Privacy Policy

Last updated: 7 June 2019

Thank you for your interest in my work.

This privacy policy explains how I collect, use, share, and transfer your personal data in accordance with the GDPR (EU General Data Protection Regulation) when you visit magicofgrace.com and use the services provided on this site.

1. Data controller

Kristin Kühn
Eichenstr. 77
07549 Gera
Germany

Contact:

If you have any questions regarding my privacy practices, please feel free to email me.

2. Data collection

Personal data means any information relating to an identified or identifiable natural person. Such data could be, for example, your name, address, or email address. Information that cannot be attributed to an individual person doesn’t constitute personal data.

I process the personal data that I receive when you visit my website (Welcome!), when you make a request on my website or via email (Hi there!), when you sign up for my email newsletter (Thanks for joining!), when you make a purchase on the site (Thank you!), when you book a session with me (Wonderful!), or when you leave a testimonial for me (You’re the best!).

a) Web server log

Every time you visit my website, data on your access is stored and processed temporarily in log files. This processing comprizes data such as the date, time, and duration of your visit, request details, IP address, and the type of browser and operating system you use. This information is used to monitor and maintain the security of the site and to troubleshoot and maintain the website and server, and isn’t merged with other data sources. This processing is based on my legitimate interest (Article 6(1)(f) GDPR) to ensure system security.

b) Contact form & other requests on the site or via email

When you use the contact form to send a message, I record your name and email address, which I use to respond to your message and to process your request. If you don’t provide this information, I won’t be able to process your inquiry via the contact form. Likewise, when you contact me by email, I process that information. This processing is based on my legitimate interest (Article 6(1)(f) GDPR) to reply to inquiries.

Transactional email with Elastic Email:

When you make a request on my website, whether it be through the contact form, newsletter signup, or booking forms, I use a trusted third party service, Elastic Email, to send transactional emails. I use this service to improve delivery and to ensure that my emails land in your inbox, not in your spam folder. This processing is based on my legitimate interest (Article 6(1)(f) GDPR) to provide a reliable and secure service.

The provider of this service is Elastic Email, Unit 107, 1208 Wharf Street, Victoria, BC V8W 3B9, Canada. Canada has been recognized as providing adequate data protection by the European Commission. For more information about Elastic Email’s privacy practices you can read Elastic Email's Privacy Policy.

c) Email newsletter and email marketing

When you sign up for my email newsletter, I record your first name (if you choose to provide it) and your email address, which I use to deliver the newsletter. When you sign up, you’ll receive a confirmation email containing a link you need to click to complete the registration process (double opt-in). This additional confirmation step is necessary before I can add you to my mailing list, to make sure that the newsletter was expressly requested by you. This processing is based on your consent (Article 6(1)(a) GDPR). It goes without saying that if you don’t provide your email address, I won’t be able to deliver my newsletter to you.

Opt out:

Should you no longer wish to receive my newsletter, you can opt out at any time by using the corresponding unsubscribe link at the end of each newsletter.

If you opt out of receiving my email newsletter your opt-out does not apply to personal data provided as a result of other transactions, such as purchases.

Email marketing with Mailchimp:

I use a trusted third party service, Mailchimp, to send out my newsletter. When you enter your email to sign up for my newsletter, Mailchimp temporarily collects your email address for the purpose of sending you a link to confirm your subscription. Only when you confirm your subscription will your email address be saved permanently, unless you unsubscribe from my newsletter or I remove your email address from my newsletter list. Mailchimp also automatically collects the date and time of your signup and your IP address for the purpose of documentation of consent, as well as geolocation (based on your IP address, Mailchimp approximates your general location such as Berlin, Germany when you interact with my newsletter to calculate your time zone), language settings, favorite email client, preferred email format, and the date and time when you last updated your profile information. This processing is based on my legitimate interest (Article 6(1)(f) GDPR) to provide a reliable and secure newsletter service.

The provider of this service is The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. Mailchimp has certified to the EU-U.S. Privacy Shield Framework and is considered a “safe” recipient of personal data of its customers and their subscribers that is transferred from the EU to the U.S. For more information about Mailchimp’s privacy practices you can read Mailchimp's Privacy Policy.

