PRIVACY POLICY

https://spritual-soul-art.com

Welcome to Spiritual -Soul Art - Alexandra Hettel - Consulting Coaching Mediation

Preliminary remark:

This is a translated text. The language valid for concluding the contract is exclusively German. Translations into other languages are for informational purposes only. The German text always takes precedence and is valid despite differences in language usage.

INTRODUCTION

We hereby inform you in accordance with the legal requirements of data protection law (in particular the German Federal Data Protection Act – BDSG n.F. – and the European General Data Protection Regulation – GDPR) about the type, scope, and purpose of the processing of personal data by our company. This privacy policy also applies to our online presences, especially websites and social media profiles. For definitions of terms such as "personal data" or "processing", please refer to Art. 4 of the GDPR.

RESPONSIBLE ENTITY pursuant to Art. 4 No. 7 GDPR:

Alexandra Hettel / Beratung Coaching Mediation / Spiritual Soul Art
Mueller-Jung-Str. 4
76476 Bischweier
Germany
Email:mail@spiritual-soul-art.com

TYPES OF DATA, PURPOSES OF PROCESSING, AND CATEGORIES OF DATA SUBJECTS

Below we inform you about the type, scope, and purpose of the collection, processing, and use of personal data.

1. Types of data we process
2. Purposes of processing pursuant to Art. 13 para. 1 (c) GDPR
Contract fulfillment, technical and economic optimization of the website, enabling easy access to the site, fulfillment of contractual obligations, contact in the event of legal claims by third parties, fulfillment of legal retention obligations, optimization and statistical analysis of our services, commercial use of the website, improving user experience, user-friendly website design, economic operation of advertising and website, marketing / sales / advertising, creation of statistics, detection of copied content, prevention of spam and abuse, customer service and support, processing contact inquiries, providing websites with content and functionality, security measures, uninterrupted and secure operation of our website.

3. Categories of affected persons pursuant to Art. 13 para. 1 (e) GDPR
Visitors/users of the website, customers, suppliers, interested parties, employees of customers or suppliers. These individuals are collectively referred to as "users".

LEGAL BASES FOR PROCESSING PERSONAL DATA

Below we inform you about the legal bases for the processing of personal data:

1. If we obtain your consent to process personal data, Art. 6 para. 1 sentence 1 (a) GDPR serves as the legal basis.

2. If processing is necessary to fulfill a contract or to carry out pre-contractual measures at your request, Art. 6 para. 1 sentence 1 (b) GDPR is the legal basis.

3. If processing is necessary to comply with a legal obligation, Art. 6 para. 1 sentence 1 (c) GDPR is the legal basis.

4. If processing is necessary to protect vital interests of the data subject or another natural person, Art. 6 para. 1 sentence 1 (d) GDPR is the legal basis.

5. If processing is necessary to safeguard our legitimate interests or those of a third party, and your interests or fundamental rights and freedoms do not override those interests, Art. 6 para. 1 sentence 1 (f) GDPR is the legal basis.

DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES AND PROCESSORS

We generally do not disclose personal data to third parties without your consent. If such disclosure should occur, it is based on the aforementioned legal grounds, e.g., to online payment providers for contract fulfillment or due to a court order or a legal obligation for law enforcement, hazard prevention, or enforcement of intellectual property rights.

We also use processors (external service providers such as web hosting and database services) to process your data. If data is disclosed within the scope of a processing contract pursuant to Art. 28 GDPR, this is always based on a legal agreement. We carefully select our processors, regularly monitor them, and have contractually secured our right to issue instructions. The processors must implement appropriate technical and organizational measures and comply with the data protection regulations in accordance with the BDSG and the GDPR.

DATA TRANSFER TO THIRD COUNTRIES

The GDPR provides a uniform basis for data protection across Europe. Therefore, your data is generally processed within companies that are subject to the GDPR. If processing is carried out by services based outside the European Union or the European Economic Area, these providers must meet the special requirements of Art. 44 et seq. GDPR. This means processing may only occur based on special guarantees, such as an officially recognized level of data protection by the EU Commission or the use of officially recognized standard contractual clauses.

