Status 09.11.2021
With the following data protection declaration, we would like to inform you about what types of your personal data we process, for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites as well as on external online presences, such as our social media profiles.
1. Responsible entity
Aila Kick - Personalised Health & Nutrition Coaching
Owner: Mrs. Aila Kick
Ebnerweg 2a
82256 Fürstenfeldbruck
Tel: +49 (0) 163 480 96 26
Email: ak@ailakick.com
2. Processing overview
The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.
• Types of data processed
Inventory data (e.g. names, addresses), content data (e.g. text entries, photographs, videos), contact data (e.g. e-mail, telephone numbers), meta/communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times), contract data (e.g. subject matter of contract, term, customer category), payment data (e.g. bank details, invoices, payment history).
• Categories of persons concerned
Business and contractual partners, interested parties, communication partners, customers, users (e.g. website visitors, users of online services).
• Processing purposes
Visit action evaluation, Office and organizational procedures, Direct marketing (e.g., via email or postal mail), Interest-based and behavioral marketing, Contact requests and communications, Conversion measurement (measuring the effectiveness of marketing measures), Profiling (creating user profiles), Reach measurement (e.g., access statistics, recognizing returning visitors), Security measures, Tracking (e.g., interest/behavioral profiling, use of cookies), Contractual services and service, Managing and responding to inquiries
3. Relevant legal bases
We process personal data according to the following legal basis. It should be noted that in addition to the provisions of the General Data Protection Regulation (GDPR), national data protection regulations may apply.
• Consent (Art. 6 para. 1 p. 1 lit. a DSGVO)
• Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO)
• Legal obligation (Art. 6 para. 1 p. 1 lit. c. DSGVO)
• Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO)
In addition to the data protection regulations of the GDPR, the Federal Data Protection Act (BDSG) applies in Germany. In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases. Furthermore, it regulates data processing for employment purposes (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships as well as the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.
4. Security measures
Within the website visit, we use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
5. Transfer and disclosure of personal data
In the course of our processing of personal data, it may happen that the data is transmitted to other bodies, companies or persons or that it is disclosed to them. The recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.
6. Data processing in third countries
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, entities or companies, this will only be done in accordance with the legal requirements.
7. Commercial and business services
We process data of our customers and interested parties in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractual), e.g. to answer inquiries.
We process this data for the fulfillment of our contractual obligations, to secure our rights and for the purposes of the administrative tasks associated with this information as well as the entrepreneurial organization. Within the framework of applicable law, we only disclose customer data to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations, or with the consent of the contractual partners (e.g. to participating telecommunications and transport companies as well as banks, tax and legal advisors, payment service providers or tax authorities).
We delete the data after the expiry of legal warranty and comparable obligations, i.e., in principle after 4 years, unless the data is stored in a customer account as long as it must be kept for legal archiving reasons (e.g., for tax usually 10 years). We delete data disclosed to us by the customer as part of an order in accordance with the specifications of the order, in principle after the end of the order.
Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms shall apply in the relationship between the users and the providers.
Within the scope of our activities, we process the data of our customers in order to enable them to select, purchase or order the selected products, goods and related services or to commission the selected services as well as their payment and delivery or execution or provision.
The required information is identified as such in the context of the order, purchase order or comparable contract conclusion and includes the information required for delivery and invoicing as well as contact information in order to be able to hold any consultations.
Legal bases are: Contract fulfillment and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legal obligation (Art. 6 para. 1 p. 1 lit. c. DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).
Stripe
For fixed booking via the booking tool on our website, the payment processing is external payment providers. We do not collect and process any payment data during a purchase. The entry and processing of payment data takes place directly with the payment providers. Technical data (including the transaction ID) is exchanged between us and the payment providers to validate the purchases. We store this data until the deletion of your user account or beyond until the data is no longer subject to tax, commercial or other legal storage obligations. We use the payment service provider Stripe, a service of Stripe Payments Europe, Ltd, c/o A&l Goodbody, Ifsc, North Wall Quay, Dublin 1, Ireland (hereinafter: "Stripe"), subject to the Stripe Terms of Use, available at https://stripe.com/de/legal.
