Privacy Policy
1. Data protection at a glance
General information
The following notes give you a simple overview of what happens to your personal data when you visit my website. Personal data includes all data that can be used to identify you personally. In this privacy policy, I explain which data I collect, how I use it and for what purpose.
Data collection on this website
Who is responsible for data collection on this website?
I, as the operator of this site, am responsible for data processing on this website. You can find my contact details in the section “Information about the controller”.
How do I collect your data?
On the one hand, your data is collected because you provide it to me, for example by filling out a contact form or sending me a message. Other data is collected automatically or after you have given your consent when you visit the website by my IT systems (e.g. browser type, operating system, time of page access). This collection takes place automatically as soon as you enter my website.
What do I use your data for?
Part of the data is collected to ensure that the website is provided in a technically error‑free and secure manner. Other data can be used for statistical analysis of your user behavior or – if contracts are initiated or concluded via the website – for processing inquiries, offers and for fulfilling contracts.
What rights do you have regarding your data?
You have the right at any time to obtain information free of charge about the origin, recipients and purpose of your stored personal data. You can also request the correction, deletion or restriction of the processing of this data. If you have given me consent to process data, you can revoke this consent at any time with effect for the future. You also have the right to lodge a complaint with the competent supervisory authority. For this and for further questions on the subject of data protection, you can contact me at any time.
Analytics tools and tools from third‑party providers
When you visit this website, your surfing behavior may be statistically evaluated. This can be done in particular through cookies and analytics programs used.
2. Hosting
WIX
I host my website with the provider Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel (“WIX”). WIX is a website building and hosting service that enables me to create and provide my online offering.
When you visit my website, WIX analyzes, among other things, user behavior, visitor sources, the region of website visitors and visitor numbers; WIX also sets cookies that are absolutely necessary for the display of the website and for security (necessary cookies). The data collected by WIX may be stored on various servers worldwide, including in the USA.
You can find more information in WIX’s privacy policy:
https://de.wix.com/about/privacy
According to its own statements, WIX bases data transfers to third countries on EU standard contractual clauses or comparable safeguards in accordance with Art. 46 GDPR. I use WIX on the basis of my legitimate interest in the most reliable possible presentation of this website (Art. 6(1)(f) GDPR); insofar as I ask for your consent, the legal basis is Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG.
For the use of Wix, the data protection and data processing terms provided by Wix apply.
3. General notes and mandatory information
Data protection
I take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. Please note that data transmission on the internet (e.g. when communicating by email) can have security gaps and that complete protection of data against access by third parties is not possible.
Information about the controller
The controller responsible for data processing on this website is:
Sofiya Yakovenko
Sofiya’s Vocal Coaching
Bulgenbachweg 7
13465 Berlin
Email: sofiyas.vocal.coaching@gmail.com
The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.
Storage period
Unless a more specific storage period is stated in this privacy policy, I store your personal data only as long as the respective processing purpose requires. If statutory retention periods (e.g. under commercial or tax law) become relevant, I delete the data after the expiry of these periods.
Legal bases of data processing
If I obtain your consent for processing operations, the legal basis is Art. 6(1)(a) GDPR (or Art. 9(2)(a) GDPR for special categories of data); in the case of explicit consent to data transfers to third countries, additionally Art. 49(1)(a) GDPR. If processing is necessary for the performance of a contract or for taking steps prior to entering into a contract, it is carried out on the basis of Art. 6(1)(b) GDPR; for the fulfilment of legal obligations on the basis of Art. 6(1)(c) GDPR; and for the protection of my legitimate interests on the basis of Art. 6(1)(f) GDPR.
Recipients of personal data
In the course of my business activities, I work with external service providers and transmit personal data only insofar as this is permitted for the performance of contracts, for compliance with legal obligations, on the basis of a legitimate interest pursuant to Art. 6(1)(f) GDPR or based on your consent. With processors, I conclude processing contracts that oblige them to process data in compliance with the GDPR.
Rights of withdrawal and objection
You can revoke consent you have given to me at any time with effect for the future. In addition, pursuant to Art. 21 GDPR you have the right, on grounds relating to your particular situation, to object to the processing of your personal data where it is based on Art. 6(1)(e) or (f) GDPR, and separately to object to the use of your data for direct marketing purposes.
Further data subject rights
You have the right to lodge a complaint with the competent supervisory authority, the right to data portability and the rights of access, rectification, erasure and restriction of processing of your personal data.
