This website may include links to third-party websites e.g. LinkedIn, Facebook, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
As a company registered in Germany, Karen Buchanan Coaching & Consulting needs to keep, process and store certain Personal Data, for example about Clients, in order to fulfill its commercial purposes. As of 25th May 2018, under the provisions of the EU General Data Protection Regulation (EU2016/679) (“GDPR”/“DSGVO”), and “BDSG” 2018 Karen Buchanan Coaching & Consulting has a legal duty to ensure that this personal information is collected and used fairly, stored safely and not disclosed to any other person or organisation unlawfully. The BDSG, the GDPR/ DSGVO, and any successor legislation are referred to in this Policy as the “Data Protection Legislation”.
The purpose of the Data Protection Legislation is ‘to protect the fundamental rights and freedoms of natural persons, in particular their right to privacy’ and in doing so it also provides data subjects (i.e. individuals whose Personal Data are processed) with increased protection through express new rights.
Except as otherwise specified below, Karen Buchanan Coaching & Consulting is the Controller and is responsible for your Personal Data.
This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the processing of Personal Data, or changes in applicable law. We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Statement. We will notify you of any significant changes.
‘Client’ means a client of Karen Buchanan Coaching & Consulting. Clients can be past, current, as well as future potential clients and other third parties who indicate their interest in the services that we offer on our website via the Contact page.
‘Controller’ means the entity that decides how and why Personal Data are processed. In many jurisdictions, the Controller has primary responsibility for complying with applicable data protection laws.
‘Data Protection Authority’ means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
‘Data Processing Agreement’ means an agreement between Karen Buchanan Coaching & Consulting and a Processor.
‘Data Subject’ means the individual whose Personal Data is processed.
‘Personal Data’ means information that is about any individual, or from which any individual is identifiable. Examples of Personal Data that we may process are provided in Section D below.
‘process’, ‘processing’ or ‘processed’ means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
‘Processor’ means any person or entity that processes Personal Data on behalf of the Controller.
D. Processing your Personal Data
1. Collection of Personal Data
We may collect Personal Data about you, such as your name, address and contact details. Examples of sources from which we may collect Personal Data include the following:
- when you provide it to us (e.g., where you contact us via email or telephone, on our website contact form, or by any other means);
- in the ordinary course of our relationship with you (e.g. your pre-coaching questionnaire, coaching session preparation form, and/or your curriculum vitae); and
- when you visit our website or use any features or resources available on or through our website. When you visit our website, your device and browser will automatically disclose certain information, some of which may constitute Personal Data.
2. Creation of Personal Data:
We may also create Personal Data about you with your consent, such as notes and recordings of our coaching sessions, and email correspondence content. These forms of Personal Data helps us to deliver our coaching and other services to you.
3. Relevant Personal Data:
The categories of Personal Data about you that we may process include:
- personal details: given name(s); preferred name; gender; age; job title (where applicable); and
- contact details: home address; work address; home telephone number; work telephone number; work mobile number; personal mobile telephone number; personal email address; work email address; and social media profile details.
4. Lawful basis for processing Personal Data:
The legal basis for Karen Buchanan Coaching & Consulting processing Personal Data of Clients is that of furthering our and/or our Clients’ legitimate interests. In processing your Personal Data in connection with the purposes set out in this Statement, we may rely on one or more of the following legal bases:
- we have obtained your prior express consent to the processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way); the processing is necessary in connection with any contract that you may enter into with us; the processing is required by applicable law; the processing is necessary to protect the vital interests of any individual; or
- we have a legitimate interest in carrying out the processing, which is not overridden by your interests, fundamental rights, or freedoms. Where we rely on this legal basis, our legitimate interests are: our legitimate interest in the management and operation of our business; our legitimate interest in the promotion of our business; and our legitimate interest in the provision of services to our Clients.
E. Purposes for which we may Process your Personal Data:
The purposes for which we may process your Personal Data, include:
Provision of services to you: Coaching: providing coaching services to you as one of our Clients e.g. holding coaching sessions with you; holding telephone calls with you; and otherwise communicating with you in relation to those services; Consulting: providing consulting services you as one of our Clients; Training: providing you as one of our Clients with training e.g. training workshops and/or preparation for interviews; and Facilitation: providing you as one of our Clients with facilitation services for meetings and processes including team-building and conflict resolution;
Our Website: operating and managing our website; providing content to you; displaying information to you; and communicating and interacting with you via our website;
Newsletters and other marketing communications: communicating with you via any means (including via email, telephone, text message, social media, and/or in person) news items and other materials in which you may be interested; and
Improving our services: identifying issues with existing services; planning improvements to existing services; creating new services.
Please note that where we indicate above that we are relying on legitimate interests as a basis for processing your Personal Data, you can ask us to stop sending you messages at any time by emailing firstname.lastname@example.org.
F. Disclosure of Personal Data to third parties
We may disclose your Personal Data to:
- legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
- accountants, auditors, lawyers and other outside professional advisors, subject to binding contractual obligations of confidentiality;
- any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defence of legal rights.
Our website uses third party plugins or content (e.g., Facebook and LinkedIn). If you choose to interact with any such plugins or content, your Personal Data may be shared with the relevant third party.
If we engage a third-party processor to process your Personal Data, the processor will be subject to binding contractual obligations under a Data Processing Agreement, amongst other obligations, to: (i) only process the Personal Data in accordance with our prior written instructions; and (ii) use appropriate measures to protect the confidentiality and security of the Personal Data.
G. Data Security
We implement appropriate technical security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of processing, in accordance with applicable law.
You are responsible for ensuring that any Personal Data that you send to us are sent securely.
H. Data Accuracy
It is important that the Personal Data we hold about you are accurate and current. Therefore, please keep us informed if there are any changes to your Personal Data during your relationship with us. From time to time we may ask you to confirm the accuracy of your Personal Data. We will take every reasonable step to ensure that any of your Personal Data that we process that are inaccurate (having regard to the purposes for which they are processed) are erased or rectified without delay.
I Data Minimisation
We take every reasonable step to ensure that your Personal Data that we process are limited to the Personal Data reasonably required in connection with the purposes set out in this Statement.
J. Data Retention
As a Coaching and Consulting Services company, we rely on the personal service relationships we build with our Clients. In principle we will therefore hold personal data relating to Clients for core data processing if this is necessary for the furthering our and/or our Clients’ legitimate interests e.g. for the benefit of delivering services to our clients, maintaining contact with our Client base, and/or in compliance with German tax declaration requirements, we will hold your personal data for ten (10) years following your last contact with us.
K. Your legal rights
Subject to Data Protection Legislation, you as a Data Subject may have a number of rights regarding the processing of your Personal Data, including:
- the right to request access to, or copies of, your Personal Data that we process or control;
- the right to request rectification of any inaccuracies in your Personal Data;
- the right to request, on legitimate grounds: erasure of your Personal Data that we process or control; or restriction of processing of your Personal Data that we process or control;
- the right to object, on legitimate grounds, to the processing of your Personal Data;
- the right to have your Personal Data transferred to another Controller, to the extent applicable;
- where we process your Personal Data on the basis of your consent, the right to withdraw that consent; and
- the right to lodge complaints regarding the processing of your Personal Data with a Data Protection Authority.
To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Statement, or about our processing of your Personal Data, please use the contact details provided in Section N below.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
M. Your obligations
If, and to the extent that, you are a Client, we rely on you to provide us with complete and accurate Personal Data about you, so that we can provide appropriate services to you.
N. Contact details