Datenschutz – Encompass Performance

Datenschutzerklärung für die Leistungen
of Encompass Performance – Bullerjahn & Seemann GbR
and the corresponding website
https://www.encompass-performance.de/datenschutz/

(hereinafter referred to as the “Services”)

Last updated: April 2026

Introduction
Privacy Policies are often difficult to read. We understand that – and aim to do things differently. With this Privacy Policy, we want to provide you with a clear and easily understandable explanation of how we process your personal data. To achieve this, we have structured this Privacy Policy in a clear and transparent way, outlining for each section whether and how we process your personal data.

In this Privacy Policy, we explain whether and how we process personal data. In doing so, we describe all processing activities carried out by us, by third-party services commissioned or integrated by us, or by other third parties acting on our behalf in connection with the use of our website, app, software, marketplace, social media profiles, and the respective functionalities available therein (hereinafter collectively referred to as “services”).

Table of Contents
Our Privacy Policy is structured as follows:

General Information – Brief introduction to the subject matter of this Privacy Policy, the controller, and the data protection officer
General Information on Data Processing – Information on what personal data is, on which legal basis we process it, and whether we share it with third parties
Data Subject Rights – Information on your rights, including access, erasure, or objection to our data processing
Information on Cookies and Other Technologies Used – Information on the use of cookies and other technologies through which we process your personal data
Data Processing in Connection with the Use of Our Services – Information on data processing within our services
Communication Services – Information on communication services and the related processing of your personal data
Provision of Our Services – Information on our hosting providers and the services used in this context
Tracking & Tools – Information on services we use to provide our services and to analyze their usage
Social Media Profiles – Information on our presence on social media platforms and the related processing of your personal data

1. General Information
The protection of your personal data and your privacy is of utmost importance to us. For this reason, we aim to provide you with comprehensive transparency regarding the processing of your personal data (GDPR) as well as the storage of information on your device (TDDDG). Only if the processing of personal data and information is transparent and understandable for you as a data subject can you be sufficiently informed about the scope, purposes, and benefits of such processing.

Only if the processing of personal data and information is transparent and understandable for you as a data subject can you be sufficiently informed about the scope, purposes, and benefits of such processing.

The controller within the meaning of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other applicable data protection laws is:

Encompass Performance – Bullerjahn & Seemann GbR
Am Nordufer 27, 13351 Berlin
Mona-bullerjahn@outlook.com
+49-176-25998280

Hereinafter referred to as the “controller” or “we”.“ genannt.

2. General Information on Data Processing
First, we would like to provide you with introductory information about what the protection of your personal data means, what personal data is, how we process it, and which security measures we implement.

2.1 Processing of Personal Data
Personal data (hereinafter also referred to as “data”) means any information relating to an identified or identifiable natural person.

Such information relating to personal or factual circumstances includes for example the following types of data, whereby it is clarified that not all of these data are necessarily processed within our services:

Personal data – name, age, marital status, date of birth
Communication data – address, telephone number, email address
Account data – account number, credit card number
Location data – IP address and location data
Health data – health status, medical conditions

“Processing” of personal data includes for example the following activities:

Collection – The collection of your data via contact forms, email, or through processes and services used by us
Disclosure – The transfer of your data to our service providers, integrated services, or other third parties
Storage – The storage of your data in our databases or on our servers
Modification – The modification of your data due to changes in your name, place of residence, or information provided within our services
Erasure – The deletion of your data when we are no longer authorized to process it

2.2 Legal Bases for the Processing of Your Personal Data
We process personal data only within the limits permitted by law. We are already obliged to do so by applicable legal requirements, in particular the GDPR. Accordingly, we are required to ensure that all data processing activities are based on a valid legal basis. These legal bases are set out in Article 6(1) GDPR. Below, we outline all legal bases on which we rely when processing your personal data.

Consent – Article 6(1)(a) GDPR: Your data is processed where you have given your consent to such processing after having been adequately informed by us of its scope and purposes (e.g., by way of an “opt-in”). If you withdraw your consent or have not given your consent, we will not (or no longer) process your data for purposes that require such consent.

