Privacy Notice
INTRODUCTION
This Privacy Notice sets out how MARIA VERONICA AMBROSINI SOLIS, business consultant (in German “Unternehmensberaterin”), 10247 Berlin, Tax Number (in German “Steuernummer”) 14/206/02346, VAT Number DE367651910 (the “Controller” or “we”) uses and protects your personal data.
1. IMPORTANT INFORMATION AND WHO WE ARE (Section 1)
2. TYPES OF PERSONAL DATA WE COLLECT ABOUT YOU (Section 2)
3. HOW IS YOUR PERSONAL DATA COLLECTED? (Section 3)
4. HOW WE USE YOUR PERSONAL DATA (Section 4)
5. DISCLOSURES OF YOUR PERSONAL DATA (Section 5)
6. INTERNATIONAL TRANSFERS (Section 6)
7. DATA SECURITY (Section 7)
8. DATA RETENTION (Section 8)
9. YOUR LEGAL RIGHTS (Section 9)
10. CONTACT DETAILS (Section 10)
11. COMPLAINTS (Section 11)
12. CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES (Section 12)
13. THIRD PARTY LINKS (Section 13)
1. IMPORTANT INFORMATION AND WHO WE ARE
We respect your privacy and are committed to protecting it by complying with the practices described in this notice (the “Privacy Notice”).
This Privacy Notice describes:
How we collect, use, disclose, and protect the personal data of our customers and Website users ("you").
Describes the types of information we may collect from you or that you may provide when you visit the Website www.bixabeel.de, and any related domains or sub-domains from time to time (our "Website").
Our practices for collecting, using, maintaining, protecting, and disclosing that information.
We will only use your personal data in accordance with this Privacy Notice unless otherwise required by applicable law. We take steps to ensure that the personal data that we collect about you is adequate, relevant, not excessive, and used for limited purposes.
This Privacy Notice applies to personal data we collect, use, or disclose about you:
on this Website;
on other landing pages or through other digital or paper-based means, that link or refer to this Privacy Notice;
on our social media platforms;
in email, text, and other communication means and channels between you, the Assets (as defined below) or us;
when you interact with our advertising and applications on third-party websites and services if those applications or advertising include links to this Privacy Notice; collectively, hereinafter, the “Assets”.
This Privacy Notice applies to personal data collected through our Assets from time to time, regardless of the country where they are collected.
Please read this Privacy Notice carefully to understand our practices for collecting, processing, and storing your personal data. If you do not agree with our practices, your choice is not to use our Assets. By accessing or using the Assets, you indicate that you understand, accept, and consent to the practices described in this Privacy Notice.
This Privacy Notice may change from time to time (see Section 12). Your continued use of these Assets after we make changes indicates that you accept and consent to those changes, so please check the Privacy Notice periodically for updates. We will notify you in advance of any material changes to this Privacy Notice and obtain your consent to any new ways that we collect, use, and disclose your personal data.
TREATMENT OF CHILDREN’S PERSONAL DATA
Our Assets are not intended for children under 18 years of age. No one under age 18 may provide any personal data to or on the Assets. We do not knowingly collect personal data from children under 18. If you are under 18, do not use or provide any information through the Assets or on or through any of its features/register through the Assets, make any purchases through the Assets, use any of the interactive or public comment features of the Assets, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal data from a child under 18 without verification of parental consent, we will delete that information. If you believe we might info@bixabeel.de.
CONTROLLER
For data protection purposes, we are the data controllers of your personal data, that you submit to us, only in as much as described herein.
If you have any questions about this Privacy Notice, including any requests to exercise your legal rights (Section 9), please contact us using the information set out in the contact details section (Section 10).
2. THE TYPES OF PERSONAL DATA WE COLLECT ABOUT YOU
As used in this Privacy Notice, “personal data” means any information that can be used to individually identify you directly or indirectly, alone or along with other information, or contact you online or elsewhere. The categories and volume of personal data that we collect vary depending on the activities in relation to which the data is collected.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Identity Data includes first name, last name, username or similar identifier, title, date of birth and gender, your image and/or voice.
Contact Data includes billing address, delivery address, email address and telephone numbers.
Business or career-related information namely information that related to your business or duties as an employee, including: job title, duties, team, business address, business email address, business telephone number;
Financial Data includes bank account and payment card details.
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access the Assets and/or Assets.
Profile Data includes your username, social media profile page/handles, but also purchases or orders made by you, your interests, preferences, feedback and survey responses.
Usage Data includes information about how you interact with and use our Assets, products and services.
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals' Usage Data to calculate the percentage of users accessing a specific Asset feature in order to analyse general trends in how users are interacting with our Assets to help improve the Assets and our service offering.
3. HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you including through:
Your interactions with us. You may give us your personal data by filling in online forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you :
apply for our products or services;
create an account through our Assets;
enter into a contract with us;
subscribe to our service or publications;
request marketing to be sent to you;
enter a competition, promotion or survey; or
give us feedback or contact us.
personality and/or leadership skills assessments reports
Automated technologies or interactions. As you interact with our Assets, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other Assets employing our cookies. Please see our cookie policy [LINK] for further details.
Third parties or publicly available sources. We will receive personal data about you from various third parties (trade registries, companies’ house or other public authority published data basis for client checks/anti-fraud, etc.) as set out below;
Technical Data is collected from the following parties:
analytics providers (such as google analytics) based outside of the EU;
Contact, Financial and Transaction Data is collected from providers of technical, payment and delivery services such as Squarespace (for website hosting, email, and newsletter services), based in the United States; Mailchimp (for email and newsletter services), based in the United States; Wise, with an EU-based account (Germany), used for business transactions; SumUp, with an EU-based account, used for payment processing; N26, a German-based bank.
Other Tools and Services Used to Provide Our Services: We utilize the following tools and platforms for reports, interactive sessions, and event registrations: Insights Discovery (for generating client reports); Leadership Circle 360 (for leadership development reports); Miro (for interactive workshop sessions); Google Meet (for client sessions and interactive workshops); MeetUp (for webinar registrations).
INFORMATION YOU PROVIDED TO US
The information we collect directly from you on or through our Assets may include:
Information that you provide by filling in forms on our Website or through any of our other Assets. This includes information provided at the time of registering to use our Website, subscribing to our service, posting material, or requesting further services. We may also ask you for information when you enter a contest or promotion sponsored by us, and when you report a problem with our Website or an Asset.
Records and copies of your correspondence (including email addresses), if you contact us.
Your responses to surveys that we might ask you to complete for research purposes.
Details of transactions you carry out through our Website or other Assets and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Assets.
Your search queries on the Website.
Personality and/or leadership skills assessment report information
You may also provide information to be published or displayed (hereinafter, "posted") on public areas of the Assets or transmitted to other users of the Assets or third parties (collectively, "User Contributions"). Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages/you may set certain privacy settings for such information by logging into your account profile, please be aware that no security measures are perfect. Additionally, we cannot control the actions of other users of the Website or any other Asset for that matter with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that unauthorized persons will not view your User Contributions.
4. HOW WE USE YOUR PERSONAL DATA
LEGAL BASIS
The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:
Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you.
Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter.
PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
We have set out below, in a table format, a description of all the ways we plan to use the various categories of your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
| Purpose/Use | Type of data | Legal basis |
|---|---|---|
| To register you as a new customer | (a) Identity (b) Contact |
Performance of a contract with you |
| To process and deliver your order including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us |
(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications |
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us) |
| To manage our relationship with you which will include: (a) Notifying you about changes to our terms or Privacy Notice (b) Dealing with your requests, complaints and queries |
(a) Identity (b) Contact (c) Profile (d) Marketing and Communications |
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and manage our relationship with you) |
| To enable you to partake in a prize draw, competition or complete a survey | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications |
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business) |
| To administer and protect our business and this Assets (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | (a) Identity (b) Contact (c) Technical |
(a) Necessary for our legitimate interests (for running our business, to prevent fraud, and in the context of a business restructuring exercise) (b) Necessary to comply with a legal obligation |
| To deliver relevant Assets content and online advertisements to you and measure or understand the effectiveness of the advertising we serve to you | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical |
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) |
| To use data analytics to improve our Assets, products/services, customer relationships and experiences and to measure the effectiveness of our products/services, systems, communications and marketing | (a) Technical (b) Usage |
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Assets updated and relevant, to develop our business and to inform our marketing strategy) |
| To send you relevant marketing communications and make personalised suggestions and recommendations to you about goods or services that may be of interest to you based on your Profile Data | (a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications |
Consent, having obtained your prior consent to receiving direct marketing communications |
DIRECT MARKETING
During the registration process through our Assets when your personal data is collected, you will be asked to indicate your preferences for receiving direct marketing communications from us via email.