Newsletter-tracking (Open and Click):

Mailchimp allows me to measure subscriber engagement and analyze the performance of my newsletter. When you open a newsletter, a file that has been integrated into the newsletter connects to Mailchimp’s servers to determine whether a newsletter has been opened and which links were possibly clicked on. Technical data, such as the time of access, IP address, type of browser and operating system, is also collected at that time. This data is used to analyze newsletter campaigns and to optimize my newsletter service. Processing is based on my legitimate interests (Article 6(1)(f) GDPR) to maintain an engaged email list and to minimize cost, to personalize and to improve my newsletter, and to analyze and increase sales.

I use open tracking and click tracking in emails to give me a general overview of my subscriber engagement. Open tracking tells me if my subscribers open the emails I send. My campaign report will show which contacts opened my newsletter, and how many total opens the newsletter received. Click tracking allows me to see if subscribers have clicked links in my newsletter. My campaign report will show which contacts clicked on my links, and how many times each link was clicked in total.

Each time I send an email campaign through Mailchimp, Mailchimp embeds a tiny invisible graphic in the bottom of my HTML email. This open tracker graphic, or web beacon, is unique to each newsletter I send. When someone opens my newsletter with images turned on, that graphic is downloaded from Mailchimp’s server, and is recorded as an open on my campaign report. Likewise, Mailchimp adds tracking information to each click-through URL. Each time a subscriber clicks a link in the newsletter, the tracking information redirects them through Mailchimp’s servers and sends them to the intended web address. That redirect through Mailchimp’s server is logged in my campaign report as a click.

If you’re not okay with an analysis by Mailchimp, please do not subscribe to my newsletter or, if you’re already subscribed, you can unsubscribe by using the corresponding link at the end of each newsletter.

d) Customer data

When you purchase from me, I process basic customer information, such as your full name, email address, billing address, purchase information, and any additional information you include as a message (such as your time zone). I use this information to supply the service you’ve purchased and to keep records of such transactions. This processing is necessary in order for me to enter into a contract with you (Article 6(1)(b) GDPR). If you don’t provide the required information, I won’t be able to enter into the contract to deliver the service.

No payment details, such as your credit card details, are stored on my server.

Payment processing with PayPal:

I use a trusted third party service, PayPal, to process payments. When you choose PayPal as your payment method, you'll be redirected to PayPal to make your payment. Alternatively, when I offer a service or rate that’s not available through the website, I might use PayPal to send you an invoice. To process your payment, PayPal collects personal information necessary for payment processing. This processing is necessary in order for me to fulfill a contract with you (Article 6(1)(b) GDPR).

The provider of this service is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. For more information about PayPal’s privacy practices you can read PayPal's Privacy Policy.

Payment processing with Stripe:

I use a trusted third party service, Stripe, to process payments with credit card. Alternatively, when I offer a service or rate that’s not available through the website, I might use Stripe to send you an invoice. To process your payment, Stripe collects personal information necessary for payment processing. This processing is necessary in order for me to fulfill a contract with you (Article 6(1)(b) GDPR).

The provider of this service is Stripe Inc., 510 Townsend Street, San Francisco, CA 94103, United States. Stripe belongs to the EU-U.S. Privacy Shield and ensures an adequate level of data protection recognized by the European Commission. For more information about Stripe's privacy practices you can read Stripe's Privacy Policy.

e) Online sessions and session recordings with Zoom

I use a trusted third party service, Zoom, to hold sessions online. While a Zoom account is not required to attend your session, you’ll be asked to download a small application file when entering a Zoom meeting for the first time. Alternatively, you may use the Zoom app. This processing is necessary in order to fulfill a contract with you (Article 6(1)(b) GDPR).

The provider of this service is Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, United States. In the process of working with Zoom, your personal data may be transferred to the U.S. Zoom belongs to the EU-U.S. Privacy Shield and ensures an adequate level of data protection recognized by the European Commission. For more information about Zoom’s privacy practices you can read Zoom's Privacy Policy.

