Privacy Policy

Female Mastery | Gasymov / Gittel GbR

Inhaltsverzeichnis

I.

Name and Address of the Controller

II.

General Information on Data Processing and Third-Country Transfers

III.

Rights of the Data Subject

IV.

Processing of Customer and Prospective Client Data (Coaching)

V.

Provision of the Website and Creation of Log Files

VI.

Use of Cookies and Consent Management

VII.

Forms and Contact

VIII.

Communication, AI, and Workflow Tools

IX.

Coaching Management Platforms

X.

Analytics Tools, Advertising, and Review Platforms

XI.

eCommerce, Finance, and Creative Tools

XII.

Social Media Presence

I. Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection laws is:

Gasymov / Gittel GbR
Am Habichtsfang 8
34537 Bad Wildungen
Germany

Represented by the partners: Igor Gasymov, Ina Gittel

Phone: +49 176 46018423

Email: team@thefemalemastery.com

II. General Information on Data Processing and Third-Country Transfers

1. Scope of Personal Data Processing

We process personal data of our users only to the extent necessary for the provision of a functional website and our content and services. Personal data is generally processed only with the consent of the user or where processing is permitted by statutory provisions or required for the fulfillment of a contract.

2. Legal Bases for Processing

  • Consent (Art. 6(1)(a) GDPR): To the extent that we obtain consent from the data subject for processing operations.

  • Contract Performance (Art. 6(1)(b) GDPR): When processing data that is necessary for the performance of a contract or for the implementation of pre-contractual measures.

  • Legal Obligation (Art. 6(1)(c) GDPR): To the extent that processing is required to fulfill a legal obligation (e.g., tax law).

  • Legitimate Interests (Art. 6(1)(f) GDPR): Where processing is necessary for the purposes of the legitimate interests pursued by our company and such interests are not overridden by the interests, fundamental rights, and freedoms of the data subject.

  • Special Categories of Data (Art. 9(2)(a) GDPR): The processing of sensitive data (health data, psychological aspects) is conducted exclusively on the basis of explicit consent.

3. Deletion of Data and Retention Periods

The personal data of the data subject will be deleted or restricted as soon as the purpose of storage ceases to apply. If you submit a valid request for erasure or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible grounds for storing your personal data (e.g., tax law retention periods of up to 10 years pursuant to Section 147 of the German Fiscal Code (AO) and commercial law retention requirements pursuant to Section 257 of the German Commercial Code (HGB)). In the latter case, deletion will occur upon the expiration of the applicable retention period.

4. Transfer of Data to Third Countries Lacking an Adequate Level of Data Protection

We use tools from companies based in the United States and other third countries. We note that third countries not recognized as safe under data protection law cannot guarantee a level of data protection equivalent to that of the EU. The United States is considered a safe third country for companies certified under the "EU-US Data Privacy Framework" (DPF). Certification of U.S. providers can be verified through the official database of the U.S. Department of Commerce:  https://www.dataprivacyframework.gov/s/participant-search. For data transfers to companies without DPF certification, we rely on EU Standard Contractual Clauses (SCCs).

Where explicit consent to the transfer of personal data to third countries has been provided, processing is additionally based on Art. 49(1)(a) GDPR. Where you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), processing is additionally based on Section 25(1) TDDDG. Consent may be withdrawn at any time.

5. Recipients of Personal Data

In the course of our business activities, we work with various external parties. This may require the transfer of personal data to such external parties. We only transfer personal data to external parties where this is required for the performance of a contract, where we are legally obligated to do so (e.g., disclosure to tax authorities), where we have a legitimate interest pursuant to Art. 6(1)(f) GDPR in the transfer, or where another legal basis permits the transfer. When engaging processors, we transfer the personal data of our clients only on the basis of a valid Data Processing Agreement (DPA). In cases of joint controllership, a joint processing agreement pursuant to Art. 26 GDPR is concluded.

6. SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, such as inquiries submitted to us as the website operator, this site uses SSL or TLS encryption. An encrypted connection is indicated by the browser address bar switching from "http://" to "https://" and by the lock icon in your browser bar. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

7. Objection to Promotional Emails

We hereby expressly object to the use of contact data, published to comply with mandatory legal notice requirements, for the purpose of sending unsolicited advertising and informational materials. The operators of this site expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam emails.

III. Rights of the Data Subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights against us:

1. Right of Access (Art. 15 GDPR)

You may request confirmation as to whether personal data relating to you is being processed by us. Where such processing is taking place, you may request information regarding the purposes of processing, the categories of data involved, the recipients, the planned retention period, and the existence of automated decision-making.

2. Right to Rectification (Art. 16 GDPR)

You have the right to rectification and/or completion if the personal data relating to you that we are processing is inaccurate or incomplete.

3. Right to Restriction of Processing (Art. 18 GDPR)

You may request the restriction of processing if you contest the accuracy of the data, the processing is unlawful, we no longer need the data, or you have lodged an objection to processing pursuant to Art. 21(1) GDPR. Where processing has been restricted, such data—with the exception of storage—may only be processed with your consent, for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

4. Right to Erasure (Art. 17 GDPR)

You may request that personal data relating to you be erased without undue delay if the data is no longer necessary for the purposes for which it was collected, you have withdrawn your consent, you lodge an objection, or the data has been processed unlawfully. Exceptions apply where processing is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims.

5. Right to Data Portability (Art. 20 GDPR)

You have the right to receive the personal data relating to you that you have provided to us, in a structured, commonly used, and machine-readable format, and to transmit that data to another controller. Where you request the direct transfer of data to another controller, this will only be carried out to the extent technically feasible.

6. RIGHT TO OBJECT (ART. 21 GDPR) - MANDATORY NOTICE

WHERE PERSONAL DATA IS PROCESSED ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU; THIS ALSO APPLIES TO PROFILING BASED ON THOSE PROVISIONS. THE LEGAL BASIS ON WHICH A PARTICULAR PROCESSING OPERATION IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU LODGE AN OBJECTION, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

WHERE YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

7. Right to Withdraw Consent (Art. 7(3) GDPR)

You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

8. Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority. The supervisory authority competent for us is:

The Hessian Commissioner for Data Protection and Freedom of Information

Gustav-Stresemann-Ring 1, 65189 Wiesbaden.

Website: https://datenschutz.hessen.de

9. No Automated Decision-Making (Art. 22 GDPR)

We do not engage in any solely automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you (Art. 22 GDPR). Should we employ such processing in the future, we will notify you in accordance with applicable legal requirements.

IV. Verarbeitung von Kunden- und Interessentendaten (Geschäftsanbahnung & Coaching)

1. Scope of Personal Data Processing

In the context of the free initial consultation (strategy call), the intake assessment, and the ongoing client relationship, we process the following data about you:

  • Basic and contact data: First and last name, address, email address, phone number.

  • Special categories of personal data (health data): Weight, body measurements, cycle data, eating habits, relevant pre-existing conditions, as well as psychological factors and personal life circumstances in the context of goal achievement.

  • Coaching-relevant data: Individual coaching goals, financial circumstances, personal interests, and routines.

2. Purpose of Data Processing

Processing serves the handling of your inquiry as a prospective client, the conduct of the initial consultation, the preparation of individualized offers (pre-contractual measures), the fulfillment of our contractual obligations under the coaching agreement, and the billing of services rendered.

3. Legal Bases for Processing

  • To the extent that we process your data for the performance of a contract, Art. 6(1)(b) GDPR serves as the legal basis.

  • The collection and processing of health data and psychological information is conducted exclusively on the basis of your prior, explicit consent within the context of our forms or the coaching agreement (Art. 9(2)(a) GDPR in conjunction with Art. 7 GDPR).

