Data protection – Bernd Dorst

I attach great importance to data privacy.

The collection and processing of your personal data is carried out in compliance with applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR).

This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) within our online services and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as “online services”). Regarding the terminology used, such as “processing” or “controller,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Data Controller

Bernd Dorst, Personal & Business Coach, Hypnosis, Business Administration Graduate
Beetebuerger Stroos 44
3333 Hellange, Luxembourg
Email address: info@dorst.coach

Types of data processed:

– Inventory data (e.g., names, addresses).

– Contact data (e.g., email addresses, telephone numbers).

– Content data (e.g., text entries, photographs, videos).

– Usage data (e.g., websites visited, interest in content, access times).

– Meta/communication data (e.g., device information, IP addresses).

Categories of data subjects

Visitors and users of the online service (hereinafter, we will refer to the data subjects collectively as “users”).

Purpose of processing

– Provision of the online service, its functions, and content.

– Responding to contact requests and communicating with users.

– Security measures.

– Audience measurement/marketing

Terminology used

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. “Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Relevant Legal Bases

In accordance with Article 13 of the GDPR, we inform you of the legal bases for our data processing. Unless otherwise stated in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the GDPR; the legal basis for processing data to fulfill our services and implement contractual measures, as well as to respond to inquiries, is Article 6(1)(b) of the GDPR; the legal basis for processing data to comply with our legal obligations is Article 6(1)(c) of the GDPR; and the legal basis for processing data to protect our legitimate interests is Article 6(1)(f) of the GDPR. In the event that processing personal data is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) of the GDPR serves as the legal basis.

Security Measures

In accordance with Article 32 of the GDPR, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access to, input of, disclosure of, and ensuring the availability and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, the erasure of data, and the response to data breaches. We also consider the protection of personal data during the development and selection of hardware, software, and processes, in accordance with the principles of data protection by design and by default (Article 25 of the GDPR).

If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them, or otherwise grant them access to the data, this is done only on the basis of legal permission (e.g., if the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR), if you have given your consent, if a legal obligation requires it, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).

If we commission third parties to process data on the basis of a so-called “data processing agreement,” this is done on the basis of Art. 28 GDPR.

Transfers to Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of using third-party services or disclosing or transferring data to third parties, this will only be done if it is necessary for the performance of our (pre-)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we will only process or have data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means, for example, that processing is based on special guarantees, such as the officially recognized finding of a level of data protection equivalent to that of the EU (e.g., for the USA through the “Privacy Shield”) or compliance with officially recognized specific contractual obligations (so-called “standard contractual clauses”).

Rights of Data Subjects

You have the right to request confirmation as to whether or not personal data concerning you is being processed, and to access this data, as well as further information and a copy of the data, in accordance with Article 15 of the GDPR.

In accordance with Article 16 of the GDPR, you have the right to request the completion of incomplete personal data concerning you or the rectification of inaccurate personal data concerning you.

In accordance with Article 17 of the GDPR, you have the right to request that personal data concerning you be erased without undue delay, or alternatively, in accordance with Article 18 of the GDPR, to request the restriction of processing of your personal data.

You have the right to receive the personal data concerning you that you have provided to us, in accordance with Article 20 of the GDPR, and to request its transmission to another controller.

Furthermore, in accordance with Article 77 of the GDPR, you have the right to lodge a complaint with the competent supervisory authority.

You have the right to lodge a complaint with the competent supervisory authority. Right of withdrawal

You have the right to withdraw any consent you have given pursuant to Article 7(3) GDPR with effect for the future.

Right to object

You can object to the future processing of your personal data at any time in accordance with Article 21 GDPR. This objection can be made, in particular, against processing for direct marketing purposes.

Cookies and the right to object to direct marketing

Cookies are small files that are stored on users’ computers. Various types of information can be stored within cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or even after their visit to an online service. Temporary cookies, also known as “session cookies” or “transient cookies,” are deleted after a user leaves an online service and closes their browser. Such a cookie might, for example, store the contents of a shopping cart in an online store or a login status. “Permanent” or “persistent” cookies remain stored even after the browser is closed. These can be used, for example, to store login status so that users remain logged in when they return to the site after several days. Similarly, user interests can be stored in such a cookie for audience measurement or marketing purposes. Third-party cookies are cookies that are offered by providers other than the operator of the website (otherwise, if they are only the operator’s own cookies, they are called first-party cookies).

We may use temporary and persistent cookies, and we explain this in our privacy policy.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. Disabling cookies may lead to functional limitations of this website.

