Thank you for your interest in International Business Coaching®. Data privacy is particularly important to me. It is generally possible to use this website without disclosing any personal data. However, if a data subject wishes to use particular services of International Business Coaching® via my website, the processing of personal data may be required. Where the processing of personal data is necessary and no legal basis exists for this processing, I will obtain the consent of the data subject as a rule.
As the controller responsible for processing, I have taken numerous technical and organisational measures to ensure as seamless protection as possible for the personal data processed through this website. Nevertheless, Internet-based services can generally contain security vulnerabilities, meaning absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to me via an alternative communication channel, such as by telephone.
a) Personal data
Personal data refers to all information that relates to an identified or identifiable natural person (henceforth ‘data subject’). A natural person is considered identifiable if they can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, online identifier or one or multiple special attributes which express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
b) Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by me.
Processing refers to any operation executed with or without the use of automation or any such series of operations in connection with personal data (collection, recording, organisation, sorting, storage, adjustment, modification, readout, querying, use, disclosure by transmission, distribution or any other form of provision, comparison, linking, restriction, erasure or destruction).
d) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of restricting its future processing.
Profiling is any form of automated processing of personal data which involves using this personal data to evaluate personal aspects related to a natural person, in particular in order to analyse or predict aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or a change of location of this natural person.
Pseudonymisation is the processing of personal data in a manner in which the personal data can no longer be assigned to a specific data subject without the inclusion of additional information, provided that this additional information is stored separately and subject to technical and organisational measures that ensure the personal data cannot be assigned to an identified or identifiable natural person.
g) Responsible controller or controller for processing
The responsible controller or controller for processing is the natural or legal person, authority, institution or other entity that decides solely or with others on the purposes and means of the processing of personal data. If the purposes and means of this processing are prescribed by EU law or the law of member states, the responsible controller or specific criteria regarding its designation may be determined by EU law or the law of member states.
The processor is a natural or legal person, authority, institution or other entity that processes personal data on behalf of the responsible controller.
The recipient is a natural or legal person, authority, institution or other entity that is provided with personal data, regardless of whether or not the recipient is a third party. Authorities that may receive personal data in connection with an investigation mandate according to EU law or the law of member states, however, are not considered recipients.
j) Third party
A third party is a natural or legal person, authority, institution or other entity other than the data subject, responsible controller, processor and the persons who are authorised to process the personal data under the direct responsibility of the controller or processor.
Consent refers to any informed and unambiguous expression of will voluntarily provided by the data subject for the certain case in the form of a declaration or any other clear confirmatory action with which the data subject indicates that they agree to the processing of their personal data.
2. NAME AND ADDRESS OF THE CONTROLLER RESPONSIBLE FOR PROCESSING
The responsible controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions relating to data protection is:
Using cookies, I am able to provide users of this website with more user-friendly services which would not be possible without the placement of cookies.
The data subject may prevent the placement of cookies by my website at any time by configuring the Internet browser used accordingly and thereby permanently object to the placement of cookies. Furthermore, any cookies that have already been placed can be deleted via an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deactivates the placement of cookies in the Internet browser used, not all functions of my website may be useable.
4. COLLECTION OF GENERAL DATA AND INFORMATION
Every time my website is accessed by a data subject or an automated system, I collect a range of general data and information. This general data and information are stored in the server’s logfiles. The data recorded may include: (1) the browser type and version used; (2) the operating system used by the accessing system; (3) the website from which an accessing system is referred to my website (referrer); (4) the webpages which are accessed by an accessing system on my website; (5) the date and time the website was accessed; (6) an Internet Protocol address (IP address); (7) the Internet service provider of the accessing system; and (8) other similar data and information which help defend against threats in the event of attacks on my information technology systems.
No conclusions concerning the data subject can be drawn in the use of this general data and information. This information is instead required in order to: (1) correctly provide the content of my website; (2) optimise the content of my website as well as the associated advertising; (3) ensure the continued functionality of my information technology systems and the technology of my website; and (4) provide necessary information to law enforcement agencies in the event of a cyber attack. I therefore analyse this anonymously collected data and information statistically and with the aim of increasing data protection and data security in order to ultimately ensure an optimal level of protection for the personal data processed by me. The anonymous data of server logfiles are stored separately from all personal data provided by a data subject.
