Privacy Policy

1.1 Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website or work with me as a coaching client. Personal data is any information that can be used to personally identify you.

Data Collection on This Website

I, Petra Psenner, am responsible for data processing on this website. You can find my contact information in the “Data Controller” section below.

Your data is collected, on the one hand, when you provide it to me—for example, via the contact form, the online appointment booking system (Acuity Scheduling), by email, or as part of a coaching registration that includes a medical history form. Other data is automatically collected by the Squarespace hosting platform when you visit the website (e.g., technical access data in server log files).

Your Rights

  • Information about your stored data, its source, recipients, and the purpose of processing (Art. 15 GDPR)

  • Correction of Inaccurate Data (Art. 16 of the GDPR)

  • Deletion of Your Data (Art. 17 of the GDPR)

  • Restriction of Processing (Art. 18 GDPR)

  • Data Portability (Art. 20 of the GDPR)

  • Objection to Processing (Art. 21 of the GDPR)

  • Withdrawal of Consent with Future Effect

  • Complaint to a data protection supervisory authority

If you have any questions regarding data protection, please feel free to contact me at any time: petra@petrapsenner.com

1.2 Hosting (Squarespace)

I host my website with Squarespace. The service provider is Squarespace Ireland Ltd., Squarespace House, Ship Street Great, Dublin 8, Ireland; the parent company is Squarespace, Inc., 225 Varick Street, 12th Floor, New York, NY 10014, USA (collectively, “Squarespace”).

When you visit this website, Squarespace automatically processes data in so-called server log files that your browser transmits. This includes, in particular: IP address, date and time of access, browser type and version, operating system used, referrer URL, and the pages accessed. This data is technically necessary for the provision, stability, and security of the website and is not combined with other data sources.

Data processing is carried out on the basis of Article 6(1)(f) of the GDPR (legitimate interest in ensuring that my website is reliable, secure, and technically sound).

Since Squarespace also processes data on servers in the U.S., data may be transferred to a third country. This is based on Squarespace’s certification under the EU-U.S. Data Privacy Framework and, additionally, on the European Commission’s Standard Contractual Clauses. I have entered into a Data Processing Addendum with Squarespace. For more information, please see Squarespace’s Privacy Policy: www.squarespace.com/privacy

1.3 General Information and Mandatory Disclosures

Data Controller

The entity responsible for data processing on this website is:

Petra Psenner

33 Görresstraße

80798 Munich

Email: petra@petrapsenner.com

Retention period

Unless a more specific retention period is stated in this Privacy Policy, your data will remain with me until the purpose of the processing no longer applies. In the event of a legitimate request for deletion or revocation of your consent, your data will be deleted unless required by statutory retention periods (e.g., under tax or commercial law, up to ten years); thereafter, the data will be deleted once these reasons no longer apply.

Legal Basis for Data Processing

To the extent that you have given your consent, I process your data pursuant to Article 6(1)(a) of the GDPR. For special categories of personal data (e.g., health data in the context of coaching), Article 9(2)(a) of the GDPR also applies—in such cases, explicit consent is required. If your data is necessary for the performance of a contract or for the implementation of precontractual measures, I process it on the basis of Article 6(1)(b) of the GDPR. To comply with legal obligations, I process data in accordance with Article 6(1)(c) of the GDPR. In other cases, processing may be based on my legitimate interest (Article 6(1)(f) of the GDPR). If you consent to the storage of cookies or access to device information, Section 25(1) of the TDDDG also applies.

Health Data in the Context of Coaching

As part of my coaching work, I sometimes collect and process information about your health (e.g., via the health history form, during coaching sessions, or by email). This information constitutes special categories of personal data within the meaning of Article 9 of the GDPR. I process this data exclusively on the basis of your explicit consent (Article 9(2)(a) of the GDPR), which you provide before the start of coaching and may revoke at any time with future effect.

This information will be treated as strictly confidential, will not be disclosed to third parties, and will be retained only for as long as necessary to conduct the coaching sessions and, if applicable, to comply with legal retention requirements.

I would like to expressly point out that health coaching is not a substitute for medical, psychotherapeutic, or healing treatments.

Video Conferences (Google Meet)

I conduct coaching sessions and introductory meetings via Google Meet, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. I use Google Meet as part of my Google Workspace (Business) account. This involves the processing of data such as your name, email address, connection and metadata, as well as video and audio during the session. Sessions are recorded only with your separate, prior consent.

Session-related data (e.g., calendar entries, invitations, and, if applicable, shared documents) is stored in my Google Workspace account; I also store coaching materials and notes locally on my own, password-protected devices.

Data processing is based on Article 6(1)(b) of the GDPR (performance of a contract or pre-contractual measures, since the session is part of the booked or requested coaching service). A data processing agreement is in place with Google (Data Processing Amendment to Google Workspace). To the extent that data is transferred to the United States, this is based on Google’s certification under the EU-U.S. Data Privacy Framework as well as the European Commission’s Standard Contractual Clauses. For more information: policies.google.com/privacy

Contact Us (Email and Contact Form)

If you contact me by email or through the contact form on this website, your information (name, email address, phone number if applicable, and the content of your message) will be stored to process your inquiry and in case of follow-up questions. The contact form is technically provided by Squarespace (see the “Hosting” section).

The legal basis is Article 6(1)(b) of the GDPR (precontractual measures or performance of a contract); otherwise, Article 6(1)(f) of the GDPR (legitimate interest in the effective processing of inquiries). I will not disclose this data without your consent and will delete it as soon as it is no longer necessary for processing and there are no legal retention requirements to the contrary.

