Data Protection

We are pleased about your visit to our website www.kallert-coaching.de and the associated interest in our company. With the aim of offering you the greatest possible degree of transparency, we will inform you below about the type, scope and purpose of the collection, processing and use of personal data that arise when using our website. The General Data Protection Regulation (hereinafter referred to as "GDPR") can be accessed here as a complete document.

Contents

1. Definitions of terms

2. Responsible party according to Article 4 No. 7 GDPR

3. Lawfulness of processing (Art. 6 GDPR)

4. Data retention and deletion policy

5. Transfer of personal data

6. Collection of personal data

6.1 Exclusive informational use of our website

6.2 Contact via email

6.3 Contact form

7. Webflow

7.1 Hosting

7.1.1 Fastly

7.1.2 Amazon CloudFront

7.2 Cloudflare

7.3 webflow.com

7.4 Legal basis

8. Your Rights

9. Right of objection

10. Data Security

1. Definitions of terms

The following terms that we use in our data protection declaration are defined within Art. 4 of the GDPR. This is only an excerpt from Art. 4 of the GDPR. All definitions can be found in the GDPR (available here).

personal Data (Art. 4 No. 1 GDPR)

personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

processing (Art. 4 No. 2 GDPR)

processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

pseudonymisation (Art. 4 No. 5 GDPR)

pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

controller (Art. 4 No. 7 GDPR)

controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

processor (Art. 4 No. 8 GDPR)

processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

third party (Art. 4 No. 10 GDPR)

third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

consent (Art. 4 No. 11 GDPR)

consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

enterprise (Art. 4 No. 18 GDPR)

enterprise’ means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity;

2. Responsible party according to Article 4 No. 7 GDPR

Heike Kallert

Feldbergstraße 11a

65824 Schwalbach am Taunus

Telephone: +49 (0)170 6076 681

E-Mail: heike.kallert@kallert-coaching.de

You can access our complete imprint here:

www.kallert-coaching.de/en/imprint

‍

3. Lawfulness of processing (Art. 6 GDPR)

For each processing described in our privacy policy, we will inform you of the relevant legal basis on which the processing is carried out. We distinguish between the following groups of cases in which processing is lawful:

the data subject has given consent to the processing of his or her personal data for one or more specific purposes (Art. 6 Para. 1 C. 1 Letter a GDPR).
processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6 Para. 1 C. 1 Letter b GDPR).
processing is necessary for compliance with a legal obligation to which the controller is subject (Art. 6 Para. 1 C. 1 Letter c GDPR).
processing is necessary in order to protect the vital interests of the data subject or of another natural person (Art. 6 Para. 1 C. Letter d GDPR).
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Art. 6 Para. 1 C. 1 Letter e GDPR). processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (Art. 6 Para. 1 C. 1 Letter f GDPR).

4. Data retention and deletion policy

Within the processing described in our data protection policy, we will inform you of the corresponding storage period or the times of deletion or blocking of data. If no explicit storage period is defined, the data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer exists.

Data may be stored beyond the defined periods if legal regulations to which we are subject (e.g. § 147 AO, § 247 HGB) stipulate a different storage period.

Following the storage period, the personal data will be deleted or blocked unless further storage is required by us on a legal basis. Furthermore, storage beyond the specified period is possible in the event of a (possible) legal dispute with you or other legal proceedings.

5. Transfer of personal data

If your personal data is passed on, you will be informed accordingly at the relevant Letter in our data protection declaration. If your personal data is transferred outside the European Economic Area and thus to so-called third countries, you will be informed accordingly at the relevant Letter in our data protection declaration. As a matter of principle, we only transfer personal data to third countries where the EU Commission has confirmed an adequate level of protection or where we can guarantee the careful handling of personal data on the basis of contractual agreements or other suitable guarantees.

6. Collection of personal data

In the following, we will inform you about the collection of personal data (such as name, e-mail address, address or user behaviour).

6.1 Exclusive informational use of our website

If you do not register on our website (for example in the form of a newsletter) or transmit data to us in any other way (for example by using a contact form), only that personal data is collected which is transmitted to our server by your browser. This is data that is technically necessary for us to provide you with the website for viewing while ensuring a secure and stable display. This is the following information, which is derived from a log file line:

Internet protocol address (IP address)
Time and date of the respective access
Time zone difference to Greenwich Mean Time (GMT)
The specific page accessed
Status of the access / Hypertext Transfer Protocol (http)
Amount of data transferred in each case
Website from which our website was accessed (referrer URL)
Internet browser used (incl. language and version)
Operating system used

The legal basis for the collection of the listed data results from Art. 6 Para. 1 (1) Letter f GDPR. We have a legitimate interest in ensuring an error-free connection and comfortable use of our website, as well as analysing system stability and security and using the data for further administrative purposes.

6.2 Contact via email

If you contact us via the e-mail address in Section 2 or other e-mail addresses of our company that are published on our website, your e-mail address and other contact data contained in your e-mail (e.g. your name or your telephone number) stored by us in order to process your request. This data will be deleted immediately as soon as further storage is no longer necessary. If there are legal retention periods for the data, instead of deleting the data, the processing will be restricted accordingly. Depending on the reason for sending the e-mail, the legal basis for processing the data is Article 6 Paragraph 1 Clause 1 Letter b GDPR or Article 6 Paragraph 1 Clause 1 Letter f GDPR, i.e. it occurs either for Processing of the contract concluded with you and to fulfill our (pre)contractual obligations or is based on our legitimate interest in contacting those interested in our service.

