Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. The following information provides details on how we handle your personal data when you use our website. Personal data refers to any information that can be used to personally identify you.

1.2 The controller for data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is Anna Nwaada Weber, Am Pannschoppen 9, 40883 Ratingen, Germany, Tel.: +49 21021337890, Email: support@annanwaadaweber.com. The controller responsible for processing personal data is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 When you use our website purely for informational purposes, meaning you do not register or otherwise provide us with information, we only collect the data that your browser transmits to the server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary for us to display the website:

The website you visited

Date and time at the time of access

Amount of data sent in bytes

Source/reference from which you accessed the page

Browser used

Operating system used

IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Article 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. This data is not shared or used for any other purpose. However, we reserve the right to check the server log files retrospectively if there are specific indications of illegal use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller). You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser's address bar.

3) Contacting Us

3.1 Acuity Scheduling

To provide an online appointment booking function, we use the services of the following provider: Squarespace Ireland Limited, Le Pole House, Ship Street Great, Dublin 8, Ireland.

For the purpose of scheduling appointments, we collect first and last names, email addresses (and, if a telephone appointment is desired, the telephone number) in accordance with Article 6(1)(b) GDPR. This data is transferred to the provider based on our legitimate interest in effective customer management and efficient appointment scheduling in accordance with Article 6(1)(f) GDPR, where it is stored for appointment organization purposes.

Your data will be deleted by the provider after the appointment or after the agreed appointment period has expired.

We have entered into a data processing agreement with the provider to ensure the protection of our website visitors' data and to prevent unauthorized sharing with third parties.

3.2 When contacting us (e.g., via contact form or email), personal data will be processed solely for the purpose of processing and responding to your request and only to the extent necessary.

The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Article 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Article 6(1)(b) GDPR. Your data will be deleted once it is clear that the matter in question has been fully resolved, provided there are no statutory retention obligations.

4) Use of Customer Data for Direct Marketing

Subscription to Our Email Newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only required information for receiving the newsletter is your email address. Providing additional data is voluntary and is used to address you personally. For the newsletter distribution, we use the so-called double opt-in procedure to ensure that you only receive newsletters if you have expressly confirmed your consent to receive the newsletter by clicking on the verification link sent to the provided email address.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Article 6(1)(a) GDPR. We store your IP address, as entered by the Internet Service Provider (ISP), as well as the date and time of registration, to trace possible misuse of your email address at a later date. The data collected by us during the newsletter registration is used exclusively for the intended purpose.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by notifying the controller mentioned at the beginning. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this statement.

5) Website Features

5.1 Zoom

For conducting online meetings, video conferences, and/or webinars, we use the following provider: Zoom Video Communications Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA.

The provider processes different data, depending on what data you share before or during participation in an online meeting, video conference, or webinar. Your data as a communication participant is processed and stored on the provider's servers. This may include your registration data (name, email address, telephone number (optional), and password) and session data (topic, participant IP address, device information, description (optional)).

Additionally, image and sound contributions from participants as well as voice inputs in chats can be processed.

The legal basis for processing personal data necessary for fulfilling a contract with you (this also applies to processing operations required for pre-contractual measures) is Article 6(1)(b) GDPR. If you have given us consent to process your data, the processing is based on Article 6(1)(a) GDPR. Consent given can be revoked at any time with effect for the future.

Otherwise, the legal basis for data processing during the conduct of online meetings, webinars, or video conferences is our legitimate interest pursuant to Article 6(1)(f) GDPR in the effective conduct of the online meeting, webinar, or video conference.

We have entered into a data processing agreement with the provider to ensure the protection of our website visitors' data and to prevent unauthorized sharing with third parties.

For data transfers to the USA, the provider has adhered to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.

5.2 Google Forms

For conducting surveys or online forms, we use the services of the following provider: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.

In addition to transferring data to the provider's aforementioned location, data may also be transferred to: Google LLC, USA.

The provider enables us to create and evaluate surveys and online forms. In addition to the personal data you enter into the forms, information about your operating system, browser, date and time of your visit, referrer URL, and your IP address will be collected, transmitted to the provider, and stored on the provider's servers.

The storage of the information you enter into the forms is password-protected to ensure that third-party access is excluded and only we can evaluate the data for the purpose stated in the respective form.

When processing personal data necessary for fulfilling a contract with you (this also applies to processing operations required for pre-contractual measures), the legal basis is Article 6(1)(b) GDPR. If you have given us consent to process your data, the processing is based on Article 6(1)(a) GDPR. Consent given can be revoked at any time with effect for the future.

We have entered into a data processing agreement with the provider to ensure the protection of our website visitors' data and to prevent unauthorized sharing with third parties.

6) Tools and Miscellaneous

For handling accounting, we use the cloud-based accounting software service of the following provider: Accountable SA, 22 drève des Weigélias, 1170 Brussels, Belgium.

The provider processes incoming and outgoing invoices, and potentially also the bank transactions of our company, to automatically capture invoices, match them to transactions, and thereby create financial accounting in a semi-automated process.

If personal data is processed in this context, the processing is carried out in accordance with Article 6(1)(f) GDPR based on our legitimate interest in efficient organization and documentation of our business transactions.

7) Rights of the Data Subject

7.1 Applicable data protection law grants you the following rights as a data subject regarding the processing of your personal data, with reference to the legal basis for each:

Right to access in accordance with Article 15 GDPR;

Right to rectification in accordance with Article 16 GDPR;

Right to erasure in accordance with Article 17 GDPR;

Right to restriction of processing in accordance with Article 18 GDPR;

Right to notification in accordance with Article 19 GDPR;

Right to data portability in accordance with Article 20 GDPR;

Right to withdraw consent granted in accordance with Article 7(3) GDPR;

Right to lodge a complaint in accordance with Article 77 GDPR.

7.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTEREST AS PART OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES. YOU CAN EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.

8) Duration of Storage of Personal Data

The duration of the storage of personal data depends on the respective legal basis, the processing purpose, and, where applicable, the statutory retention period (e.g., commercial and tax retention periods).

When processing personal data based on explicit consent in accordance with Article 6(1)(a) GDPR, the data will be stored until the consent is revoked.

If there are statutory retention periods for data that is processed as part of legal or similar obligations based on Article 6(1)(b) GDPR, this data will be routinely deleted after the retention periods have expired, provided it is no longer required for contract fulfillment or initiation and/or there is no legitimate interest in further storage on our part.

When processing personal data based on Article 6(1)(f) GDPR, this data will be stored until you exercise your right to object in accordance with Article 21(1) GDPR unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing serves to establish, exercise, or defend legal claims.

When processing personal data for direct marketing purposes based on Article 6(1)(f) GDPR, this data will be stored until you exercise your right to object in accordance with Article 21(2) GDPR.

Unless otherwise specified in this statement regarding specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

Juridical supervised by IT-Recht Kanzlei