If we request your explicit consent to transfer data to the USA in accordance with Art. 49 para. 1 sentence 1 (a) GDPR due to the invalidation of the so-called "Privacy Shield", we hereby inform you of the potential risk of secret access by US authorities and the use of the data for surveillance purposes, possibly without effective legal remedies for EU citizens.

SERVICES USED – THIRD-PARTY PROVIDERS AND TOOLS

· Google (Google Business Profile)
We use services from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) to provide and optimize our online communication, display locations, and conduct online meetings. Personal data (e.g. IP address, location data, communication content) may be transmitted to Google servers – including in the USA. Legal basis: Art. 6 para. 1 (a), (b), or (f) GDPR.
Privacy policy:https://policies.google.com/privacy

· ProtonMail (encrypted communication)
We offer confidential communication via ProtonMail as an optional encrypted method.
Privacy policy:https://proton.me/privacy-policy

· Hostinger (Web Hosting)
Privacy policy:https://www.hostinger.com/legal/privacy-policy

· Meta/Facebook
Privacy policy:https://www.facebook.com/privacy/policy

· Stripe (Payment processing)
Privacy policy:https://stripe.com/de/privacy

· Wise (Payment processing)
Terms and privacy:https://wise.com/terms-and-conditions

· Zoom (Video conferencing)
Privacy policy:https://explore.zoom.us/de/privacy

DELETION OF DATA AND STORAGE DURATION

Unless expressly stated in this privacy policy, your personal data will be deleted or blocked as soon as the purpose for storage no longer applies, or you withdraw your consent to processing. Data may also be stored if required for legal evidence purposes or if statutory retention obligations prevent deletion. Such obligations include the commercial retention obligation for business letters pursuant to § 257 (1) of the German Commercial Code (6 years) and the tax retention obligation pursuant to § 147 (1) of the German Fiscal Code (10 years) for accounting documents. After the expiration of the legal retention period, the data will be blocked or deleted unless continued storage is required for contract fulfillment.

AUTOMATED DECISION-MAKING
We do not use any automated decision-making or profiling.

PROVISION OF OUR WEBSITE AND CREATION OF LOG FILES

1. When you use our website purely for informational purposes (i.e., without registering or submitting information otherwise), we only collect the personal data that your browser transmits to our server.

COOKIES

1. We use so-called cookies when you visit our website. Cookies are small text files that your internet browser stores on your device. When you revisit our site, these cookies provide information that enables us to recognize you automatically. Cookies may include “user IDs” that store user data in pseudonymized profiles. When accessing our site, you will be informed via a notice about our privacy policy that we use cookies for the purposes stated and how you can object to or prevent their storage (“opt-out”).

The following types of cookies are distinguished:

· Essential Cookies:These cookies are necessary for the operation of the website and enable basic functions such as logins, shopping carts, or remembering language preferences.

· Session Cookies:These cookies help recognize repeat use of our site by the same user (e.g., if you are logged in, to verify your session status). These cookies optimize access to our services. They are deleted when you close the browser or log out.

· Persistent Cookies:These cookies remain stored after you close the browser. They are used to save login status, measure reach, and for marketing purposes. They are automatically deleted after a predefined duration, which can vary depending on the cookie. You can delete them anytime in your browser's security settings.

· Third-Party Cookies:These are placed by external advertisers or services. You can configure your browser to reject these or all cookies. Please note that doing so may limit some functionalities of the site. For more details, refer to the respective providers' privacy statements.

2. Data categories processed:User data, cookies, user ID (including visited pages, device info, access times, and IP addresses).

3. Purpose of processing:The data collected serves to optimize the technical and economic performance of our web offerings and to facilitate secure and easy access to our website.

4. Legal basis:If we process your personal data using cookies based on your consent ("opt-in"), Art. 6 para. 1 sentence 1 (a) GDPR applies. If not, our legitimate interest in effective functionality, optimization, and economic operation of the website applies under Art. 6 para. 1 sentence 1 (f) GDPR. If cookies are used for contract initiation (e.g., when placing an order), Art. 6 para. 1 sentence 1 (b) GDPR applies.

5. Storage period / Deletion:Data is deleted as soon as it is no longer needed for its intended purpose. For data collected during the website session, this is the case when the session ends. Cookies are stored on your device and transmitted to our site. You have full control over cookie use. You can deactivate or restrict cookie transmission by changing your browser settings. Already stored cookies can be deleted at any time, including automatically. If you deactivate cookies for our site, you may not be able to use all website features fully.

