Privacy Policy

Privacy Policy

This Privacy Policy explains the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “Data”) in connection with the provision of our services, as well as within our online platform and the associated websites, features, and content, and external online presences, such as our social media profiles (hereinafter collectively referred to as the “Online Platform”). With regard to the terms used, such as “processing” or “controller,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Data Controller

Gabi Eigenmann
Albertgasse 55/42
1080 Vienna
hi@yoga-gabi.at
0664 23 63 964

Types of data processed

– Master data (e.g., personal master data, names, or addresses).
– Contact data (e.g., email, phone numbers).
– Content data (e.g., text entries, photographs, videos).
– Usage data (e.g., websites visited, content interests, access times).
– Meta/communication data (e.g., device information, IP addresses).

Categories of data subjects

Visitors and users of the website (hereinafter, we collectively refer to these individuals as “users”).

Purpose of the processing

– Providing the online service, its features, and content.
– Responding to contact requests and communicating with users.
– Security measures.
– Audience measurement/marketing

Terminology Used

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); a natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“Processing” means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and covers virtually any interaction with data.

“Pseudonymization” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

“Profiling” means any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

The term “controller” refers to the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

Relevant legal basis

In accordance with Article 13 of the GDPR, we are providing you with the legal bases for our data processing activities. For users within the scope of the General Data Protection Regulation (GDPR), i.e., the EU and the EEA, the following applies unless the legal basis is specified in the privacy policy:
The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the GDPR;
The legal basis for processing to fulfill our services, carry out contractual measures, and respond to inquiries is Article 6(1)(b) of the GDPR;
The legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) GDPR;
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis.
The legal basis for processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller is Article 6(1)(e) of the GDPR.
The legal basis for processing to safeguard our legitimate interests is Article 6(1)(f) of the GDPR.
The processing of data for purposes other than those for which it was collected is governed by the provisions of Article 6(4) of the GDPR.
The processing of special categories of data (in accordance with Article 9(1) of the GDPR) is governed by the provisions of Article 9(2) of the GDPR.

Safety measures

In accordance with legal requirements, and taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access to, input of, and disclosure of the data, ensuring its availability, and maintaining its separation. Furthermore, we have established procedures that ensure the exercise of data subjects’ rights, the erasure of data, and a response to data breaches. Furthermore, we take the protection of personal data into account as early as the development and selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default.

Cooperation with data processors, joint controllers, and third parties

If, in the course of our data processing activities, we disclose data to other individuals or entities (processors, joint controllers, or third parties), transfer it to them, or otherwise grant them access to the data, we do so only on the basis of a legal authorization (e.g., when the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract), users have consented, a legal obligation requires it, or based on our legitimate interests (e.g., when using agents, web hosts, etc.).

If we disclose, transfer, or otherwise grant access to data to other companies within our group, we do so primarily for administrative purposes as a legitimate interest and, in addition, on a basis that complies with legal requirements.

Transfers to third countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA), or the Swiss Confederation), or if this occurs in connection with the use of third-party services or the disclosure or transfer of data to other individuals or companies, we do so only if it is necessary to fulfill our (pre)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we process or have data processed in a third country only if the legal requirements are met. This means that processing takes place, for example, on the basis of special safeguards, such as the officially recognized determination of a level of data protection equivalent to that of the EU (e.g., for the U.S. through the “Privacy Shield”) or compliance with officially recognized specific contractual obligations.

Rights of data subjects

You have the right to request confirmation as to whether your personal data is being processed, as well as access to that data, further information, and a copy of the data in accordance with legal requirements.

In accordance with legal requirements, you have the right to request that the data concerning you be completed or that any inaccurate data concerning you be corrected.

In accordance with legal requirements, you have the right to request that the relevant data be deleted immediately or, alternatively, to request that the processing of the data be restricted in accordance with legal requirements.

You have the right to request that we provide you with the personal data you have provided to us in accordance with legal requirements, and to request that we transfer that data to other data controllers.

You also have the right, in accordance with legal requirements, to file a complaint with the competent supervisory authority.

Right of Withdrawal

You have the right to withdraw your consent with future effect.

Right to object

You may object at any time to the future processing of your personal data in accordance with legal requirements. In particular, you may object to the processing of your data for direct marketing purposes.

Cookies and the Right to Object to Direct Marketing

“Cookies” are small files that are stored on users’ computers. Various types of information can be stored in cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to a website. Temporary cookies, also known as “session cookies” or “transient cookies,” are cookies that are deleted after a user leaves an online service and closes their browser. Such a cookie can, for example, store the contents of a shopping cart in an online store or a login status. Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent.” For example, the login status can be stored so that users can access it again after several days. Similarly, such a cookie can store the user’s interests, which are used for audience measurement or marketing purposes. “Third-party cookies” are cookies provided by providers other than the controller operating the online service (otherwise, if only the controller’s cookies are used, they are referred to as “first-party cookies”).

We may use both temporary and permanent cookies, and we provide information about this in our Privacy Policy.

If users do not wish to have cookies stored on their computers, they are asked to disable the corresponding option in their browser settings. Stored cookies can be deleted in the browser settings. Disabling cookies may result in limited functionality of this website.

A general objection to the use of cookies for online marketing purposes can be submitted for a wide range of services—particularly in the case of tracking—via the U.S. website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be prevented by disabling them in your browser settings. Please note that this may prevent you from using all features of this website.

Deletion of Data

The data we process will be deleted or its processing restricted in accordance with legal requirements. Unless otherwise expressly stated in this Privacy Policy, the data we store will be deleted as soon as it is no longer necessary for the purpose for which it was collected and there are no legal retention obligations preventing its deletion.

Unless the data is deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data will be blocked and will not be processed for any other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

Changes and Updates to the Privacy Policy

We ask that you review the content of our Privacy Policy on a regular basis. We will update the Privacy Policy as soon as changes to our data processing practices make it necessary to do so. We will notify you as soon as the changes require action on your part (e.g., consent) or any other individual notification.

Web Hosting and Email Services

The hosting services we use are intended to provide the following services: infrastructure and platform services, computing capacity, storage space, and database services, email delivery, security services, and technical maintenance services, which we utilize for the purpose of operating this online service.

In this context, we—or our hosting provider—process personal data, contact information, content data, contractual data, usage data, metadata, and communication data from customers, prospective customers, and visitors to this website based on our legitimate interest in providing this website efficiently and securely, in accordance with Article 6(1)(f) of the GDPR in conjunction with Article 28 of the GDPR (conclusion of a data processing agreement).

Collection of access data and log files

We, or rather our hosting provider, collect data regarding every access to the server on which this service is located (so-called server log files) based on our legitimate interests within the meaning of Article 6(1)(f) of the GDPR. The access data includes the name of the retrieved webpage, the file, the date and time of retrieval, the amount of data transferred, a notification of successful retrieval, the browser type and version, the user’s operating system, the referrer URL (the previously visited page), the IP address, and the requesting provider.

For security reasons (e.g., to investigate cases of misuse or fraud), log file information is stored for a maximum of 7 days and then deleted. Data that must be retained for evidentiary purposes is exempt from deletion until the incident in question has been fully resolved.

Google Fonts

We use fonts (“Google Fonts”) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

Created using Datenschutz-Generator.de by Attorney Dr. Thomas Schwenke