(This is a translation from the German original. Should there be differences, the content of the German original version applies.)

Privacy policy

The protection of your personal data is very important to me. I only process your data on the basis of the respective laws (EU GDPR – EU general data prtection legislation, Austrian telecommunications law 2003). In this privacy statement I inform you about the most important aspects of data processing within my website.

The following personal data are processed by Mag. Julia Felberbauer – Energy Sessions:

1. Settlement of payments, accounting

1.1. Description and scope of data processing

In order to book an Emotion Code session with me, you have the option to book via the PayPal button on this website, or to pay by bank transfer.

1.1.1. Payment via PayPay button

Please note that for the purpose of booking Emotion Code sessions, a purchase button of the payment service provider PayPal (Europe) S.à r.l. et Cie, (S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) is used. I have concluded a data processing agreement (DPA) with this third party.

By clicking the button, you will be redirected to the page of PayPal, where you must log in to process the payment or open a PayPal account. Information on the personal data that PayPal processes when visiting its website and during the payment process can be found here: https://www.paypal.com/us/webapps/mpp/ua/privacy-full (alternatively, please consult PayPal’s privacy policy for your country of residence.)

I will process the following of your personal data: name, address, phone number (if provided), e-mail address used for PayPal payment, date of booking, amount of payment, number of booked sessions.

1.1.2. Payment by bank transfer

I process the following personal data: name, address, bank details, date of booking, amount of payment, number of booked sessions.

1.2. Legal basis of data processing

The legal basis for the processing of this data is Art. 6 (1) lit. b and c GDPR:
(1) Processing shall be lawful only if and to the extent that at least one of the following applies: (…) (b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (c) processing is necessary for compliance with a legal obligation to which the controller is subject;”1

1.3. Purpose of data processing

Receipt of payments, bookkeeping, creation and sending of receipt.

1.4. Affected group of persons

customers

1.5. Duration of storage

7 years (and beyond this period, as long as the documents are relevant to the tax authority in a pending case). Legal basis: taxation duty according to § 132 Abs 1 BAO (Austrian Federal Tax Law) https://www.ris.bka.gv.at/GeltendeFassung.wxe?Abfrage=Bundesnormen&Gesetzesnummer=10003940)

1.6. Option to object to data processing and to demand deletion of data

The processing of the above data is mandatory for the accounting of a company and the fulfillment of its tax obligations. Consequently, the user does not have the option to object the processing of this data or to demand its deletion.

2. Newsletter

2.1. Description and scope of data processing

On my website, you can subscribe to a free newsletter. The newsletter is distributed via “MailChimp”, a newsletter shipping platform of Rocket Science Group, LLC, 675 Ponce De Leon Ave # 5000, Atlanta, GA 30308, USA.

I have concluded a corresponding contract data processing agreement with the provider.

To subscribe to the newsletter, I need your e-mail address and your declaration that you agree to receive the newsletter. Once you have subscribed to the newsletter, I will send you a confirmation email with a link to confirm the registration.

2.2. Legal basis of data processing

Art. 6 para. 1 lit. a GDPR: “(1) Processing shall be lawful only if and to the extent that at least one of the following applies: (a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;”

2.3. Purpose of data processing

Operation of a newsletter

2.4. Affected group of persons

Newsletter subscribers

2.5. Duration of storage

Until the termination of subscription to the newsletter by the subscriber

2.6. Option to object to data processing and to demand deletion of data

Newsletters are only sent to persons who have registered via the corresponding registration form on this website. The deregistration takes place through the unsubscribe link contained in each newsletter or by an e-mail to me (booksession (at) energysessions.at). I will then immediately delete your data connected with the newsletter dispatch.

3. Correspondence with interested parties

3.1. Description and scope of data processing

If you contact me by e-mail (booksession (at) energysessions.at), your data will be stored with me for six months to process the request and in case of follow-up questions. I will not share your data without your consent.

My e-mail inbox is provided by my hosting provider (hosttech GmbH, Warwitzstr. 9, 5020 Salzburg, Austria), who not only processes the name, e-mail address, content of the e-mail, but also the IP address and e-mail service provider of the sender. I have concluded a data processing agreement with the hosting provider.