6.3 Contact form

If you contact us using the contact form on our website, the contact details you provide will be stored and processed by us in order to process your request. Depending on the reason for contact, the legal basis for processing the data results from Article 6 Paragraph 1 Clause 1 Letter b GDPR or from Article 6 Paragraph 1 Clause 1 Letter f GDPR, i.e. it takes place either to process the contract concluded with you and to fulfill our (pre)contractual obligations or is based on our legitimate interest in contacting people who are interested in our service.

7. Webflow

Our website is hosted by the company Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103 (hereinafter referred to as "Webflow"). At the same time, Webflow provides the content management system for our website. We have concluded an order processing contract with the company which contains the standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (available here in English). Webflow's global privacy policy is available here: https://webflow.com/legal/privacy. The data protection declaration for the EU and Switzerland is available here: https://webflow.com/legal/eu-privacy-policy.

7.1 Hosting

Webflow hosts our website using the Content Delivery Networks of the US-American companies Fastly Inc. and Amazon Web Services, Inc. A Content Delivery Network is a network of spatially distributed, possibly interconnected servers. The server closest to the respective user of the website is always used. The CDN used here includes servers in North America and parts of Europe. For more information, please visit the following Webflow page: https://webflow.com/blog/what-to-look-for-in-a-web-hosting-service.

7.1.1 Fastly

Webflow hosts our website using the Content Delivery Network of the US company Fastly Inc. 475, Brannan St. #300, San Francisco, CA 94107. You can access the company's privacy policy here: https://www.fastly.com/privacy/.

7.1.2 Amazon CloudFront

Webflow hosts our website using the Content Delivery Network of the US company Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109. The CDN is called Amazon CloudFront. You can access the company's imprint here: https://aws.amazon.com/de/impressum/?nc1=f_cc. You can access the company's privacy notice here: https://aws.amazon.com/privacy/?nc1=h_ls

7.2 Cloudflare

In order to ensure cross-browser compatibility so that the modern functionality of Webflow pages is also available in older browsers that do not natively support it, Webflow integrates JavaScript using the CDN Cloudflare. The operator of the CDN is the company Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107. The privacy policy of the company can be found here: https://www.cloudflare.com/de-de/privacypolicy.

7.3 webflow.com

Furthermore, there is a connection to the domain webflow.com. This domain belongs to the company Webflow. Images and other assets that are integrated into our website are hosted there. This domain of the company Webflow is also hosted via the CDNs Fastly and Amazon CloudFront.

7.4 Legal basis

The legal basis for data processing within the meaning of the above is Article 6 (1) para. 1 Lett. b GDPR. In addition, in sections 7.1 - 7.3, data is transferred to the USA and thus to a so-called unsafe third country within the meaning of the GDPR. The data transfer is nevertheless permissible. The legal basis for this lies in Art. 46 para. 1, para. 2 lett. c GDPR (standard contractual clauses) or in Art. 49 para. 1 letter b GDPR and thus in the fulfilment of a contract between us and you as a user or in the necessity to carry out pre-contractual measures. For the USA, there is currently neither an EU adequacy decision nor other suitable guarantees. The protection of your data cannot be guaranteed in the destination country USA. In the USA, there is currently no level of data protection equivalent to that in the EU. Therefore, the transfer is associated with corresponding risks. In particular, there are no guarantees that your transmitted data will not be accessed by government authorities. For example, it cannot be ruled out that US authorities may access your data based on Section 702 of the Foreign Intelligence Surveillance Act (FISA) and/or on the basis of the so-called CLOUD Act (Clarifying Lawful Overseas Use of Data Act). In this context, we expressly point out that you as an EU citizen have no effective legal protection against the processing of your data by US authorities.

8. Your Rights

Below we explain your rights under the GDPR. You can access the GDPR as a complete document here.

Right of access by the data subject under Art. 15 Para. 1 GDPR

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Right to rectification under Art. 16 GDPR

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure (‘right to be forgotten’) under Art. 17 Para. 1 GDPR

You have the right to request that we delete the personal data concerning you immediately. According to Art. 17 Para. 3 GDPR, however, this right does not exist if the processing is carried out to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest in the area of public health, for archiving purposes in the public interest or is required to assert, exercise or defend legal claims.

Right to restriction of processing under Art. 18 Para. 1 GDPR

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies: the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to data portability under Art. 20 GDPR

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: the processing is based on consent pursuant to Letter (a) of Article 6(1) or Letter (a) of Article 9(2) or on a contract pursuant to Letter (b) of Article 6(1); and the processing is carried out by automated means.

Right to withdraw given consent under to Art. 7 Para. 3 GDPR

The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.

Right to lodge a complaint under Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or the place of the alleged infringement. For more information, please visit the website of the Federal Commissioner for Data Protection and Freedom of Information.

9. Right of objection

In addition to the aforementioned rights, you also have the right to object at any time with future effect to the processing of your personal data which is conducted on the basis of the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6 (1) Clause 1 Letter e GDPR) or for the protection of legitimate interests on our part (Art. 6 (1) Clause 1 Letter f GDPR), provided that there are grounds for doing so which arise from your particular situation. In the event of an objection, no further processing of the personal data will be carried out unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. In the case of processing of your personal data for the purpose of direct marketing or profiling, where there is a link to direct marketing, you have a general right to object without having to provide grounds based on your particular situation. In the event of an objection, we will immediately cease processing the personal data for these purposes. To exercise your right of revocation or objection, simply send an email to: heike.kallert@kallert-coaching.de

10. Data Security

The encryption and communication protocol TLS 1.3 (Transport Layer Security) is used on our website. With the TLS certificate we use and issued by a certification authority, we enable encrypted data exchange between the web browser and web server, which means that sensitive data cannot be read by third parties. We use the process with the highest level of encryption that your browser supports, which is usually 256-bit encryption. The higher the number of bits, the longer the key and the better the protection against third parties.

‍