Consent for Minors – Article 8(1) sentence 2 GDPR in conjunction with Article 6(1)(a) or Article 9(2)(a) GDPR: Personal data of minor children (under the age of 16) is processed only where the holder of parental responsibility has given their consent after having been adequately informed by us of the scope and purposes of such processing (e.g., by way of an “opt-in”). If such consent is withdrawn, we will no longer process the data for purposes that require such consent.

Explicit Consent for Special Categories of Personal Data – Article 9(2)(a) GDPR: Personal data falling within special categories of personal data, such as health data, political opinions, etc. (see also Article 9(1) GDPR), is processed only where you have given your explicit consent to such processing after having been adequately informed by us of its scope and purposes (e.g., by way of an “opt-in”). If you withdraw your consent or have not given your consent, we will no longer process your data for purposes that require such consent.

Performance of a Contract – Article 6(1)(b) GDPR: Your data is processed where such processing is necessary for the performance of a contract between you and us or in order to take steps at your request prior to entering into a contract. Once the processing is no longer necessary for the performance of the contract, we will no longer process your personal data.

Compliance with a Legal Obligation – Article 6(1)(c) GDPR: Your data is processed where such processing is necessary for compliance with a legal obligation to which we, as the controller, are subject.

Legitimate Interest – Article 6(1)(f) GDPR: Your data is processed where such processing is necessary for the purposes of the legitimate interests pursued by us, provided that your interests or fundamental rights and freedoms, in particular the protection of your personal data, do not override those interests.

Personal data is processed by us only for specific and explicit purposes (Article 5(1)(b) GDPR). Once the purpose of processing no longer applies, your personal data will be erased or protected by appropriate technical and organizational measures (e.g., through pseudonymization).

The same applies upon expiry of a prescribed retention period, subject to cases where further storage is necessary for the conclusion or performance of a contract. In addition, statutory obligations may require longer retention periods or the disclosure of data to third parties (in particular to law enforcement authorities). In all other cases, the retention period, the type of data collected, and the nature of the data processing depend on the specific functions you use in each individual case. Upon request, we will be happy to provide you with further information in this regard in accordance with Article 15 GDPR.

2.3 Categories of Personal Data Processed
The categories of data processed include, in particular, the following:

Master data (e.g., names, addresses, dates of birth),
Contact data (e.g., email addresses, telephone numbers, messaging services),
Content data (e.g., text entries, photographs, videos, contents of documents/files),
Contract data (e.g., subject matter of the contract, contract duration, customer category),
Payment data (e.g., bank details, payment history, use of payment service providers),
Usage data (e.g., activity within our services, use of specific content, access times),
Connection data (e.g., device information, IP addresses, URL referrers).

2.4 Security Measures
In accordance with the applicable legal requirements and taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the risk to your rights and freedoms, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring that your data is processed and stored in a manner that guarantees confidentiality, integrity, and availability at all times. They also include controls over access to your data, as well as controls over access, input, disclosure, and availability, and the separation of your data from that of other natural persons. Furthermore, we have implemented procedures to ensure the exercise of data subject rights (see Section 3), the erasure of data, and responses to risks affecting your data. In addition, we take the protection of personal data into account already during the development of our software and through processes that comply with the principles of data protection by design and by default.

2.5 Disclosure and Transfer of Personal Data to Third Parties
In the context of processing your personal data, it may be necessary to transfer or disclose such data to other entities, companies, legally independent organizational units, or individuals. These third parties may include, for example, payment institutions in connection with payment transactions, service providers entrusted with IT-related tasks, or providers of services and content that we have integrated into our services. Where we transfer or disclose your personal data to third parties, we comply with applicable legal requirements and, in particular, conclude appropriate agreements or contracts with the recipients of your data to ensure the protection of your personal data.

