Privacy Policy – Renate Hechenberger

Effective: June 2025 | Valid for http://www.renatehechenberger.com | GDPR-compliant (EU/Austria)

---

 

1. Overview – What data is processed and why?

When you visit my website, personal data may be processed – either because you actively provide it (e.g., via the contact form), or because your device automatically transmits technical information.

Types of data processed: Master data (name, address, billing details) Contact data (email, phone number) Content data (text entries, messages) Usage data (e.g., access times, page views, IP address) Communication/meta data (browser, device, system.

Purposes of processing: Provision and optimization of my website Communication and responding to inquiries Security & system stability Delivery of e-books & newsletters (after registration) Provision of your user account (learning platform)

2. Controller & Contact

Renate Hechenberger
Lagergasse 44, 8020 Graz, Austria
Phone: Tel: +43 316 912958
Email: office(at)renatehechenberger.com; please change (at) with @

3. Your rights

You have the right at any time to: Access (Art. 15 GDPR) Rectification (Art. 16 GDPR) Erasure (Art. 17 GDPR) Restriction of processing (Art. 18 GDPR) Data portability (Art. 20 GDPR) Object (Art. 21 GDPR)

Complaints can be submitted to the Austrian Data Protection Authority: www.dsb.gv.at

4. Security & Encryption

This website uses SSL/TLS encryption. Payment processes (e.g., via PayPal) and transactional emails are also encrypted. You can recognize this by the padlock icon in your browser.

5. User account & LearnDash platform

If you register for my learning platform, your details will be stored – e.g., name, email, password, booking history, learning progress, and any certificates.

You may receive transactional emails (double opt-in, password reset, reminders of appointments or new content). These are sent via ActiveCampaign.

You may request deletion of your user account at any time. Certain data (e.g., invoices) must be retained for tax reasons for 7 years.

6. Contact & forms

If you contact me via the contact form or by email, I will process your data to handle your request. These details are retained as long as necessary for the purpose.

Legal basis: Art. 6 (1) lit. a and b GDPR (consent or contract performance). Your data will never be shared without your consent.

7. Newsletter, email & ActiveCampaign

If you subscribe to my newsletter or download an e-book, processing takes place via ActiveCampaign (USA). Open and click rates may also be analyzed.

You can unsubscribe at any time – via the link in the newsletter or by email. I have signed a GDPR-compliant Data Processing Agreement (DPA) with ActiveCampaign. Data is stored on servers in the USA.

Data Processing Agreement (DPA): I have signed a Data Processing Agreement (DPA) with ActiveCampaign. This document complies with EU requirements and obliges ActiveCampaign to adhere to European data protection standards.

8. Zoom (online Sessions & Power Talks)

For online sessions such as 1:1 Sessions and Power Talks, I use Zoom, a service of Zoom Video Communications, Inc., San Jose, USA. Personal data such as name, email address, IP address, and audio/video recordings may be processed.

Note on recordings:
Some sessions are recorded – only with prior consent of all participants. Recordings are used exclusively for follow-up and are not shared with third parties.

Zoom processes data independently. More information: https://zoom.us/de-de/privacy.html

9. Vimeo videos

Some pages embed videos via Vimeo (Vimeo Inc., 555 West 18th Street, New York, NY 10011, USA).

When you visit a page with a Vimeo video, a connection to Vimeo servers is established. IP address, visited page, device information, and possibly usage behavior may be transmitted – even if you are not logged into Vimeo.

More information: https://vimeo.com/privacy

10. Google Fonts

This website uses Google Fonts (Open Sans, Cinzel, Manus). They are embedded locally to ensure data protection. No connection to Google servers takes place..

11. Social media links (LinkedIn, Facebook, Instagram)

This website contains simple links to my social media profiles (LinkedIn, Facebook, Instagram). No plugins are used.

When visiting these platforms, the respective providers’ privacy policies apply: Meta (Facebook & Instagram): Meta (Facebook & Instagram): https://www.facebook.com/privacy/policy/ - LInkedIn https://www.linkedin.com/legal/privacy-policy

12. Data transfer for contracts & digital content

Personal data is transferred to third parties only if necessary for contract execution – e.g., to banks for payment processing. Any further transfer only occurs with your consent.

Legal basis: Art. 6 (1) lit. b GDPR (contract performance and pre-contractual measures).

13. Storage duration

• Contact inquiries: max. 2 years
• Billing data: 7 years
• Newsletter data: until withdrawal or unsubscribing

14. Plausible Analytics

We use Plausible Analytics. Provider: Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia.

We host Plausible Analytics on our own servers (on premise).

The following data may be collected: page URL, HTTP request, referrer, browser, operating system, device type, IP address. Requests and IP addresses are stored in a hash for 24h to recognize repeat visits. No personal identification is possible.

If consent has been obtained, use is based on Art. 6 (1) lit. a GDPR. If not, processing is based on Art. 6 (1) lit. f GDPR (legitimate interest in meaningful visitor analytics).

15. No disclosure without consent

Your data will never be passed on without legal basis or your explicit consent. Exceptions apply only where required by law or with contracted processors.

16. Objection to advertising

I expressly object to the use of my data for advertising purposes or unsolicited contact.

Note: This privacy policy is updated regularly.