Instructions for deleting cookies by browser:

· Chrome:https://support.google.com/chrome/answer/95647

· Safari:https://support.apple.com/de-at/guide/safari/sfri11471/mac

· Firefox:https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen

· Internet Explorer:https://support.microsoft.com/de-at/help/17442/windows-internet-explorer-delete-manage-cookies

· Microsoft Edge:https://support.microsoft.com/de-at/help/4027947/windows-delete-cookies

6. Objection and Opt-Out:You can generally prevent the storage of cookies on your hard drive regardless of your consent by configuring your browser to reject cookies. Please note this may limit the functionality of our website. You can object to the use of cookies by third-party providers for advertising purposes via these platforms:

· US site:https://optout.aboutads.info

· European site:http://www.youronlinechoices.com/de/praferenzmanagement/

CONTACTING US

Via contact form / email / fax / mail

1. When you contact us via contact form, fax, post, or email, the information you provide will be processed for the purpose of handling your inquiry.

2. The legal basis for data processing is your consent pursuant to Art. 6 (1) sentence 1 lit. a) GDPR. If the processing is carried out in the context of a contact inquiry or email, letter, or fax, the legal basis is Art. 6 (1) sentence 1 lit. f) GDPR. We have a legitimate interest in processing and storing the data in order to respond to inquiries, for liability reasons (evidence), and to fulfill any statutory retention obligations for business correspondence. If the inquiry is aimed at concluding a contract, the additional legal basis is Art. 6 (1) sentence 1 lit. b) GDPR.

3. We may store your data and inquiry in our Customer Relationship Management system ("CRM system") or a comparable system.

4. The data will be deleted as soon as it is no longer required to achieve the purpose of its collection. For personal data from contact forms or emails, this is the case when the respective conversation with you has ended. A conversation is considered ended when it is evident from the circumstances that the matter has been fully resolved. Inquiries from users with an account or contract with us are stored for up to two years after contract termination. If legal archiving obligations exist, deletion occurs only after their expiration: 6 years under commercial law and 10 years under tax law.

5. You have the right to revoke your consent to the processing of personal data at any time under Art. 6 (1) lit. a) GDPR. If you contact us via email, you may object to the storage of your personal data at any time.

By telephone

1. When you contact us by phone, your phone number is processed for the purpose of handling the inquiry and is temporarily stored in the RAM/cache of the device/display. This is done for liability and security reasons (proof of call) and for economic reasons (return call capability). In case of unauthorized marketing calls, we block the numbers.

2. The legal basis for processing your phone number is Art. 6 (1) sentence 1 lit. f) GDPR. If the call aims at contract initiation, Art. 6 (1) lit. b) GDPR additionally applies.

3. The device cache stores call data for a few days and then deletes or overwrites it. Upon disposal of the device, all data is deleted, and the memory may be destroyed. Blocked phone numbers are reviewed annually for the necessity of the block.

4. You can prevent your number from being displayed by calling with a hidden caller ID.

Contact via Messenger Services

As an alternative to phone or email, you can contact us via privacy-focused messenger services. Use is voluntary and serves exclusively to facilitate communication in the context of our services.

We use the following messenger services:

· Signal– Privacy Policy:https://signal.org/legal/

· Telegram– Privacy Policy:https://telegram.org/privacy

· Threema– Privacy Policy:https://threema.ch/privacy

When using these services, the following personal data is typically processed: your phone number (if required), profile name, profile picture (if provided), and communication content. This data is used solely for processing your request.

Communication via these services is generally end-to-end encrypted. Nevertheless, metadata (e.g., time, device information) may be processed by the respective provider. Please review their individual privacy policies.

The legal basis for this data processing is either yourconsent pursuant to Art. 6 (1) lit. a) GDPRor, depending on the nature of the request,contract fulfillment pursuant to Art. 6 (1) lit. b) GDPR.

If you prefer not to use messenger services, you may always contact us by email instead.

SOCIAL MEDIA PRESENCE

1. We maintain profiles or fan pages on social media networks. When visiting our profiles on these platforms, the privacy notices and terms of the respective networks apply.

