Privacy Policy

This privacy policy informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer, the functions and content associated with it as well as external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer"). With regard to the terms used, such as "processing" or "controller", reference to the definitions in the UK`s Data Protection Act 2018 (DPA) and the EU`s General Data Protection Regulation (GDPR) is made.

 

Person responsible

Sophie Helene

www.sophiehelene.co.uk

 

Types of data processed:

·        Inventory data (e.g., names, addresses).

·        Contact data (e.g., e-mail, telephone numbers).

·        Content data (e.g., text entries, messages, videos).

·        Usage data (e.g., web sites visited, interest in content, access times).

·        Meta/communication data (e.g., device information, IP addresses).

 

Categories of data subjects

Visitors and users of the online offer (hereinafter we also refer to the data subjects collectively as "users").

 

Purpose of the processing

·        Provision of the online offer, its functions and contents.

·        Responding to contact requests and communicating with users.

·        Security measures.

·        Reach measurement/marketing.

 

Terminology used

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually any handling of data.

 

"Pseudonymisation" means the processing of personal data in such a way that personal data can no longer be related to a specific data subject without additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.

 

"Profiling" means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.

 

Controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

 

"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

 

Relevant legal basis

In accordance with Article 13 of the GDPR, we inform you of the legal basis for our data processing activities. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR, the legal basis for processing for the performance of our services and implementation of contractual measures and responding to enquiries is Art. 6(1)(b) GDPR, the legal basis for processing for the performance of our legal obligations is Art. 6(1)(c) GDPR, and the legal basis for processing for the protection of our legitimate interests is Art. 6(1)(f) GDPR. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) GDPR serves as the legal basis.

 

Security measures

Sophie Helene takes appropriate technical and organisational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

 

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input, disclosure, ensuring availability and segregation of the data. We also have procedures in place to ensure the exercise of data subjects' rights, deletion of data and response to data compromise. Furthermore, Sophie Helene already takes the protection of personal data into account in the development and selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 GDPR).

 

Cooperation with processors and third parties

If, in the course of processing, it is necessary to disclose data to other persons and companies (order processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g., if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 para. 1 lit. b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).

 

If we commission third parties to process data on the basis of a so-called "order processing agreement", this is done on the basis of Art. 28 GDPR.

 

Transfers to third countries

If we process data in a third country (i.e., outside the UK or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done if it is done in order to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or allow the processing of data in a third country if the special requirements of Art. 44 ff. GDPR are met. This means, for example, that the processing is carried out on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the UK or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").

 

Rights of data subjects

You have the right to request confirmation as to whether data in question is being processed and to information about this data as well as further information and a copy of the data in accordance with Art. 15 of the GDPR.

 

You have according to. Article 16 of the GDPR, you have the right to request that the data concerning you be completed or that inaccurate data concerning you be corrected.

 

In accordance with Art. 17 of the GDPR, you have the right to demand that the data in question be deleted without delay, or alternatively, in accordance with Art. 18 of the GDPR, to demand restriction of the processing of the data.

 

You have the right to obtain the data concerning you that you have provided to us in accordance with Article 20 of the GDPR and to request that it be transferred to other data controllers.

 

You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.

 

Right of withdrawal

You have the right to revoke any consent you have given in accordance with Art. 7 (3) of the GDPR with effect for the future.

 

Right of objection

You may object to the future processing of data relating to you in accordance with Art. 21 GDPR at any time. The objection can be made in particular against processing for direct marketing purposes.

 

Cookies and right of objection in the case of direct advertising

Cookies" are small files that are stored on users' computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his or her visit to an online offer. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his or her browser. In such a cookie, for example, the contents of a shopping basket in an online shop or a login status can be stored. Cookies that remain stored even after the browser is closed are referred to as "permanent" or "persistent". For example, the login status can be stored if users visit them after several days. Likewise, the interests of users can be stored in such a cookie, which is used for range measurement or marketing purposes. Third-party cookies" are cookies that are offered by providers other than the responsible party that operates the online offer (otherwise, if they are only its cookies, they are referred to as "first-party cookies").

 

The Sophie Helene website may uses temporary and permanent cookies and further information can be found in Sophie Helene`s Cookie Policy.

 

Deletion of data

The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e., the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.

 

Services and coaching

Sophie Helene processes the data of clients and prospective clients and other clients or contractual partners (uniformly referred to as "clients") in accordance with Art. 6(1)(b) of the GDPR in order to provide them with our contractual or pre-contractual services. The data processed in this context, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. The processed data basically includes inventory and master data of the clients (e.g., name, address, etc.), as well as contact data (e.g., e-mail address, telephone, etc.), contract data (e.g., services used, fees, names of contact persons, etc.) and payment data (e.g., bank details, payment history, etc.).

 

Within the scope of our services, Sophie Helene may also processes special categories of data pursuant to Article 9 (1) of the GDPR, in particular information on the health of clients, possibly with reference to their life, ethnic origin or religious or ideological beliefs. For this purpose, Sophie Helene obtains, if necessary, pursuant to Art. 6 Para. 1 lit. a., Art. 7, Art. 9 Para. 2 lit. a. GDPR and otherwise process the special categories of data for health care purposes on the basis of Art. 9 Para. 2 lit h. GDPR.

