Name and contact details of the controller
Sea Salt Coaching
KVK number: 82659362
is responsible for data processing via this website and via electronic means of communication through this website ("Controller").
Why is this policy necessary?
In accordance with Art. 13 and Art. 14 of the General Data Protection Regulation (GDPR), the legislator obliges me to inform data subjects, e.g. Internet users of our website or in the case of enquiries by e-mail, about the processing of their personal data. In the following, you will be informed about the extent to which I, as the "data controller", process your personal data and what rights you have as a "data subject".
As a matter of principle, I do not process any personal data of data subjects unless the processing is permitted by law ("legal basis"). A declaration of consent given to me by you voluntarily and after prior information may also constitute a legal basis for the processing of your personal data.
What is personal data and who is affected?
"Personal data" are, according to Art. 4 GDPR, any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
There are many circumstances in which we are responsible for processing your personal data and you may therefore be a "data subject" to us. For example, you are a data subject if you are a user of our websites, a sender and recipient of letters, emails or other communications, a caller and called, a client or a person interested in legal advice, a contractor, an employee, a customer, a supplier or a cooperation partner.
What are the legal bases?
Insofar as I obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) p. 1 lit. a GDPR serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) p. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures at the request of the data subject. Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6 (1) sentence 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) p. 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of my company or a third party and the interests,
fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1) p. 1 lit. f GDPR serves as the legal basis for the processing.
How long will personal data be stored and when will it be deleted?
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may take place beyond this if this is stipulated by national legislation or regulations, laws or other provisions according to which I am obliged to store the personal data. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires; unless further storage of the data is necessary for the conclusion or fulfilment of a contract.
What technical and organisational measures are used?
Ensuring data security is a particularly important concern for me. I therefore use appropriate technical and organisational measures, in particular to protect your personal data from risks during data transmissions and to protect against third parties gaining knowledge. My data security measures are always checked and adapted according to the current state of the art. The processing of personal data via my website is https-encrypted.
What rights do I have as a data subject?
Right to revoke consent: In accordance with Art. 7 (3) of the GDPR, you have the right to revoke the consent you have given to the data controller at any time. This has the consequence that the data processing which was based on this consent may no longer be continued for the future.
Right to information: In accordance with Art. 15 GDPR, you have the right to request information about your personal data processed by the controller. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.
Right to rectification: You have the right to request the rectification of inaccurate or incomplete personal data stored by the controller without undue delay in accordance with Article 16 of the GDPR.
Right to erasure and to be forgotten: In accordance with Art. 17 of the GDPR, you have the right to request the deletion of your personal data stored.
You have the right to request the erasure of your personal data stored by the controller pursuant to Article 17 of the GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the assertion, exercise or defence of legal claims.
Right to restriction: Pursuant to Article 18 of the GDPR, you have the right to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, or the processing is unlawful. If you object to its erasure and I no longer require the data, but I need it for the assertion, exercise or defence of legal claims or you have objected to the processing pursuant to Article 21 of the GDPR.
Right to data portability: Pursuant to Art. 20 of the GDPR, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.
Right to complain: You are entitled to complain to a supervisory authority in accordance with Article 77 of the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace for this purpose.
Right to object: If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation. To exercise your right to object, simply send me an e-mail.
Each time my website is called up, our system automatically collects data and information from the computer or device system with which the data subject (hereinafter: user) calls up my website. This data is stored and processed on the hosted server in a log file (so-called log files). The following personal data is collected in this process:
Browser type and the version used
Operating system of the user
Internet service provider of the user
IP address of the user
Date and time of access
Websites from which the user's computer or device system has accessed my website
Websites accessed by the user's computer or device system via my website.
The IP address is a string of numbers that uniquely identifies your computer or device system at the time you access my website. The IP address is used to receive and send data packets and enables a user to call up a website. The temporary storage of the IP address on the hosted server is necessary in order to transmit the page content to the user's computer or device system after calling up my website, so that the user can view the content.
The storage in log files takes place in order to ensure the functionality of the website and to be able to detect any transmission errors that may occur. In addition, this data is used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
The processing is based on my legitimate interests according to Art. 6 para. 1 p. 1 lit. f GDPR. If the processing is based on Art. 6 para. 1 p. 1 lit. f GDPR, I am obliged to disclose the legitimate interests pursued by me. I have a legitimate interest in processing the above-mentioned personal data for the above-mentioned purposes in order to pursue my economic and idealistic interest in the external presentation of my company. Personal data will be disclosed to my contractors contracted to host and provide IT resources for the operation of the website.
The personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. The user's IP address must remain stored for the duration of the session in order to enable the use of the website. The data in the log file is deleted after seven days at the latest.
As a data subject, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(1)(e) or (f) of the GDPR (Article 21(1) of the GDPR). In this case, I will no longer process the personal data unless I can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms as a data subject, or if the processing serves the purpose of asserting, exercising or defending legal claims.
The processing of personal data to provide the website and to create the log file is absolutely necessary for the operation of the website. The user can therefore not object to this type of processing.
