Privacy Policy

 Objective and responsible authority

  1. This Privacy Policy clarifies for users the nature, scope and purpose of the Processing of their personal data within this Website and my online services (hereinafter referred to as “Website”). This Privacy Policy applies regardless of the domains, systems, platforms and devices that are used (e.g. desktop or mobile phone) and on which this Website runs.
  2. The service provider and controller responsible for data processing within the scope of this Website is Dr. Christiane Michelberger, Ostermader Kamp 1, Anlage Hohes Ufer Nr. 508, 23779 Neukirchen-Ostermade, Germany, E-Mail: contact@findingawakening.com (hereinafter referred to as ” Dr. Michelberger ” or “I”). For further information and contact possibilities please refer to: https://www.findingawakening.com/impressum/.
    1. The term “user” includes both Clients and Website visitors. The terminology used within this Privacy Policy, such as “users”, is gender-neutral.
  1. Essential information for data processing and legal basis
    1. I process personal data only in compliance with the relevant data protection provisions. This means user data is only processed when legally permitted or where your consent is present.
    2. All the personal User data I collect is processed in accordance with the relevant data protection regulations. That means I only process User data where this is permitted by law. This applies, in particular, if data processing is required or prescribed by law in order to furnish my contractual services (e.g. to process orders) and provide online services, or if the User has provided their consent, or if it is for the purposes of my legitimate interests (i.e. my interest in analysing, optimising and running my Website in a secure and commercially viable manner within the meaning of Art. 6 (1) (f) of the General Data Protection Regulation (GDPR) or, prior to the application of the GDPR, on the basis of § 15 (3) of the German Telemedia Act (TMA)), particularly in terms of measuring reach, creating profiles for advertising and marketing purposes, collecting access data, and using third-party services.
    3. With regard to the processing of personal data on the basis of the General Data Protection Regulation (GDPR), which will become effective on the 25th of May 2018, I point out that the legal basis of your consents is Article 6 (1) a. and Article 7 GDPR, the legal basis for processing necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract is Article 6 (1) b. GDPR, the legal basis for the processing necessary for compliance with a legal obligation is Article 6 (1) c. GDPR, and the legal basis for the processing for the purposes of the legitimate interests I pursue, is Article 6 (1) f. GDPR.
  2. Security measures
    1. I take organizational, contractual and technical security measures based on the latest technology standards to ensure compliance with data protection laws and regulations to protect the personal data I manage against accidental or deliberate manipulation, loss, destruction or access by unauthorized persons.
    2. The security measures include, in particular, the encrypted transmission of data between your device and my server.
  3. Transfer of personal data to third-parties
    1. I only transfer personal data to third parties with your consent or for billing purposes (e.g. to conduct bank transactions or to send invoices by post) or where required to fulfil my legal obligations or contractual obligations to users.
    2. If I use subcontractors to provide my services, I will take appropriate legal precautions and appropriate technical and organizational measures to protect personal data in accordance with applicable law.
    3. If, within the scope of this privacy policy, I use contents, tools or other means of other providers (hereinafter jointly referred to as “third parties”) and whose registered office is in a third country in terms of the GDPR, it is to be assumed that a data transfer takes place to the third country. Third countries are countries in which the GDPR is not a directly applicable law, i. E. basically countries outside the EU or the European Economic Area. The transfer of data to third countries is either based on legal permission, user consent, special guarantees, like the Privacy-Shield or special contractual clauses, which ensure a legally required security of the data.
  4. Registration and cancellation of the online forum membership
    1. Within the scope of the registration by the users, the necessary information will be communicated to the users. This includes in particular:
      • username;
      • Email address (not visible to other users);
      • Password (stored in encrypted form).
    1. In addition to the above-mentioned data, each user decides for himself about further information.
    2. User profiles are not public and cannot be indexed by search engines. They are only accessible to other users within the online forum. I would like to point out that information shared with other users may allow conclusions to be drawn about the user.
    3. Upon termination of the membership in the online forum, I am entitled to delete the user profile and the contents of the terminating user. It is the users’ responsibility to protect their data from cancellation. The deletion takes place within 30 days at the latest. Only postings and comments (but not private message chats) remain in the online forum for the sake of other users, so that conversations, advice or the like don’t lose their meaning or become distort. These contributions will be anonymized, i. e. the names of the authors will be removed. USer can request the deletion of the remaining contents at any time.
  1. Contacting me
    1. If a Client gets in touch with me via the contact form or by email, I process the Client’s details in order to respond to and deal with the query or request.
    2. The Client’s details may be stored in my customer relationship management (CRM) system or a comparable enquiry system and must then be stored for six years due to statutory requirements concerning business correspondence or 10 years if they have any legally mandated relevance for tax purposes.
  2. Logfiles
    1. Based on my legitimate interests, I collect data on every access to the server, which hosts this Website (so-called server log files). The access data include the name of the accessed Website, file, date and time of access, amount of data transferred, notification on successful access, browser type plus version, the operating system of the user, referrer URL (previously visited page), IP address and the requesting provider.