2. Categories of data processed:usage data, contact data, content data, and account data. These networks typically process user data for market research and advertising purposes. Based on usage behavior and user interests, user profiles can be created and used to display personalized advertisements inside and outside the platforms. Cookies are often stored on users’ devices for this purpose, tracking interactions and preferences. In many cases, user profiles also store cross-device information if users are logged in.

For detailed information on how these platforms process data and for opt-out options, please refer to their privacy policies. Regarding data subject rights (e.g., access or deletion requests), we recommend contacting the respective provider directly, as only they have access to your full data profile.

If you need help asserting your rights, you can still contact us.

3. Purpose of processing:Communication with users connected to our profiles, informing and advertising our products/services, maintaining public image, analyzing interactions and content on our pages.

4. Legal basis:Our legitimate interest under Art. 6 (1) lit. f) GDPR in the above purposes. If you have given consent to the social media provider or us, the legal basis is Art. 6 (1) lit. a) in conjunction with Art. 7 GDPR.

5. Data transmission / recipient category:The social network itself.

6. Social media policies, opt-out and data subject rights:

· Facebook– Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland
Privacy Policy:https://www.facebook.com/about/privacy/
Opt-Out:https://www.facebook.com/settings?tab=ads|https://www.youronlinechoices.com
Objection:https://www.facebook.com/help/contact/2061665240770586
Joint Controller Addendum (Art. 26 GDPR):https://www.facebook.com/legal/terms/page_controller_addendum
Page Insights Info:https://www.facebook.com/legal/terms/information_about_page_insights_data
We are jointly responsible with Facebook for our fan page under Art. 26 GDPR. Facebook commits to security measures and fulfills user rights directly. You may therefore primarily contact Facebook for access or deletion requests. Your rights (access, erasure, objection, complaint) remain unaffected.

· LinkedIn– Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Privacy Policy:https://www.linkedin.com/legal/privacy-policy
Cookie Policy & Opt-Out:https://www.linkedin.com/legal/cookie-policy

RIGHTS OF THE DATA SUBJECT

1. Right to object or withdraw consent
If the processing of your personal data is based on your consent pursuant to Art. 6 (1) sentence 1 lit. a) or Art. 7 GDPR, you have the right to withdraw your consent at any time. The lawfulness of processing based on your consent before its withdrawal remains unaffected.

If we process your personal data on the basis of a legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f) GDPR, you may object to this processing at any time. This applies particularly if the processing is not necessary for the performance of a contract with you, as described in the relevant sections of this privacy notice. When lodging such an objection, please provide your reasons why we should not process your personal data as we do. If your objection is justified, we will examine the situation and either stop or adapt the processing or demonstrate to you our compelling legitimate grounds for continuing it.

You may object to the processing of your personal data for advertising and data analysis purposes at any time. This objection is free of charge. You can notify us of your objection to advertising via the following contact details:

Alexandra Hettel / Beratung Coaching Mediation / Spiritual Soul Art
Mueller-Jung-Str. 4
76476 Bischweier
Germany
Email:mail@spiritual-soul-art.com

2. Right of access
You have the right to request access to your personal data stored by us under Art. 15 GDPR. This includes information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom your data has been or will be disclosed, the intended storage period, and the source of your data if it was not collected directly from you.

3. Right to rectification
You have the right to request the correction of inaccurate or incomplete personal data pursuant to Art. 16 GDPR.

4. Right to erasure
You have the right to request the deletion of your personal data stored by us pursuant to Art. 17 GDPR, unless legal or contractual retention obligations or other legal rights or obligations to continue storing the data prevent such deletion.

5. Right to restriction of processing
You have the right to request the restriction of processing of your personal data if one of the conditions in Art. 18 (1) lit. a)–d) GDPR is met:

· You contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the data;

· The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

· The controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims;

· You have objected to processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override yours.

6. Right to data portability
Pursuant to Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request the transfer of those data to another controller.

7. Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority. You may contact the supervisory authority of your habitual residence, place of work, or the location of the alleged violation.

DATA SECURITY

To protect all personal data transmitted to us and to ensure that both we and our external service providers comply with data protection regulations, we have implemented appropriate technical and organizational security measures. Among other things, all data transferred between your browser and our server is encrypted via a secure SSL connection.

Effective date: June 5th, 2025