SSL and TLS encryption
For security reasons and to protect the transmission of confidential content (e.g. inquiries via contact forms), my website uses SSL or TLS encryption. You can recognize an encrypted connection by “https://” and the lock symbol in your browser’s address bar.
4. Data collection on this website
Cookies
My websites use so‑called “cookies”. Cookies are small data packets that do not cause any damage on your device. They are stored either temporarily for the duration of a session (“session cookies”) or permanently (“persistent cookies”) on your device. Session cookies are automatically deleted at the end of your visit. Persistent cookies remain stored on your end device until you delete them yourself or your web browser performs an automatic deletion.
Cookies can originate from me as the website operator (first‑party cookies) or from third‑party companies (so‑called third‑party cookies). Third‑party cookies enable, for example, the integration of certain services from third‑party providers within my website (such as reach measurement, the display of external content or the processing of payment services). Depending on their function, I distinguish technically necessary cookies, functional or comfort cookies, statistics cookies and marketing/tracking cookies.
Technically necessary cookies are those without which my website would not function properly. These include, for example, cookies that technically enable the shopping cart or bookings, save your cookie settings, keep you logged in to the login area or support security functions. I use these cookies on the basis of my legitimate interest in the technically error‑free and optimized provision of my website (Art. 6(1)(f) GDPR), unless another legal basis is specified.
Beyond this, I can use cookies – only with your consent – that go beyond purely technical operation. Functional or comfort cookies, for example, help me to save your settings (such as language, displayed content or already completed fields) to enable you to use the site more comfortably. Statistics cookies are used to evaluate user behavior on my website (e.g. which pages are visited how frequently, how long visits last) so that I can continuously improve my offering. Marketing and tracking cookies can be used to display content and advertising tailored to you or to measure the success of advertising campaigns; they are set partly by me and partly by integrated third‑party providers.
Where I obtain your consent for these non‑necessary cookies and comparable recognition technologies, processing is carried out exclusively on the basis of your consent (Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG). You can revoke your consent at any time with effect for the future by calling up the cookie settings again via the consent tool provided or adjusting your browser settings accordingly.
You can set your browser so that you are informed about the setting of cookies, allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate or restrict cookies, the functionality of my website may be impaired; in particular, certain services, functions or displays may then no longer be fully usable.
Website server and log files
When you access my website, the server automatically collects and stores information in so‑called log files. These may include:
-
IP address of your device
-
Date and time of access
-
Name and URL of the retrieved file
-
Website from which access is made (referrer URL)
-
Browser used and operating system
-
Name of your access provider
I process this data in order to ensure the secure and stable operation of the website, to ward off attacks, to rectify faults and to evaluate access technically (Art. 6(1)(f) GDPR). The log files are regularly anonymized or deleted as soon as they are no longer required for the purposes mentioned, unless longer storage is necessary in individual cases (e.g. to clarify cases of misuse).
Contact form
If you send me an inquiry via a contact form, I store your details, including the contact data you provide, for the purpose of processing your inquiry and for possible follow‑up questions. I do not pass on this data without your consent.
The legal basis is Art. 6(1)(b) GDPR, insofar as your inquiry is related to a contract or pre‑contractual measures; otherwise, my legitimate interest in efficient processing of incoming inquiries (Art. 6(1)(f) GDPR) or your consent under Art. 6(1)(a) GDPR.
Inquiries by email, telephone or fax
If you contact me by email, telephone or fax, I process your inquiry and all related personal data (e.g. name, contact details, content of the inquiry) in order to handle your concern. I do not pass on this data to third parties without your consent.
Processing takes place on the basis of Art. 6(1)(b) GDPR insofar as your inquiry is related to the performance of a contract or is necessary for pre‑contractual measures. In all other cases, processing is based on my legitimate interest in the effective processing of incoming inquiries (Art. 6(1)(f) GDPR) or – if I request it – on your consent under Art. 6(1)(a) GDPR; you can revoke consent given at any time with effect for the future.
I store the data from your inquiry until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your concern has been fully processed). Statutory retention periods remain unaffected.
Comment function on this website
If you leave a comment on my website, I store, in addition to your comment, details of the time of creation, your email address and – if you do not comment anonymously – the username you selected. I need this information to be able to assign comments and to respond to you if I have any questions.
Storage of IP address
My comment function also stores the IP address of users who write comments. This is because I do not check comments individually before activation. I need the IP address in order to be able to take action against the author in the event of legal violations (e.g. insults, criminal content, unauthorized advertising) or abusive use of my comment function and to provide evidence of the incident to authorities.
