Privacy Policy – Renate Hechenberger
Stand: May 2026.
Gültig für http://www.renatehechenberger.com
1. Overview – What data is processed and why?
When you visit my website or use my offers, personal data is processed. This happens either because you actively provide this data to me, for example via a contact form, by email, as part of a booking or when subscribing to a newsletter, or because your device automatically transmits technical information.
The types of data processed may include, in particular:
Inventory data, for example name, address and billing data
Contact data, for example email address and telephone number
Content data, for example text entries, messages and information provided in the course of the collaboration
Usage data, for example access times, page views and IP address
Communication and metadata, for example browser, device and operating system
The purposes of processing include, in particular:
Provision and optimisation of my website
Communication and response to enquiries
Preparation, performance and administration of my services
Invoicing and payment processing
Security and system stability
Sending newsletters after subscription
Provision of a user account or access to a learning or advisory platform, where used
2. Controller and Contact
Renate Hechenberger
Lagergasse 44
8020 Graz
Austria
Phone: Tel: +43 316 912958
E-Mail: office(at)renatehechenberger.com
Please replace “(at)” with the @ symbol.
3. Your Rights
You have the right at any time to:
Access pursuant to Art. 15 GDPR
Rectification pursuant to Art. 16 GDPR
Erasure pursuant to Art. 17 GDPR
Restriction of processing pursuant to Art. 18 GDPR
Data portability pursuant to Art. 20 GDPR
Objection pursuant to Art. 21 GDPR
Withdrawal of consent previously given, with effect for the future
You may lodge complaints with the Austrian Data Protection Authority:
www.dsb.gv.at
4. Security and Encryption
This website uses SSL or TLS encryption. You can recognise an encrypted connection by the lock symbol in your browser’s address bar.
Payment processes and transactional emails are also transmitted in encrypted form, insofar as this is technically possible.
5. Contact and Forms
If you contact me via a contact form, by email or through another contact option, I process your information in order to handle your enquiry and any possible follow-up questions.
The legal basis is Art. 6 para. 1 lit. b GDPR, insofar as your enquiry is related to an existing or potential contractual relationship, and Art. 6 para. 1 lit. f GDPR on the basis of my legitimate interest in handling enquiries.
The data will be stored for as long as this is necessary to handle the enquiry or for as long as statutory retention obligations apply.
6. Booking, Contract Processing and Payment Processing
If you book a service, I process the personal data required for this purpose, in particular name, contact details, billing data, booking information and, where applicable, payment information.
The legal basis is Art. 6 para. 1 lit. b GDPR for the performance of a contract and the implementation of pre-contractual measures, as well as Art. 6 para. 1 lit. c GDPR for compliance with statutory retention and tax obligations.
Invoicing and payment processing will be carried out via SumUp. The data required for invoicing and payment will be transmitted to SumUp for this purpose. The data protection provisions of SumUp apply additionally to processing by SumUp.
7. User Account and Learning or Advisory Platform
If you register for my learning platform, your details will be stored, for example name, email address, password, booking history, learning progress and, where applicable, certificates.
You may receive transactional emails, for example double opt-in emails, password resets, appointment reminders or notifications about new content. These may be sent via MailerLite.
You may request the deletion of your user account at any time. Certain data, in particular billing data, must be retained for seven years for tax law reasons.
8. Newsletter, Email and MailerLite
If you subscribe to my newsletter, processing is carried out via MailerLite.
The provider is MailerLite Ltd., Dublin, Ireland.
In particular, your email address, where applicable your name, and technical data relating to the subscription are processed. In addition, open and click rates may be analysed in order to better tailor content to the interests of readers.
Subscription takes place using a double opt-in procedure. You may unsubscribe at any time via the unsubscribe link in the newsletter or by email.
The legal basis is your consent pursuant to Art. 6 para. 1 lit. a GDPR.
The processing of personal data by MailerLite is governed by MailerLite’s Data Processing Addendum, which forms part of its Terms of Use. To the extent that personal data is processed outside the European Union, this is carried out on the basis of appropriate safeguards in accordance with the requirements of the GDPR.
9. Use of Artificial Intelligence
In the course of my work, I may use AI-supported tools, in particular for structuring thoughts, linguistic drafting, preparing texts, reflecting on complex contexts, and internal work organisation.
Personal data may be processed in this context, provided that this is necessary, appropriate and legally permissible for the respective provision of services.
I take care to use only the information that is necessary for the respective purpose. Confidential content is handled with care. Where possible, data is shortened, anonymised or formulated in such a way that no unnecessary personal information is processed.
