Datenschutz

Preamble

With the following privacy policy, we want to inform you about the types of your personal data (hereinafter also referred to as “data”) that we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the provision of our services and particularly on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offer”).

The terms used are gender-neutral.

Date: July 2, 2025

Table of Contents

Preamble

Responsible Party

Overview of Processes

Legal Bases

Security Measures

Transmission of Personal Data

International Data Transfers

General Information on Data Storage and Deletion

Rights of Data Subjects

Business Services

Payment Procedures

Provision of the Online Offer and Web Hosting

Use of Cookies

Blogs and Publication Media

Contact and Inquiry Management

Communication via Messenger

Newsletters and Electronic Notifications

Advertising Communication via Email, Post, Fax, or Telephone

Sweepstakes and Contests

Web Analytics, Monitoring, and Optimization

Affiliate Programs and Affiliate Links

Customer Reviews and Evaluation Processes

Social Media Presence

Plug-ins and Embedded Functions and Content

Responsible Party

Yvonne Klein

Zum Siepen 28

59872 Meschede

Email: Info@yvonneklein.de

Overview of Processing

The following overview summarizes the types of processed data and the purposes of their processing and refers to the affected persons.

Types of Processed Data:

Inventory data

Payment data

Location data

Contact data

Content data

Contract data

Usage data

Meta, communication, and procedural data

Log data

Categories of Affected Persons

Service recipients and clients

Prospects

Communication partners

Users

Sweepstakes and contest participants

Business and contractual partners

Purposes of Processing

Provision of contractual services and fulfillment of contractual obligations

Communication

Security measures

Direct marketing

Reach measurement

Office and organizational procedures

Affiliate tracking

Organizational and administrative procedures

Conducting sweepstakes and contests

Feedback

Marketing

Profiles with user-related information

Provision of our online offer and user-friendliness

Information technology infrastructure

Public relations

Promotion

Business processes and operational procedures

Legal Bases

Consent (Art. 6 (1) Sentence 1 (a) DSGVO) – The data subject has consented to the processing of their personal data for a specific purpose or multiple purposes.

Contract fulfillment and pre-contractual inquiries (Art. 6 (1) Sentence 1 (b) DSGVO) – Processing is necessary for the performance of a contract to which the data subject is a party or for pre-contractual measures taken at the request of the data subject.

Legal obligation (Art. 6 (1) Sentence 1 (c) DSGVO) – Processing is necessary to fulfill a legal obligation to which the controller is subject.

Legitimate interests (Art. 6 (1) Sentence 1 (f) DSGVO) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided that the interests or fundamental rights and freedoms of the data subject do not override those interests.

National Data Protection Regulations in Germany

In addition to the GDPR, national data protection regulations in Germany apply, including the Federal Data Protection Act (BDSG). The BDSG contains specific regulations on the right to access, the right to erasure, the right to object, the processing of special categories of personal data, the processing for other purposes, and the transfer and automated decision-making, including profiling. Furthermore, state data protection laws in individual federal states may apply.

Security Measures

We implement appropriate technical and organizational measures in accordance with the legal requirements to ensure a level of protection appropriate to the risk, taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons.

Measures include securing the confidentiality, integrity, and availability of data through the control of physical and electronic access to the data, as well as access, input, transmission, securing the availability, and separation of data. We have also implemented procedures to ensure the exercise of data subject rights, data deletion, and responses to data threats.

Transmission of Personal Data

In the course of processing personal data, it may be necessary to transmit or disclose these to other entities, companies, legally independent organizations, or individuals. The recipients of this data may include service providers entrusted with IT tasks or providers of services and content integrated into the website.

International Data Transfers

If we transfer data to a third country (i.e., outside the European Union (EU) or European Economic Area (EEA)) or if this occurs as part of the use of third-party services or disclosure or transmission of data to other entities, this will always be done in compliance with the legal requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognized by an adequacy decision from the EU Commission on July 10, 2023, as a secure legal framework. Additionally, we have concluded Standard Contractual Clauses with the respective providers, which comply with the EU Commission’s requirements and establish contractual obligations for the protection of your data.

General Information on Data Storage and Deletion

We delete personal data processed by us in accordance with the statutory regulations as soon as the underlying consents are revoked or no further legal grounds for processing exist.

Rights of Data Subjects

As a data subject, you have various rights under the GDPR, including the right to access, correction, deletion, and objection, as well as the right to data portability and the right to file a complaint with the supervisory authority.

eCommerce and Payment Providers

Digistore24

Some of our products, services, and content are offered by Digistore24 as a reseller. The provider and contractual partner is Digistore24 GmbH, St.-Godehard-Straße 32, 31139 Hildesheim. The data that Digistore24 stores and processes when visiting this website is detailed in Digistore24’s own privacy policy as the data controller. Further information can be found in Digistore24’s privacy policy: https://www.digistore24.com/dataschutz.

Calendly

On our website, you have the opportunity to schedule appointments with us. For booking appointments, we use the tool “Calendly.” The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter referred to as “Calendly”).

For the purpose of appointment booking, you enter the requested data and the desired appointment in the designated form. The entered data will be used for scheduling, conducting, and if necessary, for follow-up of the appointment. The appointment data will be stored on the servers of Calendly, whose privacy policy you can view here: https://calendly.com/privacy.

The data you enter will remain with us until you request deletion, revoke your consent for storage, or the purpose for storing the data no longer exists. Mandatory legal provisions, particularly retention periods, remain unaffected.

The legal basis for data processing is Article 6, Paragraph 1, lit. f DSGVO. The website operator has a legitimate interest in a simplified appointment scheduling process with prospects and clients. If consent has been requested, processing is exclusively based on Article 6, Paragraph 1, lit. a DSGVO and § 25, Paragraph 1 TDDTG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) in the sense of TDDTG. The consent can be revoked at any time.

The data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. Details can be found here: https://calendly.com/pages/dpa.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF commits to complying with these data protection standards. For more information, you can visit the provider’s link: https://www.dataprivacyframework.gov/participant/6050.

Data Processing Agreement

Data Collection on This Website

Communication via WhatsApp

For communication with our customers and other third parties, we use the instant messaging service WhatsApp. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The communication takes place through end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from accessing the communication content. However, WhatsApp has access to metadata generated during the communication process (e.g., sender, recipient, and time). We also point out that WhatsApp, according to its own statement, shares personal data of its users with its parent company Meta, which is based in the USA. For more details on data processing, please refer to WhatsApp’s privacy policy: https://www.whatsapp.com/legal/#privacy-policy.

The use of WhatsApp is based on our legitimate interest in having a fast and efficient communication channel with customers, prospects, and other business and contractual partners (Article 6(1)(f) GDPR). If explicit consent has been requested, data processing is solely based on that consent; it can be revoked at any time, effective in the future.

The communication content exchanged between you and us on WhatsApp will remain with us until you request its deletion, revoke your consent for storage, or the purpose for storing the data no longer applies (e.g., after completing the processing of your request). Mandatory legal provisions, especially retention periods, remain unaffected.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF commits to complying with these data protection standards. For more information, you can visit the provider’s link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt00000011sfnAAA&status=Active.

We use WhatsApp in the “WhatsApp Business” version.

The data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. Details can be found here: https://www.whatsapp.com/legal/business-data-transfer-addendum.

We have configured our WhatsApp accounts so that there is no automatic syncing of data with the address book on the smartphones being used.

We have concluded a Data Processing Agreement (DPA) with the above-mentioned provider.