Data Protection Declaration
This data protection declaration is valid for the following websites:
- anika-fiebich.biz (main website, in German)
- work-heart-training.biz (1-pager, in English)
- anima-salva.de (former main website, now 1-pager, in German)
The legal basis for my in Germany located single-woman business “Work HEART Training” is the European General Data Protection Regulation (GDPR). Please find the details below.
Dr. Anika Fiebich
Work HEART Training
This data protection declaration has been written including commentaries by a lawyer (in German) and adjusted by myself on July 4th 2023 to the pecularities of my single woman business called “Work HEART Training”, conducted as a trade and a trade mark for coaching and as a free-lancer. The last up-date of this website work-heart-training.biz was on July 15th 2023. The set-up of the point you find below remain the same.
1. Processing your personal data
Your personal data get processed when using this website and booking a business training in the following way:
When using my website, my hosting provider reports so-called “log files” during your accessing the server, e.g., the name of the accessed website, the website you’ve visited before (“referrer” URLs), information about the version of the browser you’re using and your device, the system software, provider, data and time of access, used search machines, the country from which you access the server, the conveyed data size, the name of the files you’ve downloaded and your IP address.
Log files get deleted or anonymized after 30 days, unless they are still needed for data protection purposes such as e.g. clearance an unsolved issue or serving as pieces of evidence. The legal basis of this procedure is the European General Data Protection Regulation (GDPR), Article 6, § 1. My interest in allowing for log-files is the system security only, including the discovery of misuse.
Please send me an email to anika-fiebich[at]anika-fiebich.biz to get in touch. I’ll process any of your personal data that required for addressing your inquiry in question, e.g., your name, address, email address, phone numer etc. The legal basis for processing contact booking requests of a business training is GDPR Article 6, § 1b, and for any other concerns § 1f. As I’m interested in addressing any inquiry, I’ll store your personal data as long as it is required for addressing it or as long as legal storage periods demand for.
Booking a business training (Work HEART Training)
When you book a business training for your company or your institution, I’ll process any of your personal data (e.g., name, address, email address, phone number, bank details etc.) that are required for the booking procedure, and/or any (pre-)contractual agreement between us, and/or with respect to warranties, and/or with respect to legal retention periods. The legal basis for processing your personal data in framework of a booking procedure is GDPR Article 6, § 1b. The means and methods of processing these data is neither lawfully nor contractually predescripted. Anyhow, it is required for fulfilling the contractual agreements as well as conducting the business trainings (Work HEART Training) as long as the data in question are necessary for the booking procedure.
Participating in a business training (Work HEART Training)
In framework of your participation in my business trainings, I’ll process personal data for recording learning progresses or intermediate results, to guide you step by step to acquire novel skills and competencies, to inform you about the results, make recommendations to improve etc.
In principle, I am not recording any online traings as well as chats during a video conference.
I am storing all of the personal data you gave to me in framework of your participation in a business training as long as it required to fulfill our contractual agreements, and/or to address any (pre)contractual inquires you may have, and/or for the sake of any warranties, and/or because of obeying rentention periods. The legal basis for processing your personal data in framework of your participating in my business trainings is GDPR, Article 6, § 1b.
A newsletter is planned in the long run. If you are registering for that, I process your personal data such as your name, email address etc. for sending purposes. As long as processing your personal data serves these purposes and happens with your agreement, the legal basis is GDPD Article 6 § 1a, and the legal basis for the data processing is CDPR Article 6 § 1f. I am saving just those data that I need for sending the newsletter and just as long as I need them for this purpose or until you decline your agreement in receiving the newsletter. A potential continuing saving of your personal data for other purposes (e.g., communication) remains independent from this.
3. Web Analytics
My websites do neither use google analytics, a web analytics service provided by the Google Ireland Limited, Gordon House, 4 Borrow St, Dublin 4, Ireland, nor the web analytics services of any other company.
For any Work HEART Training in an online-training format, held either in English or in German, that you booked as an individual group training at Work HEART Training or as a single person on the websites of my cooperation partners (e.g., a management training in German at the Chambers of Commerce and Industry, see ihk-weiterbildung.de) , I use the Zoom license account for Work HEART Training associated to the email box of work-heart-training.biz (that I am not using for any communication).
In the following sectios, I’ll inform you about how your personal data get processed when using Zoom in my online-trainings.
