I am pleased that you are visiting my website. Protecting your privacy and your personal data, known as personal data, when using my website is of great importance to me.
According to Art. 4 No. 1 GDPR, personal data means any information relating to an identified or identifiable natural person. Data that cannot be linked to your person (e.g., through anonymization) is not considered personal data. The processing (e.g., collection, storage, retrieval, querying, use, transmission, deletion, or destruction) of personal data under Art. 4 No. 2 GDPR always requires a legal basis or your consent. Processed personal data must be deleted as soon as the purpose of processing has been achieved and no statutory retention obligations apply.
Below, you will find information on how your personal data is handled when visiting my website. To provide the functions and services of my website, it is necessary for me to collect personal data about you.
I explain the type and scope of data processing, the purpose, the legal basis, and the storage period in each case.
This privacy policy applies only to this website (www.b-lab.io). It does not apply to other websites to which I merely refer via hyperlinks. I cannot assume responsibility for the confidential handling of your personal data on third-party websites, as I have no influence over whether these companies comply with data protection regulations. Please inform yourself directly on these websites about how your personal data is handled by these companies.
The controller responsible for the collection and processing of personal data on this website (see Legal Notice) is:
| Name: | Sebastien Andreo |
| Street, House Number: | Elsa-Brändström-Straße 6 |
| Postal Code, City: | 91056 Erlangen |
| Country: | Germany |
| Email: | info(at)b-lab.io |
| Phone Number: | +49 155 61945699 |
When you visit my website without otherwise transmitting data to me (e.g., through registration or use of the contact form), I collect technically necessary data via server log files.
This data includes:
The collection and management of server log files are carried out by my hosting provider. I have concluded a data processing agreement with them.
This processing is technically necessary to display my website to you. The legal basis for this processing is Art. 6(1)(f) GDPR. The processing of the mentioned data is necessary for providing a website and thus serves a legitimate interest in improving the stability and functionality of my business.
As soon as the personal data is no longer required for displaying the website, it will be deleted. The collection of data for providing the website and the storage of data in log files is essential for the operation of the website. Therefore, users have no right to object in this regard. Further storage may occur in individual cases if required by law.
I use cookies. Cookies are small text files that are sent to your device’s browser when you visit my website and stored there. Some functions of my website cannot be offered without the use of technically necessary cookies. Some cookies allow me to recognize the browser you are using when you revisit my website and transmit various information to me. I use cookies to facilitate and improve the use of my website. If third parties process information via cookies, they collect this information directly from your browser. However, cookies cannot execute programs or contain viruses.
My website uses different types of cookies:
Persistent Cookies My website uses so-called persistent cookies, which are stored in your browser for 31 days and can transmit information. You can delete persistent cookies independently via your browser settings.
You can configure your browser to accept only certain cookies or no cookies at all. However, I would like to point out that you may then no longer be able to use all functions of my website. Disabling the use of cookies may require the storage of a persistent cookie on your computer. If you delete this cookie afterward, you must disable it again.
The legal basis for processing personal data using cookies is Art. 6(1)(f) GDPR. If you have given me your consent to the use of cookies based on a notice provided on the website (e.g., a cookie banner), the additional legal basis is Art. 6(1)(a) GDPR.
As soon as the data transmitted to me via cookies is no longer required for the purposes described above, this information will be deleted. Further storage may occur in individual cases if required by law.
In the pre-contractual phase and when concluding a contract, I collect personal data about you. This includes, for example, first and last name, address, email address, phone number, or bank details.
I collect and process this data solely for the purpose of contract execution or fulfilling pre-contractual obligations. The legal basis for this is Art. 6(1)(b) GDPR. If you have additionally given your consent, the legal basis is Art. 6(1)(a) GDPR.
The data will be deleted as soon as it is no longer required for the purpose of processing. Statutory retention obligations may apply. If such retention obligations exist, I will block or delete your data after these obligations expire.