5. REGISTRATION ON MY WEBSITE
The data subject has the option to register on my website by providing personal data. Which personal data is sent to me can be seen in the respective data input mask used for registration. The personal data provided by the data subject will only be collected and stored for internal use by me and for my own purposes. I may arrange provision to one or more processors which may likewise use the personal data only for internal use, for which I am responsible.
By registering on my website, the IP address assigned by the Internet service provider (ISP) to the data subject, as well as the date and time of registration will also be stored. The reason for storing this data is that only this approach allows me to prevent the misuse of my services; this data also enables me to ascertain offences committed, where necessary. The storage of this data is therefore required for my protection. As a rule, this data is not forwarded to third parties unless a statutory obligation to disclose this data exists or data disclosure serves to facilitate criminal prosecution.
The registration of the data subject using the personal data provided voluntarily allows me to offer the data subject content or services which can only be offered to registered users due to the nature of the content or service. Registered users are free to change the personal data provided during registration at any time or to have all data deleted from my database.
At any time upon request, I will provide any data subject with information regarding which personal data of theirs is stored. Moreover, I will correct or delete personal data upon request or at the information of the data subject, provided no statutory retention obligations contradict such correction or deletion.
6. CONTACT OPTIONS VIA MY WEBSITE
Due to statutory provisions, this website contains information which enables users to quickly and directly establish contact and communicate with me; this also encompasses a general email address. Insofar as a data subject contacts me by email or via a contact form, their transmitted personal data will be automatically stored. This personal data is provided by the data subject to me on a voluntary basis and serves the purpose of processing the enquiry and communication with the data subject. This personal data will not be disclosed to third parties.
7. ROUTINE ERASURE AND BLOCKING OF PERSONAL DATA
I process and store the data subject’s personal data only for the period required for fulfilment of the storage purpose or for as long as prescribed by the European regulatory and legislative authority or another legislator in laws or provisions to which I am subject.
If the storage purpose no longer applies or a storage period prescribed by the European regulatory and legislative authority or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with statutory provisions.
8. RIGHTS OF THE DATA SUBJECT
a) Right to confirmation
Every data subject has the right granted by the European regulatory and legislative authority to request confirmation from me regarding whether their personal data is processed. If a data subject wishes to exercise this right to confirmation, they may contact me at any time to this effect.
b) Right to information
Every data subject has the right granted by the European regulatory and legislative authority to receive information from me at any time regarding their stored personal data and to obtain a copy of this information. Moreover, the European regulatory and legislative authority permits the data subject to receive the following information:
• Processing purposes
• Categories of processed personal data
• Recipients or categories of recipients to whom the personal data has been disclosed or will be disclosed, particularly for recipients in third countries or in international organisations
• If possible, the planned duration for which the personal data will be stored or if this is not possible, the criteria for the determination of this duration
• The existence of a right to correction or erasure of their personal data or to the restriction of processing by the responsible controller or a right to object to this processing
• The existence of a right to lodge a complaint with a supervisory authority
• If the personal data is not collected from the data subject: all available information about the origin of the data
• The existence of an automated decision-making process including profiling pursuant to Article 22 (1) and (4) of the GDPR and – at least in these cases – meaningful information about the involved logic as well as the reach and intended effects of such processing for the data subject
Furthermore, the data subject is entitled to a right to information regarding whether personal data is transmitted to a third country or to an international organisation. If this is the case, the data subject also has the right to receive information about the suitable guarantees in relation to data transmission.
If a data subject wishes to exercise this right to information, they may contact me at any time to this effect.
c) Right to correction
Every data subject has the right granted by the European regulatory and legislative authority to the prompt correction of their incorrect personal data. In addition, the data subject has the right to request the completion of incomplete personal data – including by way of a supplementary declaration – in consideration of the purposes of processing.
If a data subject wishes to exercise this right to correction, they may contact me at any time to this effect.
d) Right to erasure (right to be forgotten)
Every data subject has the right granted by the European regulatory and legislative authority to request me to promptly delete their personal data, provided that one of the following reasons applies and processing is not required:
The personal data was collected for purposes or other reasons which they are no longer required. The data subject withdraws their consent on which processing pursuant to Article (1a) of the GDPR or Article 9 (2a) of the GDPR was based, and there is no other legal basis for processing.