The legal basis for this processing of personal data is Art. 6 para. 1 lit. b) DSGVO.
8. Web hosting via netcup.com
We use the services of the service provider netcup.de, which is operated by the German-based company netcup GmbH, Daimlerstraße 25, 76185 Karlsruhe, to provide the landing pages. The data provided in connection with the registration and use of our pages, such as in particular your name, e-mail address, address are stored on the servers of All-Inkl.com. We have concluded an order data processing contract with the company. You can find the company's data protection notice at: https://www.netcup.de/kontakt/datenschutzerklaerung.php.
The legal basis is our legitimate interest in operating and maintaining the operational security of these websites pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO.
9. Promotional communication via mail, e-mail or telephone
We process personal data for the purpose of promotional communication, which may take place via various channels, such as e-mail, telephone or mail. In this context, we observe the legal requirements and obtain the necessary consents, unless the communication is permitted by law. The recipients have the right to revoke any consent given or to object to the promotional communication at any time.
After revocation or objection, we may store the data required to prove consent for up to three years based on our legitimate interests before deleting it. The processing of this data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.
The following data is processed for the purpose of direct marketing based on existing consent (Art. 6 para. 1 p. 1 lit. a DSGVO) or a Legitimate Interest (Art. 6 para. 1 p. 1 lit. f. DSGVO):
Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers).
10. Plugins and tools
• Calendly
We have integrated the appointment scheduling tool from Calendly. The provider is Calendly, LLC, 3423 Piedmont Road NE, Atlanta, GA 30305-1754, United States.
The privacy policy is available at: https://calendly.com/pages/privacy.
We have concluded an order agreement with Calendly so that the data provided by you is processed for us in accordance with instructions and orders. Since it cannot be ruled out that the data will also be processed in a third country (USA), we have concluded an agreement with Calendly in accordance with the EU standard contractual clauses, so that secure data processing is also guaranteed here. You can also find more information at https://calendly.com/pages/dpa.
If you want to register an appointment with us, you can use the form provided for this purpose. The data you provide will then be transmitted via Calendly to the respective contact person and the data will be entered in our calendar (Outlook). In addition, the data can be viewed by us in the login area of Calendly and is stored there.
You will receive a confirmation of the appointment by e-mail, with the possibility of entering the dates in your calendar.
The purpose of processing the data provided is to be able to make an appointment, process the contact request and get in touch with you.
The legal basis for the processing of personal data described here is Art. 6 (1) lit. f) DSGVO. Our legitimate interest is to offer you the possibility to make appointments with us independently. This simplifies the coordination regarding appointments and enables an efficient appointment arrangement.
The personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.
In addition to Calendly, the recipient of the data is also our server host (e-mail/Outlook server), which also works for us under a commissioned data agreement.
We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. The data processing is essentially carried out by Google or Facebook. This may result in data not being processed and stored anonymously. The us authorities may also be able to access individual data.
• GoogleFonts
Our website integrates the fonts ("GoogleFonts") of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, in particular to display the fonts in the user's browser.
The use of GoogleFonts is in the interest of efficient, economical and recipient-friendly use of fonts, their uniform presentation and possible licensing restrictions for the integration. This represents a legitimate interest within the meaning of Art. 6 para. 1 p. 1 lit. f DSGVO.
For more information on the handling of user data, please see Google's privacy policy at: https://policies.google.com/privacy?hl=de.
We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. The data processing is essentially carried out by Google or Facebook. This may result in data not being processed and stored anonymously. The us authorities may also be able to access individual data.
11. Audio and video conferencing
Among other tools, we use online conferencing tools to communicate with our customers. The tools we use in detail are listed below. If you communicate with us via video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.
The conference tools thereby collect all data that you provide/enter to use the tools (e-mail address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other "context information" related to the communication process (metadata).
Furthermore, the provider of the tool processes all technical data required to handle online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.
If content is exchanged, uploaded or otherwise made available within the tool, this is also stored on the servers of the tool providers. Such content includes, in particular, cloud recordings, chat/ instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared during the use of the service.
Please note that we do not have full influence on the data processing operations of the tools used. Our options are largely determined by the corporate policy of the respective provider. For further information on data processing by the conference tools, please refer to the data protection statements of the respective tools used, which we have listed below this text.