Session recordings:

With your permission, I record your session via Zoom in order to provide you with an audio recording of your session. This processing is based on your consent (Article 6(1)(a) GDPR).

If at any time during the session you change your mind and want me to stop the recording, please let me know and I’ll do so. Likewise, if you want me to delete the recording of your session at any time before the one-month period for which I store it for you, please let me know and I’ll do so.

File sharing with Dropbox:

I use a trusted third party service, Dropbox, to share the recording of your session with you. This processing is based on your consent (Article 6(1)(a) GDPR). I store recordings for one month (to give you time to download yours), after which I delete them.

Again, if at any time during the session you want me to stop the recording, you only have to say so and I’ll do so. If you want me to delete the recording before the one-month period for which I store it, you can at any time email me and ask me to do so and I’ll delete it.

The provider of this service is Dropbox, Inc., 333 Brannan Street, San Francisco, CA 94107, United States. In the process of working with Dropbox, your personal data may be transferred to the U.S. Dropbox belongs to the EU-U.S. Privacy Shield Framework and ensures an adequate level of data protection recognized by the European Commission. For more information about Dropbox’s privacy practices you can read Dropbox's Privacy Policy.

f) Testimonials

When you submit a testimonial, I process that information along with other information you voluntarily provide, such as your name, location, and photo, which I use to share with my audience. This processing is based on your consent (Article 6(1)(a) GDPR).

Should you no longer wish to provide your testimonial you can withdraw your consent at any time by sending me an email.

3. Cookies

This website places first party cookies to recognize you between sessions and pages. A cookie is a small text file that my website sends to your web browser. Your browser may store the cookie and send it back to my site when you make the next request to the site. This processing is based on my legitimate interest (Article 6(1)(f) GDPR) to provide an optimal browsing experience on my website.

This site uses no third party cookies.

Opt out:

You can disable the setting of cookies and delete already set cookies in your web browser’s settings.

Please note that if you disable the setting of cookies in the web browser you use to use my website, not all functions of the site may be entirely usable.

4. Data retention

I’ll store personal data until I no longer need it for the purpose it was collected for or until the time you ask me to anonymize and/or delete your data, unless further processing is still necessary for the purpose it was collected for or for compliance with a legal obligation to which I’m subject.

  • Log data is deleted automatically, which may take up to 6 months for specific files.
  • Contact form data is deleted at the end of each year, if applicable.
  • I generally archive emails indefinitely.
  • Newsletter data is stored indefinitely.
  • Customer data is deleted after a period of ten years, if applicable. For tax purposes, German law requires that I keep basic information about my customers (such as full name and billing address) for ten years.
  • If I recorded your session upon your request, I store the recording for you for one month, after which I’ll delete it.
  • Testimonial data is stored indefinitely.

5. Recipients of personal data

I rely on third party services to maintain my own services.

In Europe:

  • Google Analytics, Ireland
  • Instagram (Facebook), Ireland
  • PayPal, Luxembourg

International:

6. Security

Wherever I collect personal data via this website, that information is encrypted and transmitted to me in a secure way. You can verify this by looking for a lock icon in the address bar and “https” at the beginning of the address of the webpage.

7. Your data rights

  • You have the right to access personal data relating to you.
  • You have the right to have inaccurate personal data rectified, or completed if it’s incomplete.
  • You have the right to erasure (to be forgotten) in certain circumstances.
  • You have the right to restrict processing in certain circumstances.
  • You have the right to object processing in certain circumstances.
  • You have the right to withdraw consent at any time (where relevant).
  • You have the right to lodge a complaint with a supervisory authority.

For more information about your data rights visit: gdpr-info.eu.

8. External links

This privacy policy does not cover the links to other websites you may find on this site. If you have any questions about how a website uses your data, you’ll need to check that site’s privacy statement.

9. Changes to the policy

I reserve the right to change my privacy policy at any time. Changes to the policy will be posted on this page. You’ll always find the date of the last update at the top of this page.

Scroll to Top