This privacy policy applies to the website www.jansorge.de and the services I provide online and in person. It was last updated on 23 January 2024.
1. Who is responsible for the processing of your personal data on this website?
Controller of the personal data pursuant to Article 4 (7) of the General Data Protection Regulation (GDPR):
Dr. Jan Sorge
Schönstedtstraße 7
12043 Berlin
Germany
js@jansorge.de
2. For which purposes do I process your personal data and on which legal basis?
a) Visiting my website
aa) Log data
When you visit my website, your browser automatically sends information to my server. I process this usage and log data such as:
for the following purposes:
Legal basis for this processing is Article 6 (1) (f) GDPR. My legitimate interest follows from the aforementioned purposes. The log data are automatically deleted after your browser session, at the latest after seven days – unless further storage is required for the aforementioned purposes.
bb) Cookies
For information about my use of cookies please see my Consent Management Platform which you may access by clicking the small icon at the bottom left corner of the website.
My use of necessary cookies is based on Article 6 (1) (f) GDPR in conjunction with Section 25 (2) no. 2 TTDSG.
I use statistical cookies only if you have given your consent on my website. Legal basis is Article 6 (1) (a) GDPR in conjunction with Section 25 (1) TTDSG. You may withdraw your consent at any time by clicking the small icon at the bottom left corner of the website.
Cookies are automatically erased after the expiry period listed in my Cookie Consent Management. Cookies which are based on your consent pursuant to Article 6 (1) (a) GDPR in conjunction with Section 25 (1) TTDSG are erased if you withdraw your consent.
Information on how to block or delete cookies on your device is available in my Cookie Consent Management.
cc) Web analytics with Matomo (formerly Piwik)
I use Matomo as a processor to analyse user behaviour on my website. Provider is InnoCraft Limited, 7 Waterloo Quay, PO Box 625, 6140 Wellington, New Zealand (hereinafter "Matomo"). When you visit my website, the following data is stored for me on Matomo's servers in the EU:
This data is used exclusively for the purpose of web analytics. The use of Matomo is based on Article 6 (1) (f) GDPR. I have a legitimate interest in analysing user behaviour in order to improve my website. I use Matomo without Cookies. You can opt-out of my use of Matomo here. In this way, a cookie is set on your system, which signals to my system not to save the user's data. If you delete the cookie from your system in the meantime, you will have to set the opt-out cookie again. The privacy policy of Matomo is available at https://matomo.org/matomo-cloud-privacy-policy/.
New Zealand is one of the countries that the EU considers to have an adequate level of data protection. This provides legal certainty for Art. 44 GDPR that your data does not go to a third country like the US even though Matomo is using AWS. Because no personal data is transferred to third countries, no SCC's are needed.
b) Contacting me
When you get in touch with me by email, phone or via a contact form on my website, I process the personal data you submit (e.g. name, email, phone, message) to respond to your request and, if applicable, for further correspondence.
Legal basis for this processing is Article 6 (1) (b) GDPR for requests within the scope of a contract or prior to a contract and Article 6 (1) (f) GDPR for other requests. My legitimate interest follows from the aforementioned purpose to respond to your request.
meetergo
I use meetergo as a processor to schedule online appointments. Provider is meetergo GmbH, Hansaring 61, 50670 Cologne, Germany (hereinafter "meetergo"). When you make an appointment with me online, the data you enter for this purpose is stored for me on meetergo's servers in Germany. In addition, meetergo briefly records your IP address, your referrer URL, the time of access and can determine that you have made an inquiry with me; this data is used exclusively for the technical provision of the service and is then automatically deleted again. The use of meetergo is based on Article 6 (1) (f) GDPR. I have a legitimate interest in making it as uncomplicated as possible to make appointments. If consent was requested, the processing is based exclusively on Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR; the consent can be withdrawn at any time. The privacy policy of meetergo is available at https://meetergo.com/datenschutz/.
c) Booking a breathwork session and other events on my website
I use Acuity Scheduling as a processor so you can book breathwork sessions and other events on my website. Provider is Squarespace Ireland Limited, Squarespace House, Ship Street Great, Dublin 8, D08N12C Ireland (hereinafter "Acuity Scheduling") with its parent company and sub-processor Squarespace, Inc., 225 Varick Street, 12th Floor, New York, NY 10014 United States. When you book breathwork sessions and other events on my website, the data you enter for this purpose is stored for me on Acuity Scheduling's servers as described in Acuity Scheduling's privacy policy which is available at https://www.squarespace.com/privacy. Your data may be transferred to countries like the United States that do not have the same data protection laws as the country in which you initially provided the information. For example, data that Acuity Scheduling stores may be accessible to law enforcement and national security authorities under certain circumstances. Unless such transfer is otherwise permitted under EU Data Protection Laws, Acuity Scheduling's transfers to a sub-processor in any country not recognized under EU Data Protection Laws as providing an adequate level of protection for personal data proceeds pursuant to the processor to processor (module 3) standard contractual clauses for the transfer of personal data to third countries pursuant to the GDPR and approved by the European Commission decision 2021/914, dated 4 June 2021 (or such other standard contractual clauses for the transfer of personal data to third countries that are recognized under the applicable EU Data Protection Laws in the EEA, UK or Switzerland). Any transfer of data to Squarespace, Inc. in the U.S. is covered by an adequacy decision of the European Commission of 10 July 2023 within the meaning of Article 45 GDPR as Squarespace, Inc. has undertaken to comply with the principles of the EU-US Data Privacy Framework. The use of Acuity Scheduling is based on Article 6 (1) (f) GDPR. I have a legitimate interest in making it as uncomplicated as possible to book breathwork sessions and other events. If consent was requested, the processing is based exclusively on Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR; the consent can be withdrawn at any time.