    2. I use the log data without assignment to the user or any other profile creation in accordance to the legal regulations only for statistical, operational and security purposes or to optimize the Website. However, I reserve the right to check the log data retrospectively, if there is concrete evidence providing reasonable grounds for suspecting illegal use. Otherwise I delete the data within seven days.
  3. Cookies
    1. A cookie is a small piece of data sent from a website and stored in a user’s web browser while a user is browsing a website. When the user browses the same website in the future, the data stored in the cookie can be retrieved by the website to notify the website of the user’s previous activity. Unless expressly stated in this Privacy Policy, I use so-called “session cookies”, which are only stored for the duration of the current visit to my Website (e. g. to enable your login status or the shopping cart function and thus the use of my online offer at all). A session cookie stores a randomly generated unique identification number, a so-called session-ID. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when users have finished using my online offer and, for example, log out or close the browser. This Privacy Policy also explains to Users how I use cookies in a pseudonymised manner to measure reach.
    2. Most browsers automatically accept cookies, but you can usually refuse cookies or selectively accept certain cookies by adjusting the preferences in your browser. If you turn off cookies, there might be some features of my Website that will not be available to you and some web pages may not display properly.
    3. You may opt-out from many ad-serving cookies by using the services provided by http://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices/ for users from the European Union
  4. Google Analytics
    1. I use on the basis of my legitimate interests (i.e. interest in the analysis, optimization and economic operation of my services) according to Article 6 (1) f. GDPR Google Analytics, a web analysis service provided by Google Inc. (‘Google’). Google Analytics uses ‘cookies’, text files stored on your computer, which allow analysis of your use of this Website. The data generated by the cookie about your use of the Website is usually transmitted to and stored by Google on servers in the United States.
    2. Please note that on this Website, Google Analytics has been supplemented by the code anonymizeIp() in order to ensure anonymized collection of IP addresses. This means that Google will truncate your IP address within Member States of the European Union or other Contracting States to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to Google servers in the United States and truncated there. Google will use this information on behalf of the operator of this Website for the purpose of evaluating your use of the Website, compiling reports on Website activity for Website operators and providing them other services relating to Website activity and Internet use. The IP address transmitted by your browser within the scope of Google Analytics, will not be associated with any other data held by Google.
    3. Google is certified under the Privacy-Shield Agreement, thereby guaranteeing compliance with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
    4. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this Website. Furthermore, you can prevent the collection of data generated by the cookie about your use of the Website (including your IP address) and its processing by Google by downloading and installing the browser plug-in provided under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
    5. For further information on data processing by Google, settings and opt-out possibilities please refer to: http://www.google.com/policies/technologies/ads, http://www.google.de/settings/ads and http://www.google.com/ads/preferences/.
  5. Use of Facebook Social Plugins
    1. I use on the basis of my legitimate interests (i.e. interest in the analysis, optimization and economic operation of my services) according to Article 6 (1) f. GDPR social plugins („plugins’) provided by the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you live in the European Union, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland („Facebook“). The plugins are usually identifiable by a Facebook logo (e.g. letter f on blue background or a thumb up icon). For a full list of all social Plugins please see https://developers.facebook.com/docs/plugins/.
    2. Facevbook is certified under the Privacy-Shield Agreement, thereby guaranteeing compliance with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
    3. When you visit a page of my Website that contains a social plugin, your browser establishes a direct connection to Facebook servers. Facebook directly transfers the plugin content to your browser that embeds the latter into the Service, enabling Facebook to receive information about you having accessed the respective page of my Website. Thus, I have no influence on the data gathered by the plugin and inform you according to my state of knowledge: The embedded plugins provide Facebook with the information that you have accessed the corresponding page of my Website. If you are logged into Facebook, your visit can be assigned to your Facebook account. If you interact with the plugins, for example by clicking „Like”, or entering a comment, the corresponding information is transmitted from your browser directly to Facebook and stored by it. Even if you are not logged into Facebook, there is possibility that the plugins transmit your IP-address to Facebook.
    4. For the information on the purpose and scope of data collection and procession by Facebook, as well as your rights in this respect and settings options for protecting your privacy please visit Facebook’s privacy policy: https://www.facebook.com/about/privacy/.
    5. In case you want to opt out of being subject to Facebook’s use of your data for marketing purposes please use Facebook’s opt-out settings provided within your user profile: https://www.facebook.com/settings?tab=ads or the opt-out possibilities on the websites http://www.aboutads.info/choices or for users from the EU http://www.youronlinechoices.com. Your choices are irrespective of platforms and devices and will be considered while using desktop or mobile devices.
    6. Memberful Plugin 
    7. The Memberful LLC,
      PO Box 2374,
