Skip to content
Logo

Privacy Policy

Protecting your personal data is important to me. I process your data solely on the basis of the statutory provisions (GDPR, German BDSG, TDDDG). This privacy policy informs you about the main aspects of data processing on this website.

1. Controller

The controller for data processing on this website is:

[Full first and last name]

[Street and house number]

[Postal code] [City]

E-mail: [your e-mail address]

Phone: [your phone number]

You can also find the full contact details in the imprint of this website. I am not legally required to appoint a data protection officer.

2. Your rights

With regard to the data I store about you, you generally have the following rights: access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and the right to object to processing (Art. 21 GDPR).

Where processing is based on your consent, you may withdraw it at any time with effect for the future (Art. 7 (3) GDPR); the lawfulness of processing carried out before the withdrawal remains unaffected. An informal e-mail is sufficient.

If you believe that the processing of your data infringes data protection law, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

3. Hosting and server log files

This website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. When you access the website, information is automatically transmitted to Vercel's servers and stored in so-called server log files: IP address, date and time of access, page/file requested, volume of data transferred, browser and operating system used, and the previously visited page (referrer).

The legal basis is my legitimate interest in the secure, stable and technically faultless operation of this website (Art. 6 (1) (f) GDPR). A data processing agreement (Art. 28 GDPR) is in place with Vercel. As Vercel processes data in the USA, the transfer is based on Vercel's certification under the EU-U.S. Data Privacy Framework and, in addition, on the EU Commission's Standard Contractual Clauses. See section 9.

4. Reach measurement (Vercel Web Analytics & Speed Insights)

To statistically evaluate the use of this website and to measure loading speed, I use Vercel Web Analytics and Vercel Speed Insights. These services are cookieless and do not recognise visitors permanently: no cookies are set and no cross-device identifiers are created. Visitors are only distinguished by a hash generated from the request, which is discarded after at most 24 hours.

Only aggregated, anonymous data is collected, such as the page requested, referrer, approximate region (country/region/city), device type, browser and operating system. No IP address is stored and I am not able to identify individual visitors. The legal basis is my legitimate interest in a privacy-friendly, anonymous analysis to improve my offering (Art. 6 (1) (f) GDPR).

5. Cookies

This website uses only technically necessary cookies. When you switch language, your choice is stored in a session cookie (“NEXT_LOCALE”) that expires at the latest when you close your browser, so the site is shown in your preferred language. No consent is required for such necessary cookies under § 25 (2) TDDDG; they are based on Art. 6 (1) (f) GDPR. No consent-requiring cookies or non-essential tracking technologies are used, which is why no cookie banner is required on this website.

6. Content and images (content management system)

The content and images on this website are delivered via the content management system Sanity (Sanity AS / Sanity Inc.). The data is stored on Google Cloud Platform servers within the European Union (Belgium); a transfer to a third country generally does not take place for this. When images are retrieved, your IP address is technically transmitted to the content delivery network (CDN). The legal basis is my legitimate interest in fast and reliable content delivery (Art. 6 (1) (f) GDPR).

7. Enquiry form (health data)

When you fill in the enquiry form, I process the information you provide in order to answer your enquiry and to discuss possible coaching with you. At least an e-mail address is mandatory so that I can reply to you; the other details are voluntary.

As my offering concerns support with Hashimoto's and health topics, your details may contain health data and thus special categories of personal data within the meaning of Art. 9 GDPR. I process these solely on the basis of your explicit consent (Art. 9 (2) (a) in conjunction with Art. 6 (1) (a) GDPR), which you give in the form via the confirmation “I consent to my details – including health data – being processed to handle my enquiry.” Where the purpose is to initiate a coaching contract, the processing is additionally based on Art. 6 (1) (b) GDPR. Without this consent the form cannot be submitted.

You may withdraw your consent at any time with effect for the future (Art. 7 (3) GDPR) – an e-mail to the address above is sufficient. The enquiry submitted via the form is sent to me by e-mail. For sending e-mail I use the service provider Resend (Resend, USA) as a processor. Resend is certified under the EU-U.S. Data Privacy Framework; Standard Contractual Clauses are in place in addition. Only the content required to handle the enquiry is transmitted.

To protect the form against automated abuse (spam), your IP address is processed briefly when you submit it, in order to limit the number of submissions per sender. For this I use – where enabled – the service Upstash (Upstash, Inc., USA) as a processor. The legal basis is my legitimate interest in preventing abuse and in the security of the offering (Art. 6 (1) (f) GDPR). Upstash is certified under the EU-U.S. Data Privacy Framework; Standard Contractual Clauses are in place in addition. The IP address is stored only for this purpose and only for a short time.

8. Contact by e-mail

If you contact me by e-mail, I process your details to handle your enquiry and in case of follow-up questions. The legal basis is my legitimate interest in responding to your request (Art. 6 (1) (f) GDPR) or, where a contract is involved, Art. 6 (1) (b) GDPR. If you voluntarily share health data, it is processed on the basis of the explicit consent you give implicitly by contacting me (Art. 9 (2) (a) GDPR).

9. Storage period

I store personal data only for as long as is necessary for the respective purposes. I delete enquiries and the related correspondence as soon as they are no longer required for processing and no statutory retention obligations (e.g. under commercial or tax law) apply. Technical access data (server log files) is processed by the hosting provider only briefly to ensure security and operation, and is deleted automatically afterwards.

10. Data transfer to third countries

Where data is processed in the USA – as with hosting (Vercel), e-mail sending (Resend) and abuse protection of the form (Upstash) – this is based on the respective providers' certification under the EU-U.S. Data Privacy Framework, for which the EU Commission has determined an adequate level of data protection. In addition, and in case this basis ceases to apply, the EU Commission's Standard Contractual Clauses are in place with the providers (Art. 46 (2) (c) GDPR). Despite these safeguards, access by US authorities cannot be entirely ruled out.

11. Validity and changes to this privacy policy

This privacy policy reflects the current status. As the website develops or legal requirements change, it may become necessary to amend it. The current version published here applies in each case.