V. Provision of the Website and Creation of Log Files

1. Framer

We use the Framer service to provide and host our website and landing pages. The provider is Framer B.V., Rozengracht 207, 1016 LZ Amsterdam, Netherlands. With each access, the system automatically collects log files (browser type/version, operating system, IP address, date and time of access, referrer URL). The legal basis is Art. 6(1)(f) GDPR.

Where consent has been obtained, processing is conducted exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, to the extent that consent covers the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time. Details: https://www.framer.com/legal/privacy-statement/.

2. Ablefy (formerly Elopage)

We host our course areas, media library, and checkout infrastructure with the provider Ablefy. The provider is namotto lab GmbH, Joachimsthaler Str. 12, 10719 Berlin. Since Ablefy acts as a reseller, the user concludes the purchase agreement directly with namotto lab GmbH. Ablefy processes contract data, contact data, and payment data in this context. Use is for the purpose of contract performance (Art. 6(1)(b) GDPR) and in the interest of the secure provision of our online services (Art. 6(1)(f) GDPR). Details: https://myablefy.com/privacy.

VI. Use of Cookies and Consent Management

1. Description and Scope

Our website uses cookies. Cookies are small data packets that do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Persistent cookies remain stored on your device until you delete them yourself or your web browser performs an automatic deletion.

Cookies may originate from us (first-party cookies) or from third-party companies (third-party cookies). Cookies serve various functions: technically necessary cookies ensure the basic functionality of the website. Analytics and marketing cookies are set with your consent in order to analyze browsing behavior and optimize advertising.

You may configure your browser to notify you about the placement of cookies, to permit cookies only on a case-by-case basis, to exclude the acceptance of cookies for certain cases or in general, and to enable automatic deletion of cookies when closing your browser. Disabling cookies may impair the functionality of this website.

2. Consent Manager

We use the Consent Manager tool (integrated via Framer code) as well as the cookie technologies of Ablefy to obtain your consent for the storage of certain cookies in your browser or the use of certain technologies, and to document this in a data-protection-compliant manner.

3. Legal Bases

Technically necessary cookies are stored on the basis of Art. 6(1)(f) GDPR in conjunction with Section 25(2) TDDDG. The legal basis for technically unnecessary cookies is Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG. Consent may be withdrawn at any time.

VII. Forms and Contact

Tally (Intake Assessment and Application)

We integrate forms from the Tally service on our website to collect applications and intake assessments in a structured manner. The provider is Tally BV, Muizenstraat 7/2, 2800 Mechelen, Belgium. All information you enter is processed on Tally's servers within the European Union. The data you enter will remain with us until you request deletion, withdraw your consent to storage, or the purpose for data storage ceases to apply. Details: https://tally.so/privacy.

Processing of Special Categories of Data: We collect sensitive health data, body measurements, and psychological aspects of the weight management process through these forms in order to best prepare for coaching. Collection is conducted exclusively on the basis of your prior, explicit consent (checkbox) at the end of the respective form pursuant to Art. 9(2)(a) GDPR. You may withdraw this consent at any time with effect for the future. A Data Processing Agreement (DPA) pursuant to Art. 28 GDPR has been concluded.

VIII. Communication, AI, and Workflow Tools

1. Google Workspace (Meet, Docs, Gemini, eSignature, NotebookLM)

We use services from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for our entire office organization, contract signing, and call evaluation.

  • Google eSignature: The signing of our coaching agreements is conducted digitally via the integrated eSignature feature within Google Workspace.

  • Google Meet, Docs & Gemini: My 1:1 video calls are conducted via Google Meet. During the call, an automated transcript is created, which is stored directly in Google Docs upon completion of the call. Within Google Docs, I use the integrated AI features of Google (Gemini) to further process this transcript. This generates structured summaries, detailed evaluations, and key action items. This results in tailored documents for both the client and myself as the coach, helping both of us to optimally follow up on the content discussed and to track the progress of the mentoring.

