Privacy Policy + Terms of Service
1. Overview
General Information
The guidelines below provide a simple overview of what happens to your personal data when you visit our website. Personal data refers to any information that can be used to identify you. Detailed information about our privacy practices can be found in the privacy policy provided below.
Data Collection on Our Website
Who is responsible for data collection on this site?
The data processing on this website is carried out by the website operator. You can find their contact details in the “Notice of the Responsible Party” section of this privacy policy.
How do we collect your data?
Some of the data is collected when you provide it to us. This could, for example, be data you enter into a contact form.
Other data is collected automatically by our IT systems when you visit our website. This primarily involves technical data (e.g., web browser, operating system, or time of page view). This data is collected automatically as soon as you access our website.
What do we use your data for?
Some data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.
What rights do you have regarding your data?
At any time, you have the right to obtain free information about the origin, recipient, and purpose of your stored personal data. You also have the right to request corrections or the deletion of this data. If you have consented to data processing, you can withdraw this consent at any time, effective moving forward. Additionally, under certain circumstances, you can request the restriction of the processing of your personal data. You also have the right to file a complaint with the appropriate regulatory authority.
For any questions about data privacy, you can contact us at any time.
Analysis Tools and Third-party Tools
When visiting our website, your browsing behavior can be statistically evaluated. This primarily takes place using analytics programs.
Detailed information about these analytics programs can be found in the privacy policy below.
Social Media Links
The social media buttons on our website are merely links to the respective providers. No data is transferred to these providers unless you click on these buttons. Upon clicking, you'll be redirected to the respective provider's website.
Depending on whether you were logged in to these providers at the time of clicking, your data will be processed according to the privacy policies of these providers. This could potentially be used for profiling, which is beyond our control or responsibility.
2. Hosting
We host the content of our website with the following provider:
External Hosting
This website is hosted externally. The personal data collected on this website are stored on the servers of the hosting provider(s). This primarily pertains to IP addresses, contact requests, metadata and communication data, contractual data, contact details, names, website access, and other data generated via a website.
The external hosting is carried out for the purpose of fulfilling our contract with our potential and existing customers (Art. 6 Para. 1 lit. b GDPR) and in the interest of a secure, fast, and efficient provision of our online services by a professional provider (Art. 6 Para. 1 lit. f GDPR). If consent was obtained, processing is exclusively based on Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG, as long as the consent pertains to the storage of cookies or access to information on the user's end device (e.g., device fingerprinting) as defined by TTDSG. This consent can be revoked at any time.
Our hosting provider(s) will only process your data to the extent necessary to fulfill their performance obligations and will comply with our instructions regarding this data.
We use the following hosting provider:
Vercel Inc.
340 S Lemon Ave #4133
Walnut, CA 91789
Order Processing
We have entered into a contract for order processing (AVV) to use the aforementioned service. This is a contract required by data protection law, ensuring that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR
3. General Information and Mandatory Information
Privacy
The operators of this site take your personal data protection very seriously. We handle your personal data confidentially, in accordance with statutory data protection regulations and this privacy policy.
When using this website, various personal data is collected. Personal data means any information that can personally identify you. This privacy policy clarifies what data we collect, its purpose, and the manner of its processing.
Please be aware that online data transfers (e.g., email communication) can be subject to security vulnerabilities. Complete protection of data from third-party access is not guaranteed.
Notice of the Responsible Party
The party responsible for data processing on this website is:
Canel Teichmann
Vergissmeinnichtweg 14
12526 Berlin
Phone: +49 (0) 174876624
Email: info@canelsoul.com
The responsible party is the natural or legal entity that decides, alone or jointly with others, on the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Data Retention
Unless stated otherwise within this privacy policy, your personal data remains with us until the purpose for its processing no longer exists. Should you make a valid deletion request or retract consent for data processing, your data will be deleted unless we have other legally permissible reasons for retaining your personal data (e.g., tax or commercial record-keeping requirements). In the latter case, deletion takes place once those reasons no longer apply.
