Datenschutz - Ricarda Hiller

Privacy Policy

1. Privacy

General information

The following notes provide a simple overview of what happens to your personal data when you visit this website. “Personal data” means any information that can identify you personally. Detailed information on data protection can be found in the full Privacy Policy below.

Data collection on this website

Who is responsible for data processing on this website?

Data processing on this website is carried out by the website operator (“Controller”). The Controller’s contact details can be found in the section “Controller” below.

How do we collect your data?

Some data is provided by you, for example, information you enter into a contact form.

Other data is collected automatically or with your consent when you visit the website. This primarily includes technical data (e.g., browser, operating system, time of access). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Part of the data is used to ensure the website runs without errors. Other data may be used to analyze user behavior. Where contracts can be concluded or initiated via the website, the transmitted data is also processed for offers, orders, or other service requests

What are your rights?

You have the right, at any time and free of charge, to obtain information about the origin, recipients, and purpose of your stored personal data. You also have the right to request rectification or erasure of this data. If you have given consent to processing, you can withdraw that consent at any time with effect for the future. You also have the right, in certain circumstances, to request restriction of processing. Furthermore, you have the right to lodge a complaint with a supervisory authority.

You can contact us at any time about these and any other questions regarding data protection.

Analytics and third-party tools

When visiting this website, your browsing behavior may be statistically evaluated, primarily with analytics programs.

Details are provided below in this Privacy Policy.

2. Hosting

We host our website content with the following provider:

HOSTINGER operations, UAB

Švitrigailos str. 34, Vilnius 03230 Litauen

Phone: +37064503378

Email: domains@hostinger.com

External hosting

This website is externally hosted. Personal data collected on this website is stored on the servers of the hosting provider(s). This may include IP addresses, contact requests, metadata and communication data, contract data, contact details, names, website access data, and other data generated by a website.

External hosting is used for (i) performance of a contract or pre-contractual steps with our prospective and existing customers (Art. 6(1)(b) GDPR) and (ii) our legitimate interest in the secure, fast, and efficient provision of our online offering by a professional provider (Art. 6(1)(f) GDPR). Where consent is required, processing is based on Art. 6(1)(a) GDPR and Section 25(1) of the German Telecommunications-Telemedia Data Protection Act (TDDDG) to the extent the consent covers storing cookies or accessing information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.

Our hosting provider(s) will process your data only to the extent necessary to fulfill its performance obligations and in accordance with our instructions.

We use the following host:

Hostinger

Data Processing Agreement

We have concluded a data processing agreement (DPA) with the above provider, as required under data protection law, to ensure processing of personal data of our website visitors only in accordance with our instructions and the GDPR.

3. General Information and Mandatory Disclosures

PRIVACY POLICY

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this Privacy Policy.

When you use this website, various personal data will be collected. This Privacy Policy explains what data we collect and what we use it for, and for what purposes and on what legal bases this occurs.

Please note that data transmission on the internet (e.g., communication by email) may have security gaps. Complete protection against access by third parties is not possible.

Controller

The Controller responsible for data processing on this website is:

Ricarda Hiller Parkallee 8 67295 Bolanden phone: 015116049903 E-Mail: ricardahiller@web.de

“Controller” means the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data (e.g., names, email addresses).

Storage period

Unless a more specific retention period is stated in this Privacy Policy, we store your personal data only as long as necessary for the purposes stated. If you request erasure or withdraw your consent, we will delete your data unless we have other legally permissible reasons to retain it (e.g., tax or commercial retention obligations); in the latter case, erasure will take place after those reasons no longer apply.

Legal bases for processing on this website

If you have consented to processing, we process your personal data on the basis of Art. 6(1)(a) GDPR and, where special categories of data under Art. 9(1) GDPR are processed, on the basis of Art. 9(2)(a) GDPR. If you expressly consent to the transfer of personal data to third countries, processing also takes place on the basis of Art. 49(1)(a) GDPR. If you consent to storing cookies or accessing information on your device (e.g., via device fingerprinting), processing additionally takes place on the basis of Section 25(1) TDDDG. Consent can be withdrawn at any time. If your data is necessary for performance of a contract or pre-contractual measures, processing is based on Art. 6(1)(b) GDPR. Where processing is required to comply with a legal obligation, it is based on Art. 6(1)(c) GDPR. Processing may also be based on our legitimate interests under Art. 6(1)(f) GDPR. The specific legal bases applicable in a given case are explained below.

Data Protection Officer

We have appointed a Data Protection Officer (DPO):

Ricarda Hiller Parkallee 8 67295 Bolanden phone: 015116049903 E-Mail: ricardahiller@web.de

Recipients of personal data

In the course of our business activities, we work with various external parties. This may require transferring personal data. We transfer personal data to external recipients only where necessary for contract performance, where we are legally obliged (e.g., to tax authorities), where we have a legitimate interest under Art. 6(1)(f) GDPR, or where another legal basis permits the transfer. When using processors, we transfer personal data only under a valid DPA; in cases of joint controllership, we conclude a joint controller agreement.

Withdrawal of your consent

Many processing operations are only possible with your explicit consent. You may withdraw your consent at any time with effect for the future. The lawfulness of processing carried out before the withdrawal remains unaffected.

Right to object to processing (Art. 21 GDPR)

IF PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THOSE PROVISIONS. WE WILL THEN NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (ART. 21(1) GDPR).