  • NotebookLM: A separate, technically isolated notebook is created for each client. Access to this notebook is granted strictly on an individualized and exclusive basis via the respective client's email address, ensuring that no unauthorized third parties can access it. The tool is not only used for the analysis and evaluation of coaching content and call transcripts, but primarily serves the creation of individual work and coaching materials, the post-session review of content, and the visualization and illustration of topics. This supports the client in optimally understanding, learning, and sustainably internalizing the content discussed in the mentoring.

Data transfer to the United States is based on the Standard Contractual Clauses of the European Commission: https://workspace.google.com/terms/dpa_terms.html. Google holds DPF certification. The legal basis is contract performance (Art. 6(1)(b) GDPR) in conjunction with your consent to the AI-based processing of sensitive data (Art. 9(2)(a) GDPR). A DPA has been concluded.

2. Zoom (with AI Companion)

We are temporarily using Zoom for 1:1 consultations until the complete workflow in Google Meet has been established. The provider is Zoom Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. We use the Zoom AI Companion to generate automated transcripts and call summaries. Data transfer to the United States is based on Standard Contractual Clauses (https://zoom.us/gdpr). Zoom is DPF certified. Legal basis: Art. 6(1)(b) GDPR and Art. 9(2)(a) GDPR. A DPA is in place.

3. WhatsApp Business

For fast client communication, we use the instant messaging service WhatsApp Business in the "WhatsApp Business" version. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Communication is conducted via end-to-end encryption (peer-to-peer), which prevents WhatsApp or any other third parties from accessing the content of communications. WhatsApp does, however, have access to metadata generated in the course of communications (e.g., sender, recipient, and time). We further note that WhatsApp, by its own account, shares the personal data of its users with its parent company Meta, based in the United States. Meta is DPF certified. Data transfer is based on Standard Contractual Clauses (https://www.whatsapp.com/legal/business-data-transfer-addendum).

The exchange of sensitive coaching data via this channel takes place exclusively on the basis of your prior, explicit consent in the coaching agreement (Art. 6(1)(a) GDPR in conjunction with Art. 9(2)(a) GDPR). Content exchanged between you and us on WhatsApp will remain with us until you request deletion, withdraw your consent to storage, or the purpose for data storage ceases to apply. Mandatory statutory retention requirements remain unaffected.

4. Notion

For the organization of our business, the management of content, and the maintenance of general client profiles (non-sensitive basic data such as name, contract duration, and appointments), we use the Notion workspace. The provider is Notion Labs, Inc., 2300 Harrison Street, Floor 2, San Francisco, CA 94110, USA. Notion is certified under the EU-US Data Privacy Framework (DPF) and provides EU Standard Contractual Clauses as part of its Subscription Agreement. Details: https://www.notion.com/trust/privacy-policy. Use is based on our legitimate interest in effective internal administration (Art. 6(1)(f) GDPR). A DPA is included in the agreement.

5. ActiveCampaign (Email Marketing, CRM, and Newsletter)

For email marketing, customer relationship management (CRM), and the dispatch of our newsletter, we use ActiveCampaign. The provider is ActiveCampaign, Inc., 1 N Dearborn, 5th Floor, Chicago, Illinois 60602, USA. The company is DPF certified. A DPA has been concluded.

Newsletter Registration and Double Opt-In Process: If you wish to subscribe to our newsletter, we use a double opt-in process. This means: following your registration, you will receive an email containing a confirmation link. You will only be registered as a subscriber upon clicking this link. This serves as proof of your consent and protects against misuse. We store the time of registration, the time of confirmation, and your IP address. The legal basis is your consent (Art. 6(1)(a) GDPR). You may withdraw your consent at any time by using the unsubscribe link in any newsletter email or by contacting us directly.