2.6 Transfers to Third Countries
Where this Privacy Policy indicates that we transfer your personal data to a third country, i.e., a country outside the European Union (EU) or the European Economic Area (EEA), the following applies. Transfers to third countries are carried out only in compliance with applicable legal requirements. We ensure that there is a contractual or statutory authorization for the transfer and processing of your data in the respective third country. Furthermore, we only engage service providers in third countries that, in our assessment, ensure an adequate level of data protection. This means, for example, that an adequacy decision exists between the EU and the country to which we transfer your personal data. An “adequacy decision” is a decision adopted by the European Commission pursuant to Article 45 GDPR, determining that a third country (i.e., a country not subject to the GDPR) or an international organization ensures an adequate level of protection for personal data. Alternatively, for example where no adequacy decision exists, transfers to third countries will only take place if appropriate safeguards are in place. These include, in particular, contractual arrangements such as the standard contractual clauses of the European Commission, as well as additional technical and organizational measures ensuring a level of protection essentially equivalent to that within the EU. In addition, service providers in third countries may provide appropriate data protection certifications and process your data in accordance with internal data protection policies (Articles 44 to 49 GDPR). Further information is available on the European Commission’s website: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Within the framework of the “Data Privacy Framework” (“DPF”), the European Commission has recognized the level of data protection for certain companies in the United States as adequate on the basis of its adequacy decision of 10 July 2023. A list of certified companies, as well as further information about the DPF, can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/ (in English). Within this Privacy Policy, we inform you which of the services we use are certified under the Data Privacy Framework.

2.7 Data Retention and Erasure
The data processed by us will be erased in accordance with statutory provisions once the consent granted for processing is withdrawn or other legal bases cease to apply (e.g., if the purpose of processing no longer applies or the data is no longer necessary for that purpose). Where the data is not erased because it is required for other legally permissible purposes, its processing will be restricted to those purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons, or where storage is necessary for the establishment, exercise, or defence of legal claims, or for the protection of the rights of another natural or legal person.

Within this Privacy Policy, we may provide further information on the erasure and retention of data that applies specifically to the respective processing activities.

2.8 Storage of and Access to Data on Your Device
Where we do not obtain your consent, the storage of or access to information on your device is carried out in accordance with Section 25(2) No. 2 of the German Telecommunications Digital Services Data Protection Act (TDDDG), as such storage and access are strictly necessary in order to provide the requested functionalities of our services. Where we obtain your consent, the legal basis is Section 25(1) TDDDG. Our services use cookies, tokens, or other technologies that may be stored on your device and without which the provision of our services would not be possible.

Cookies, tokens, or other technologies are generally text files that are stored on your device and can be accessed by us or by third parties when you access our services. Many of these technologies contain a unique identifier (ID). Such an ID is a unique code consisting of a string of characters that allows websites and servers to associate the specific internet browser, service, or device in which the cookies, tokens, or other technologies are stored. This enables website operators and analytics providers to recognize you as a user and distinguish you from other users.

2.9 Processing by a Processor
Where we engage external service providers to process your data, such providers are carefully selected and commissioned by us. Where the services provided by these service providers constitute processing by a processor within the meaning of Article 28 GDPR, they are bound by our instructions and are regularly monitored. Our data processing agreements comply with the strict requirements of Article 28 GDPR as well as the requirements of the German data protection authorities.

3. Data Subject Rights
Where your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights vis-à-vis the controller:

3.1 Right of Access
You have the right to obtain from the controller confirmation as to whether or not personal data concerning you is being processed by us.

Where such processing is carried out, you have the right to obtain from the controller the following information:

the purposes for which the personal data are processed;
the categories of personal data concerned;
the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
the envisaged period for which the personal data concerning you will be stored, or, if not possible, the criteria used to determine that period;
the existence of the right to request from the controller rectification or erasure of personal data concerning you, or restriction of processing of personal data concerning you, or to object to such processing;
the existence of the right to lodge a complaint with a supervisory authority;
any available information as to their source, where the personal data are not collected from the data subject;
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to obtain information as to whether personal data concerning you are transferred to a third country or to an international organization. In this context, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

3.2 Right to Rectification
You have the right to obtain from the controller the rectification and/or completion of personal data concerning you if the personal data processed is inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

3.3 Right to Restriction of Processing
Under the following conditions, you have the right to obtain restriction of the processing of personal data concerning you:

where you contest the accuracy of the personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;
where the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
where the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defence of legal claims;
where you have objected to processing pursuant to Article 21(1) GDPR, pending the verification of whether the legitimate grounds of the controller override your grounds.

Where the processing of personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

Where restriction of processing has been obtained in accordance with the above conditions, you shall be informed by the controller before the restriction is lifted.