A general objection to the use of cookies for online marketing purposes can be declared for many services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be prevented by disabling them in the browser settings. Please note that some features of this online service may not be available if you do not comply with these terms.

Data Deletion

The data we process will be deleted or its processing restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated otherwise in this privacy policy, the data we store will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

In accordance with German legal requirements, records must be retained for 10 years, in particular pursuant to Sections 147 Paragraph 1 of the German Fiscal Code (AO) and 257 Paragraph 1 Numbers 1 and 4, Paragraph 4 of the German Commercial Code (HGB) (books, records, management reports, accounting documents, ledgers, tax-relevant documents, etc.), and for 6 years pursuant to Section 257 Paragraph 1 Numbers 2 and 3, Paragraph 4 of the German Commercial Code (HGB) (business correspondence).

In accordance with Austrian legal requirements, records must be retained for 7 years, in particular pursuant to Section 132 Paragraph 1 of the Austrian Federal Fiscal Code (BAO) (accounting records, receipts/invoices, accounts, vouchers, business papers, statements of income and expenses, etc.), for 22 years in connection with real estate, and for 10 years for documents relating to electronically supplied services, telecommunications, broadcasting, and television services provided to non-business customers in EU member states for which the Mini One-Stop Shop (MOSS) is used.
Agency Services

We process our clients’ data within the scope of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, campaign and process implementation/handling, server administration, data analysis/consulting services, and training services.

In this process, we process inventory data (e.g., customer master data such as names or addresses), contact data (e.g., email addresses, telephone numbers), content data (e.g., text entries, photographs, videos), contract data (e.g., subject matter of the contract, term), payment data (e.g., bank details, payment history), and usage and metadata (e.g., for the evaluation and performance measurement of marketing activities). We generally do not process special categories of personal data unless they are part of a commissioned processing activity. Data subjects include our customers, prospective customers, and their customers, users, website visitors, or employees, as well as third parties. The purpose of the processing is the provision of contractual services, billing, and our customer service. The legal bases for the processing are Art. 6 para. 1 lit. b GDPR (contractual performance) and Art. 6 para. 1 lit. f GDPR (analysis, statistics, optimization, security measures). We process data that is necessary for establishing and fulfilling the contractual services and indicate when providing this data is mandatory. Disclosure to external parties only occurs when necessary for the performance of a contract. When processing data entrusted to us within the scope of a contract, we act in accordance with the instructions of the client and the legal requirements for data processing on behalf of a controller pursuant to Article 28 GDPR, and we do not process the data for any purposes other than those stipulated in the contract.

We delete the data after the expiry of statutory warranty periods and comparable obligations. The necessity of retaining the data is reviewed every three years; in the case of statutory archiving obligations, deletion occurs after their expiry (6 years, pursuant to Section 257 Paragraph 1 of the German Commercial Code (HGB), 10 years, pursuant to Section 147 Paragraph 1 of the German Fiscal Code (AO)). In the case of data disclosed to us by the client within the scope of a contract, we delete the data in accordance with the contract specifications, generally after the contract has ended.

We delete the data after the expiry of statutory warranty periods and comparable obligations. Healthcare Services

We process the data of our patients, prospective patients, and other clients or contractual partners (collectively referred to as “patients”) in accordance with Article 6(1)(b) GDPR in order to provide them with our contractual or pre-contractual services. The data processed, its nature, scope, purpose, and the necessity of its processing are determined by the underlying contractual relationship. The processed data generally includes patient inventory and master data (e.g., name, address, etc.), as well as contact information (e.g., email address, telephone number, etc.), contract data (e.g., services used, products purchased, costs, names of contact persons), and payment data (e.g., bank details, payment history, etc.).

As part of our services, we may also process special categories of personal data pursuant to Article 9(1) GDPR, in particular information concerning the health of patients, possibly relating to their sex life or sexual orientation. Where necessary, we obtain explicit consent from patients in accordance with Art. 6 para. 1 lit. a, Art. 7, and Art. 9 para. 2 lit. a GDPR. Otherwise, we process special categories of data for the purposes of preventive healthcare on the basis of Art. 9 para. 2 lit. h GDPR and Section 22 para. 1 no. 1 b BDSG (German Federal Data Protection Act).