Storage period for comments
Comments and the associated data (e.g. IP address, email address, time, username) generally remain on my website until the content to which they relate is completely deleted or the comment has to be removed for legal reasons (e.g. in the case of unlawful content) or you request deletion. Statutory retention obligations or overriding legitimate interests may in individual cases lead to longer storage.
Legal basis
Storage and processing of your comments is usually based on your consent (Art. 6(1)(a) GDPR), which you give by submitting the comment. You can revoke consent given at any time with effect for the future; the lawfulness of processing up to the revocation remains unaffected. Insofar as I store comments and the associated data to defend legal claims, pursue legal violations or ensure the proper operation of my website, processing is also based on my legitimate interest within the meaning of Art. 6(1)(f) GDPR.
5. Social media
On my website I link to my profile on Instagram and partly embed content (e.g. feed or posts) from Instagram. The provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
If you click on the Instagram link, you leave my website and the privacy policies of Instagram or Meta apply.
When you call up pages with embedded Instagram content, a direct connection to Meta’s servers may be established. Personal data, in particular technical usage data such as IP address, browser information and information about accessing the relevant page, may be transmitted to Meta. If you are also logged in to Instagram, Meta can assign the visit to your user account.
I do not have full control over data processing by Meta. This is carried out under Meta’s own responsibility in accordance with its privacy policies.
You can find more information here:
https://privacycenter.instagram.com/policy
Insofar as cookies or comparable technologies are used for the integration of Instagram content or content is not technically necessary, this integration is carried out solely on the basis of your consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. You can revoke consent given at any time with effect for the future.
6. Newsletter
Newsletter data
If you would like to receive the newsletter offered on my website, I need a valid email address from you and information that allows me to verify that you are the owner of the specified email address and agree to receive the newsletter (e.g. double‑opt‑in procedure with confirmation link). No further personal data is collected or only on a voluntary basis (e.g. name, date of birth, areas of interest), provided you have provided it to personalize the newsletter.
I use this data exclusively for sending the requested newsletter content (e.g. information about my vocal coaching services, dates, online courses, tips and events) and do not generally pass it on to third parties. An exception is technical service providers, in particular Wix.com Ltd., through whom the newsletter is sent. These process personal data on my behalf.
You can find more information in Wix’s privacy policy:
https://de.wix.com/about/privacy
Processing of the data entered in the newsletter registration form is carried out exclusively on the basis of your explicit consent (Art. 6(1)(a) GDPR). You can revoke your consent to the storage of your data, your email address and its use for sending the newsletter at any time, for example via the “unsubscribe” link at the end of each newsletter email or by contacting me. The revocation does not affect the lawfulness of data processing carried out prior to the revocation.
The data you provide for the purpose of receiving the newsletter remains stored by me or the newsletter service provider used, if applicable, until you unsubscribe from the newsletter or I discontinue the newsletter service or the purpose of data storage no longer applies. Data stored by me for other purposes (e.g. from previous contracts or inquiries) remains unaffected.
After you unsubscribe from the newsletter, I may store your email address with me or the newsletter service provider in a so‑called blacklist in order to prevent future newsletter mailings to this address and to block renewed registrations with the same address. The data in the blacklist is used exclusively for this purpose and is not merged with other data sets. This serves both your and my interest in complying with statutory requirements for newsletter mailing (legitimate interest under Art. 6(1)(f) GDPR). Storage in the blacklist is not limited in time. You can object to storage if your interests outweigh my legitimate interest.
7. Plugins and tools
YouTube with enhanced privacy mode
I embed videos from the YouTube platform on my website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
I use YouTube in enhanced privacy mode. According to YouTube, views of such embedded videos are not used to personalize surfing on YouTube. Nevertheless, when a page with an embedded YouTube video is accessed or at the latest when the video is played, a connection to YouTube’s or Google’s servers may be established. In doing so, personal data and information about your usage behavior may be processed.
I do not have full control over data processing by YouTube or Google. Google’s privacy policies apply.
Further information can be found here:
https://support.google.com/youtube/answer/171780
https://policies.google.com/privacy?hl=de
Embedding YouTube is carried out only on the basis of your consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG, insofar as cookies, local storage or comparable technologies are used. You can revoke consent given at any time with effect for the future.
8. Own services
Google Drive
I use Google Drive (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to provide or exchange content (e.g. documents, audio or video files). If you access corresponding content via my website or upload or download files, a connection may be established to Google’s servers. Technical data such as your IP address, browser information and the date and time of access may be processed.
