Privacy policy.
We take the protection of your personal data very seriously. Therefore, we want you to know when we store which data and how we use it and therefore inform you about our data protection measures with this data protection declaration.
I. Name and address of the person responsible
The responsible person pursuant to Art. 4 (7) EU General Data Protection Regulation (GDPR) is:
The Art of Self GmbH
Werderstrasse 58
20149 Hamburg
Germany
Email: info@the-art-of-self.com
Website: https://www.the-art-of-self.com/
II. General information on data processing
Personal data is all data that can be directly or indirectly related to you personally, e.g. name, address, email addresses, user behaviour.
1. Scope of the processing of personal data
We process data in accordance with Art. 6 para. 1 lit. a) b) c) f) GDPR. This means that we only process personal data if consent has been given (lit. a), insofar as necessary for the fulfilment of a contract or pre-contractual measures (lit. b), we are legally obliged to do so (lit. c) or we have a legitimate interest in the processing (lit. f). The corresponding legal basis will be named in each individual case.
As a matter of principle, we collect and use personal data of our users only insofar as this is necessary for the provision of a functional website as well as our contents and services. The collection and use of our users' personal data regularly takes place only with the user's consent. An exception applies in cases where it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by legal regulations.
Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e. tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information specified in these processing activities.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) GDPR serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.
Insofar as we obtain the consent of the data subject for processing operations involving special categories of personal data, Art. 9 (2) (a) GDPR serves as the legal basis for the processing of personal data, unless one of the exceptions regulated in Art. 9 (2) (b) to (j) applies.
3. Data deletion and storage period
The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage no longer applies. In addition, storage may take place if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.
4. Technical and organisational protective measures
We use technical and organisational security measures to protect the data you have provided against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. In the case of collection and processing of personal data, the information is transmitted in encrypted form to prevent misuse of the data by third parties. Our security measures are continuously revised in line with technological developments.
The constant development of the Internet makes it necessary to adapt our data protection declaration from time to time. We reserve the right to make corresponding changes at any time (cf. Section XIV.).
5. Transfer to the USA and other third countries
We use, among others, tools from companies based in the USA or other third countries (i.e. outside the EU or the European Economic Area, EEA). We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. We have no influence on the processing activities. Insofar as third countries process your data on the basis of the activated tools, this is only done if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests.
III. Provision of the website and creation of log files
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data may be collected:
· information about the browser type and version used and add-ons
· operating system of the user and its interface
· protocols used
· user's internet service provider
· IP address of the user
· date and time of access
· specific page visited
· access status/http status code
· internet pages from which the user's system accesses our website (referrer)
· internet pages that are accessed by the user's system via our website
· amount of data transmitted in each case
· language and version of the browser software
· regional origin, language
· end devices and their graphic resolution of the display
· visitor source
· downloaded files
· dwell time
The data is also stored in the log files of our system. The processing is necessary in accordance with Art. 6 (1) (f) GDPR to protect our legitimate interests and serves to deliver the content of our website, to ensure the functionality, stability and security of our information technology systems and the optimisation of our website as well as the optimal display on your output device. The data of the log files are always stored separately from other personal data of the users.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
IV. Use of cookies
1. Description and scope of data processing
Our website uses cookies. Cookies are small text files that are automatically stored on your terminal device. Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognise your browser the next time you visit (persistent cookies). When a user calls up a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. We also use cookies on our website that enable an analysis of the user's surfing behaviour. In this way, for example, search terms entered, the frequency of page views and the use of website functions can be transmitted.
When accessing our website, the user is informed about the use of cookies for analysis purposes and his or her consent to the processing of personal data used in this context is obtained. A reference to this data protection declaration is also made here.
2. Legal basis and purpose for data processing
The legal basis for the processing of personal data using cookies is Art. 6 (1) (f) GDPR. The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) (f) GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 (1) (a) GDPR if the user has consented to this.
3. Duration of storage, possibility of objection and elimination
Cookies are stored on the user's computer and transmitted from it to our website. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.
In addition, you can also revoke your consent at any time by sending a message to the contact option described in the data protection declaration (see points 1 and 2 above).
V. Contact form and email contact
1. Description and scope of data processing
Our website contains a contact form that can be used for electronic contact. If a user makes use of this option, the data entered in the input mask is transmitted to us and stored. These data are:
(1) first name, last name
(2) email address
(3) telephone number, if applicable
The following data is also stored at the time the message is sent:
(1) IP address of the user
(2) date and time of contact
Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. This data is used exclusively for processing the conversation.
