you visit our website, a window appears in which you can either click on “Save” without ticking any further boxes, whereby only the essential cookies listed under Section 8. (1) are set. However, you can also select all or individual cookies and thereby give your consent to the data processing by the selected cookies.
As part of the processing described below, data is also regularly transmitted to Google LLC based in the USA. Google Ireland Limited and Google LLC are collectively referred to below as “Google”. There is an agreement with Google based on the EU standard contractual clauses, which ensures the appropriateness of data protection even when processing in the USA and other third countries (Art. 46 DS-GVO). With activation, you also give your express consent to the data transmission (Art. 49 Para. 1 a) DS-GVO).
The Google Analytics cookie generates information about your use of this website such as
• browser type/version,
• operating system used,
• referrer URL (the previously visited page),
• host name of the accessing computer (IP address),
• Time of server request.
This data is transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to do more with website use and
Internet use-related services for the purposes of market research and needs-based design of this website. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are regularly anonymized within the European Union or within the EEA and only then transferred to the USA, so that an assignment is not possible (IP masking).
You can revoke your consent at any time by clicking on the “Cookie Settings” button in the data protection declaration of my website and deactivating the consent again.
[borlabs-cookie type=”btn-cookie-preference” title=”Cookie Einstellungen” /]
You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by downloading and installing a browser add-on .
Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help .
(3) You can set your browser so that it prevents the setting of cookies and only allows them from certain websites. Please note that my web shop will not function properly if you do not allow cookies.
9. Notes on the security of your data
I have taken technical and organizational security measures to protect your data from loss, destruction, manipulation and unauthorized access. All persons involved in my data processing are obliged to comply with the DS-GVO, the new BDSG and other laws relevant to data protection and to treat personal data confidentially.
In the case of the collection and processing of personal data, the information is transmitted in encrypted form to prevent misuse of the data by third parties. Our security measures are continuously revised in line with technological developments.
10. Categories of recipients of data; Data transfers to a third country
In addition to the service providers and third-party providers mentioned in this data protection declaration, other service providers and vicarious agents I use in connection with the website and my systems, e.g. host providers, agencies, IT service providers or e.g. mail service providers for sending the newsletter, can access your have personal data. Insofar as these service providers and vicarious agents work on my behalf, they only act in accordance with instructions and are contractually obliged by us accordingly. This also applies to service providers based in a third country (a country outside the EU or the EEA). Unless there are other guarantees for compliance with an appropriate level of data protection (e.g. an adequacy decision by the EU Commission), such data transmissions only take place on the basis of Art. 49 GDPR (e.g. on the basis of your consent).
11. Your Rights
you have acc. Art 15 DS-GVO the right to receive information about the personal data that has been stored about you free of charge upon request. You also have acc. Art. 16, 17 and
18 DS-GVO, you have the right to have incorrect data corrected and your personal data to be blocked and deleted. Under the conditions specified in Art. 20 DS-GVO, you are also entitled to receive the personal data relating to you that has been stored in a structured, common and machine-readable format and to transmit this data to another person responsible without hindrance from me. In addition, you are acc. Art. 21 para. 1 DS-GVO against the processing of personal data concerning you, which is based on Art. 6 para. 1 p. 1 e) or f) GDPR takes place, including profiling, for reasons that arise from your particular situation. If your personal data is processed for direct marketing purposes, according to Art. 21 para. 2 DS-GVO, you have the right to object to the processing of your data for such advertising, including profiling, insofar as it is related to such direct advertising.
I will fulfill your aforementioned rights as far as the legal requirements for the assertion of the rights are given.
Where I have asked for your consent, you can revoke this at any time as explained in each case. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.
Each data subject also has the right to lodge a complaint with a data protection supervisory authority about the processing of data by me.
12. Duration of Storage and Routine Deletion
Unless expressly stated in this data protection declaration, I process and store personal data only for the period necessary to achieve the purpose of the processing or if this has been provided for in laws or regulations to which I am subject.
If the purpose of storage no longer applies or if a legally prescribed storage period expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions.