Privacy Policy

Effective Date: November 2025

1. Controller

The controller within the meaning of the EU General Data Protection Regulation (GDPR) and other applicable data protection laws is:

Petra Contrada
Narzissenweg 53c
21218 Seevetal
Germany

Phone: +49 41055 861 496

Email: Hello @ petracontrada.com

Websites:
www.petracontrada.com
www.petracontrada.de
www.programs.petracontrada.com
www.newsletter.petracontrada.com
www.blog.petracontrada.com
www.holisticlifeconcepts.eu

2. General Information on Data Processing

We take the protection of your personal data very seriously. Personal data is collected and processed only in accordance with applicable data protection laws and this Privacy Policy.Personal data means any information relating to an identified or identifiable individual (e.g., name, address, email address).You can generally visit our websites without providing any personal information.

When you actively provide information (e.g., via a contact form, appointment booking, or newsletter signup), we process that data based on the following legal grounds:
-Art. 6 (1)(a) GDPR – your consent
-Art. 6 (1)(b) GDPR – performance of a contract or pre-contractual measures
-Art. 6 (1)(c) GDPR – legal obligation
-Art. 6 (1)(f) GDPR – our legitimate interest (e.g., technical operation, fraud prevention, website security)

2a. Processing of Special Categories of Personal Data (Health- and Energy-Related Data)

In the context of our coaching and energy-healing services, we may collect information related to your emotional, mental, or physical well-being.
Such data are processed only with your explicit consent under Art. 9 (2)(a) GDPR, kept strictly confidential, and never shared with third parties.

3. Storage and Deletion
Your personal data will be deleted once the purpose of processing no longer applies, unless we are required by law (e.g., tax or commercial regulations) to retain it for a specific period.
Accounting-related records may be retained for up to 10 years as required by German law.

4. Your Rights
Under the GDPR, you have the following rights:
-Access to your data (Art. 15 GDPR)
-Rectification of inaccurate data (Art. 16 GDPR)
-Erasure (“right to be forgotten,” Art. 17 GDPR)
-Restriction of processing (Art. 18 GDPR)
-Data portability (Art. 20 GDPR)
-Objection to processing (Art. 21 GDPR)
-Withdrawal of consent (Art. 7 (3) GDPR)
-Complaint to a supervisory authority
-Supervisory authority responsible for you (Germany):

The State Commissioner for Data Protection of Lower Saxony
Prinzenstraße 5
30159 Hannover
Germany

www.lfd.niedersachsen.de

5. Provision of the Website / Log Data
When you access our websites, technical information is automatically collected by the web server to ensure functionality and security, including:
-Date and time of access
-Requested URL and referring URLBrowser type and version
-Operating systemIP address
-and access status
This data is processed on the basis of Art. 6 (1)(f) GDPR (legitimate interest in the secure and functional operation of our website).

6. Cookies
Our websites use cookies to enable certain features and to analyze usage. Essential cookies are required to operate the site. Analytical and marketing cookies are used only with your explicit consent (Art. 6 (1)(a) GDPR, § 25 TTDSG).
You can adjust your browser settings to receive notifications about cookies and decide individually whether to accept or block them.
Help resources: Safari | Chrome | Firefox | Opera

7. SSL Encryption
To protect transmitted data, this site uses SSL encryption (Secure Sockets Layer). You can identify an encrypted connection by the “https://” prefix and the padlock icon in your browser’s address bar.

8. Hosting and Security
Our websites are hosted on Groove.cm, which uses Cloudflare Germany GmbH, Rosental 7, 80331 Munich, Germany, as a Content Delivery Network (CDN). Cloudflare processes limited technical data (such as IP addresses) to ensure stability and security.

Privacy Policy: https://www.cloudflare.com/en-gb/privacypolicy

9. Appointment Booking
We use the following services for online appointment scheduling:

TidyCal (Sumo Group Inc.)
1305 E. 6th Street #3, Austin, TX 78702, USA

https://tidycal.com/privacy-policy

CalendarBug (Groove Digital Inc.)
1 N Dearborn Street, 5th Floor, Chicago, IL 60601, USA

https://groovedigital.com/privacy

When you book an appointment, your name, email address, and appointment details are processed.
Legal basis: Art. 6 (1)(a) GDPR (consent).

10. Newsletter and Email Delivery

We send newsletters only with your explicit consent (double opt-in).
Data processed: email address, IP address, and timestamps for signup and confirmation.

Service provider:
Groove Digital Inc., USA

https://groovedigital.com/privacy

SendGrid (Email Delivery Infrastructure)
Groove Digital Inc. uses SendGrid, a service of Twilio Inc., 101 Spear Street, San Francisco, CA 94105, USA, for technical email delivery (e.g., newsletters, confirmations). SendGrid processes personal data (email address, IP, delivery time) to ensure reliable delivery.
Twilio Inc. is certified under the EU-US Data Privacy Framework; data transfers to the USA are therefore deemed adequately protected.

Privacy Policy: https://www.twilio.com/legal/privacy

Legal basis: Art. 6 (1)(a) GDPR (consent) and Art. 6 (1)(f) GDPR (legitimate interest in secure email transmission).
You may withdraw your consent at any time via the unsubscribe link in each email.

11. Course and Membership Platforms

We use Groove Digital Inc. (Chicago, IL, USA) to deliver digital programs, courses, and membership areas. Processing is based on Standard Contractual Clauses (SCC) and Art. 28 GDPR.
Privacy Policy: https://groovedigital.com/privacy

12. Webinars, Meetings & Communication Tools
Zoom Video Communications Inc. – https://zoom.us/privacy
Microsoft Teams – https://privacy.microsoft.com/privacy

Both companies are certified under the EU-US Data Privacy Framework.
Legal basis: Art. 6 (1)(b) GDPR (performance of contract).