3.4 Right to Erasure
3.4.1. You have the right to obtain from the controller the erasure of personal data concerning you without undue delay, and the controller shall have the obligation to erase such data without undue delay where one of the following grounds applies:

The personal data concerning you is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
You withdraw your consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.
You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
The personal data concerning you has been unlawfully processed.
The erasure of personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
The personal data concerning you has been collected in relation to the offer of information society services pursuant to Article 8(1) GDPR.

3.4.2. Where the controller has made the personal data concerning you public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that you, as the data subject, have requested the erasure of any links to, or copies or replications of, those personal data.

3.4.3 The right to erasure shall not apply where processing is necessary

for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) and Article 9(3) GDPR;
for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) GDPR, in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing;
for the establishment, exercise, or defence of legal claims.

3.5 Right to Notification
Where you have exercised your right to rectification, erasure, or restriction of processing against the controller, the controller shall communicate such rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to be informed about these recipients by the controller.

3.6 Right to Data Portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data has been provided, where the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, or on a contract pursuant to Article 6(1)(b) GDPR, and the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected by this.

The right to data portability shall not apply to processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

3.7 Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or where the processing is necessary for the establishment, exercise, or defence of legal claims.

Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

3.8 Right to Withdraw Consent under Data Protection Law
You have the right to withdraw your consent to the processing of your personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Processing remains lawful until the time of withdrawal; accordingly, the withdrawal only applies to processing carried out after it has been received. You may declare your withdrawal informally by post or email. Following withdrawal, your personal data will no longer be processed, unless such processing is permitted on another legal basis. If this is not the case, your data must be deleted without undue delay in accordance with Article 17 GDPR. Your right to withdraw your consent, subject to the conditions outlined above, is guaranteed.

To withdraw your consent, please contact:
Encompass Performance – Bullerjahn & Seemann GbR
Am Nordufer 27, 13351 Berlin
Mona-bullerjahn@outlook.com
+49-176-25998280

3.9 Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

3.10 Automated Decision-Making in Individual Cases, Including Profiling
No automated decision-making, including profiling, takes place.

3.11 Information Obligations of the Controller
If your personal data has been disclosed to other recipients (third parties) on a legal basis, we will inform those recipients of any rectification, erasure, or restriction of processing of your personal data (Articles 16, 17(1), and 18 GDPR). This obligation shall not apply if it proves impossible or involves a disproportionate effort. We will also inform you about the recipients upon request.

4. Information on Cookies and Other Technologies Used
We use cookies and other technologies to provide our services, to analyze their use, and to carry out marketing activities based on the data collected. Cookies are, for example, small text files that contain data from visited websites or domains and are stored on your device (computer, tablet, or smartphone). When you access a website, the cookie stored on your device transmits information to the entity that placed the cookie.

4.1 How We Use Cookies and Other Technologies
We want to ensure that you are able to make an informed decision about the use of cookies and other technologies that are not strictly necessary for the technical functionality of our services. For this reason, where we use cookies and other technologies that require your consent, we enable you to make a voluntary choice when you first visit our services and at any time thereafter via the relevant settings, as to which cookies and technologies you wish to allow. Please note that functional cookies and other technologies are essential for the operation of our services and are therefore enabled by default. Analytics and marketing cookies and other technologies are optional. You may allow them by giving your consent via the consent banner, or you may choose to decline them.

4.2 Retention Period of Cookies and Other Technologies
Unless we provide you with explicit information on the retention period of cookies and other technologies (e.g., within the consent banner), you may assume that the retention period can be up to two years. Where cookies and other technologies are set on the basis of your consent, you may withdraw your consent at any time or object to the processing of your data by cookies and technologies (collectively referred to as an “opt-out”).

4.3 Types of Cookies and Other Technologies
We distinguish between the following categories:

Functional Cookies / Technologies: These are necessary for the basic technical functions of our services. They enable, for example, secure login and the storage of progress during ordering processes. They also allow us to store your login details, the contents of your shopping cart, and to ensure the consistent display of page content.

Analytics Cookies / Technologies: These enable us to analyze our services in order to measure and improve their performance. You can adjust your analytics preferences at any time by clicking the relevant opt-out link.