You do not have to use Acuity Scheduling to book breathwork sessions or other events on my website. Alternatively, please send me an email and I will sign you up.
d) Using my services
When you use my services, I process the necessary personal data based on Article 6 (1) (b) GDPR.
If I process data concerning health or other special categories of personal data pursuant to Article 9 (1) GDPR, this processing is based on your consent pursuant to Article 9 (2) (a) GDPR. The consent can be withdrawn at any time.
e) Marketing messages
aa) Newsletter
I will only send you my email newsletter with information about my activities and invitations to upcoming events if you have given your prior consent pursuant to Article 6 (1) (a) GDPR. You may unsubscribe at any time, for example by using the link at the end of each marketing email or by email to js@jansorge.de.
If you subscribe to my newsletter, the data submitted in the form will be transmitted to me. The registration for my newsletter takes place in a so-called double opt-in procedure. This means that after registration, you will receive an email in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other people’s email. When registering for the newsletter, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the email address of the person concerned. The data is not passed on to third parties. An exception exists if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. You can unsubscribe from the newsletter and withdraw your consent to the storage of your personal data at any time. For this purpose, an unsubscribe link can be found in each marketing email. Legal basis for the processing of the data after registration for the newsletter is your consent pursuant to Article 6 (1) (a) GDPR.
Rapidmail
I use Rapidmail as a processor to send newsletters. The provider is rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. Among other things, Rapidmail is used to organize and analyze the dispatch of newsletters. The data you enter for the purpose of receiving the newsletter is stored for me on Rapidmail’s servers in Germany. If you do not want any analysis by Rapidmail, you must unsubscribe from the newsletter. For this purpose, I provide an unsubscribe link in every marketing email. For the purpose of analysis, the emails sent with Rapidmail contain a so-called tracking pixel, which connects to the servers of Rapidmail when the email is opened. In this way, it can be determined whether a newsletter message has been opened. Furthermore, with the help of Rapidmail, I can determine whether and which links in the newsletter message are clicked. All links in the email are so-called tracking links, with which your clicks can be counted. Legal basis for the data processing is Article6 (1) (a) GDPR. The recipient of the data is rapidmail GmbH. There is no transmission of data to third countries outside the EU.
Rapidmail’s Privacy Policy is available at https://www.rapidmail.at/datenschutz . More details on data security and Rapidmail’s analysis functions are available at https://www.rapidmail.de/datensicherheit and https://www.rapidmail.de/wissen-und-hilfe.
bb) Existing customers
If you have already used my paid services as a client, I may inform you by email or letter about similar services of mine if you have not objected to this. Legal basis for this processing is Article 6 (1) (f) GDPR in conjunction with Section 7 (3) of the Act against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb – UWG). My legitimate interest follows from the aforementioned purpose of direct marketing (cf. Recital 47 GDPR).
You may object to the use of your email or postal address for marketing purposes at any time without additional costs, for example by using the link at the end of each marketing email or by email to js@jansorge.de.
f) Other purposes
If necessary, I may process personal data for other purposes, in particular:
Legal basis for this processing is Article (6) (1) (f) GDPR. MY legitimate interest follows from the aforementioned purposes.
3. Who gets access to your personal data?
I do not pass on personal data to third parties except where
In particular, your personal data can be passed on if you consent to the use of analytics cookies. For more details, please see 2. a) bb) above.
I may use service providers (for example companies in the IT services, telecommunications, and marketing industries) as processors. These service providers may also receive data as processors for me if this is permissible under data protection law.
4. How long do I store your personal data?
I erase your personal data when it is no longer needed for the purpose for which it was originally collected.
I process your personal data for the duration of our business relationship if necessary.
After expiry of relevant retention and documentation obligations as well as relevant statutory limitation periods, I delete the data.
I am subject to various storage and documentation obligations which may arise, among other things, from the Commercial Code (Handelsgesetzuch – HGB) and the Fiscal Code (Abgabenordnung – AO). The retention and documentation periods specified there are 6 years for correspondence in connection with the conclusion of a contract and 10 years for accounting documents pursuant to Sections 238, 257 (1) and (4) HGB, Section 147 (1) and (3) AO.
Statutory limitation periods are, for example, generally 3 years, but they can, in certain cases, be up to 30 years pursuant to Sections 195 et seq. of the Civil Code (Bürgerliches Gesetzbuch – BGB).
Log data and cookies are deleted within the periods specified in 2. a) aa) and bb) above.
5. Which data protection rights do you have?
You have the following rights regarding your personal data processed by me:
Where the processing of your personal data is based on legitimate interests pursuant to Article 6 (1) (f) GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR if there are reasons for this arising from your particular situation pursuant to Article 21 (1) GDPR or where your personal data are processed for direct marketing purposes pursuant to Article 21 (2) GDPR. In the latter case, you have a general right to object – without the need to specify any reasons for your objection.
Where the processing of your personal data is based on your consent pursuant to Article 6 (1) (a) GDPR, you have the right to withdraw your consent at any time pursuant to Article 7 (3) GDPR. As a result, I cannot continue processing your personal data based on this consent in the future.
To assert these rights, you may contact us by email to js@jansorge.de or under the contact details in 1. above.
Irrespective of these rights, you also have the right to lodge a complaint with a supervisory authority – in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement – if you consider that the processing of your personal data infringes applicable data protection regulations (Article 77 GDPR in conjunction with Section 19 BDSG).