I only disclose your personal data to third parties if: a) You have given your explicit consent under Art. 6(1)(a) GDPR. b) This is legally permissible and necessary under Art. 6(1)(b) GDPR for fulfilling a contractual relationship with you or carrying out pre-contractual measures. c) There is a legal obligation for disclosure under Art. 6(1)(c) GDPR. I am legally obliged to transmit data to government authorities (e.g., tax authorities, social insurance carriers, health insurance companies, supervisory authorities, and law enforcement agencies). d) The disclosure is necessary under Art. 6(1)(f) GDPR to safeguard legitimate business interests or to assert, exercise, or defend legal claims, and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data. e) I use external service providers (processors) under Art. 28 GDPR, who are obliged to handle your data carefully. I use such service providers in the following areas:
When transmitting data to external parties in third countries (i.e., outside the EU or EEA), I ensure that these parties handle your personal data with the same care as within the EU/EEA. I only transfer personal data to third countries where the European Commission has confirmed an adequate level of protection or where I ensure careful handling of personal data through contractual agreements or other appropriate safeguards.
If you contact me by email or via the provided contact form, you will be referred to this privacy policy during the sending process to obtain your consent. If you use the contact form, the transmitted data, including your contact details, will be stored.
Providing your contact details enables me to process your request and send you a response by email. When using the contact form, your personal data will not be passed on to third parties. The legal basis for processing is your consent under Art. 6(1)(a) GDPR, which you provide voluntarily and can revoke at any time for the future.
The data you enter in the contact form will remain with me until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after processing your request). Mandatory legal provisions—particularly retention periods—remain unaffected.
I am committed to protecting your privacy and treating your personal data confidentially. For this purpose, I implement comprehensive technical and organizational security measures, which are regularly reviewed and updated in line with technological progress.
This includes, among other things, the use of recognized encryption methods (SSL or TLS). However, unencrypted data (e.g., unencrypted emails) may potentially be read by third parties. I have no control over this. It is the responsibility of each user to protect the data they provide through encryption or other means against misuse.
I use IONOS SE’s WebAnalytics service on this website. IONOS SE is a company of United Internet AG, Elgendorfer Straße 57, 56410 Montabaur, Germany, Phone: +49 (0) 721 170 55 22, Email: info@ionos.de. Data is collected either via a pixel or a log file. To protect personal data, WebAnalytics does not use cookies. The visitor’s IP address is transmitted when a page is accessed, immediately anonymized after transmission, and processed without personal reference. WebAnalytics collects data solely for statistical evaluation and technical optimization of the website. No data is passed on to third parties. The legal basis is Art. 6(1)(f) GDPR.
For some services, I use Next Cloud IONOS SE, WhatsApp, and Signal. I explicitly refer you to the privacy policies of the respective providers.
I offer you the opportunity to contact me via WhatsApp, a messaging service provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, I use the “Business Version” of WhatsApp. If you use my WhatsApp contact for general inquiries, I will store and use the mobile phone number you use on WhatsApp, as well as—if provided—your first and last name, based on Art. 6(1)(f) GDPR, due to my legitimate interest in providing the desired information efficiently and promptly. Your data will only be used to respond to your inquiry via WhatsApp. It will not be passed on to third parties. Please note that WhatsApp Business accesses the address book of the mobile device I use for this purpose and automatically transmits phone numbers stored in the address book to a server of the parent company Facebook Inc. in the USA. For operating my WhatsApp Business account, I use a device whose address book only contains the WhatsApp contact details of users who have also contacted me via WhatsApp. This ensures that every person whose WhatsApp contact details are stored in my address book has already consented to the transmission of their WhatsApp phone number from the address books of their chat contacts by accepting WhatsApp’s terms of use when first using the app on their device, in accordance with Art. 6(1)(a) GDPR. The transmission of data from users who do not use WhatsApp and/or have not contacted me via WhatsApp is thus excluded. For information on the purpose and scope of data collection and the further processing and use of data by WhatsApp, as well as your rights and setting options for protecting your privacy, please refer to WhatsApp’s privacy notices: https://www.whatsapp.com/legal/?eea=1#privacy-policy
Additionally, I offer you the option to contact me via Signal: Signal Messenger with end-to-end encryption; service provider: Privacy Signal Messenger, LLC, 650 Castro Street, Suite 120-223, Mountain View, CA 94041, USA; Website: https://signal.org/de.