2. Legal basis and purpose for data processing
If the contact is aimed at the conclusion of a contract, legal basis for the processing is Art. 6 (1) (b) GDPR. The legal basis for the processing of data transmitted in the course of sending an e-mail that is not within the scope of initiating a contract is Art. 6 (1) (f) GDPR.
3. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.
4. Possibility of objection and removal
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued. The revocation of consent must be sent to christina@the-art-of-self.com. All personal data stored in the course of contacting us will be deleted in this case.
VI. Newsletter, use of Mailchimp
With your consent, you can subscribe to our newsletter, with which we inform you about current topics of our company. We use the so-called double-opt-in procedure to register for our newsletter. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within [24 hours], your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses used and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
We use Mailchimp from The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA (Mailchimp) to send our newsletter. Mailchimp is the recipient of your personal data and acts as a processor for us as far as the sending of our newsletter is concerned.
The only mandatory data for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and will be used to address you personally. After your confirmation, we store your email address for the purpose of sending you the newsletter. The legal basis is Art. 6 (1) (a) GDPR, Art. 7 GDPR in conjunction with § 7 (2) no. 3, (3) of the Unfair Competition Act (UWG).
In addition, Mailchimp collects the following personal data using cookies and other tracking methods: Information about your terminal device (IP address, device information, operating system, browser ID, information about the application you use to read your emails and other information about hardware and internet connection). In addition, usage data is collected such as date and time, when you opened the email / campaign and browser activity (e.g. which emails / websites were opened). Mailchimp needs this data to ensure the security and reliability of the systems, compliance with the terms of use and the prevention of misuse. This corresponds to the legitimate interest of Mailchimp (according to Art. 6 (1) (f) GDPR) and serves the execution of the contract (according to Art. 6 (1) (b) GDPR). Mailchimp also evaluates performance data, such as email delivery statistics and other communication data. This information is used to create usage and performance statistics for the services.
Mailchimp additionally collects information about you from other sources. In an unspecified period and scope, personal data is collected via social media and other third-party data providers. We have no influence on this process.
You can find more information about objection and removal options vis-à-vis Mailchimp at:
https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts
You can revoke your consent to receive the newsletter and unsubscribe at any time. You can declare the revocation by clicking on the link provided in every newsletter e-mail, by email to christina@the-art-of-self.com or by sending a message to the contact details given in the imprint. The declaration of revocation does not affect the lawfulness of the processing carried out so far.
Your data will be processed as long as a corresponding consent exists. Apart from that, they will be deleted after the termination of the contract between us and Mailchimp, unless legal requirements make further storage necessary.
Mailchimp has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit:
https://mailchimp.com/legal/data-processing-addendum/
VII. Hosting
This website is hosted by an external service provider (hoster). The hoster is GoDaddy.com LLC, Corporate Headquarters 14455 N. Hayden Rd. Hayden Rd, Ste. 226, Scottsdale, AZ 85260 USA (hereinafter referred to as "GoDaddy"). Personal data collected on this website is stored on GoDaddy's servers. The hosting services we use are used to provide the following services:
· infrastructure and platform services,
· computing capacity, storage space and database services,
· security deposits and
· technical maintenance services that we use for the purpose of operating this online offer.
We, or our hoster, process inventory data, contact data, content data, contract data, usage and transaction data, meta data and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 (1) (b) and (f) GDPR in conjunction with Art. 28 GDPR (conclusion of a contract processing agreement).
VIII. Web analysis through Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, (hereinafter "Google") on our website. Google also uses cookies (for more details, see Cookies).
If individual pages of our website are called up, the following data is stored:
· two bytes of the IP address of the user's calling system;
· the website you are visiting;
· the website from which the user accessed the website (referrer);
· subpages that are accessed from the accessed website;
· Dwell time;
· frequency of access to the website.
This data is transferred to Google. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. Furthermore, you can use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to and used by Google Inc. The following link will take you to the corresponding plugin:
https://tools.google.com/dlpage/gaoptout?hl=de
For more information on Google's data use, settings and opt-out options, please visit: https://support.google.com/analytics/answer/6004245?hl=de as well as: https://www.google.com/intl/de/policies/privacy/partners ("Data use by Google when you use our partners' websites or apps"), https://adssettings.google.de ("Data use for advertising purposes"), ("Manage information Google uses to serve you ads").
IX. Appointment through Calendly
We use Calendly on our website, a planning and organisation tool. The service provider is the American company Calendly LCC, 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA. Calendly also processes data in the USA, among other places. Calendly uses standard contractual clauses approved by the EU Commission (Art. 46 (2) and (3) GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer to these countries. These clauses oblige Calendly to comply with the EU level of data protection when processing relevant data outside the EU. You can find out more about the data processed through the use of Calendly in the privacy policy at: https://calendly.com/privacy.