General Notes on the Legal Basis for Data Processing on This Website
Your personal data is processed based on various legal foundations. If you've consented to data processing, it is based on Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR for special data categories under Art. 9 Para. 1 GDPR. In cases of explicit consent for data transfers to third countries, processing also relies on Art. 49 Para. 1 lit. a GDPR. If you've agreed to store cookies or access information on your device (e.g., via device fingerprinting), processing additionally rests on § 25 Para. 1 TTDSG. This consent is revocable at any time. If data is necessary for contract fulfillment or pre-contractual measures, the processing is based on Art. 6 Para. 1 lit. b GDPR. We also process your data if necessary due to legal obligations, based on Art. 6 Para. 1 lit. c GDPR. Data processing may also arise from our legitimate interests under Art. 6 Para. 1 lit. f GDPR. The relevant legal bases in specific cases are discussed in subsequent sections of this policy.
Note on Data Transfers to Insecure Third Countries and to Non-DPF Certified US Companies
We utilize tools from companies based in data-protection-insecure third countries, including US tools from providers not certified under the EU-US Data Privacy Framework (DPF). Active tools may transfer and process your personal data in these countries. Note that insecure third countries may not guarantee an EU-comparable data protection level. The US, despite being a third country, generally ensures a comparable data protection level to the EU. Data transfers to the US are permissible if the recipient holds a certification under the “EU-US Data Privacy Framework” (DPF) or provides adequate additional safeguards. This policy contains further information about third-country transfers and recipients.
Recipients of Personal Data
In our business operations, we cooperate with various external entities. Sometimes this necessitates the transfer of personal data. We only share personal data if required for contract fulfillment, if legally obligated (e.g., data transfers to tax authorities), and if there's a legitimate interest under Art. 6 Para. 1 lit. f GDPR, or if another legal basis permits data sharing. When employing data processors, we only transfer customer data based on a valid contract. For joint processing, a joint processing agreement is made.
Revocation of Consent for Data Processing
Most data processing activities are possible only with your express consent. You can retract your consent at any time. The lawfulness of data processing carried out before the retraction remains unaffected by the revocation.
Right to Object to Data Collection in Specific Cases and Against Direct Advertising (Art. 21 GDPR)
IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. Please refer to this privacy statement for the legal basis on which processing is based. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS (OBJECTION ACCORDING TO ART. 21 PARA. 1 GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS APPLIES ALSO TO PROFILING, IN SO FAR AS IT IS CONNECTED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL THEN NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION ACCORDING TO ART. 21 PARA. 2 GDPR).
Right to Lodge a Complaint with the Competent Supervisory Authority
In case of breaches of the GDPR, the affected parties have a right to lodge a complaint with a supervisory authority, especially in the member state of their habitual residence, place of work, or the place of the alleged infringement. This right to lodge a complaint is without prejudice to any other administrative or judicial remedy.
Right to Data Portability
You have the right to have data, which we process automatically on the basis of your consent or in fulfillment of a contract, handed over to yourself or a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done as far as technically feasible.
Right to Information, Correction, and Deletion
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin, and recipient, and the purpose of data processing, and if applicable, a right to correction or deletion of this data. For further questions on the subject of personal data, you can contact us at any time.
Right to Restriction of Processing
You have the right to request the restriction of processing of your personal data. You can contact us at any time for this. The right to restriction of processing applies in the following cases:
If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of processing of your personal data.
If the processing of your personal data happened/happens unlawfully, you can request the restriction of data processing instead of deletion.
If we no longer need your personal data but you need them to exercise, defend, or assert legal claims, you have the right to request restriction of processing instead of deletion.
If you have lodged an objection pursuant to Art. 21 Para. 1 GDPR, a balance must be struck between your interests and ours. As long as it is not clear whose interests prevail, you have the right to request the restriction of processing of your personal data.
If you have restricted the processing of your personal data, these data may only be processed – apart from being stored – with your consent or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
SSL or TLS Encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the change in the browser's address line from "http://" to "https://", and by the lock symbol in your browser line.
When the SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
4. Data Collection on This Website
Server Log Files
The website provider automatically collects and saves certain data in "Server-Log-Files" that your browser sends to us. This includes:
Browser type and version
Operating system
Referrer URL
Hostname of the accessing computer
Time of the server request
IP address
These data won't be merged with other data sources.