      Ponte Vedra, FL 32004, USA,  provides the  Memberful plugin that connects the website to the forum and also connects to the payment provider Stripe. Memberful complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Memberful has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. Privacy Policy .  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.    
  6. Newsletter
    1. With the following information I would like to clarify the contents of my newsletter as well as the registration, sending and statistical evaluation procedures and your rights of objection. By subscribing to my newsletter, you agree to receive and follow the procedures described below.
    2. I send newsletters, e-mails, push notifications, and other electronic notifications that contain promotional materials (hereinafter referred to as “Newsletter”) only with the consent of the recipient or with statutory license. The Newsletter contains information about the Buddhist way to awakening.
    3. Double opt-in and logging: The registration for my newsletter is done in a so-called double opt-in process. That means, after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with other people’s e-mail addresses. The subscriptions to the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes saving the logon and confirmation time as well as the IP address. The changes to your data stored by the service provider are also logged.
    4. Service Provider: The delivery of messages is carried out using the service “MailChimp”, an e-mail service from Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view MailChimp’s Privacy Policy here: https://mailchimp.com/legal/privacy/.
    5. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy-Shield Agreement, thereby guaranteeing compliance with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).
    6. Statistical survey and analysis – The newsletters contain a so-called “web-beacon”, a pixel-sized file retrieved from the server of the service provider when the newsletter is opened. In the context of this process, technical data, such as data on the browser and your system, as well as your IP address and time of the process, are collected. This data is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior. Statistical surveys also include determining whether the newsletters are opened, when they are opened, and which links are clicked. This data can be assigned to individual newsletter recipients for technical reasons. It is, however, neither my aim, nor that of the shipping service provider, to observe individual users. The evaluations serve us much more to recognize the reading habits of my users and to adapt my content to them or to send different content according to the interests of my users.
    7. The use of the service provider, the carrying out of the statistical surveys and analyses as well as the logging of the registration procedure shall be carried out on the basis of my legitimate interests, Article 6 (1) f. GDPR. I am interested in the use of a user-friendly and secure newsletter system, which serves both my business interests and user expectations.
    8. If you have registered for my newsletter, you can end the subscription at the bottom of each newsletter e-mail. If you are only registered for the newsletter and have cancelled this registration, your personal data will be deleted.
  7. Integration of third-party services and content
    1. For the purposes of my legitimate interests (i.e. my interest in analysing, optimising and running my Websites in a commercially viable manner within the meaning of Art. 6 (1) f) of the GDPR), I use third-party content and service delivery services on my Websites in order to incorporate content and services such as videos and fonts, for example (hereinafter jointly referred to as “content”). The third-party provider of this content always requires the User’s IP address in order to send the content to the browser of the respective User. In other words, the IP address is required to display this content. I endeavour only to use such content where the respective provider uses the IP address exclusively to deliver said content. Third-party providers may additionally use “pixel tags” (invisible image files, also known as web beacons) for statistical or marketing purposes. Pixel tags can be used to analyse information such as the number of visitors accessing the pages of this Website. The pseudonymised information may additionally be stored on User devices in the form of cookies. This information includes technical information on the browser and operating system, referring websites, time spent on the Website, and further details on how Users make use of my Websites, plus it can also be combined with comparable information from other sources.
    2. The list below provides an overview of third-party providers and their content as well as links to their privacy policies, which contain further information on data processing and opt-out mechanisms, some of which have already been discussed here:
  1. 13.Revocation, changes, corrections and updates
    1. You have the right to receive information about and access to the personal data I store on you upon request. Furthermore, you have the right to obtain the rectification of inaccurate personal data and the right to have incomplete personal data completed, the right to obtain the erasure of personal data or its restriction of processing and, if applicable, the right to data portability and the right to complain to the supervisory authority (Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein, Holstenstraße 98, 24103 Kiel, Germany).
    2. You are also free to revoke your consents in data processing with future effect.
    3. 14.Deletion of data

The data I store will be deleted as soon as it is no longer necessary for its primary or legally extended purpose and is not subject to any legal retention obligations (i.e. in accordance with commercial or tax law). If users’ data is retained, its processing for other purposes will be restricted.

  1. 15.Right to object

Users may at any time object to the future processing of their personal data in accordance with legal requirements. The opposition may, in particular, be made against processing for the purposes of direct advertising.

  1. 16.Amendments of this Privacy Policy
    1. I reserve the right to modify or amend this Privacy Policy with view to the provision of new services, if and to the extent necessary. The same applies if the current Privacy Policy is found to lack any legally provided information.
    2. Please check back periodically and especially before you provide any new personal data.

Last updated on: November 2017