 

If necessary for the fulfilment of the contract or required by law, Sophie Helene discloses or transmits client data in the context of communication with other professionals, third parties necessarily or typically involved in the fulfilment of the contract, such as billing offices or comparable service providers, if this serves the provision of our services pursuant to Art. 6 Para. 1 lit. b. GDPR, by law pursuant to Art. 22 Para. 1 No. 1 b. GDPR, is required by law pursuant to Art. 6 Para. 1 lit c. GDPR, serves our interests or those of our clients in efficient and cost-effective healthcare as a legitimate interest pursuant to Art. 6 Para. 1 lit f. GDPR or is necessary to protect the vital interests of the client or another natural person in accordance with Art. 6 Para. 1 lit. d. GDPR or in the context of consent in accordance with Art. 6 Para. 1 lit. a., Art. 7 GDPR.

 

The deletion of the data takes place when the data is no longer required for the fulfilment of contractual or legal duties of care as well as dealing with any warranty and comparable obligations, whereby the necessity of the retention of the data is reviewed every three years; in all other respects, the legal retention obligations apply.

 

Administration, financial accounting, office organisation, contact management

Sophie Helene processes data within the scope of administrative tasks as well as organisation of her business, financial accounting and compliance with legal obligations, such as archiving. In doing so, Sophie Helene processes the same data that is processed in the course of providing contractual services. The processing bases are Art. 6 para. 1 lit. c. GDPR, Art. 6 para. 1 lit. f. GDPR. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and Sophie Helene`s interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e., tasks that serve the maintenance of the business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information mentioned in these processing activities.

 

In this context, Sophie Helene discloses or transmits data to the tax authorities, consultants such as tax advisors or auditors as well as other fee offices and payment service providers.

 

Furthermore, Sophie Helene stores information on suppliers, organisers and other business partners on the basis of our business interests, e.g., for the purpose of contacting them at a later date. This data, most of which is company-related, is stored permanently.

 

Contact

When contacting Sophie Helene (e.g., via contact form, e-mail, telephone or social media), the user's details are processed for the purpose of handling the contact request and its processing in accordance with Art. 6 Para. 1 lit. b) GDPR. The user's details may be stored in a customer relationship management system ("CRM system") or comparable enquiry organisation.

 

Sophie Helene deletes the enquiries if they are no longer necessary. Sophie Helene reviews the necessity every two years; furthermore, the legal archiving obligations apply.

 

Hosting and e-mail dispatch

The hosting services Sophie Helene uses Squarespace to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services and technical maintenance services, which we use for the purpose of operating this online offer.

 

In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 para. 1 lit. f GDPR in conjunction with. Art. 28 GDPR (conclusion of order processing agreement).

 

Collection of access data and log files

We, or rather our hosting provider, collect data on every access to our website on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. GDPR, we or our hosting provider collect data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the web site accessed, file, date and time of access, volume of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

 

Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident is finally clarified.

 

Online Meetings

Sophie Helene may uses video teleconferencing software programs to conduct online meetings and various types of data are processed when using an online platform for meetings. The scope of the data depends on the information you provide before or during participation in an online meeting. If you contact me in electronic form, I store and process the data you have provided us with. The legal basis for this is my legitimate interest in effective customer communication in accordance with your consent and, insofar as it concerns an enquiry to enter into or fulfil a contract, also contract. You can request information about the purpose of processing, origin and, if applicable, recipients of your personal data from us free of charge at any time.

 

SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS.

 

Social Media

The data you enter on our social media pages, such as comments, videos, pictures, likes, public messages, etc. are published by the social media platform and are not used or processed by us for any other purpose at any time. We only reserve the right to delete content if this should be necessary. Where applicable, we share your content on our site if this is a function of the social media platform and communicate with you via the social media platform. The legal basis is our legitimate interest. The data processing is carried out in the interest of our public relations and communication.

 

If you wish to object to certain data processing over which we have an influence, please contact us. We will then examine your objection. If you send us a request on the social media platform, we may also refer you to other secure communication channels that guarantee confidentiality, depending on the response required. You always have the option of sending us confidential enquiries to our address stated in the imprint.

 

As already stated, where the social media platform provider gives us the opportunity, we take care to design our social media pages to be as data protection compliant as possible. With regard to statistics that the provider of the social media platform makes available to us, we can only influence these to a limited extent and cannot switch them off. However, we make sure that no additional optional statistics are made available to us.

 

Data processing by the operator of the social media platform

The operator of the social media platform uses web tracking methods. The web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already explained, we can unfortunately hardly influence the web tracking methods of the social media platform. We cannot, for example, switch this off.

 

Please be aware: It cannot be ruled out that the provider of the social media platform uses your profile and behavioural data, for example to evaluate your habits, personal relationships, preferences, etc. We have no influence on this. In this respect, we have no influence on the processing of your data by the provider of the social media platform.

 

Changes to our privacy policy

Sophie Helene reserves the right to adapt this privacy policy so that it always complies with the current legal requirements or in order to implement changes to our services in the privacy policy, e.g., when introducing new services. The new privacy policy will then apply to your next visit.

 

Questions

If you have any questions about data protection, please use the contact form provided on the website.