Purpose and legal basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 p. 1 lit. b DSGVO). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO). Insofar as consent has been requested, the tools in question are used on the basis of this consent; consent can be revoked at any time with effect for the future.
Storage duration
The data collected directly by us via the video and conference tools is deleted from our systems as soon as you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal retention periods remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.
Services used and service providers:
• GoToMeeting
Our website offers the possibility to participate in webinars. In order to be able to conduct webinars via the Internet, we use the GoToWebinar software solution from LogMeIn, Inc. Bloodstone Building Block C 70, Sir John Rogerson's Quay Dublin 2, Ireland, parent company: LogMeIn, Inc, 320 Summer Street, Boston, MA 02210 320 Summer Street Boston, Massachusetts 02210, USA; website: https://www.gotomeeting.com/de-de. LogMeIn, Inc. is responsible for providing this service and related data processing. LogMeIn's privacy policy can be found here:
www.logmeininc.com/de/legal/privacy
When registering for the webinar, the data from the input mask such as name, company name, job title and e-mail address are transmitted to LogMeIn, Inc. In addition, the date and time of registration will be collected. In the course of the registration process, your consent (Art. 6 para. 1 lit. a DSGVO) is obtained for the processing of the registration data and for processing for statistical purposes. This is because statistical data is collected and transmitted to us during and after the webinar. This includes data such as participation status and duration, questions asked/answered, interest in the webinar. We use this data for customer support and to enhance the user experience.
Audio or visual information recorded by us as part of this session will be made available to webinar participants for later retrieval.
For more details on the technical functioning of the tool used, as well as further information, please visit:
www.gotomeeting.com/de-de/webinar
We use the external service provider LogMeIn, Inc. to process your data. This service provider was carefully selected and commissioned by us, is bound by our instructions and is regularly monitored. The service provider is contractually obligated to treat your data confidentially.
By using the GoToWebinar software solution from LogMeIn, Inc., personal data is transferred to processors established in third countries where an adequate level of protection is not guaranteed. For more information, please refer to LogMeIn's privacy policy: www.logmeininc.com/de/legal/privacy.
• ZOOM
Our website offers the possibility to participate in webinars. In order to be able to conduct webinars via the Internet, we use the Zoom software solution from the provider Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA (privacy policy: https://zoom.us/de-de/privacy.htm).
The user has consented to the respective data protection provisions when using the platforms. Responsibility for the use of data by the platforms is excluded on our side.
We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. Data processing is essentially carried out by Zoom. This may result in data not being processed and stored anonymously under certain circumstances. Also, us authorities may be able to access individual data.
12. Data deletion
The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply. If the data is not deleted because it is required for other and legally permissible purposes, its processing is restricted to these purposes, i.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person. Further information on the deletion of personal data can also be found in the individual data protection notices of this privacy policy.
13. Modification and update of the privacy policy
We ask you to regularly inform yourself about the content of our privacy policy. We adapt the data protection declaration as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.
14. Rights of the data subjects
As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 18 and 21 of the GDPR:
Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions. If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
Right of revocation for consents: You have the right to revoke any consent you have given at any time.
Right of access: You have the right to request confirmation as to whether data in question is being processed and to obtain information about this data, as well as further information and a copy of the data in accordance with the legal requirements.
Right to rectification: In accordance with the law, you have the right to request that data concerning you be completed or that inaccurate data concerning you be rectified.
Right to deletion and restriction of processing You have the right, in accordance with the statutory provisions, to demand that data relating to you be deleted without delay or, alternatively, to demand restriction of the processing of the data in accordance with the statutory provisions.
Right to data portability: You have the right to receive data relating to you that you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements or to request that it be transferred to another controller.
Complaint to supervisory authority: You also have the right, in accordance with the law, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement, if you believe that the processing of personal data relating to you infringes the GDPR.
Supervisory authority responsible for us:
The Bavarian State Commissioner for Data Protection
Wagmüllerstrasse 18
80538 Munich
Phone: +49 (0)89 2126720
Fax: +49 (0)89 21267250
E-mail: poststelle@datenschutz-bayern.de