The data subject submits an objection to processing pursuant to Article 21 (1) of the GDPR and there are no prevailing legitimate reasons for processing, or the data subject submits an objection to processing pursuant to Article 21 (2) of the GDPR.
The personal data was unlawfully processed.
The deletion of the personal data is required to comply with a legal obligation according to EU law or the law of member states to which I am subject.
The personal data was collected in relation to information society services pursuant to Article 8 (1) of the GDPR.
Insofar as one of the above reasons applies and a data subject wishes to arrange the deletion of personal data stored on my website, they may contact me at any time to this effect. I will arrange for prompt compliance with the deletion request.
If the personal data was made publicly available by me and I am obliged to delete the personal data as the responsible controller pursuant to Article 17 (1) GDPR, I shall take suitable measures – including technical measures – in consideration of the available technology and the costs of implementation, in order to inform other controllers responsible for data processing, who process the published personal data, that the data subject has requested these other controllers responsible for data processing to delete all links to this personal data or copies or replications of this personal data, provided that processing is not necessary. I will take the necessary action in individual cases.
e) Right to restriction of processing
Every data subject has the right granted by the European regulatory and legislative authority to request me to restrict processing if one of the following requirements is met:
The correctness of the data subject’s personal data is contested – for the duration that enables me to review the correctness of the personal data.
The processing is unlawful, the data subject rejects the erasure of the personal data and requests instead the restriction of use of the personal data.
I no longer need the personal data for the purposes of processing, but the data subject needs the data to assert, exercise or defend legal claims.
The data subject has submitted an objection to processing pursuant to Article 21 (1) of the GDPR and it has not yet been determined whether my legitimate interests prevail over those of the data subject.
If one of the above requirements is met and a data subject wishes to request the restriction of personal data stored on my website, they may contact me at any time to this effect. I will arrange the restriction of processing.
f) Right to data portability
Every data subject has the right granted by the European regulatory and legislative authority to receive their personal data, provided to me by the data subject, in a structured, common and machine-readable format. The data subject also has the right to transmit this data to another responsible controller without impediment by me, who received the personal data, provided that the processing is based on consent pursuant to Article 6 (1a) of the GDPR or Article 9 (2a) of the GDPR or on a contract pursuant to Article 6 (1b) of the GDPR and the processing occurs with the use of automated procedures, provided that the processing is not required for the fulfilment of a task that lies in the public interest or in the exercise of public power, which has been assigned to me. Moreover, upon exercising the right to data portability pursuant to Article 20 (1) of the GDPR, the data subject has the right to have me directly transmit the personal data to another controller, provided this is technically feasible and this does not thereby infringe on the rights and freedoms of other persons.
The data subject may contact me at any time to exercise their right to data portability.
g) Right to objection
Every data subject has the right granted by the European regulatory and legislative authority to submit an objection to the processing of their personal data based on Article 6 (1e) or (1f) of the GDPR for reasons related to their special situation. This also applies to profiling based on these provisions. I will no longer process personal data in the event of an objection, unless I am able to demonstrate compelling and legitimate reasons for processing, which prevail over the interests, rights and freedoms of the data subject, or the processing serves the assertion, exercise or defence of legal claims.
Where I process personal data in order to engage in direct advertising, the data subject has the right to submit an objection at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling, insofar as this relates to such direct advertising. If the data subject submits to me an objection to processing for the purposes of direct advertising, I will no longer process the personal data for these purposes.
In addition, the data subject has the right to submit an objection to the processing of their personal data, which I possess for scientific or historical or research purposes or for statistical purposes pursuant to Article 89 (1) of the GDPR, for reasons related to their special situation, unless such processing is requirement for the fulfilment of a task in the public interest.
The data subject may contact me directly to exercise the right to objection.