Data Analysis by ActiveCampaign: ActiveCampaign enables us to analyze our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links, if any, were clicked. This allows us to determine which content is particularly relevant to our subscribers. We can also determine whether certain actions were taken after opening or clicking (conversion rate). ActiveCampaign also enables us to segment newsletter recipients into various categories ("clustering"). If you do not wish to be analyzed by ActiveCampaign, you may unsubscribe from the newsletter at any time via the unsubscribe link provided.

Newsletter to Existing Customers: If you have booked coaching services with us and have provided your email address in that context, we may use that email address to send newsletters containing information about similar offerings, provided we have informed you of this in advance. You may unsubscribe from this newsletter at any time via the unsubscribe link provided. The legal basis is Art. 6(1)(f) GDPR in conjunction with Section 7(3) UWG.

Retention Period and Blacklist: Data stored with us for the purpose of receiving the newsletter will be retained until you unsubscribe and deleted from the newsletter distribution list upon unsubscription. Following your unsubscription, your email address may be stored in a blacklist if this is necessary to prevent future mailings. Data in the blacklist is used solely for this purpose and is not merged with other data (Art. 6(1)(f) GDPR). Storage in the blacklist is not subject to a time limit. You may object to this storage if your interests override our legitimate interest.

Data transfer to the United States is based on the Standard Contractual Clauses of the European Commission. Details: https://www.activecampaign.com/legal/newscc.

6. ManyChat

For the automation of direct messages on social media, we use ManyChat, Inc., 2000 Broadway, San Francisco, CA 94115, USA. ManyChat captures interactions on our social media channels and automatically forwards data (e.g., email addresses for freebies) to ActiveCampaign or Google Sheets. The company is DPF certified. The legal basis is your consent through interaction with our social media channels (Art. 6(1)(a) GDPR). A DPA is in place.

IX. Coaching Management Platforms

Kahunas

For the documentation of progress, measurements, habits, and for in-app messaging, we use Kahunas. The provider is Kahunas.io Ltd, International House, 61 Mosley Street, Manchester, M2 3HZ, United Kingdom. Kahunas processes personal data as well as fitness and health-related data on servers located in the United Kingdom. An adequacy decision by the European Commission exists for the United Kingdom, guaranteeing an equivalent level of data protection. Details: https://kahunas.io/privacy. Use is for the purpose of contract performance (Art. 6(1)(b) GDPR) and on the basis of your explicit consent to the collection of health data (Art. 9(2)(a) GDPR). A DPA has been concluded.

Everfit

For the documentation of progress, measurements, habits, and for in-app messaging, we use Everfit. The provider is Everfit.io, Inc., 44 Tehama Street, San Francisco, CA 94105, USA. Data transfer to the United States is based on EU Standard Contractual Clauses. Details: https://everfit.io/privacy. Use is for the purpose of contract performance (Art. 6(1)(b) GDPR) and on the basis of your explicit consent to the collection of health data (Art. 9(2)(a) GDPR). A DPA has been concluded.

X. Analytics Tools, Advertising, and Review Platforms

Important Notice: The following analytics and advertising tools only collect data after active consent has been granted via the cookie banner.

1. Google Tag Manager & Google Analytics

We use Google Tag Manager and Google Analytics for web analytics purposes. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables us to analyze the behavior of website visitors. We thereby receive various usage data such as page views, time on site, operating systems used, and the origin of users.

Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). IP anonymization is enabled; your IP address is truncated by Google within the EU prior to transmission to the United States. Only in exceptional cases is the full IP address transmitted to a Google server in the United States and truncated there. The company is DPF certified. Use is conducted exclusively on the basis of your consent (Art. 6(1)(a) GDPR and Section 25(1) TDDDG). To prevent the collection of your data by Google Analytics, you may download the browser opt-out add-on: https://tools.google.com/dlpage/gaoptout.