Marketing Cookies / Technologies: These are used to provide you with advertising that may be relevant to your interests. They enable, for example, the sharing of pages via social networks and the posting of comments. In addition, content and offers that may be of interest to you are displayed. You can adjust your marketing preferences at any time by clicking the relevant opt-out link.

4.4 Consent Management
We use a consent management tool ("Consent Toolin the form of the WordPress plugin “Complianz | GDPR/CCPA Cookie Consent” (Complianz Privacy Suite) as part of our tracking and analytics activities within our services. The consent tool collects log file data and consent-related data. It enables us to inform you about your consent to specific tags within our services and to obtain, manage, and document such consent. In this context, we process the following data: (1) Consent data (anonymized log data such as Consent ID, Processor ID, Controller ID, consent status, timestamp), (2) Device data (e.g., truncated IP addresses (IPv4, IPv6), device information, timestamp), (3) User data (e.g., email address, ID, browser information, setting IDs, changelog). The Consent ID (which includes the above-mentioned data) and the consent status, including the timestamp, are stored in the local storage of your browser and—where technically necessary—on the cloud servers used by us. Further processing will only take place if you submit a request for access or withdraw your consent. The legal basis for the processing of personal data using the consent tool as described above is our legitimate interest as well as the fulfilment of legal obligations, pursuant to Article 6(1)(f) and (c) GDPR. By using the consent tool, we aim to comply with legal requirements relating to data protection and tracking and to ensure that our information technology systems operate in a lawful and user-centric manner.

5. Processing of Personal Data in Connection with the Use of Our Services
The use of our services, including all functionalities, involves the processing of personal data. Further details on how such processing is carried out are set out below.

5.1 Provision of Coaching Services
In the context of providing our coaching services, we process your personal data. We only share the data you provide with authorized third parties and process it for the purpose of fulfilling the contractual relationship entered into with you, in particular for the performance of the coaching agreement. Accordingly, the legal basis for the processing of your data is Article 6(1)(b) GDPR.

5.2 Processing of Health Data
In the context of providing coaching services, we collect personal data relating to your well-being and health status. Such data may include, in particular, information on stress levels, nutritional behavior, or mental health. We use this health data to provide you with the best possible support within the scope of our coaching services, without providing medical or therapeutic advice. The processing of health data as described above is based on your explicit consent pursuant to Article 9(2)(a) GDPR. We will only process your health data to the extent and for as long as you have given your consent.

6. Communication Services
6.1 Contact Form and Email Communication
We process the personal data you provide to us in the course of contacting us for the purpose of responding to your inquiry, your email, or your request for a callback. The categories of data processed may include master data, contact data, content data, where applicable usage data, connection data, and, where applicable, contractual data. In individual cases, we may share this data with affiliated companies or third parties who are authorized to process such data for the purpose of handling orders and bookings in accordance with contractual agreements. The legal basis for processing depends on the purpose of the contact. By submitting an inquiry via the contact form or contacting us by email, you indicate that you wish to receive responses or information on specific topics. For this purpose, you provide your data. We process your data in order to respond to your request accordingly. Therefore, the legal basis for processing your data is Article 6(1)(b) GDPR, as the processing is necessary to respond to your inquiry and thus for the performance of a contract or pre-contractual measures.

6.2 Calendly
We use the scheduling tool Calendly within our services to arrange appointments with you. Via the Calendly scheduling tool, including its integrated online calendar, you can request and select an appointment for a consultation. “Calendly” is a service provided by Calendly, LLC, 3423 Piedmont Road NE, Atlanta, GA 30305-1754, United States.

If you click the relevant button within our services or use a link provided by us (e.g., in an email) to schedule an appointment, you will automatically be redirected to our Calendly account. After selecting your appointment, confirming it, and entering your contact details and request, you will receive an email from Calendly confirming your appointment. Further information about Calendly and data protection at Calendly can be found here: https://calendly.com/pages/privacy. If Calendly transfers such data to a third country (e.g., the United States), this will only take place on a case-by-case basis, on the basis of a data processing agreement concluded with Calendly and in accordance with standard contractual clauses agreed with Calendly, as well as other safeguards permitted under the GDPR. These measures ensure a level of protection for your personal data that is equivalent to that within the European Union, in particular on the basis of the EU-U.S. Data Privacy Framework (DPF).