If required for the performance of the contract or by law, we disclose or transmit patient data in the course of communication with medical professionals and to third parties necessarily or typically involved in the performance of the contract, such as laboratories, billing centers, or similar service providers, insofar as this serves the provision of our services in accordance with Art. 6 para. 1 lit. b GDPR or is legally required in accordance with Art. 6 para. 1 lit. c GDPR. The processing of your personal data is required by the GDPR, serves our legitimate interests or those of our patients in efficient and cost-effective healthcare pursuant to Art. 6 para. 1 lit. f GDPR, or is necessary pursuant to Art. 6 para. 1 lit. d GDPR to protect the vital interests of the patients or another natural person, or is based on your consent pursuant to Art. 6 para. 1 lit. a, Art. 7 GDPR.

Data is deleted when it is no longer required to fulfill contractual or legal obligations of care, as well as to handle any warranty or similar obligations. The necessity of retaining the data is reviewed every three years; otherwise, statutory retention periods apply.

Therapeutic Services and Coaching

We process the data of our clients, prospective clients, and other customers or contractual partners (collectively referred to as “clients”) in accordance with Article 6(1)(b) GDPR in order to provide them with our contractual or pre-contractual services. The data processed, its nature, scope, purpose, and the necessity of its processing are determined by the underlying contractual relationship. The processed data generally includes client inventory and master data (e.g., name, address, etc.), as well as contact information (e.g., email address, telephone number, etc.), contract data (e.g., services used, fees, names of contact persons, etc.), and payment data (e.g., bank details, payment history, etc.).

… As part of our services, we may also process special categories of personal data pursuant to Article 9(1) GDPR, in particular information concerning the health of clients, possibly relating to their sex life or sexual orientation, ethnic origin, or religious or philosophical beliefs. Where necessary, we obtain the explicit consent of clients for this processing in accordance with Article 6(1)(a), Article 7, and Article 9(2)(a) GDPR. Otherwise, we process these special categories of data for the purposes of preventive healthcare on the basis of Article 9(2)(h) GDPR and Section 22(1)(1)(b) of the German Federal Data Protection Act (BDSG).

If required for the performance of the contract or by law, we disclose or transmit client data in the course of communication with other professionals and third parties necessarily or typically involved in the performance of the contract, such as billing agencies or similar service providers, insofar as this is necessary for the provision of our services pursuant to Article 6(1)(b) GDPR. The processing of your personal data is based on the GDPR, is legally required pursuant to Art. 6 para. 1 lit. c GDPR, serves our interests or those of our clients in efficient and cost-effective healthcare as a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, or is necessary pursuant to Art. 6 para. 1 lit. d GDPR to protect the vital interests of our clients or another natural person, or is based on your consent pursuant to Art. 6 para. 1 lit. a, Art. 7 GDPR.

Administration, Financial Accounting, Office Organization, Contact Management

We process data for administrative tasks, the organization of our business, financial accounting, and compliance with legal obligations, such as archiving. In this context, we process the same data that we process when providing our contractual services. The legal bases for this processing are Art. 6 para. 1 lit. c GDPR and Art. 6 para. 1 lit. f GDPR. Customers, prospective customers, business partners, and website visitors are affected by this processing. The purpose of and our legitimate interest in this processing lies in administration, financial accounting, office organization, and data archiving—tasks that serve to maintain our business operations, fulfill our obligations, and provide our services. The deletion of data relating to contractual services and contractual communication is carried out in accordance with the information provided for these processing activities.

We disclose or transmit data to the tax authorities, consultants such as tax advisors or auditors, as well as other fee-collecting agencies and payment service providers.

Furthermore, based on our legitimate business interests, we store information about suppliers, event organizers, and other business partners, for example, for the purpose of future contact. We generally store this predominantly business-related data permanently.

Provision of our statutory and business services

We process the data of our members, supporters, prospective members, customers, or other individuals in accordance with Article 6(1)(b) GDPR, insofar as we offer them contractual services or act within the framework of an existing business relationship, e.g., with members, or are ourselves recipients of services and contributions. Furthermore, we process the data of data subjects in accordance with Article 6(1)(f) GDPR based on our legitimate interests, e.g., for administrative tasks or public relations.

The data processed in this context, its nature, scope, purpose, and the necessity of its processing are determined by the underlying contractual relationship. This generally includes personal data (e.g., name, address, etc.), contact information (e.g., email address, telephone number, etc.), contract data (e.g., services used, content and information provided, names of contact persons), and, if we offer services or products subject to payment, payment data (e.g., bank details, payment history, etc.).

We delete data that is no longer required for fulfilling our statutory and business purposes. This is determined according to the respective tasks and contractual relationships. In the case of business processing, we retain the data for as long as it may be relevant for business transactions, as well as with regard to any warranty or liability obligations. The necessity of retaining the data is reviewed every three years; otherwise, the statutory retention periods apply.

