1. Who is responsible for the processing of your personal data on this website?
Controller of the personal data pursuant to Article 4 (7) of the General Data Protection Regulation (GDPR):
Dr. Jan Sorge
2. For which purposes do I process your personal data and on which legal basis?
a) Visiting my website
aa) Log data
When you visit my website, your browser automatically sends information to my server. I process this usage and log data such as:
for the following purposes:
Legal basis for this processing is Article 6 (1) (f) GDPR. My legitimate interest follows from the aforementioned purposes. The log data are automatically deleted after your browser session, at the latest after seven days – unless further storage is required for the aforementioned purposes.
My use of necessary cookies is based on Article 6 (1) (f) GDPR in conjunction with Section 25 (2) no. 2 TTDSG.
I use statistical cookies only if you have given your consent on my website. Legal basis is Article 6 (1) (a) GDPR in conjunction with Section 25 (1) TTDSG. You may withdraw your consent at any time by clicking the small icon at the bottom left corner of the website.
Cookies are automatically erased after the expiry period listed in my Cookie Consent Management. Cookies which are based on your consent pursuant to Article 6 (1) (a) GDPR in conjunction with Section 25 (1) TTDSG are erased if you withdraw your consent.
Information on how to block or delete cookies on your device is available in my Cookie Consent Management.
cc) Web analytics with Matomo (formerly Piwik)
I use Matomo as a processor to analyse user behaviour on my website. Provider is InnoCraft Limited, 7 Waterloo Quay, PO Box 625, 6140 Wellington, New Zealand (hereinafter "Matomo"). When you visit my website, the following data is stored for me on Matomo's servers in the EU:
New Zealand is one of the countries that the EU considers to have an adequate level of data protection. This provides legal certainty for Art. 44 GDPR that your data does not go to a third country like the US even though Matomo is using AWS. Because no personal data is transferred to third countries, no SCC's are needed.
b) Contacting me
When you get in touch with me by email, phone or via a contact form on my website, I process the personal data you submit (e.g. name, email, phone, message) to respond to your request and, if applicable, for further correspondence.
Legal basis for this processing is Article 6 (1) (b) GDPR for requests within the scope of a contract or prior to a contract and Article 6 (1) (f) GDPR for other requests. My legitimate interest follows from the aforementioned purpose to respond to your request.
c) Booking a breathwork session and other events on my website
You do not have to use Acuity Scheduling to book breathwork sessions or other events on my website. Alternatively, please send me an email and I will sign you up.
d) Using my services
When you use my services, I process the necessary personal data based on Article 6 (1) (b) GDPR.
If I process data concerning health or other special categories of personal data pursuant to Article 9 (1) GDPR, this processing is based on your consent pursuant to Article 9 (2) (a) GDPR. The consent can be withdrawn at any time.
e) Marketing messages
I will only send you my email newsletter with information about my activities and invitations to upcoming events if you have given your prior consent pursuant to Article 6 (1) (a) GDPR. You may unsubscribe at any time, for example by using the link at the end of each marketing email or by email to email@example.com.
If you subscribe to my newsletter, the data submitted in the form will be transmitted to me. The registration for my newsletter takes place in a so-called double opt-in procedure. This means that after registration, you will receive an email in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other people’s email. When registering for the newsletter, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the email address of the person concerned. The data is not passed on to third parties. An exception exists if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. You can unsubscribe from the newsletter and withdraw your consent to the storage of your personal data at any time. For this purpose, an unsubscribe link can be found in each marketing email. Legal basis for the processing of the data after registration for the newsletter is your consent pursuant to Article 6 (1) (a) GDPR.
I use Rapidmail as a processor to send newsletters. The provider is rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. Among other things, Rapidmail is used to organize and analyze the dispatch of newsletters. The data you enter for the purpose of receiving the newsletter is stored for me on Rapidmail’s servers in Germany. If you do not want any analysis by Rapidmail, you must unsubscribe from the newsletter. For this purpose, I provide an unsubscribe link in every marketing email. For the purpose of analysis, the emails sent with Rapidmail contain a so-called tracking pixel, which connects to the servers of Rapidmail when the email is opened. In this way, it can be determined whether a newsletter message has been opened. Furthermore, with the help of Rapidmail, I can determine whether and which links in the newsletter message are clicked. All links in the email are so-called tracking links, with which your clicks can be counted. Legal basis for the data processing is Article6 (1) (a) GDPR. The recipient of the data is rapidmail GmbH. There is no transmission of data to third countries outside the EU.
bb) Existing customers
If you have already used my paid services as a client, I may inform you by email or letter about similar services of mine if you have not objected to this. Legal basis for this processing is Article 6 (1) (f) GDPR in conjunction with Section 7 (3) of the Act against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb – UWG). My legitimate interest follows from the aforementioned purpose of direct marketing (cf. Recital 47 GDPR).
You may object to the use of your email or postal address for marketing purposes at any time without additional costs, for example by using the link at the end of each marketing email or by email to firstname.lastname@example.org.
f) Other purposes
If necessary, I may process personal data for other purposes, in particular:
Legal basis for this processing is Article (6) (1) (f) GDPR. MY legitimate interest follows from the aforementioned purposes.
3. Who gets access to your personal data?
I do not pass on personal data to third parties except where
In particular, your personal data can be passed on if you consent to the use of analytics cookies. For more details, please see 2. a) bb) above.
I may use service providers (for example companies in the IT services, telecommunications, and marketing industries) as processors. These service providers may also receive data as processors for me if this is permissible under data protection law.
4. How long do I store your personal data?
I erase your personal data when it is no longer needed for the purpose for which it was originally collected.
I process your personal data for the duration of our business relationship if necessary.
After expiry of relevant retention and documentation obligations as well as relevant statutory limitation periods, I delete the data.
I am subject to various storage and documentation obligations which may arise, among other things, from the Commercial Code (Handelsgesetzuch – HGB) and the Fiscal Code (Abgabenordnung – AO). The retention and documentation periods specified there are 6 years for correspondence in connection with the conclusion of a contract and 10 years for accounting documents pursuant to Sections 238, 257 (1) and (4) HGB, Section 147 (1) and (3) AO.
Statutory limitation periods are, for example, generally 3 years, but they can, in certain cases, be up to 30 years pursuant to Sections 195 et seq. of the Civil Code (Bürgerliches Gesetzbuch – BGB).
Log data and cookies are deleted within the periods specified in 2. a) aa) and bb) above.
5. Which data protection rights do you have?
You have the following rights regarding your personal data processed by me:
Where the processing of your personal data is based on legitimate interests pursuant to Article 6 (1) (f) GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR if there are reasons for this arising from your particular situation pursuant to Article 21 (1) GDPR or where your personal data are processed for direct marketing purposes pursuant to Article 21 (2) GDPR. In the latter case, you have a general right to object – without the need to specify any reasons for your objection.
Where the processing of your personal data is based on your consent pursuant to Article 6 (1) (a) GDPR, you have the right to withdraw your consent at any time pursuant to Article 7 (3) GDPR. As a result, I cannot continue processing your personal data based on this consent in the future.
To assert these rights, you may contact us by email to email@example.com or under the contact details in 1. above.
Irrespective of these rights, you also have the right to lodge a complaint with a supervisory authority – in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement – if you consider that the processing of your personal data infringes applicable data protection regulations (Article 77 GDPR in conjunction with Section 19 BDSG).