Zoom is a service of Zoom Video Communications, Inc. in 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113 (im Folgenden: Zoom). Zoom acts as a data processor for my single-woman business Work HEART Training according to GDPR, Article 28. I use Zoom for video conferences as well as online business trainings (called “meeting” in the following).
Participation in a Zoom meeting is possible by using a downloaded app or your web browser. If you visit the website zoom.us, Zoom is responsible for how your data and cookies are processed.
Collection of personal data
The extent to which your personal data get collected depends upon the information you give before participating in the meeting. As a participant you are able to decide whether to use the chat, camera, microphone, or everything. Participating in the group discussion and group exercises by using the camera and microphone is highly appreciated. The chat should be used in exceptional cases only.
In general, the following data get processed when using Zoom:
- personal data of the participants: forename, surname, phone number (optional), email address (optional), profile picture (optional), company and department (optional);
- data of the meeting: duration, start, ending, name and description of the meeting, planned date and time, chat status, IP addresses of the electric items used for participating in the meeting including further information (Mac address, Unique Device Identifier (UDID), unit type, system software and version, camera type, microphone or speaker, connection details etc.), the approximate position to get connected with the next Zoom computer centre;
- if using the phone dial-up: information about incoming and outbounding phone numbers, name of the country, start and ending time, audio protocolls and other information that get shared during using the services, p.r.n. IP addresses of the item used fot the dial-up;
- audio and video data, e.g., concercing the camera or the microphone, p.r.n. text files about chat, question or survey functions.
Extent of data processing
The data listed above are stored as long as it is required for conducting a business training and fulfilling all the services connected with that – unless there is a legally demanded longer rentention period or any law enforcement that is required to obey within the legal limitation periods.
In general, the meetings are not recorded. If meetings are not recorded, no data get saved accordingly by Zoom as the provider. If you use your own Zoom account to login for participation in a meeting, reports about meetings such as meeting data, data about the phone dial-up, questions and answers, survey functions etc. up to 1 month saved by Zoom. Personal data that are connected to the particpation in a meeting are processed in principle without imparting them to third parties.
I use Zoom in order to contact and communicate with customers. The legal basis for the data processing during online meetings is GDPR Article 6, § 1 lit.b since such meetings are required for ensuring compliance in case of your booking an online training.
The legal basis for processing the personal data that you give to me optionally, is in line with your agreement GDPR, Article 6, § 1 UA lit.a), 7.
Zoom is a service provided by a company from the US. Hence, the processing of your personal data will be executed also outside from the European Union. According to the provider, Zoom is processing data only in areas that either guarantee a certain level of protection according to the standards of the European Commission, or that implement appropriate security precautions for protecting your personal data. The legal basis for the conveyance of the meeting data to countries outside of the EU is the standard contractual between Zoom and myself of the European Commission (the so-called “Protect Data Processing Abbendum” comes into operation automatically once signing up for a Zoom account and fulfills the requirements of GDPR Article 28).
5. Data subject rights
According to GDPR Article 15, you have the right to get informed about how your personal data are processed and saved.
According to GDPR Article 16, you have the right of correcting or deleting any data concerning your person, which got processed incorretly.
According to GDPR Article 17, you have the right for demanding that your personal data get deleted if this is the case.
According to GDPR Article 18, you have the right for demanding that your personal data get processed in a restricted manner if one of the points listed above is the case.
According to GDPR Article 20, you have the right to get provided with any data concerning your person or to demand that such information gets delivered to a responsible other person.
You may complain about an incorrect processing of your personal data at the competent supervisory authority in question.
6. Right to recall
You may recall your p.r.n. agreeing in processing your personal data at any time, e.g., by sending me an email. It is lawfully legitim to process your personal data until your recall has been received.
7. Right to object
Insofar as my processing of your personal data is in line with GDPR Article 6, § 1f, you have still the right to object the processing of your personal data.
8. Data transfer
In framework of your booking a business training and me conducting it for you, I may need to transfer some of your personal data to others, e.g.,
- Shipping contractor (e.g., when sending flyers or magazins)
- Payment service provider (e.g. when demanding a payment)
- Print services (e.g. when printing your certificate of attendance)
I am not aiming at transferring your personal information to any third countries or international institutions, and if so, I would contact you in advance and ask for your agreement.