Privacy Policy

Last updated: March 18, 2025

Introduction

At walczyn.ski (Owner: Charles Walczynski) (hereinafter collectively referred to as ‘the Company’, ‘we’, or ‘us’), we take the protection of your personal data seriously and would like to inform you about data protection in our company.

The EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: ‘GDPR’) has imposed additional obligations on us within the scope of our data protection responsibilities to ensure the protection of personal data of individuals affected by processing (we will refer to you as the affected person, ‘customer’, ‘user’, ‘you’, or ‘data subject’ in the following).

Insofar as we decide, either alone or jointly with others, on the purposes and means of data processing, this includes, above all, the obligation to inform you transparently about the nature, scope, purpose, duration, and legal basis of the processing (cf. Art. 13 and 14 GDPR). With this statement (hereinafter: ‘Privacy Notice’), we inform you about the manner in which your personal data is processed by us.

Our Privacy Notice has a modular structure. It consists of a general section for any processing of personal data and processing situations by walczyn.ski (Owner: Charles Walczynski) (A. General) and a special section, the content of which only relates to the processing situation when visiting our website (B. Visiting our Website).

A. General

(1) Definitions

Following the model of Art. 4 GDPR, this Privacy Notice is based on the following definitions:

  • ‘Personal data’ (Art. 4 No. 1 GDPR) is any information relating to an identified or identifiable natural person (‘data subject’). A person is identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. Identifiability can also be established by linking such information or other additional knowledge. The origin, form, or embodiment of the information is not relevant (photos, video, or audio recordings can also contain personal data).
  • ‘Processing’ (Art. 4 No. 2 GDPR) is any operation performed on personal data, whether or not by automated means. This includes, in particular, collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing, or destroying personal data, as well as changing a target or purpose determination on which a data processing was originally based.
  • ‘Controller’ (Art. 4 No. 7 GDPR) is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • ‘Third party’ (Art. 4 No. 10 GDPR) means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data; this also includes other legal entities within a group of companies.
  • ‘Processor’ (Art. 4 No. 8 GDPR) is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller, in particular in accordance with the controller’s instructions (e.g., IT service provider). In the data protection sense, a processor is not a third party.
  • ‘Consent’ (Art. 4 No. 11 GDPR) of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

(2) Name and Address of the Controller

The entity responsible for processing your personal data within the meaning of Art. 4 No. 7 GDPR is:

walczyn.ski
Charles Walczynski
Breidenbacherstraße 25
55116 Mainz
Email: charles@walczyn.ski Tel.: +49 160 20 90 634

For further information about our company, please refer to the legal notice on our website https://walczyn.ski/legal. All references to “we”, “us”, or “our” in this Privacy Policy refer to this entity as the controller of your data.

(3) Data Protection Contact

For any questions and as a contact person on the subject of data protection at our company, you can reach us at any time using the following contact details:

Charles Walczynski
Breidenbacherstraße 25
55116 Mainz
Tel.: +49 160 20 90 634
Email: charles@walczyn.ski

Any data subject can contact us directly regarding data protection matters. Please note that communication via email normally takes place unencrypted.

Please note: As a sole proprietorship with fewer than 20 employees regularly handling personal data, we are not legally required to appoint a Data Protection Officer according to §38 BDSG (German Federal Data Protection Act). Nevertheless, we take the protection of your data very seriously and handle all data protection inquiries with the highest priority.

(4) Legal Basis for Data Processing

By law, in principle, any processing of personal data is prohibited and only permitted if the data processing falls under one of the following justifications:

  • Art. 6(1)(a) GDPR (‘Consent’): If the data subject has voluntarily, in an informed manner and unambiguously expressed by a statement or by another clear affirmative action that he or she agrees to the processing of his/her personal data for one or more specific purposes;
  • Art. 6(1)(b) GDPR: If the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • Art. 6(1)(c) GDPR: If the processing is necessary for compliance with a legal obligation to which the controller is subject (e.g., a statutory retention obligation);
  • Art. 6(1)(d) GDPR: If the processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • Art. 6(1)(e) GDPR: If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or
  • Art. 6(1)(f) GDPR (‘Legitimate Interests’): If the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data (in particular if the data subject is a child).

The storage of information in the end device of the end user or access to information already stored in the end device is only permitted if covered by one of the following justifications:

  • §25(1) TTDSG: If the end user has given consent on the basis of clear and comprehensive information. Consent must be given in accordance with Art. 6(1)(a) GDPR;
  • §25(2) No. 1 TTDSG: If the sole purpose is to carry out the transmission of a message via a public telecommunications network; or
  • §25(2) No. 2 TTDSG: If the storage or access is absolutely necessary for the provider of a telemedia service to be able to provide a telemedia service explicitly requested by the user.