X. Use of Google Drive
We have integrated Google Drive on this website. Google Drive is a file hosting service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter "Google"). Google Drive enables us to include an upload area on our website where you can upload content. When you upload content, it will be stored on Google Drive's servers. When you enter our website, a connection to Google Drive is also established so that Google Drive can determine that you have visited our website. The use of Google Drive is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in a reliable upload area on his website. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR; the consent can be revoked at any time. You can find out more about the data processed through the use of Google Drive in the privacy policy on:
XI. Encryption
Our website uses SSL encryption for reasons of security and to protect the transmission of confidential content, such as the application process via the form on our website that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
XII. Data collected after conclusion of the contract
We would like to take this opportunity to inform you that personal data is not only collected and processed when you visit our website. We also collect and process personal data during and after a possible conclusion of a contract with our company, to which we would like to draw your attention at this point.
1. Contract data
In order to conclude a contract with our company, we request the following data from you:
· Name
· Address
· Emmail
This data is either necessary for the execution of the contract or is made available to us based on your consent. It is stored by us exclusively for the purpose of concluding the contract and only for the duration of the contractual relationship and any necessary reversals and is then deleted.
2. Use of Google Mail
After conclusion of the contract, we use Google Mail ("Gmail") to communicate with the contractual partner in connection with the coaching. The provider of the email service is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, (hereinafter "Google"). With Gmail, all messages you send or receive are encrypted using an industry-leading solution. Gmail content is never used to personalise advertising. More information about privacy and security in Gmail can be found at: https://support.google.com/mail/answer/10434152?hl=de
3. Use of Miro
After conclusion of the contract, we use the interaction tool Miro for the coaching sessions. The provider of this tool is RealtimeBoard Inc., 3651 Lindell Road Suite D1134 Las Vegas, NV 89103 United States (hereinafter "Miro"). During the coaching session, we can collect and record topics and ideas together with the contractual partners via the virtual whiteboard software Miro. If the interaction tool is used, this requires your consent to the use of data by Miro.
The following personal data are subject to processing:
User details (if you are participating with a registered account): First name, last name, e-mail address, password (if "single sign-on" is not used), telephone (optional), profile picture (optional).
Meeting metadata: Topic, description (optional), IP address, device/hardware information. Shared content: Content shared on a Miro whiteboard is stored. This can be, for example, text, images, drawings, audio or video files, websites or embeddings from other services.
Aggregated data: Miro stores anonymised data about user behaviour such as the geographical location of the dial-in or the type of terminal device. This aggregated data does not allow any conclusion to be drawn about the person and is also stored after deletion of the individual user.
You have the option to minimise the personal data collected and stored by Miro by participating without registering an account or giving your name.
More information on data protection at Miro can be found at: www.miro.com/legal/privacy-policy
XIII. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:
1. Right to revoke the declaration of consent
You have the right to revoke your declaration of consent under data protection law at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future (Art. 7 (3) GDPR).
2. Right to information
You may request confirmation from the person responsible as to whether personal data relating to you is being processed by us.
In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of aright of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details (Art. 15 GDPR).
3. Right of rectification
You have a right of rectification and/or completion vis-à-vis the person responsible if the personal data processed concerning you are inaccurate or incomplete. The person responsible must carry out the rectification without undue delay (Art. 16 GDPR).
4. Right to erasure
You have the right to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims (Art. 17 GDPR).
5. Right to restrict processing
You may request the restriction of the processing of personal data relating to you insofar as a) the accuracy of the data is disputed by you, b) the processing is unlawful and you object to its erasure, c) we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or d) you have objected to the processing pursuant to Art. 21 DSGVO (Art. 18 DSGVO).
6. Right of objection
You have the right to object at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1)(e) or (f) on grounds relating to your particular situation; this also applies to profiling based on these provisions. Unless there are overriding interests on the part of the processor, data processing will thereupon cease (Art. 21 GDPR). If personal data are processed for the purposes of direct marketing, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing; this shall also apply to profiling insofar as it is related to such direct marketing. Upon objection, the processing for direct marketing purposes shall be stopped.
7. Right to data portability
You can receive your personal data that you have provided to us in a structured, common and machine-readable format from us or request that it be transferred to another person responsible (Art. 20 GDPR).
8. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR (Art. 77 GDPR).
XIV. Changes to the data protection notice
In the context of the further development of data protection law as well as technological or organisational changes, our data protection information is regularly checked for the need to adapt or supplement it. You will be informed about changes in particular on our website at the address:
https://www.the-art-of-self.com/imprint-privacy-policy
This data protection notice is current as of 17.08.2022.