Online Appointment Scheduling (Acuity Scheduling)

To schedule appointments—especially the free introductory consultation—I use Acuity Scheduling, a service provided by the Squarespace Group (Squarespace Ireland Ltd., Squarespace House, Ship Street Great, Dublin 8, Ireland; Squarespace, Inc., 225 Varick Street, New York, NY 10014, USA).

When you make a reservation, I process the information you provide, specifically your name, email address, phone number (if applicable), the selected date and time, and any voluntary information you provide in the reservation form. This processing is based on Article 6(1)(b) of the GDPR (implementation of precontractual measures or performance of a contract).

Since Acuity also processes data on servers in the United States, data may be transferred to a third country; this is based on Squarespace’s certification under the EU-U.S. Data Privacy Framework and the European Commission’s Standard Contractual Clauses. Squarespace’s Data Processing Addendum applies. For more information: www.squarespace.com/privacy

Newsletters and Freebie Mailouts (Squarespace Email Campaigns)

If you sign up for my free freebie (“When It All Gets Too Much” – 5 Exercises for Your Nervous System) or my newsletter, I’ll process your email address and, if applicable, your name, to send you the material and keep you informed about my offers, content, and news. Sign-up uses a double opt-in process: You’ll first receive a confirmation email, and your subscription won’t be active until you click the confirmation link.

I use Squarespace Email Campaigns, a service provided by Squarespace (see the “Hosting” section for provider information), to send emails. Squarespace Email Campaigns tracks whether and when sent emails are opened and which links are clicked. I use this data to improve my content.

The legal basis is your consent (Art. 6(1)(a) GDPR). You can unsubscribe at any time by clicking the unsubscribe link in any email or by sending me an informal email; this does not affect the lawfulness of any processing that has already taken place. After you unsubscribe, your email address will be deleted from the mailing list, provided there are no legal retention requirements to the contrary. The Squarespace Data Processing Addendum applies; for any potential data transfer to the U.S., the safeguards described in the “Hosting” section apply.

Cookies

This website uses cookies. Technically necessary cookies (e.g., for the site’s basic functions, cookie settings, or appointment booking) are stored pursuant to Art. 6(1)(f) of the GDPR in conjunction with § 25(2) of the TDDDG. For all non-essential cookies (e.g., statistics, marketing), I obtain your consent in advance via a cookie banner—the legal basis is § 25(1) of the TDDDG in conjunction with Article 6(1)(a) of the GDPR. You can change your selection at any time via the cookie settings; your consent may be revoked at any time.

Squarespace Analytics (Visitor Statistics)

I use the analytics feature built into Squarespace (Squarespace Analytics) to analyze how my website is used (e.g., page views, visitor numbers, approximate location, referral sources). This analysis helps me improve my website. To the extent that cookies or similar technologies are used on your device for this purpose, this is done only with your consent via the cookie banner (Section 25(1) of the German Telemedia Act (TDDDG) in conjunction with Article 6(1)(a) of the General Data Protection Regulation (GDPR)). The analysis is provided to me in aggregated form; I do not maintain profiles of individual visitors.

Fonts

To ensure a consistent appearance on this website, I use the fonts Cormorant Garamond and Jost (Google Fonts), which are integrated via the Squarespace platform. When the fonts are loaded, your browser may establish a connection to Google’s servers (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland); for technical reasons, your IP address is transmitted during this process. This integration is based on Article 6(1)(f) of the GDPR (legitimate interest in a consistent and appealing design). For more information, see developers.google.com/fonts/faq and policies.google.com/privacy

Payment Processing

Payment for my coaching services is made via invoice and bank transfer. In doing so, I process your billing and payment information (name, address, service booked, bank details as shown on the transfer) for the purpose of contract fulfillment (Art. 6(1)(b) GDPR) as well as to comply with tax and commercial law retention requirements (Art. 6(1)(c) GDPR; retention for up to ten years).

Social Media – Instagram

This website contains links to my Instagram profile (@petrapsenner), provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Simple links (text links or icons without an embedded social plugin) do not transmit any data to Instagram simply by viewing the page; you only leave my site when you click on the link. If an active plugin is integrated, I will inform you separately here; in that case, processing would be based on Art. 6(1)(f) of the GDPR or, in the case of cookie use, additionally on § 25(1) of the TDDDG.

SSL/TLS Encryption

For security reasons, this website uses SSL or TLS encryption. You can tell that the connection is encrypted when the browser’s address bar changes from“http://” to“https://” and when the padlock icon appears in the browser bar. When encryption is enabled, the data you send to me cannot be read by third parties.

Right to Object (Art. 21 of the GDPR)

You have the right to object at any time to the processing of your personal data for reasons arising from your particular situation, provided that such processing is based on Article 6(1)(e) or (f) of the GDPR. If you object, I will no longer process your data unless I can demonstrate compelling legitimate grounds for the processing that override your interests, or the processing is necessary for the establishment, exercise, or defense of legal claims.

Right to File a Complaint with the Supervisory Authority

In the event of violations of the GDPR, you have the right to file a complaint with a data protection supervisory authority, specifically in the Member State of your habitual residence, your place of work, or the location of the alleged violation. The supervisory authority with jurisdiction over me is:

Bavarian State Office for Data Protection Supervision, Promenade 18, 91522 Ansbach, Phone: 0981 180093-0, Email: poststelle@lda.bayern.de, www.lda.bayern.de

Validity and Amendments to This Privacy Policy

This Privacy Policy is effective as of the date of publication. I reserve the right to amend it if my data processing procedures or the legal situation change. The current version, available on this page, is the one that applies.