The information you provide via the Calendly form, including the data you enter there, will be stored by us for the purpose of processing your request or managing a corresponding contractual relationship. Once your request has been resolved or the purpose no longer applies (e.g., upon termination of the contractual relationship), we will delete your data without undue delay, subject to any contractual or statutory retention obligations. If you wish your data to be deleted earlier, you may request deletion at any time or withdraw your consent to storage. Mandatory legal provisions — in particular statutory retention periods — remain unaffected. The legal basis for the use of the scheduling tool Calendly is our legitimate interest pursuant to Article 6(1)(f) GDPR, as Calendly enables us to fully automate appointment scheduling and thereby increase the efficiency of handling appointment requests and meetings. In addition, the legal basis for data processing via Calendly is Article 6(1)(b) GDPR, insofar as scheduling takes place within the context of our contractual relationships.

6.3 Online Communication Tools
We use online communication tools to conduct conference calls, client meetings, online meetings, video conferences, and/or webinars (hereinafter referred to as “online meetings”). The scope of data processing depends on the specific purpose of the respective online meeting and on the data you provide before or during your participation. The categories of data processed may include master data, contact data, content data, where applicable usage data, connection data, and, where applicable, contractual data. The recipients of the data are the providers of the online communication tools integrated and listed below, through which we also obtain your consent to the use of such tools. If these providers transfer data to a third country (e.g., the United States), this will only take place on a case-by-case basis, on the basis of a data processing agreement concluded with them and in accordance with standard contractual clauses agreed with them, as well as other safeguards permitted under the GDPR. These measures ensure a level of protection for your personal data that is equivalent to that within the European Union, in particular, where applicable, on the basis of the EU-U.S. Data Privacy Framework (DPF). As an additional safeguard, we have configured the respective online communication tools, where possible, so that only data centers within the EU, the EEA, or other secure third countries (such as Canada or Japan) are used for conducting online meetings. The legal basis for the use of online communication tools is Article 6(1)(b) GDPR (performance of a contract), provided that the online meeting takes place in the context of contract negotiations or at your request (e.g., as part of contacting us). Through the use of online communication tools, we aim to fully digitalize communication between us. These tools enable us to gain a personal impression of one another during online meetings, which is essential, among other things, for establishing a relationship of trust.

Providers of the online communication tools we use

„Microsoft Teams”

Microsoft Ireland Operations Limited
One Microsoft Place
South County Business Park
Leopardstown, Dublin 18, D18 P521
Ireland
https://www.microsoft.com/de-de/privacy/privacystatement

6.4 WhatsApp

6.4.1 WhatsApp Business

Für die Kommunikation mit Dir, insbesondere im 1:1 Coaching zu Check-In Zwecken nutzen wir den Instant-Messaging-Dienstes „WhatsApp“ der WhatsApp Ireland Limited, 4 Grand Canal Square, Grand CanalHarbour, Dublin 2. Hierbei werden personenbezogenen Daten z.B. Name, Telefonnummer, E-Mail-Adresse, Anschrift, Kundennummer, also Stammdaten, Kontaktdaten und Nutzungsdaten, verarbeitet. WhatsApp greift hierbei auf alle Kontakte aus Deinem individuellen Telefonbuch zu. Sämtliche Daten gibt WhatsApp ggf. an andere Unternehmen innerhalb und außerhalb der Meta-Unternehmensgruppe weiter. Weitere Informationen enthält die Datenschutzrichtlinie von WhatsApp unter: https://www.whatsapp.com/legal/privacy-policy-eea. Sollte WhatsApp bzw. Meta diese Daten in ein Drittland transferieren (bspw. die USA), so geschieht dies nur im Einzelfall, auf Basis eines mit Meta geschlossenen Auftragsverarbeitungsvertrags und gemäß mit Meta vereinbarter Standard Vertragsklauseln und sonstiger von der DSGVO zugelassenen Sicherheitsmaßnahmen, die die Sicherheit der Verarbeitung Ihrer personenbezogenen Daten mit einem Schutzniveau, der identisch zu dem in der EU ist, gewährleisten, insbesondere auf Basis des EU-US Data Privacy Framework (DPF). Die Rechtsgrundlage zur Nutzung von WhatsApp resultiert aus Art. 6 Abs. 1 lit. a DSGVO. Solltest Du uns Deine Einwilligung zur Nutzung von WhatsApp nicht erteilt haben (kein Opt-In bzw. Widerruf Deiner Einwilligung), so nutzen wir WhatsApp im Rahmen der Kommunikation mit Dir nicht (mehr).