I can be reached by e-mail and phone (electronic communication). By providing your personal data, first name, last name, e-mail, your message, as well as technical information about the transmission and the time of sending is sent to me and processed so I can contact and reply to you. Your personal data are processed in order to identify you, to be able to assign your message to an existing mandate or other contractual relationship. Your data will only be processed for the purpose of processing and responding to your request.
The processing of the personal data is based on your consent. However, the processing of your personal data may also be necessary for the performance of a contract or another contract with you, or for the performance of pre-contractual measures which take place at your request (Art. 6 (1) sentence 1 lit. b GDPR).
Personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. A contact request sent outside of an existing coaching contract, other contract or for the purpose of initiating a contract, will be automatically deleted after 6 months, starting from the day we receive your request.
Online appointment booking
I use the service of Wix for the simplified booking of appointments. By using this service, data is transferred to Wix. Wix processes the following data of users on the basis of a commissioned data processing agreement pursuant to Art 28 GDPR.
The processing of the data entered via Wix is thus exclusively based on a legitimate interest of simplified appointment arrangement and the customer according to Art. 6 para. 1 lit. f GDPR and on the basis of the order data processing agreement according to Art. 28 GDPR. The data entered by customers or interested parties via Wix shall remain with me until the customer requests me to delete it or the purpose for storing the data no longer applies, in particular after the processing of an enquiry has been completed, whereby the necessity of retaining the data shall be reviewed once a year. Mandatory legal provisions - in particular retention periods - shall remain unaffected.
It is important that the data I hold about you is accurate and current, therefore please keep me informed of any changes to your personal data.
I may use online platforms to conduct our online meetings and various types of data are processed when using an online platform for meetings. The scope of the data depends on the information you provide before or during participation in an online meeting. The legal basis for this is my legitimate interest in effective customer communication and, insofar as it concerns an enquiry to enter into or fulfil a contract. You can request information about the purpose of processing, origin and, if applicable, recipients of your personal data from us free of charge at any time. The providers used are: Zoom, WhatsApp or FaceTime
When do I disclose your Personal Data?
I may share your information with organisations that help me provide the services described in this policy and who may process such data on our behalf and in accordance with this policy, to support my online offer and services.
Typically and unless otherwise stated in this policy, data may be shared on the basis of our contractual and pre-contractual obligations, if you have consented to it, or where there we have a legal obligation to do so or on the basis of our legitimate interests (e.g. when using agents, hosting providers, tax, business and legal advisors, customer care, accounting, billing and similar services that allow us to perform our contractual obligations, administrative tasks and duties efficiently and effectively). If I commission third parties to process data on the basis of a so-called "processing agreement".
In relation to meta data obtained about you, I may share a cookie identifier and IP data with analytic service providers to assist us in the improvement and optimisation of our website which is subject to my Cookies Policy.
I may also disclose information in other circumstances such as when you agree to it or if the law, a Court order, a legal obligation or regulatory authority asks me to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our right, property or personal safety of our staff, the website and its users.
Automated decision-making and profiling
I do not use automation for decision-making and profiling.
My website is not intended for children and I do not knowingly collect data relating to children. If you become aware that your Child has provided me with Personal Data, without parental consent, please contact me and I take the necessary steps to remove that information from our server.
What are the categories of data subjects?
Customers, interested parties, visitors and users of the online offer, business partners.
What are the purposes for processing?
• Provision of the online offer, its contents and functions.
• Provision of contractual services, service and customer care.
• Answering contact enquiries and communication with users.
• Marketing, advertising and market research.
• Security measures.
I maintain online presences in Facebook, Instagram, and LinkedIn on the basis of our legitimate interests within the meaning of Article 6 lit. f) GDPR and in order to communicate with customers, interested parties and users who are active there. Unless otherwise stated in this policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. write articles on our online presences or send us messages.
Within the website functions and widgets of Facebook, Instagram, and LinkedIn are integrated. When you click on or use any of those functions and widgets, your browser establishes a direct connection to Facebook, Instagram and LinkedIn. The function or widget then transmits log data to Facebook, Instagram and LinkedIn. This log data may contain your IP address, the address of the visited websites, type and settings of the browser, date and time of the request, your usage of Facebook, Instagram and LinkedIn, as well as cookies. Those may also include the display of our post, the link to our profile, the possibility to interact with the posts and functions, as well as to measure users reach (so-called conversion measurement).
Content Delivery Network
For the purpose of a shorter loading time, we use a so-called Content Delivery Network ("CDN") (Wix) for some offers. With this service, content, e.g. large media files, are delivered via regionally distributed servers of external CDN service providers. Therefore, access data is processed on the servers of the service providers. If you have any questions about the service providers I use and the basis of my cooperation with them, please contact me.
Data Breaches and Notification
Databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, I will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
This policy and my commitment to protecting the privacy of your personal data can result in changes to this policy. Please regularly review this policy to keep up to date with any changes.
Queries and Complaints
Any comments or queries on this policy should be directed to me. If you believe that I have not complied with this policy or acted otherwise than in accordance with data protection law, then please contact me.
Finally, I would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of data against access by third parties is therefore not possible.