Privacy Policy (Datenschutzerklärung)

1. Controller

Controller within the meaning of the General Data Protection Regulation (GDPR):

Kerstin Wilson
Albert-Einstein-Str.77
75015 Bretten
Germany
Email: souldesigncoaching [at] gmail.com or via contact form

2. General Information on Data Processing

Personal data is processed only to the extent necessary to provide this website and the services offered.

Processing is carried out in accordance with Art. 6 GDPR.

3. Website Hosting (Squarespace)

This website is hosted by Squarespace, a service provided by Squarespace, Inc., USA.

When accessing this website, technical data is automatically processed, including:

  • IP address

  • date and time of access

  • browser type and version

  • device information

This processing is necessary for the operation, security, and stability of the website.

Legal basis:
Art. 6(1)(f) GDPR (legitimate interest)

Squarespace may use technically necessary cookies to provide core website functionality.

4. Cookies

This website uses cookies.

Technically necessary cookies are used to ensure proper functionality and security of the website.

Legal basis:
§ 25(2) TTDSG and Art. 6(1)(f) GDPR

Non-essential cookies are only used with your explicit consent via the cookie consent tool in accordance with § 25(1) TTDSG and Art. 6(1)(a) GDPR.

Further information can be found in the Cookie Policy.

5. Consent Management

This website uses a consent management tool provided by Cookiebot.

The tool is used to manage cookie preferences and to ensure that non-essential cookies are only set with user consent.

In this context, the following data may be processed:

  • consent status

  • IP address (in anonymized form where applicable)

  • browser and device information

The consent data is stored in order to comply with legal obligations. It stores user consent preferences in order to demonstrate compliance.

Legal basis:

  • Art. 6(1)(c) GDPR

  • Art. 6(1)(f) GDPR

6. Contact

If you contact me (e.g. by email or contact form), the data you provide (e.g. name, email address, message) will be processed for the purpose of handling your request.

Legal basis:

  • Art. 6(1)(b) GDPR (pre-contractual measures) or

  • Art. 6(1)(f) GDPR (legitimate interest in communication)

7. Booking and Service Provision

Bookings are made via Acuity Scheduling, a third-party booking service, provided by Squarespace, Inc.

In the course of booking and providing services, the following personal data may be processed:

  • name

  • email address

  • date, time, and place of birth

  • appointment details

  • communication content

This data is processed for the purpose of providing the booked service.

Legal basis:
Art. 6(1)(b) GDPR (contract performance)

For the creation of analyses, data may be entered into external tools for the purpose of generating Human Design analyses.

8. Payments

Payments are processed via Stripe.

Payment data is processed directly by the payment provider.

Legal basis:
Art. 6(1)(b) GDPR

9. Newsletter

Newsletter distribution is carried out via Substack.

The following data may be processed:

  • email address

  • name (if provided)

Legal basis:
Art. 6(1)(a) GDPR (consent)

You can withdraw your consent at any time.

Paid subscriptions are processed via Stripe.

10. Communication and Session Tools

Sessions may be conducted via:

  • Zoom

  • Google Meet

Processing is carried out for the purpose of providing the booked service.

Legal basis:
Art. 6(1)(b) GDPR

11. Data Storage and Processing Tools

Personal data may be stored and processed using:

  • local storage systems

  • Google Drive

  • Canva

Processing is carried out for service provision and business organization.

Legal basis:

  • Art. 6(1)(b) GDPR

  • Art. 6(1)(f) GDPR

12. Accounting and Legal Obligations

For accounting and tax purposes, only the data required by law is processed.

This generally includes:

  • name

  • billing information

  • payment details

Sensitive or service-related personal data (such as birth data or analysis-related information) is not transferred to tax advisors or authorities.

Data is processed using:

  • Lexware

  • DATEV

  • ELSTER

Data may be transmitted to tax advisors and tax authorities where legally required.

Legal basis:
Art. 6(1)(c) GDPR (legal obligation).

13. Data Recipients and Transfers

Personal data may be transferred to service providers used for website operation and business processes, including providers based in the United States.

Where data is transferred outside the EU/EEA (in particular to the United States), this is based on Standard Contractual Clauses pursuant to Art. 46 GDPR.

14. Data Retention

Personal data is stored only as long as necessary for the respective purpose.

  • Contract and communication data: generally up to 3 years after the end of the year in which the contractual relationship ended (statutory limitation period under German law)

  • Tax-relevant data: 10 years (German tax law)

  • Newsletter data: until withdrawal of consent

15. Data Subject Rights

You have the following rights under the GDPR:

  • Right of access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to object (Art. 21 GDPR)

  • Right to withdraw consent (Art. 7(3) GDPR)

16. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority.

Competent authority:

Landesbeauftragte für Datenschutz und Informationsfreiheit Baden-Württemberg.

17. Changes to this Policy

This privacy policy may be updated if required.