In connection with the use of information society services, notwithstanding Directive 2002/58/EC, the data subject further has the right to exercise their right to objection by means of an automated procedure in which technical specifications are used.
h) Automated decision making in individual cases including profiling
Each data subject has the right granted by the European regulatory and legislative authority not to be subject to decision making based exclusively on automated processing – including profiling – which produces a legal effect for the data subject or negatively affects them in a similar way, provided that the decision (1) is not required for the conclusion or fulfilment of a contract between the data subject and me, or (2) is permissible based on the legal provisions of the EU or member states to which I am subject and these legal provisions contain suitable measures to safeguard the rights and freedoms as well as legitimate interests of the data subject, or (3) is based on the express consent of the data subject.
If the decision is (1) required for the conclusion or fulfilment of a contract between the data subject and me or (2) based on the express consent of the data subject, I will take suitable measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, which at least includes the right to effect the action of a person on my part, the right to state one’s own position and the right to appeal the decision.
If the data subject wishes to assert rights regarding automated decisions, they may contact me at any time to this effect.
i) Right to withdrawal of consent to data processing
Every data subject has the right granted by the European regulatory and legislative authority to withdraw consent to the processing of personal data at any time.
If the data subject wishes to assert their right to the withdrawal of consent, they may contact me to this effect.
9. DATA PROTECTION PROVISIONS ON THE DEPLOYMENT AND USE OF GOOGLE ANALYTICS (WITH ANONYMISATION FUNCTION)
I have integrated the service Google Analytics (with anonymisation function) onto this website. Google Analytics is a web analysis service. Web analysis refers to the collection and analysis of data about the behaviour of website visitors. A web analysis service collects data about which website a data subject accessed a website from (referrer), which webpages of the website were accessed and how often and for how long a webpage was viewed. Web analysis is primarily used to optimise a website and to analyse the costs and benefits of Internet advertising.
The company behind Google Analytics is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA. I use the addition ‘_gat._anonymizeIp’ for the web analysis through Google Analytics. With this addition, Google shortens and anonymises the IP address of the data subject’s Internet connection when my website is accessed from a member state of the European Union or from another contracting state of the Agreement on the European Economic Area.
The purpose of Google Analytics is to analyse visitor flows on my website. Google uses the data and information obtained, for example, to analyse the use of my website in order to compile online reports for me, which show the activity on my website, and to render other services related to the use of my website.
Google Analytics places a cookie on the data subject’s information technology system. Placing the cookie enables Google to analyse the use of my website. Every time one of the webpages of my website is accessed, which is operated by me and on which a Google Analytics component is integrated, the Internet browser on the data subject’s information technology system will automatically transmit data to Google for the purposes of online analysis by means of the respective Google Analytics component. As part of this technical process, Google becomes aware of personal data, such as the IP address of the data subject, which allow Google to determine the origin of visitors and clicks, for example, and subsequently to enable commission settlements. Using the cookie, personal information is collected such as access time, the location from which an access originated and the frequency a data subject visits my website. Every time my website is visited, this personal data including the IP address of the data subject’s Internet connection is sent to Google in the United States of America. This personal data is stored by Google in the United States of America. Under certain circumstances, Google may forward personal data collected in this process to third parties.
The data subject may prevent the placement of cookies by my website at any time by configuring the Internet browser used accordingly and thereby permanently object to the placement of cookies. Configuring the Internet browser in this way would also prevent Google from placing a cookie on the information technology system of the data subject. Moreover, a cookie already placed by Google Analytics can be deleted at any time using the Internet browser or other software programs.
10. DATA PROTECTION PROVISIONS ON THE DEPLOYMENT AND USE OF WIPE ANALYTICS
I have integrated components from the company Wipe Analytics on this website. Wipe Analytics is a web analysis service. Web analysis involves the collection and analysis of data about the behaviour of website users. A web analysis service collects the following data, for example: which website a data subject accessed a website from (referrer), which webpages on the website were accessed and how often and for how long a webpage was viewed. Web analysis is primarily used to optimise a website and to analyse the costs and benefits of Internet advertising.
The operating company of Wipe Analytics is TENSQUARE GmbH, Wilhelminenstr. 29, 45881 Gelsenkirchen, Germany. Wipe Analytics places a cookie on the data subject’s information technology system. Every time one of the webpages of this website is accessed, which is operated by me and contains a Wipe Analytics component, the Internet browser on the data subject’s information technology system automatically transmits data to Wipe Analytics using the respective Wipe Analytics component for marketing and optimisation purposes. As part of this technical process, Wipe Analytics receives data that is subsequently used to create pseudonymised usage profiles. The usage profiles created in this way facilitate the behavioural analysis of data subjects who have accessed my website and are analysed with the aim of improving and optimising the website. The data collected by the Wipe Analytics component is not used to identify the data subject without obtaining the separate and express consent of the data subject in advance. This data is not combined with personal data or other data associated with the same pseudonym.