3.2. Legal basis of data processing

Art. 6 para. 1 lit. b GDPR:

(1) Processing shall be lawful only if and to the extent that at least one of the following applies: (…) (b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;”

3.3. Purpose of data processing & affected group of persons

Answering inquiries from interested parties and others

3.4. Duration of storage

6 months

3.5. Option to object to data processing and to demand deletion of data

The affected person can contact me any time by e-mail (booksession (at) energysessions.at) and request the deletion of the above mentioned data.

4. Providing this website

4.1. Description and scope of data processing

Whenever my website is accessed, the system provided by the hosting provider (hosttech GmbH, Warwitzstrasse 9, 5020 Salzburg, Austria) automatically collects data and information from the computer system of the computer that is accessing the website.

The following data is collected here:
    1. Information about the browser type and version used
    2. The operating system of the user
    3. The Internet service provider of the user
    4. The IP address of the user
    5. Date and time of access
    6. Websites from which the system of the user reaches our website
    7. Websites accessed by the user’s system through our website

The data is also stored in the logfiles of the system of the hosting provider. I’ve signed a data processing contract with the hosting provider.

4.2. Legal basis of data processing

Art. 6 para. 1 lit. f GDPR: “(1) Processing shall be lawful only if and to the extent that at least one of the following applies: (…) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”

Regarding my legitimate interests: The temporary storage of the IP address by the system of the hosting provider is necessary to allow delivery of the website to the computer of the user. To do this, the user’s IP address must be kept for the duration of the session. Storage in log files is done to ensure the functionality of the website.

4.3. Purpose of data processing

Stable and reliable delivery of this website

4.4. Affected groups of people

Visitors to this website

4.5. Duration of storage

The data is stored for 1 year.

4.6. Option to object to data processing and to demand deletion of data

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.

5. Client care, correspondence with clients

5.1. Description and scope of data processing

When booking an Emotion Code session, my clients contact me via email to inform me about the personal concerns they wish to have a session about. I conduct the sessions, send session reports, correspond with clients about the session, and maintain a client directory.

I. The following personal data are processed:

Name, age, e-mail address, date and time of the e-mail.

II: The following sensitive data are also processed: personal request for the session, other personal communication related to the session.

III: My hosting provider (hosttech GmbH, Warwitzstrasse 9, 5020 Salzburg, Austria) also processes the sender’s IP address and e-mail service provider via the data transmitted via e-mail. I have concluded a data processing agreement with the hosting provider.

5.2. Legal basis of data processing

With regard to the data categories in points I and II:

Art. 6 para. 1 lit. b and c GDPR: (1) Processing shall be lawful only if and to the extent that at least one of the following applies: (…) (b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (c) processing is necessary for compliance with a legal obligation to which the controller is subject;”

Explanation regarding c): § 3 of the Austrian rules of ethics for energy workers (“Standesregeln der Humanenergetiker”) prescribe the keeping of client records; this is to be retained for seven years.

Regarding the data categories in item III:
Art. 6 para. 1 lit. f GDPR: “(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”

Explanation regarding f): There is a “legitimate interest” in that the processing of the sender’s IP address and email service provider is necessary to provide an e-mail service.

5.3. Purpose of data processing

Receiving session orders, conducting Emotion Code sessions, creating and sending session reports, creating a client and session directory, creating client records, receiving customer feedback on sessions, and providing an e-mail service to this company.

5.4. Affected groups of people

clients

5.5. Duration of storage

7 years

5.6. Option to object to data processing and to demand deletion of data

Since there is a legal obligation for me to lead a client’s act, there is no possibility of contradiction during this time. After that the data will be deleted.
Concerning IP address and e-mail service provider of the sender: 7 years, as the retention periods regarding the obligation to keep a client record are applicable here and IP addresses etc. cannot be deleted separately from the content of the e-mails which are part of the client record. Therefore, no right of objection is given during this time.