12a. Additional Third-Party Services

– Surveyed Live (online-survey platform, USA) – Privacy Policy: https://surveyed.live/privacypolicy Data transfers to the USA are based on Standard Contractual Clauses (Art. 46 GDPR).

– Google Forms (Google Ireland Ltd., Dublin; Google LLC, USA) – Privacy Policy: https://www.google.com/intl/en/policies/privacy/ Google LLC is certified under the EU–US Data Privacy Framework; transfers to the USA are therefore considered adequately protected.

– Acast AB (Podcast hosting, Stockholm, Sweden) – Privacy Policy: https://www.acast.com/general-data-protection-regulation-gdpr-privacy-policy

Data processing occurs within the EU.

13. Third-Party ServicesGoogle Ireland Ltd.
(Analytics, Tag Manager, Forms) – https://policies.google.com/privacy
Meta Platforms Ireland Ltd. (Facebook Pixel / Ads) – https://www.facebook.com/policy.php
Vimeo Inc. – https://vimeo.com/privacy
YouTube / Google Ireland Ltd. – https://www.google.com/policies/privacy
Soundwise Inc. (Audio Hosting) – https://mysoundwise.com/privacyLegal basis: Art. 6 (1)(a) GDPR (consent).

14. Payment Processors
Stripe Payments Europe Ltd. – https://stripe.com/privacy

PayPal (Europe S.à r.l. et Cie, S.C.A.) – https://www.paypal.com/privacy

Wise Europe SA – https://wise.com/legal/privacy-policy

Digistore24 GmbH – https://www.digistore24.com/privacy

ThriveCart Ltd. – https://legal.thrivecart.com/privacy/Legal basis: Art. 6 (1)(b) GDPR (contract performance).

Die zur Abwicklung Ihrer Bestellung übermittelten Daten werden von den jeweiligen Zahlungsdienstleistern entsprechend deren eigenen Datenschutzrichtlinien verarbeitet, wie in unseren Allgemeinen Geschäftsbedingungen (AGB) aufgeführt.

15. CRM and Automation Tools
Zapier Inc., 548 Market St. #62411, San Francisco, CA 94104, USA

Privacy Policy: https://zapier.com/privacy Zapier is certified under the EU-US Data Privacy Framework.

Legal basis: Art. 6 (1)(a) GDPR (consent).

15a. CRM and Electronic Signature Tools

To manage client relationships and handle electronic document signing, we will soon use the following tools:

PipeLeads.ai

Provider:
PipeLeads Inc., USA
Purpose: CRM system for managing leads, client communication, and marketing automations.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in efficient client and lead management).
PipeLeads Inc. may process personal data such as name, email address, communication history, and lead status.
Privacy Policy: https://www.pipeleads.ai/privacy
Data transfer to the United States takes place based on the EU Standard Contractual Clauses (SCC) under Art. 46 GDPR or, if applicable, the EU–US Data Privacy Framework certification.

DocSigner.ai

Provider:
DocSigner Inc., USA Purpose: Electronic document signing and secure contract execution.

Legal basis: Art. 6 (1) (b) GDPR (performance of a contract).
DocSigner Inc. may process personal data such as name, email address, IP address, timestamps, and signature data. A Data Processing Agreement pursuant to Art. 28 GDPR will be concluded. Data transfers to the United States are based on the EU Standard Contractual Clauses (SCC).
Privacy Policy: https://www.docsigner.ai/privacy

Signaturely.com

Provider:
Signaturely Inc., 2035 Sunset Lake Road, Newark, DE 19702, USA

Purpose: Creation and electronic signing of agreements and documents.

Legal basis: Art. 6 (1) (b) GDPR (performance of a contract).

Signaturely Inc. is certified under the EU–US Data Privacy Framework, providing an adequate level of data protection for transfers to the USA. Privacy Policy: https://signaturely.com/privacy/

Summary of Data Protection Measures

All providers act as data processors within the meaning of Art. 4 (8) GDPR. Appropriate Data Processing Agreements (DPAs) will be concluded before any processing begins.
Where personal data are transferred to third countries, adequate safeguards under Art. 44–46 GDPR (SCCs or DPF certification) are in place.

16. Analytics and Tracking
Google Analytics & Tag Manager
IP anonymization enabled.
Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=en
Legal basis: Art. 6 (1)(a) GDPR (consent).

Facebook Pixel
Used for conversion tracking and ad optimization.
Legal basis: Art. 6 (1)(a) GDPR and Art. 49 (1)(a) GDPR.

17. Affiliate & Partner ProgramsAmazon Partner Program
Amazon Europe Core S.à r.l., 38 Avenue John F. Kennedy, L-1855 Luxembourg Privacy Policy: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010
Legal basis: Art. 6 (1)(a) GDPR.

18. Data Security

We apply appropriate technical and organizational security measures in accordance with Art. 32 GDPR to protect your data from loss, manipulation, or unauthorized access. These measures are continuously reviewed and updated.

19. Objection to Unsolicited Emails
The contact details published in the imprint may not be used for sending unsolicited advertising or spam. We reserve the right to take legal action against such use.

20. Updates to this Privacy Policy

This Privacy Policy is effective as of November 2025 and may be updated periodically to reflect legal or operational changes, including new tools or services such as PipeLeads.ai, DocSigner.ai, or Signaturely.com.

Last revised: November 2025 — compliant with the GDPR, TTDSG, and the EU–US Data Privacy Framework (2025).

© Petra Contrada 2025