7. Hosting
7.1 Provision of Our Services and Website
In order to provide our services, we use the services of a hosting provider, IONOS SE, based in Montabaur, Germany. Our services are delivered via the servers of this hosting provider. For these purposes, we utilize the provider’s infrastructure and platform services, computing capacity, storage space, database services, as well as security and technical maintenance services.

The data processed includes all data that you provide or that is collected in connection with your use of and communication within our services (e.g., your IP address). The legal basis for the use of a hosting provider to provide our services is our legitimate interest pursuant to Article 6(1)(f) GDPR.

7.2 Collection of Access Data and Log Files
We (or our hosting provider) collect data on every access to the server (server log files). Server log files may include the address and name of the requested services and files, the date and time of access, the volume of data transferred, a notification of successful retrieval, the device type and version, your operating system, the referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider.

Server log files may be used, on the one hand, for security purposes, for example to prevent server overload (in particular in the case of abusive attacks, such as DDoS attacks), and, on the other hand, to ensure the utilization and stability of the servers. The legal basis for the use of a hosting provider for the collection of access data and log files is our legitimate interest pursuant to Article 6(1)(f) GDPR.

8. Tracking & Tools
To ensure the proper technical functioning and user-friendly provision of our services, we use the following services:

Google Search Console
We use Google Search Console, a web analytics service provided by Google, for the purpose of continuously optimizing the ranking of our services in Google search results.

Google Search Console enables us to conduct search analytics, providing insights into how often our services appear in Google search results. This allows us to monitor and manage our services within the Google search index.

No personal data or tracking data is processed or transmitted to Google in connection with the use of Google Search Console.

IONOS Web-Analytics
We use IONOS WebAnalytics for the purpose of statistically evaluating your use of our services. Your IP address is collected by us and anonymized by IONOS through truncation before being permanently stored on their servers. The data processed includes usage data and connection data. The recipient of the data is 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany, acting as a joint controller within the meaning of Article 26 GDPR. The transfer of data to IONOS is based on a data processing agreement concluded with IONOS. The legal basis for the use of IONOS WebAnalytics is your consent (e.g., via an opt-in in the consent banner), provided that you have given such consent when using our services, in accordance with Article 6(1)(a) GDPR. Based on your consent, cookies or similar (text) files are stored on your device, or other data may be collected, such as

referrer URL (previously visited website)
requested resource (webpage or file)
browser type and version
operating system used
device type used
time of access
an anonymized IP address (used exclusively to determine the location of access)

to ensure that your visit to our services can be analyzed. As a result, personal data may be collected and processed. If you have not given your consent to the use of IONOS WebAnalytics (e.g., no opt-in via the consent banner or withdrawal of your consent), we will not use IONOS WebAnalytics during your visits to our services.

9. Social Media Profiles
We maintain profiles on social media platforms and process personal data in this context in order to communicate with users active on these platforms or to provide information about us. Please note that your data may be processed outside the European Union when you visit our profiles. The operators of the respective social media platforms are responsible for such processing. Detailed information on the respective forms of processing and available options to object (e.g., opt-out) can be found in the privacy policies of the respective social media platform operators.

LinkedIn
We operate a company profile on LinkedIn. When you visit and use our LinkedIn profile, LinkedIn may analyze your user behavior and provide us with aggregated insights derived from such analysis. We use this information for the purpose of economic optimization and the needs-based design of our online presence and services. The categories of data processed include master data, contact data, content data, usage data, and connection data. The recipient of the data is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, acting as a joint controller within the meaning of Article 26 GDPR. The legal basis for this data processing is our legitimate interest pursuant to Article 6(1)(f) GDPR.

LinkedIn is responsible for handling your data subject rights. Further information about your rights as a data subject can be found at: https://de.linkedin.com/legal/privacy-policy. You may also assert your rights with us. In such cases, we will promptly forward your request to LinkedIn.

With the kind support of
https://www.derstartupanwalt.de