PPP !

Privacy Policy Last updated: February 2026 This Privacy Policy describes how Isabel Bernhauser ("we", "us", or "our") collects, uses and processes personal data when you visit or make a purchase from https://impact.me/isabelbernhauser (the "Site") or otherwise use our online courses and services (collectively, the "Services"). We process personal data in accordance with the General Data Protection Regulation (GDPR). 1. Data Controller The data controller responsible for processing your personal data within the meaning of the GDPR is: Isabel Bernhauser Lerchengasse 5 2514 Traiskirchen Austria Email: [email protected] 2. What Personal Data We Collect Depending on how you interact with our Services, we may collect the following categories of personal data: a) Data You Provide Directly - First and last name - Billing address - Email address - Phone number (if provided) - Account login details - Course purchase history - Messages you send us b) Payment Information Payments are processed via third-party payment providers. We do not store full credit card details. c) Newsletter Data If you subscribe to our newsletter via Mailchimp, we collect: - Your email address - Optional name - Interaction data (opens, clicks) d) Automatically Collected Data When you visit the Site, we may automatically collect: - IP address - Browser type - Device information - Pages visited - Date and time of access This is necessary for technical functionality and security. 3. Legal Basis for Processing (Art. 6 GDPR) We process your personal data on the following legal bases: - Art. 6(1)(b) GDPR – Performance of a contract (course purchases, account management) - Art. 6(1)(a) GDPR – Consent (newsletter subscription) - Art. 6(1)(c) GDPR – Legal obligation (tax and accounting requirements) - Art. 6(1)(f) GDPR – Legitimate interests (IT security, fraud prevention, business operations) You may withdraw consent at any time with future effect. 4. How We Use Your Data We use your personal data to: - Provide and manage online courses - Process payments - Send transactional emails - Provide customer support - Send newsletters (if you consented) - Comply with legal obligations - Protect our website from misuse We do not sell your personal data. 5. Newsletter If you subscribe to our newsletter, your data is processed via Mailchimp, a service of Intuit Inc., which may process data in the United States. Mailchimp participates in the EU-U.S. Data Privacy Framework and uses Standard Contractual Clauses as appropriate safeguards for international data transfers. You can unsubscribe at any time via the link in every email. 6. Data Retention We retain personal data only as long as necessary: - Purchase and invoice data: 7 years (Austrian tax law) - Account data: until deletion request - Newsletter data: until you unsubscribe - Technical server logs: typically 14–30 days After the retention period expires, data is deleted unless legally required otherwise. 7. International Data Transfers Some of our service providers (e.g., Mailchimp or hosting providers) may process data outside the European Union. Where data is transferred to third countries, appropriate safeguards such as Standard Contractual Clauses or participation in recognized data protection frameworks are used. 8. Cookies Our Site uses technically necessary cookies to ensure functionality and security. We do not use Google Analytics or advertising tracking tools. If non-essential cookies are introduced in the future, we will obtain your consent via a cookie banner. You can adjust cookie settings in your browser at any time. 9. Disclosure of Data We may share personal data with: - Payment providers - Hosting providers - Email marketing provider (Mailchimp) - IT service providers All service providers process data based on contractual agreements in accordance with Art. 28 GDPR. We do not sell personal data. 10. Your Rights Under GDPR You have the right to: - Access your personal data (Art. 15 GDPR) - Rectification (Art. 16 GDPR) - Erasure (Art. 17 GDPR) - Restriction of processing (Art. 18 GDPR) - Data portability (Art. 20 GDPR) - Object to processing (Art. 21 GDPR) - Withdraw consent at any time You also have the right to lodge a complaint with a supervisory authority. In Austria, this is the: Austrian Data Protection Authority 11. Children's Data Our Services are not directed at children under 16. We do not knowingly collect personal data from children. 12. Security We implement appropriate technical and organizational measures to protect personal data. However, no online transmission is completely secure.