6. Cookies

6.1. Description and scope of data processing

My website uses so-called cookies. These are small text files that are stored on your device using the browser. They do no harm.

I use cookies to make my offer user-friendly. Some cookies remain stored on your device until you delete them. They allow me to recognize your browser on your next visit.

When you visit my website, you are informed about the use of cookies and your consent to the processing of the personal data used in this context is obtained. In this context, there is also a reference to this privacy policy.

If you do not want to use cookies, you can set up your browser so that it informs you about the use of cookies and you only allow this in individual cases.

Disabling cookies may limit the functionality of my site.

6.2. Legal basis of data processing

The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) lit. f GDPR:
(1) Processing shall be lawful only if and to the extent that at least one of the following applies: (…) (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”

6.3. Purpose of data processing

The purpose of using technically necessary cookies is to facilitate the use of the website for users. In this purpose lies my legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 lit. f GDPR.

6.4. Affected groups of people

Visitors to my website

6.5. Duration of storage, option to object to data processing and to demand deletion of data

Cookies are stored on the user’s computer and transmitted by it to my site. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies.

Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for my website, it may not be possible to fully use all features of the website.

7. Web analysis tools

This website uses web analytics services that use cookies that allow an analysis of the use of the website by its users.

7.1. Web Analysis Tool: WP Security Audit Log Plugin

7.1.1. Description and scope of data processing

My Web site uses features of the Web analytics service “WP Security Audit Log Plugin” (by Kypri Ltd, Company Number SC514191, 42 Charlotte Square, Edinburgh, EH2 4HQ, United Kingdom, www.wpsecurityauditlog.com; data is only stored in the database of this (i.e. my) website, there is no transmission to third parties). For this purpose, cookies are used that allow an analysis of the use of the website by its users. IP addresses of website visitors and visited pages are stored, as well as actions of logged in users (in this case only mine). A listing of all stored data can be found here: https://www.wpsecurityauditlog.com/policy-notice/#plugin_notice
You can prevent this by setting up your browser so that no cookies are stored.

7.1.2. Legal basis
The legal basis for the processing of personal data using cookies for purposes of analysis is Article 6 (1) lit. a GDPR, provided that the user has consented to this.

7.1.3. Purpose of data processing
The use of the analysis cookies is for the purpose of improving the quality of my website and its contents. Through the analysis cookies, I learn how the website is used and can optimize my offer constantly.

7.1.4. storage time

Concerning the data stored by “WP Security Audit Log Plugin” in the database of my website: 1 year
Concerning cookies: see item 7.5.

7.1.5. Duration of storage, option to object to data processing and to demand deletion of data

Cookies are stored on the user’s computer and transmitted by it to my site. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies.

Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for my website, it may not be possible to fully use all features of the website.

The data stored in the log files can not be deleted on your objection, as it is not possible to delete individual entries.

Your rights

You are entitled in principle to information, correction, deletion, restriction, data portability, revocation and objection, with the exceptions mentioned in this declaration. If you believe that the processing of your data violates data protection law or if your data protection claims have otherwise been violated in a way, you can complain to the supervisory authority. In Austria, this is the data protection authority (“Datenschutzbehörde”).

Changes to the privacy policy
This privacy policy may be changed by me from time to time. Your use of this site after changing this Privacy Policy constitutes your acceptance of these changes.

You can reach me under the following contact details:
Mag. Julia Felberbauer, Neufelderstraße 10b / 12, 4030 Linz, booksession (at) energysessions.at, + 43-650-2005300 (please contact by e-mail)

Last updated: 28th May 2018

Sources
I have used the following sources for the creation of my privacy policy and supplemented or adapted them accordingly:
– Privacy policy of the site datenschmutz.net https://datenschmutz.net/datenschutz/
– Model for the fulfillment of data protection obligations for websites of the Austrian Federal Economic Chamber

For the translation of the German original of this privacy policy, I have used Google Translate.
Article 6 GDPR, which is mentioned in this privacy policy, can be found here: https://gdpr-info.eu/art-6-gdpr/