2. Meta Pixel (Facebook / Instagram Pixel)

This website uses the Meta Pixel of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, for conversion tracking. This enables the effectiveness of our advertising to be evaluated for statistical purposes. We and Meta are jointly responsible for the collection and forwarding of data (Art. 26 GDPR). The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. Under this agreement, we are responsible for the data-protection-compliant implementation of the tool; Meta is responsible for the data security of Meta's products. Data subjects' rights regarding data processed by Meta may be asserted directly with Meta. Meta is DPF certified. Use is based on your consent (Art. 6(1)(a) GDPR and Section 25(1) TDDDG).

3. Review Platforms

To present our services transparently and to obtain client feedback, we use external review platforms. Where you submit a review, the terms and privacy policies of the respective providers apply. Where we send you a review link by email, this is done on the basis of your previously granted, explicit consent (Art. 6(1)(a) GDPR).

XI. eCommerce, Finance, and Creative Tools

1. Ablefy as Reseller

The sale of our digital services, courses, and freebies is conducted via the reseller Ablefy (namotto lab GmbH, Berlin). Ablefy independently processes the entire checkout process and invoicing. We receive access to the customer master data for the purpose of providing coaching (Art. 6(1)(b) GDPR).

2. Lexoffice (Accounting)

For our statutory bookkeeping, we transfer invoice data to Lexoffice, provided by Haufe-Lexware GmbH & Co. KG, Munzinger Str. 9, 79111 Freiburg. This is done to fulfill our legal obligations pursuant to Section 147 AO and Section 257 HGB (Art. 6(1)(c) GDPR). A Data Processing Agreement (DPA) has been concluded.

3. Qonto (Business Account)

For financial transactions, we use the business account at Qonto (Olinda SAS, 3 Paul Hervieu, 75015 Paris, France). Data processing is conducted on the basis of Art. 6(1)(b) GDPR.

4. Creative Services (Canva, Descript, CapCut)

For the creation of materials, worksheets, supplementary materials, and the editing of media content, we use the services of Canva Inc., Descript Inc., and Bytedance Ltd. (CapCut). To the extent that personal data is processed in this context, this is done for the performance of a contract (Art. 6(1)(b) GDPR). U.S.-based providers are safeguarded via DPF certification or Standard Contractual Clauses.

XII. Social Media Presence

1. General Information Regarding Our Social Media Channels

We maintain profiles on various social networks and content platforms. When you visit our social media profiles, personal data is collected and processed by the respective platform operators—regardless of whether you hold an account with the respective service or are logged in. The platform operators provide information on the specific processing operations in their own privacy policies.

Our social media presences serve the external representation of Female Mastery, the dissemination of content relating to our mentoring offerings, and communication with prospective clients and our community. The processing of personal data in connection with our presences is conducted, to the extent that we are a (co-)controller, on the basis of our legitimate interest in effective communication and audience development (Art. 6(1)(f) GDPR).

We note that your data may be processed by the platform operators outside the European Union. To the extent that the respective providers transfer data to the United States, this is done on the basis of DPF certification or EU Standard Contractual Clauses.

2. YouTube

We operate a YouTube channel. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit our YouTube channel, watch a video, comment, or subscribe to our channel, Google/YouTube processes various data, including your usage behavior (videos watched, time on site, clicks), technical device data, and—where you are logged into Google—your account information. Where you are logged into Google, YouTube can associate your activity on our channel directly with your Google account.

Through YouTube Studio, we have access to aggregated channel analytics (e.g., view counts, watch time, and demographic data of viewers in anonymized form). Individual identification of users is not possible for us.

Where we embed YouTube videos in our website (Framer), we recommend using the privacy-friendly embedding method (youtube-nocookie.com) to avoid the setting of tracking cookies on our website. Google holds DPF certification. Data transfer to the United States is based on the Standard Contractual Clauses of the European Commission. Details: https://policies.google.com/privacy.

Legal basis for our use: Art. 6(1)(f) GDPR.

3. Instagram

We operate an Instagram business profile. The provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When you visit our Instagram profile, Meta processes various data, including your IP address, device and browser information, and—where you are logged into Instagram—your profile and interaction data. Meta may evaluate your behavior on our profile across platforms and use it for its own purposes.