We delete data that is no longer required for fulfilling our statutory and business purposes. Akismet Anti-Spam Check

Our website uses the “Akismet” service, provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. This service is used based on our legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR. Akismet helps distinguish comments from real people from spam comments. For this purpose, all comment data is sent to a server in the USA, where it is analyzed and stored for comparison purposes for four days. If a comment is classified as spam, the data is stored beyond this period. This data includes the entered name, email address, IP address, comment content, referrer, information about the browser and operating system used, and the time of entry.

Further information on the collection and use of data by Akismet can be found in Automattic’s privacy policy: https://automattic.com/privacy/.

Users are welcome to use pseudonyms or refrain from entering their name or email address. You can completely prevent the transmission of data by not using our commenting system. This would be a shame, but unfortunately, we see no other equally effective alternatives.

Contacting Us

When you contact us (e.g., via contact form, email, telephone, or social media), the information you provide will be processed in accordance with Art. 6 Para. 1 lit. b) GDPR for the purpose of handling your inquiry. Your information may be stored in a customer relationship management system (“CRM system”) or a comparable system for managing inquiries.

We delete inquiries when they are no longer needed. We review the necessity of retaining inquiries every two years; statutory archiving obligations also apply.

Please note that the confidentiality of information transmitted via email cannot be fully guaranteed, and we therefore recommend that you send confidential information exclusively by postal mail.

We expressly point out that the confidentiality of information transmitted via email cannot be fully guaranteed, and we therefore recommend that you send confidential information exclusively by postal mail. Hosting and Email Delivery

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email delivery, security services, and technical maintenance services, which we use for the purpose of operating this online service.

In this process, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, and meta and communication data of customers, prospective customers, and visitors to this online service based on our legitimate interests in the efficient and secure provision of this online service pursuant to Art. 6 Para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).

Google AdWords and Conversion Tracking

Google is certified under the Privacy Shield Framework and thus guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We use the online marketing tool Google “AdWords” to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.) so that they are displayed to users who are likely to be interested in them. This allows us to display ads for and within our online services in a more targeted way, so that users only see ads that potentially match their interests. For example, if a user is shown ads for products they have previously viewed on other websites, this is called “remarketing.” For this purpose, when our website and other websites where the Google advertising network is active are accessed, Google immediately executes a code and integrates so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) into the website. These tags store an individual cookie, i.e., a small file, on the user’s device (comparable technologies may also be used instead of cookies). This file records which websites the user visits, which content they are interested in, and which offers they click on. It also includes technical information about the browser and operating system, referring websites, visit time, and other details about the use of the online service.

Furthermore, we receive an individual “conversion cookie.” The information collected with the help of this cookie is used by Google to create conversion statistics for us. However, we only receive the anonymous total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. We do not receive any information that could personally identify users.

User data is processed pseudonymously within the Google advertising network. This means that Google does not store or process, for example, the name or email address of users, but rather processes the relevant data on a cookie-related basis within pseudonymous user profiles. This means that, from Google’s perspective, ads are not managed and displayed for a specifically identified individual, but rather for the cookie holder, regardless of who that cookie holder is. This does not apply if a user has explicitly granted Google permission to process the data without this pseudonymization. The information collected about users is transmitted to Google and stored on Google’s servers in the USA.

Further information on Google’s data usage, settings, and opt-out options can be found in Google’s Privacy Policy (https://policies.google.com/technologies/ads) and in the settings for Google ad personalization (https://adssettings.google.com/authenticated).

For more information on Google’s data usage, settings, and opt-out options, please see Google’s Privacy Policy (https://policies.google.com/technologies/ads) and the Google Ads Settings (https://adssettings.google.com/authenticated).

“` Jetpack (WordPress Stats)

Based on our legitimate interests (i.e., our interest in analyzing, optimizing, and operating our online services economically, in accordance with Article 6(1)(f) of the GDPR), we use the Jetpack plugin (specifically the “WordPress Stats” feature), which integrates a tool for the statistical analysis of visitor traffic and is provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. Jetpack uses cookies, which are text files placed on your computer, to help the website analyze how users use the site.

The information generated by the cookie about your use of this website is stored on a server in the USA. Usage profiles may be created from the processed data, but these are used solely for analytical purposes and not for advertising. For more information, please see Automattic’s privacy policy: https://automattic.com/privacy/ and information about Jetpack cookies: https://jetpack.com/support/cookies/.