Your data will only be used to respond to your inquiry via Signal. It will not be passed on to third parties. For information on the purpose and scope of data collection and the further processing and use of data by Signal, as well as your rights and setting options for protecting your privacy, please refer to Signal’s privacy notices: Privacy Policy: https://signal.org/legal/
The following privacy notices relate to the use of video/audio conferencing systems as part of coaching:
Next Cloud by IONOS SE, Elgendorfer Str. 57 56410 Montabaur. IONOS SE operates its servers in their german data centers. Information on data protection can be found at: https://www.ionos.de/datenschutzerklaerung
WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Information on data protection can be found at: https://www.whatsapp.com/legal/#privacy-policy
I use video and audio conferencing systems to conduct meetings sessions. The video conferencing systems are technically provided by the respective provider. The provider’s terms of use remain unaffected. The controller for data processing directly related to the conduct of online coaching is Sebastien Andreo.
When using the above systems, various types of data are processed. The scope of the data also depends on the information you provide before or during participation in an online coaching session. The following personal data is processed:
To participate in an online conference or enter the “meeting room,” you must at least provide your name. You can also use a pseudonym.
If I wish to record an online coaching session, I will inform you transparently and—if necessary—ask for your consent. As a rule, no recording of the online coaching takes place. This also applies to the chat function. Automated decision-making under Art. 22 GDPR is not used.
If you have concluded a contract with me as a client, the legal basis is Art. 6(1)(b) GDPR (contract or pre-contract). If you have given your consent to the processing of your personal data, the legal basis is Art. 6(1)(a) GDPR.
I only use audio or video recordings and functions not necessary for a session on the legal basis of the consent of the data subjects under Art. 6(1)(a) GDPR. Consent is obtained in advance. Personal data processed in connection with participation in online coaching is generally not passed on to third parties unless intended for disclosure.
Data Processing Outside the European Union The providers of audio and video conferencing systems are partially based in the USA (e.g., Signal). Personal data is thus also processed in a third country. Currently, there is no EU Commission decision that the USA generally offers an adequate level of protection for personal data.
Regarding the personal data concerning you, you will find your rights below. Details can be found in Articles 7, 15-22, and 77 GDPR. You can contact the competent supervisory authority responsible for me. A list of supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/EN/Service/Anschriften/anschriften_node.html.
Right to Revoke Your Consent (Art. 7(3) GDPR) You can revoke your consent to the processing of your personal data at any time with effect for the future under Art. 7(3) GDPR. However, this does not affect the lawfulness of the processing carried out until the revocation.
Right to Information (Art. 15 GDPR) Under Art. 15 GDPR, you have the right to request confirmation as to whether I process personal data concerning you. If this is the case, you have the right to information about this personal data and further information.
Right to Rectification (Art. 16 GDPR) Under Art. 16 GDPR, you have the right to demand the immediate correction of incorrect data. Taking into account the purposes of the processing, you have the right to request the completion of incomplete data.
Right to Erasure (Art. 17 GDPR) Under Art. 17 GDPR, you have a right to erasure if the processing is not necessary. This is the case if your data is no longer necessary for the original purposes, was processed unlawfully, or you have revoked your data protection consent.
Right to Restriction of Processing (Art. 18 GDPR) Under Art. 18 GDPR, you have a right to restriction of processing, e.g., if you believe the personal data is incorrect.
Right to Data Portability (Art. 20 GDPR) Under Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format.
Right to Object (Art. 21 GDPR) Under Art. 21 GDPR, you have the right to object at any time, for reasons arising from your particular situation, to the processing of certain personal data concerning you. In the case of direct marketing, you as the data subject have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct marketing.
Automated Individual Decision-Making, Including Profiling (Art. 22 GDPR) Under Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing—including profiling—except in the exceptions mentioned in Art. 22 GDPR. A decision based solely on automated processing—including profiling—does not take place.
Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR) You also have the right to lodge a complaint with a data protection supervisory authority at any time if you believe that data processing is not in compliance with data protection regulations.
I reserve the right to update this policy as needed at any time. This privacy policy is valid from February 1, 2023.