Joint Controllership for Instagram Insights (Art. 26 GDPR): As the operator of an Instagram business profile, we have access to Instagram Insights—statistical evaluations of the reach, impressions, profile visits, and demographic characteristics of our followers. We and Meta Platforms Ireland Limited are jointly responsible for this data collection and transfer to us. The obligations applicable to us jointly are set out in the joint controllership agreement, which can be accessed at: https://www.facebook.com/legal/controller_addendum. Data subjects' rights (e.g., access, erasure) regarding data processed by Meta may be asserted directly with Meta. To the extent that you assert these rights with us, we will forward them to Meta.

Meta is DPF certified. Data transfer to the United States is based on Standard Contractual Clauses. Details: https://privacycenter.instagram.com/policy/.

Legal basis: Art. 6(1)(f) GDPR.

4. TikTok

We operate a Tik Tok channel. The provider is Tik Tok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (European subsidiary of ByteDance Ltd.).

When you visit our Tik Tok channel or interact with our content (viewing, liking, commenting, following), Tik Tok processes various data, including your usage behavior, device data, IP address, and—where you are logged into Tik Tok—your account information. Tik Tok may use this data for its own analytics and advertising purposes.

We have access to aggregated channel analytics via Tik Tok Creator Studio (e.g., video views, engagement rates, demographic reach). These statistics do not enable the identification of individual users.

Data transfer to third countries (including the United States and, where applicable, other countries) is based on the Standard Contractual Clauses of the European Commission. We note that Tik Tok/ByteDance also operates servers outside the EU; corresponding SCCs have been concluded. Details: https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE.

Legal basis: Art. 6(1)(f) GDPR.

5. Facebook (Business Page / Fan Page)

We operate a business page (fan page) on Facebook. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

When you visit our Facebook page, Meta collects personal data, including your IP address, device and browser information, and—where you are logged into Facebook—your Facebook profile data. Meta uses this to generate what are known as Page Insights (page statistics covering reach, page visits, and interactions). This data is also used by Meta for its own purposes, including advertising.

Joint Controllership for Facebook Page Insights (Art. 26 GDPR): Pursuant to the ruling of the Court of Justice of the European Union (CJEU, C-210/16) and the subsequent practice of data protection authorities, we as the operator of a Facebook fan page and Meta Platforms Ireland Limited are jointly responsible for the collection and transfer of Page Insights. The obligations applicable to us jointly are set out in the "Page Insights Controller Addendum," which can be accessed at: https://www.facebook.com/legal/terms/page_controller_addendum. Under this agreement, primary responsibility for the data-protection-compliant provision of the Page Insights feature lies with Meta. Data subjects' rights (e.g., access, erasure) regarding data processed by Meta may be asserted directly with Meta. To the extent that you assert these rights with us, we are obligated to forward them to Meta.

Meta is DPF certified. Data transfer to the United States is based on the Standard Contractual Clauses of the European Commission: https://www.facebook.com/legal/EU_data_transfer_addendum. Details on data processing: https://www.facebook.com/privacy/explanation.

Legal basis: Art. 6(1)(f) GDPR.

6. LinkedIn (geplant)

We plan to establish a LinkedIn company profile in the near future. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

When you visit our LinkedIn profile or interact with our content, LinkedIn processes various data, including your IP address, and—where you are logged into LinkedIn—your profile information and professional data. As the operator of a LinkedIn company page, we will have access to aggregated page analytics (LinkedIn Page Analytics). To the extent that these analytics are based on joint controllership with LinkedIn, LinkedIn will provide a corresponding agreement pursuant to Art. 26 GDPR.

Data transfer to the United States is based on the Standard Contractual Clauses of the European Commission. Details: https://www.linkedin.com/legal/privacy-policy. This section will be updated upon establishment of the LinkedIn profile.

Legal basis: Art. 6(1)(f) GDPR.

Last Updated: June 2026