We may also analyse your Identity, Contact, Technical, Usage and Profile Data to form a view which products, services and offers may be of interest to you so that we can then send you relevant marketing communications.
THIRD-PARTY MARKETING
We will get your express consent before we share your personal data with any third party for their own direct marketing purposes.
OPTING OUT OF MARKETING
You can ask to stop sending you marketing communications at any time by logging into the Assets and checking or unchecking relevant boxes to adjust your marketing preferences, or by following the opt-out links within any marketing communication sent to you or by contacting us via email at info@bixabeel.de, as the case may be from time to time.
If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes for example relating to order confirmations for a product/service warranty registration, appointment reminders, updates to our Terms and Conditions, checking that your contact details are correct, etc..
COOKIES
For more information about the cookies we use and how to change your cookie preferences, please see our Cookie Policy.
5. DISCLOSURES OF YOUR PERSONAL DATA
We may share your personal data where necessary with the parties set out below for the purposes set out in the table Purposes for which we will use your personal data above.
We may share your personal data with:
Business partners, suppliers, service providers, sub-contractors, and other third parties we use to support our business (such as analytics and search engine providers that assist us with Website improvement and optimization).
Third parties to market their products or services to you if you have consented to these disclosures. We contractually require these third parties to keep that personal data confidential and use it only for the contracted purposes.
Advertisers and advertising networks that require the data to select and serve relevant ads to you and others. We do not disclose data about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in a specific location). We may make use of the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience.
To fulfil the purpose for which you provide it.
For any other purposes that we disclose when you provide the data.
With your consent.
We may also disclose your personal data to third parties:
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
To a buyer or other successor in the event of merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, where one of the transferred assets is the personal data we hold.
To comply with any court order, law, or legal process, including responding to any government or regulatory request.
To enforce or apply our terms of use https://bixabeel.de and other agreements.
To protect the rights, property, or safety of our business, our employees, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of cybersecurity, fraud protection, and credit risk reduction.
We may share non-personal data without restriction.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
6. INTERNATIONAL TRANSFERS
We may transfer your personal data to service providers that carry out certain functions on our behalf. This may involve transferring personal data outside the EU to countries which have laws that do not provide the same level of data protection as the EU law.
Whenever we transfer your personal data out of the EU to service providers, we ensure a similar degree of protection is afforded to it by ensuring that the following safeguards are in place:
We will transfer your personal data to countries that have been deemed by the EU to provide an adequate level of protection for personal data. Where that is not the case, we may use specific standard contractual terms approved for use in the EU, which give the transferred personal data the same protection as it has in the EU. To obtain a copy of these contractual safeguards, please contact us at info@bixabeel.de.
7. DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. DATA RETENTION
HOW LONG WILL YOU USE MY PERSONAL DATA FOR?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
By law (Section 147, Abgabenordnung/AO; Section 257, Handelsgesetzbuch/HGB) we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six (6) or ten (10) years (depending on the document) after the end of the year in which we made the final entry, unless related laws permit shorter retention periods, for tax purposes:
accounts and records, inventories, annual financial statements, situation reports, the opening balance sheet, and related operating instructions and organizational documents needed for their understanding;
trade and business letters; and
accounting records and any tax-related documents.
To comply with the German Civil Code (Section 195, Bürgerliches Gesetzbuch-GB) we should retain contracts, invoices, shipment slips, and related communications for three years after the end of the year in which the contract expires.
In some circumstances you can ask us to delete your data: see Section 9 below for further information.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
9. YOUR LEGAL RIGHTS
You will, at all times, have the following rights as to your personal data processed by us (the “Rights”):
Right to basic information. You have the right to be provided with information on the identity of the controller, the controller's reasons for processing their personal data and other relevant information necessary to ensure the fair and transparent processing of your personal data.
Right of access. You have the right to confirmation of whether, and where, we are processing your personal data, information about the purposes of the processing, information about the categories of data being processed, information about the categories of recipients with whom the data may be shared, information about the period for which the data will be stored (or the criteria used to determine that period, information about the existence of the rights to erasure, to rectification, to restriction of processing and to object to processing, information about the existence of the right to complain to the Data Protection Authority, where the data were not collected from you, information as to the source of the data, information about the existence of, and an explanation of the logic involved in, any automated processing that has a significant effect on you.
Right to rectification. You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you.