The data subject may prevent the placement of cookies by my website at any time by configuring the Internet browser used accordingly and thereby permanently object to the placement of cookies. Configuring the Internet browser in this way would also prevent Wipe Analytics from placing a cookie on the data subject’s information technology system. Moreover, cookies already placed by Wipe Analytics can be deleted at any time using the Internet browser or other software programs.
Furthermore, the data subject has the option to object to and prevent the collection of data generated by the Wipe Analytics cookie in relation to the use of this website as well as the processing of this data by Wipe Analytics. To this end, the data subject has to allow the placement of the opt-out cookie provided via the link: https://www.wipe-analytics.de/opt-out. The opt-out cookie placed with the objection is stored on the data subject’s information technology system. If the cookies on the data subject’s system are deleted after an objection, the data subject will need to access the link again and place a new opt-out cookie.
However, placing the opt-out cookie may result in the limited functionality of the website for the data subject.
11. LEGAL BASIS OF PROCESSING
Article 6 (1a) of the GDPR provides me with a legal basis for processing for which I obtain consent for a certain purpose of processing. If the processing of personal data is required for the fulfilment of a contract and the contracting party is the data subject, as is the case with processing required for the provision of a service or counter-performance, the processing is based on Article 6 (1b) of the GDPR. The same applies for processing required for the execution of precontractual measures, such as when processing enquiries regarding my services. Where I am subject to a legal obligation for which the processing of personal data is required, such as the fulfilment of tax obligations, the processing is based on Article 6 (1c) of the GDPR. In rare cases, the processing of personal data may be required in order to protect the vital interests of the data subject or another natural person. Processing in such circumstances is based on Article 6 (1d) of the GDPR. Finally, processing may be based on Article 6 (1f) of the GDPR. This legal basis applies to processing not covered by any of the aforementioned legal bases if the processing is required in order to safeguard a legitimate interest of mine or a third party, provided that the interests, basic rights and freedoms of the data subject do not prevail. I am permitted to perform such processing in particular because these forms of processing were specially mentioned by the European legislator. In this respect, the legislator holds the view that a legitimate interest could be assumed to exist if the data subject is a customer of mine (Recital 47 (2) of the GDPR).
12. LEGITIMATE INTERESTS IN PROCESSING PURSUED BY MYSELF OR A THIRD PARTY
If the processing of personal data is based on Article 6 (1f) of the GDPR; my legitimate interest is the performance of my business activity.
13. DURATION FOR WHICH PERSONAL DATA IS STORED
The criterion for the storage duration of personal data is the respective statutory retention period. Upon expiry of this period, the corresponding data will be routinely deleted, provided it is no longer required for the fulfilment or initiation of a contract.
14. STATUTORY OR CONTRACTUAL PROVISIONS ON THE PROVISION OF PERSONAL DATA; REQUIREMENT FOR CONTRACTUAL CONCLUSION; OBLIGATION OF THE DATA SUBJECT TO PROVIDE PERSONAL DATA; POSSIBLE CONSEQUENCES OF NON-PROVISION
I would like to inform you that the provision of personal data is prescribed by law in some instances (such as tax provisions) or such provision may arise on the basis of contractual provisions (such as details on the contracting partner). In order to conclude a contract, it may sometimes be necessary for a data subject to provide me with personal data which I must subsequently process. The data subject is obliged to provide me with personal data if I conclude a contract with them. Non-provision of personal data would result in a situation in which it may not be possible to conclude the contract with the data subject. Before the data subject provides personal data, they must first contact me. I will inform the data subject in individual cases about whether the provision of personal data is statutorily or contractually required or necessary for contractual conclusion, whether an obligation exists to provide personal data and what the consequences of non-provision of personal data would be.
15. EXISTENCE OF AUTOMATED DECISION MAKING
As the responsible controller for the processing of personal data, I do not engage in automated decision making or profiling.