GDPR PRIVACY NOTICE

This privacy notice explains how we process personal data in our business as per the General Data Protection Regulation (GDPR) and other relevant privacy laws applicable to our business.

Please note that this entire document is protected by copyright and you may not copy any text from it.

If you have any questions about this privacy notice, feel free to contact us at:

By Design Coaching, LLC

vinny@bydesigncoaching.net

We take your privacy seriously and we have taken several steps to ensure that we provide you with clear and transparent information on how we process your data, and also inform you about your rights. If you feel that any information is unclear, or missing, please do not hesitate to contact us.

Your data protection rights

  • Your rights of access and rectification: You may request access to or a copy of the information we process about you and ask us to rectify any incorrect data.

  • Your right to erasure or restriction: In some circumstances, you may ask us to delete and/or restrict our processing of your data, but we cannot delete any data we are required to process.

  • Your right to object to processing: In some circumstances, you may ask us to stop processing your data.

  • Your right to data portability: In some circumstances, you may ask us to transfer your data to you or to another organisation.

  • Also, if you’re unhappy about how we process your data, you have a right to complain to a national data authority. We hope, however, that you will contact us first so that we can try to resolve the matter for you in a satisfactory way.

Please contact us if you have any questions about or want to exercise one of your rights. You are entitled to a reply within 30 days. 

How we get your personal data

We typically process personal data about:

  • Customers

  • Clients

  • Coachees

  • Prospects

  • Website visitors

We process personal data when you:

  • buy our products or services

  • subscribe to our newsletter

  • opt in for our complimentary content

  • sign up for our events, free-of-charge or paid

  • respond to one of our surveys

  • provide us with your contact details, e.g. give us your business card

  • contact us via phone, text, email, social media or our website

  • otherwise use our website, e.g. leave a comment (cf. our cookie notice)

It is voluntary to provide us with personal data, but if you choose not to, we may not be able to provide you with our services. We do not rent, buy or sell personal data from or to others, use automated decisions or profiling in the processing of your personal data or process special category data.

Purpose, lawful basis and retention periods

We only process your personal data when we have a purpose and a lawful basis for doing so. Under the GDPR Article 6-1, the lawful bases we rely on, are:

  1. Your consent

  2. We have a contractual obligation (contract)

  3. We have a legal obligation

  1. We have a legitimate interest

As a rule, personal data should not be processed and kept for longer than necessary to fulfil the purpose for processing. In order to comply with this, we have yearly GDPR review days where we formally assess our GDPR work with the intention to amend, update and, if necessary, delete personal data. Generally, we will not process personal data any longer than three years, at the most. However, we will retain data for as long as we are required to as per applicable legal obligations related to for example accounting, tax or labour laws or any other relevant rules and regulations.

Your personal data is only retained for as long as we have a purpose and a lawful basis:

  • Until you withdraw your consent (e.g. for email and SMS marketing)

  • For as long as we have a contractual obligation, and, if applicable, in accordance with accounting and bookkeeping rules and regulations (e.g. for sales)

  • For as long as we have a legal obligation; in accordance with accounting and bookkeeping rules and/or other legal requirements and regulations (e.g. for employment)

  • For as long as we have a legitimate interest or until you ask us not to process your data in such a way (e.g. marketing to existing customers)

You can always withdraw your consent for any data processing based on consent, and you can also reach out to us at any time if you’d like us to stop processing and/or ask us to delete any of your data.

Details on the processing of your personal data

In this section, we describe in detail when and how we process your data, for what purposes and our legal grounds to do so (lawful bases). We also specify the retention periods for the processing.

We process personal data when:

You communicate with us

When you contact us through our website (contact form, blog comments, chat), e-mail, phone (call, text message), social media and/or give us your business card, we process personal data. Depending on where and how you contact us, this may include your name, contact details, IP address and other information you choose to send to us. 

The purpose is to be able to respond to your inquiries and, on some occasions, to keep records in case of complaints or legal claims. The lawful basis is f), where the legitimate interests are to be able to respond to your inquiries and, on some occasions, to keep records in case of complaints or legal claims. We review this data at our yearly GDPR review day and delete personal data as appropriate. Due to the nature of our business, we can keep this type of personal data up to three years.

You purchase our products and services

When you purchase products and services from us, we process personal data such as your name, contact details, order and payment details as well as purchase history. The purpose is to be able to fulfil our obligation to deliver products and services you have purchased and to manage the customer relationship. The lawful bases are b) contract and c) legal obligation related to accounting, tax and other business rules and regulations we are required to abide by.

We process the data for as long as we have a legal obligation as per any applicable rules and regulations we are bound by. E.g. we are required by law to store business records, which could include personal data, for a certain number of years for accounting, tax and other business purposes. Please contact us if you would like to know what is applicable in your case.

You become a student or member and/or use our online platforms

When you become a student or member of ours, we process personal data such as your name, contact details, order and payment details as well as purchase history. The purpose is to be able to fulfil our obligation to deliver products and services you have purchased, such as courses and memberships, and to manage the customer relationship. The lawful bases are b) contract and c) legal obligation related to accounting, tax and other business rules and regulations we are required to abide by.

You receive marketing as an existing customer

If we have an existing customer relationship with you as per the Federal Trade Commission [https://www.ftc.gov], we can send you marketing via e-mail and text messages. Depending on the medium used to submit such marketing, the personal data we process include your name, email address, IP address and/or phone number. The purpose is to provide you with good customer service and the lawful basis is f), where the legitimate interest is to offer our relevant products and services in order to provide excellent service to our customers. The lawful basis may also be a), where you have given us your consent to such marketing.

You can easily opt out of the marketing at any time by unsubscribing in any marketing email or text message you receive. We process the data for as long as we have a customer relationship with you, or, if the processing is based on your consent, until you withdraw it. The data will then be deleted at our next GDPR review day. Please note that it is only personal data related to marketing efforts that will be deleted. We are still required to process data for accountancy, tax and other business purposes if you are our customer.

You subscribe to our email newsletter

We regularly send out email newsletters which sometimes contain information about our products and services. When you become a subscriber, we process personal data such as your name, email address and IP address. The purpose is to share updates, articles, discounts, give-aways and other useful content. The lawful basis is a) consent and you can easily unsubscribe at any time by clicking the "unsubscribe" link in any such newsletter. 

Our email service provider has integrated analytics showing email opens and clicks. This functionality is native in our system and cannot be disabled. If you do not want your data to be analysed in this way, please do not subscribe to our newsletter. We use this data to analyse the performance of our newsletters and to tailor our content to you. The lawful basis is f), where the legitimate interest is to continuously improve our products and services.

We process the data for as long as you subscribe, after which it will be deleted at our next GDPR review day.

You gain access to our complimentary content

We regularly offer content to you free of charge. We do, however, require that you share personal data such as your name, email address and IP address. The purpose is to give you access to the content, e.g. a downloadable PDF, a mini course inside of our course/membership platform, an email series with valuable tips or similar. The lawful basis is a) consent.

We may also use your data to send you relevant tips and information about our relevant products and services, which are directly relevant to the complimentary content you requested access to (we will not, however, add you to our general marketing/newsletter list). The lawful basis is f), where our legitimate interest is to offer you relevant products and services we think you will be interested in. If you do not wish to receive such messages, you will have an easy way to opt out, e.g. through an unsubscribe link in our emails.

Our email service provider has integrated analytics showing email opens and clicks. This functionality is native in our system and cannot be disabled. If you do not want your data to be analysed in this way, please do not request access to any complimentary content that will be delivered to you via email. We use this data to analyse the performance of our emails and to tailor our content to you. The lawful basis is f), where the legitimate interest is to continuously improve our products and services.

We review this data at our yearly GDPR review day and delete personal data as appropriate, however no later than two years after you gained access to the complimentary content.

You attend our events

When you attend our events that are free of charge, we process personal data such as your name, contact details and, sometimes, dietary and/or access requirements. For paid events, we also collect order and payment information. The purpose is to be able to process your registration and attendance, and, if applicable, your payment. The lawful basis is a) consent, or, for paid events, b) contract and c) legal obligation related to accounting, tax and other business rules and regulations we are required to abide by. If we collect any information about dietary and/or access requirements, we also need your consent under GDPR Article 9 (2) (a).

We may also use your data to send you an evaluation of the event you attended, to invite you to other relevant events and/or to offer relevant products and services. The lawful basis is f), where our legitimate interest is to offer you relevant products and services we think you will be interested in. If you do not wish to receive such messages, you will have an easy way to opt out, e.g. through an unsubscribe link in our emails.