I do not have full control over data processing by Google. This is carried out independently by Google in accordance with its privacy policy. Further information can be found at:
https://policies.google.com/privacy
Use is based on my legitimate interest in the efficient provision of content (Art. 6(1)(f) GDPR) or – where necessary – on your consent (Art. 6(1)(a) GDPR).
Encrypted payment transactions on the website
For security reasons and to protect the transmission of confidential content, my website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that your browser’s address line begins with “https://” and a lock symbol is displayed. If you transmit data on my website, it is transferred in encrypted form. This applies in particular to information provided in connection with bookings or payment transactions. Processing is carried out for the performance of contractual services on the basis of Art. 6(1)(b) GDPR. Insofar as payment services are used, their respective privacy policies apply in addition.
Use of artificial intelligence (AI) in my work process
I use AI‑based services to support my work, e.g. for structuring, wording or preparing responses and content. In doing so, the content of inquiries as well as associated technical data may be processed. I take care not to enter sensitive personal data into AI systems unless this is absolutely necessary. Processing is carried out via external providers. I do not have full control over their data processing. The privacy policies of the respective provider apply.
Use is based on Art. 6(1)(b) GDPR insofar as processing is necessary to handle inquiries or to carry out pre‑contractual measures, and on Art. 6(1)(f) GDPR on the basis of my legitimate interest in efficient organization and communication.
Communication via WhatsApp
I offer communication via WhatsApp (WhatsApp Ireland Limited, Ireland). If you use this communication channel, personal data such as your telephone number, message content and technical metadata is transmitted to WhatsApp and processed there.
I have no control over data processing by WhatsApp. This is carried out under the sole responsibility of WhatsApp or Meta. Further information can be found at:
https://www.whatsapp.com/legal/privacy-policy-eea
Use is based on Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
Use of WhatsApp is voluntary. Alternatively, you can contact me at any time by email.
Communication via Telegram
I use Telegram (Telegram FZ‑LLC, Dubai, UAE) for communication. If you use this service, personal data such as your username, message content and technical data is processed.
I have no control over data processing by Telegram. This is carried out under the sole responsibility of Telegram. Further information can be found at:
https://telegram.org/privacy
Use is based on Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
Please note that data may also be processed in third countries outside the EU.
Google Calendar
For scheduling appointments, I use Google Calendar (Google Ireland Limited, Ireland). Personal data such as name, email address and possibly further details are processed to organize and carry out appointments. Processing is based on Art. 6(1)(b) GDPR (contract or pre‑contractual measures) and Art. 6(1)(f) GDPR (efficient organization of my services).
I do not have full control over data processing by Google. This is carried out independently by Google. Further information can be found at:
https://policies.google.com/privacy
Registration on the website
For a [customer account/members’ area/course access], I collect: name, email, password (hashed), possibly address, date of birth. Mandatory fields are marked. The data enables login, booking history, personalized content.
Legal basis: Art. 6(1)(b) GDPR. You can delete the account at any time.
Facebook Connect
When you log in using Facebook (Meta Platforms Ireland Limited), the following is transmitted: name, email, profile ID, profile picture. This simplifies registration/login.
Legal basis: Art. 6(1)(a)/(b)/(f) GDPR. Details:
https://www.facebook.com/legal/controller_addendum
Registration with Google
“Login with Google” transmits, after your confirmation: name, email. Legal basis: Art. 6(1)(b)/(f) GDPR.
Google Analytics
For web analysis I use Google Analytics (IP anonymization is activated). I collect: IP (shortened), browser, page views, time spent on pages, conversions.
Legal basis: Art. 6(1)(a) GDPR (consent). DPF:
https://www.dataprivacyframework.gov/participant/5780
Processing of customer and contract data
I process: master data, contact details, contract data, service data, payment data. Purpose: fulfilment of contract, invoicing, support.
Legal basis: Art. 6(1)(b)/(c) GDPR. Storage period: statutory retention periods.
Data transfer upon contract conclusion
Data is transmitted to service providers (payment, technical service, tax advisor) only if necessary for the contract. Legal basis: Art. 6(1)(b) GDPR.
Payment services
To process payments, I use external payment service providers. Personal data such as name, payment information and transaction data is transmitted to the respective provider. Processing is carried out under the provider’s own responsibility. Their privacy policies apply.
Zoom
For online coaching, I use Zoom (Zoom Video Communications Inc., USA). When using it, personal data such as name, email address, IP address and audio, video and chat data may be processed.
I do not have full control over data processing by Zoom. This is carried out under Zoom’s own responsibility. Further information can be found at:
https://www.zoom.com/en/trust/privacy/
Use is based on Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (efficient execution of online appointments).