WHERE YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO SUCH PROCESSING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (ART. 21(2) GDPR)

Right to lodge a complaint with a supervisory authority

In the event of GDPR infringements, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place of the alleged infringement. This right exists without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to receive data that we process on the basis of your consent or in performance of a contract, in a commonly used, machine-readable format, or to request that it be transmitted to another controller, where technically feasible.

Access, rectification, erasure

Within the scope of applicable law, you have the right at any time to obtain free information about your stored personal data, its origin and recipients and the purpose of processing, and, where applicable, the right to rectification or erasure of this data. You can contact us at any time for this purpose.

Right to restriction of processing

You have the right to request restriction of processing of your personal data. You can contact us at any time to exercise this right. You have this right in the following cases:

If you contest the accuracy of your personal data, we generally need time to verify it. For the duration of the verification, you have the right to request restriction of processing.
If processing is unlawful, you may request restriction of processing instead of erasure.
If we no longer need your personal data, but you need it for the establishment, exercise, or defense of legal claims, you may request restriction instead of erasure.
If you have objected under Art. 21(1) GDPR, a balancing of interests must take place. Until it is determined whose interests prevail, you have the right to request restriction of processing.

If processing is restricted, such data—apart from storage—will only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the EU or a Member State.

SSL/TLS encryption

For security reasons and to protect the transmission of confidential content (e.g., orders or inquiries), this site uses SSL/TLS encryption. You can recognize an encrypted connection by the browser address bar changing from “http://” to “https://” and by the lock symbol in your browser bar.

With SSL/TLS enabled, data you transmit cannot be read by third parties.

Encrypted payment transactions on this website

If, after concluding a paid contract, there is an obligation to transmit your payment data (e.g., account number for direct debit), this data is required to process the payment.

Payment transactions using common means of payment (Visa/Mastercard, direct debit, etc.) take place exclusively via an encrypted SSL/TLS connection.

With encrypted communication, your payment data cannot be read by third parties.

4. Data Collection on this Website

Consent with Borlabs Cookie

We use the Borlabs Cookie consent tool to obtain and document your consent to store certain cookies in your browser and to use certain technologies in a GDPR-compliant manner. Provider: Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (“Borlabs”).

When you enter our website, a Borlabs cookie is stored in your browser, which records the consents you have given or withdrawn. This data is not shared with Borlabs.

Data is stored until you request deletion, delete the Borlabs cookie yourself, or the purpose for storage no longer applies. Mandatory statutory retention periods remain unaffected. Details on Borlabs data processing are available at: https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

We use Borlabs in order to obtain legally required consents for the use of cookies. Legal basis: Art. 6(1)(c) GDPR.

Contact form

If you submit inquiries via the contact form, we store the information from the form, including the contact details you provide, to process your inquiry and for follow-up questions. We do not share this data without your consent.

Processing is based on Art. 6(1)(b) GDPR if your request is related to a contract or necessary for pre-contractual measures. In all other cases, processing is based on our legitimate interests in effectively handling inquiries (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), where requested; consent can be withdrawn at any time.

We retain contact-form data until you request deletion, withdraw consent, or the purpose of storage no longer applies (e.g., your inquiry has been fully resolved). Statutory retention obligations remain unaffected.

Requests by email, telephone, or fax

If you contact us by email, telephone, or fax, your request, including all personal data therein (name, request), will be stored and processed for the purpose of handling your inquiry. We do not share this data without your consent.

We retain such data until you request deletion, withdraw consent, or the purpose of storage no longer applies. Statutory retention obligations remain unaffected.

5. eCommerce and Payment Providers

Processing of customer and contract data

We collect, process, and use personal customer and contract data to establish, structure, and change contractual relationships. We collect, process, and use usage data only insofar as this is necessary to enable or bill the use of the service. Legal basis: Art. 6(1)(b) GDPR.

Customer data is deleted after the order is completed or the business relationship ends and any statutory retention periods have expired.

Data transfer upon contract conclusion for services and digital content

We transfer personal data to third parties only where necessary for contract processing—for example, to the financial institution tasked with payment processing.

No further transfer occurs unless you have expressly consented. We do not share your data with third parties for advertising purposes without your consent.

Legal basis: Art. 6(1)(b) GDPR.

Payment services

We integrate third-party payment services on our website. When you make a purchase, your payment data (e.g., name, amount, account details, credit card number) is processed by the chosen payment service provider for payment processing. The providers’ own terms and privacy policies apply. We use these providers on the basis of Art. 6(1)(b) GDPR (contract performance) and our legitimate interests in a smooth, comfortable, and secure payment process (Art. 6(1)(f) GDPR).

Where your consent is requested for certain actions, Art. 6(1)(a) GDPR is the legal basis; you can withdraw consent at any time.

PayPal

Provider: PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”).

Transfers to the USA are based on the EU Commission’s SCCs. Details: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

Stripe

For customers within the EU: Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (“Stripe”).

Transfers to the USA are based on the EU Commission’s SCCs. Details: https://stripe.com/de/privacy and https://stripe.com/de/guides/general-data-protection-regulation.

6. Plugins and Tools

AmeliaWP booking system

We use the Amelia booking system to schedule appointments. When you use the form, personal data such as name, email address, telephone number, and requested session time are processed. This data is stored on our own web server and used solely to organize and deliver the booked sessions. Legal basis: Art. 6(1)(b) GDPR (performance of a contract / pre-contractual measures).

For payment, we offer PayPal and Stripe. If you choose one of these payment methods, the data required for payment processing is transmitted to the respective provider. See the payment-provider sections above for details.

We do not store payment data (e.g., credit card details) on our servers. Payment processing takes place exclusively via the secure systems of the respective providers.