We review this data at our yearly GDPR review day and delete personal data as appropriate, however no later than two years following the event.

You respond to our evaluations or surveys

Responding to our evaluations and surveys are voluntary. We process personal data such as your name, contact details and other information you choose to share with us. Some evaluations or surveys may be anonymous, and in such cases, we do not process any personal data

The purpose is to gather your feedback so that we can continuously improve our products and services, as well as provide you with better customer service in the future. The lawful basis is a) consent. We review this data at our yearly GDPR review day and delete personal data as appropriate, however no later than two years after you responded to the survey.

You supply services to or collaborate with us 

When you enter into an agreement with us either as a vendor, partner or data processor, we process personal data such as your name, contact details and correspondence. The purpose is to be able to enter into this agreement and to respond to your inquiries and the lawful basis is b) contract. We review this data at our yearly GDPR review day and delete personal data as appropriate, however no later than two years after the contract has been terminated. We process other communication data as per the first paragraph in this chapter, please see above.

You use our affiliate links

We may use affiliate links in our business, promoted on our website, in emails or by other means. If you click on such an affiliate link, a tracking cookie will be set in your browser. If you then register an account with the affiliate vendor, and “our” tracking cookie is still active, both we and the vendor will be able to view your details, which may include, depending on the vendor, your name, contact details and sign-up details. Depending on the affiliate agreement we have with the vendor, we could then receive a small commission since we referred you to them. Please note that any agreements you enter with such an affiliate vendor, is solely between you and the vendor. If you choose to click on an affiliate link, it does not constitute any formal relationship or any obligations on our part. 

We will always be transparent and inform you clearly when we use affiliate links, and we would never recommend products or services we have not used ourselves, and that we truly believe are valuable for you. The purpose is to provide you with relevant useful products and services, and to manage our business effectively. The lawful basis is f), where our legitimate interest is to offer you relevant useful products and services we think you will be interested in. We review this data at our yearly GDPR review day and delete personal data as appropriate, however no later than two years after we no longer earn commission from the vendor.

You use our website

When you use our website, we may process personal data such as IP address and other technical data collected via cookies and analytics tools. Read about our purposes and lawful basis for doing so, in our cookie notice.

Whom we share your personal data with

In order to run our business efficiently and securely, we sometimes will have to share your personal data with other parties such as:

  • Data processors: providers of various services that process your personal data on our behalf (e.g. for IT and administrative services, accounting, cloud storage, web hosting, e-mailing etc.)

  • Professional advisors from industries such as law, finance, accounting, auditing and insurance

  • IT and other systems support, e.g. for our website, course portal, cloud storage etc.

  • Public authorities we are obliged to report to

We require that all such recipients secure data in accordance with good information security and as per the requirements of this Privacy Notice. We enter into a data processing agreement/addendum with anyone who processes data on our behalf.

Transfer of personal data outside the EU/EEA

In some cases, your personal data will be transferred outside the EU/EEA, e.g. where we use data processors to manage cloud storage, email services, web hosting etc. 

We only use data processors we trust, that are well known and that we have a data processing agreement/addendum with. We also make sure necessary safeguards are in place like Privacy Shield for American data processors and/or the EU Model Clauses. If you would like to know where your particular data is processed, please contact us.

Information security

We take information security seriously and we will always do our utmost to safeguard your personal data in the best possible way. For example, we use strong passwords, data encryption, access control and two-factor authentication to secure our data and prevent unauthorized persons from accessing, altering, deleting, or in any way affecting the data we store, including your personal data.

We only allow others to access and/or process your personal data in accordance with our instructions, and only when strictly necessary (e.g. when we require IT support).

We have implemented a policy for technical and organisational measures and a routine for managing data breaches. If we experience a personal data breach, i.e. a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, and it poses a medium to high risk for the people affected, we will notify the national data authority within 72 hours. If the risk is deemed high for the people affected, we will also notify them directly, if possible. 

Please note that this entire document is protected by copyright and you may not copy any text from it.

This privacy notice was last updated: July 20, 2020 

This privacy notice has been customized to our business after a template from GDPR Made Simple, however they are in no way legally responsible for the content. If you need help preparing your own privacy notice, feel free to contact them directly.