AI-supported tools are not used for automated decisions concerning clients. Results are not adopted without review, but are personally checked, contextualised and responsibly assessed by me.
Depending on the context, the legal basis for such processing may be Art. 6 para. 1 lit. b GDPR, Art. 6 para. 1 lit. f GDPR or explicit consent pursuant to Art. 6 para. 1 lit. a GDPR.
Where external AI services are used, processing may be carried out by the respective provider. Where required, appropriate contractual and data protection safeguards are taken into account.
10. Zoom – Online Sessions and Power Talks
For online events such as 1:1 sessions, Power Talks or group formats, I use Zoom, a service provided by Zoom Video Communications, Inc., San Jose, USA.
Personal data such as name, email address, IP address, as well as audio and video data may be processed in this context.
Note on recordings:
Sessions are recorded only with the prior consent of all participants. The recording is used exclusively for follow-up purposes or for the agreed purpose and is not shared with third parties without consent.
Further information can be found in Zoom’s Privacy Policy:
https://zoom.us/de-de/privacy.html
10a. Calendly – Appointment Booking
For the simple online booking of Power Talks, I use Calendly, a service provided by Calendly LLC, USA.
When you book an appointment via Calendly, the data you enter will be processed. This may include, in particular, your name, email address, selected appointment, time zone and, where applicable, information about your concern or other information that you voluntarily provide in the booking form.
The processing is carried out for the purpose of scheduling, managing, preparing and conducting the booked conversation.
Calendly also processes data in the USA. Calendly provides a Data Processing Addendum; according to Calendly, this is integrated into its Terms of Use and nothing additional needs to be signed. Calendly also refers to Standard Contractual Clauses and other safeguards for international data transfers.
Further information can be found in Calendly’s Privacy Policy:
https://calendly.com/legal/privacy-notice
11. Vimeo-Videos
Videos may be embedded via Vimeo on some pages. The provider is Vimeo Inc., 555 West 18th Street, New York, NY 10011, USA.
When you access a page with an embedded Vimeo video, a connection to Vimeo’s servers is established. In this process, your IP address, the page visited, device information and, where applicable, information about your usage behaviour may be transmitted, even if you are not logged in to Vimeo.
Further information can be found in Vimeo’s Privacy Policy:
https://vimeo.com/privacy
12. Google Fonts
This website uses Google Fonts. The fonts are embedded locally in order to ensure a privacy-friendly display. No connection to Google servers is established.
13. Social Media Links
This website contains only links to my social media profiles, for example LinkedIn, Facebook or Instagram. No social media plugins are used.
When visiting these platforms, the respective privacy policies of the providers apply:
Meta / Facebook / Instagram: Meta (Facebook & Instagram): https://www.facebook.com/privacy/policy/
LinkedIn: https://www.linkedin.com/legal/privacy-policy
14. Plausible Analytics
I use Plausible Analytics on my website. The provider is Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia.
Plausible Analytics is operated on its own servers and in a privacy-friendly manner.
Plausible Analytics enables me to analyse the behaviour of website visitors. For this purpose, the following data in particular is collected: page URL, HTTP request, HTTP referrer, browser, operating system, device type and IP address.
HTTP request and IP address are processed only briefly and are not permanently stored in a personally identifiable form. Direct identification of individual persons is not intended.
Where consent has been obtained, the use is based on Art. 6 para. 1 lit. a GDPR. Consent may be withdrawn at any time.
Where consent is not required, the use is based on Art. 6 para. 1 lit. f GDPR. My legitimate interest lies in the privacy-friendly analysis and optimisation of my website.
15. Retention Period
Personal data is stored only for as long as this is necessary for the respective purpose or for as long as statutory retention obligations apply.
In principle, the following retention periods apply:
Contact enquiries: up to two years
Invoicing and accounting data: seven years
Newsletter data: until withdrawal of consent or unsubscribe
Contract and booking data: for as long as this is necessary for contract processing, evidentiary purposes or statutory obligations
16. No Disclosure Without a Legal Basis
I do not disclose personal data without a legal basis.
Disclosure takes place only where this is necessary for the performance of a contract, where there is a legal obligation, where consent has been given, or where service providers are involved within the framework of data processing on behalf of the controller.
17. Objection to Unsolicited Advertising
I expressly object to the use of my contact details published in the legal notice or on this website for advertising purposes or unsolicited contact.
18. Update of this Privacy Policy
This Privacy Policy is reviewed regularly and updated where necessary.