Right to erasure (‘right to be forgotten’). You have the right to obtain from us the erasure of your personal data without undue delay and we shall have the obligation to erase your personal data without undue delay if: (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) you withdraw your consent on which the processing is based, if there is no other legal ground for the processing; (c) you object to the processing pursuant to your opposition right and there are no overriding legitimate grounds for the processing, or you object against the processing of your data for direct marketing purposes; (d) the personal data have been unlawfully processed; (e) the personal data have to be erased for compliance with a legal obligation in EU or other law applicable to us. Notwithstanding the above, we may continue to lawfully process your personal data to the extent that processing is necessary: (a) for exercising the right of freedom of expression and information; (b) for compliance with a legal obligation; (c) for the establishment, exercise or defense of legal claims.
Right to restriction of processing. You have the right to obtain from us restriction of processing where one of the following applies: (a) if you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data; (b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; (c) we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; (d) you objected to processing pending the verification whether our legitimate grounds of override those claimed by you.
Right to data portability. You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, where: (a) the processing is based on consent or on a contract; and (b) the processing is carried out by automated means.
Right to object. You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data based on the legitimate interests of ours or of a third party. However, we have the right to prove that we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or that the purpose of the processing is for the establishment, exercise or defense of legal claims.
Right not to be subject to a decision based solely on automated processing. Unless the decision (a) is necessary for entering into, or performance of, a contract between the you and us; (b) is authorized by the Union law or the law applicable to us; or (c) is based on your explicit consent, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
We will give effect to the rights of access, rectification, erasure and the right to object free of charge. we may charge a reasonable fee for repetitive requests, or requests which we find manifestly unfounded or excessive or for further copies.
We will respond to you in a time frame of thirty (30) days after receiving a request from you made under those rights. If we receive large numbers of requests, or especially complex requests, the time limit may be extended by a maximum of two further months.
If we will not meet this deadline, you may complain to the competent Data Protection Authority in Germany and may seek a judicial remedy. Please note that Germany does not have one central supervisory authority for data protection law, as per Article 56 of the GDPR, but authorities in each of the sixteen German federal states (Länder) that are competent for the public and the private sector in the respective state. Check the full list here to file a complaint with the competent Data Protection Authority in your state of habitual residence, place of work or place of alleged infringement (Article 77 of the GDPR).
NO FEE USUALLY REQUIRED
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
WHAT WE MAY NEED FROM YOU
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
TIME LIMIT TO RESPOND
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
YOUR STATE PRIVACY RIGHTS (FOR U.S.A. RESIDENTS ONLY)
U.S. State consumer privacy laws may provide their residents with additional rights regarding our use of their personal information.
To learn more about California residents' privacy rights, visit https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.5 . California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to info@bixabeel.de.
California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia provide (now or in the future) their state residents with rights to:
Confirm whether we process their personal information.
Access and delete certain personal information.
Correct inaccuracies in their personal information, taking into account the information's nature processing purpose (excluding Iowa and Utah).
Data portability.
Opt-out of personal data processing for:
targeted advertising (excluding Iowa);
sales; or
profiling in furtherance of decisions that produce legal or similarly significant effects (excluding Iowa and Utah).
Either limit (opt-out of) or require consent to process sensitive personal data.
The exact scope of these rights may vary by state. To exercise any of these rights please send us an email at info@bixabeel.de. To appeal a decision regarding a consumer rights request please see our general terms and conditions.
Nevada provides its residents with a limited right to opt-out of certain personal information sales. Residents who wish to exercise this sale opt-out rights may submit a request to this designated email address. However, please know we do not currently sell data triggering that statute's opt-out requirements.
10. CONTACT DETAILS
If you have any questions about this Privacy Notice or about the use of your personal data or you want to exercise your privacy rights, please contact us at info@bixabeel.de.
11. COMPLAINTS
You have the right to make a complaint at any time to the competent Data Protection Authority in Germany (see Section 9) We would, however, appreciate the chance to deal with your concerns before you approach the DPA, so please contact us in the first instance.
12. CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES
We keep our Privacy Notice under regular review. This version was created on November 21, 2024. Historic versions are archived and can be obtained by contacting us at info@bixabeel.de.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.
13. THIRD-PARTY LINKS
This Website and our Assets may include links to third-party websites, assets, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party assets and are not responsible for their privacy statements or practices. When you leave our Website, we encourage you to read the privacy notice of every website you visit.
The original version of these terms was created on 13 September 2024 with support from https://spotlegal.io. Historic versions are archived and can be obtained by contacting us at info@bixabeel.de.