This data collection is to ensure that the website works properly and is optimized.
Contact Form
If you send inquiries via our contact form, we store the details you provide, including your contact details, to process the inquiry and in case of follow-up questions.
We don't share this information without your consent.
This information remains with us until you ask us to delete it, or the reason for storing it no longer applies (e.g., after completing your request). Legal requirements, like mandatory storage periods, remain unaffected.
Inquiries via Email, Phone, or Fax
If you contact us by email, phone, or fax, we'll save and process your inquiry and all related personal data (e.g., name, inquiry).
We don't share this data without your permission.
This information stays with us until you ask for its deletion, or the storage reason no longer applies. Legal requirements, such as statutory retention periods, are still observed.
Calendly
Our website allows you to schedule appointments with us using the tool "Calendly."
Calendly is provided by Calendly LLC, based in Atlanta, Georgia, USA.
When booking, you enter your desired details and appointment date. This information is used for scheduling, conducting, and potentially following up on the appointment.
Your appointment data is stored on Calendly's servers. Their privacy policy can be found at: Calendly Privacy.
Your data stays with us until you ask us to delete it, or the reason for its storage no longer applies. Mandatory legal provisions, like data retention periods, are still valid.
The legal basis for data processing is to allow straightforward scheduling for users. If consent was sought, data processing complies with specific legal provisions. This consent can be revoked at any time.
Data transfer to the USA is based on standard contractual clauses of the EU Commission. More details can be found at: Calendly DPA.
Order Processing Agreement: We've signed a data processing agreement with Calendly. This ensures Calendly processes the personal data of our website visitors following our instructions and in compliance with data protection regulations.
5. Newsletter
Newsletter Data
If you wish to subscribe to the newsletter offered on our website, we require your email address and information that allows us to verify you are the owner of the provided email and that you agree to receive the newsletter. We collect no additional data unless voluntarily provided. We utilize newsletter service providers for managing the newsletter, as described below.
Convertkit
Our website uses Converkit for sending newsletters. The provider is ConvertKit, Inc. 750 West Bannock Street #761. Boise, Idaho 83701-0761
Converkit is a service that enables us, among other things, to organize and analyze our newsletter dispatch. The data you provide for the purpose of subscribing to our newsletter is stored on the servers of ConvertKit, Inc. 750 West Bannock Street #761. Boise, Idaho 83701-0761
Data Analysis by Convertkit
With Converkit, we can analyze our newsletter campaigns. For instance, we can determine if a newsletter message was opened and which links were possibly clicked on. This allows us to identify which links are clicked most frequently.
Furthermore, we can determine if, after opening/clicking the newsletter, certain predefined actions were carried out (e.g., conversion rate). This way, we can ascertain whether you made a purchase after clicking on the newsletter.
Convertkit also enables us to segment newsletter recipients into various categories ("clustering"). For instance, recipients can be segmented by age, gender, or location. This segmentation ensures better adaptation of our newsletters to the respective target groups.
If you do not wish to have an analysis by Converkit, you need to unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.
For detailed information on Convertkit's features, visit the following link: Converkit Newsletter Software
Legal Basis
The processing of your data is based on your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke this consent at any time. However, the legality of the data processing operations that have already taken place remains unaffected by the revocation.
Storage Duration
The data you provide for subscribing to our newsletter will be stored by us or our newsletter service provider until you unsubscribe. Upon unsubscribing, your data will be deleted from the newsletter distribution list. Data stored by us for other purposes remains unaffected.
After you unsubscribe from the newsletter distribution list, your email address may be stored on our or the newsletter service provider's blacklist to prevent future mailings. Data on the blacklist is used solely for this purpose and is not merged with other data. This serves both your interest and our interest in adhering to the legal requirements of newsletter dispatch (legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR). The storage on the blacklist is indefinite. You can object to this storage if your interests outweigh our legitimate interests.
For more details, consult Converkits's privacy policy here: Converkit Privacy Policy.
Order Processing
We have entered into a contract for order processing (AVV) to use the aforementioned service. This is a legally mandated contract ensuring that the personal data of our website visitors is processed in accordance with our directives and in compliance with the GDPR.