For the processing operations carried out by us, we indicate the applicable legal basis in each case below. A processing operation can also be based on several legal bases.

(5) Data Deletion and Storage Duration

For the processing operations carried out by us, we indicate in each case below how long the data is stored by us and when it is deleted or blocked. Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies.

Specifically, for contact requests and waitlist registrations, we store your data until the service launch on June 1st, 2025, plus an additional period of up to 3 months for transition purposes, after which the data will be deleted unless you have explicitly consented to further processing or have entered into a contractual relationship with us. For contractual relationships, we store your data for the duration of the contract and for the legally required retention periods thereafter (e.g., 6 years for commercial correspondence and 10 years for invoices and tax-relevant documents according to §257 HGB and §147 AO).

Storage of your data generally only takes place on servers in Germany, subject to any transfer that may take place in accordance with the regulations in A.(7) and A.(8).

However, storage may take place beyond the specified time in the event of a (potential) legal dispute with you or other legal proceedings, or if storage is provided for by legal regulations to which we as the controller are subject. If the storage period prescribed by the legal regulations expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this. In such cases, you will be informed about the extended storage if legally required.

(6) Data Security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or against unauthorized access by third parties (e.g., TLS encryption for our website), taking into account the state of the art, the implementation costs, and the nature, scope, context, and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.

We will be happy to provide you with more detailed information on request. Please contact our Data Protection Officer for this purpose (see A.(3)).

(7) Cooperation with Processors

Like any company, we also use external domestic and foreign service providers to handle our business transactions (e.g., for IT, telecommunications, sales, and marketing). These only act according to our instructions and have been contractually obligated to comply with data protection regulations in accordance with Art. 28 GDPR.

(8) Conditions for the Transfer of Personal Data to Third Countries

In the context of our business relationships, your personal data may be passed on to or disclosed to third-party companies. These may also be located outside the European Economic Area (EEA), i.e., in third countries. Such processing only takes place to fulfill contractual and business obligations and to maintain your business relationship with us (the legal basis is Art. 6(1)(b) or (f) in conjunction with Art. 44 et seq. GDPR). We inform you about the respective details of the transfer in the relevant sections below.

For some third countries, the European Commission certifies a level of data protection comparable to the EEA standard by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible via binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data pursuant to Art. 46(1), (2)(c) GDPR (the standard contractual clauses of 2021 are available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en), certificates, or recognized codes of conduct. Please contact our Data Protection Officer (see A.(3)) if you would like to receive more detailed information on this.

(9) No Automated Decision-Making (Including Profiling)

We do not intend to use personal data collected from you for any automated decision-making process (including profiling).

(10) Provision of Personal Data and Consequences of Non-Provision

The provision of personal data is generally voluntary. We do not make the conclusion of contracts with us dependent on you providing us with personal data beforehand. There is generally no legal or contractual obligation for you as a customer to provide us with your personal data.

However, please note:

  • To sign up for our waitlist, providing your email address is necessary, as we cannot inform you about the service launch without it.
  • To book a consultation call, your name and email address are required for scheduling purposes.
  • To use our services after launch, certain personal data will be required for contractual fulfillment.

If you choose not to provide the necessary data, we may not be able to provide certain services or may only be able to provide them to a limited extent. For example, without an email address, we cannot add you to our waitlist or schedule an appointment with you.

In all cases, we limit our data collection to what is necessary for the specific purpose (data minimization principle under Art. 5(1)(c) GDPR).

(11) Legal Obligation to Transmit Certain Data

Under certain circumstances, we may be subject to a specific statutory or legal obligation to provide lawfully processed personal data to third parties, in particular public authorities (Art. 6(1)(c) GDPR).

(12) Your Rights

You can assert your rights as a data subject regarding your processed personal data against us at any time using the contact details specified at the beginning under A.(2). As a data subject, you have the right:

  • In accordance with Art. 15 GDPR, to request information about your data processed by us. In particular, you can request information about the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
  • In accordance with Art. 16 GDPR, to immediately request the rectification of incorrect data or the completion of your data stored by us;
  • In accordance with Art. 17 GDPR, to request the deletion of your data stored by us, unless the processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;
  • In accordance with Art. 18 GDPR, to request the restriction of the processing of your data, insofar as the accuracy of the data is disputed by you or the processing is unlawful;
  • In accordance with Art. 20 GDPR, to receive your data that you have provided to us in a structured, commonly used, and machine-readable format or to request the transfer to another controller (‘data portability’);
  • In accordance with Art. 21 GDPR, to object to the processing, provided that the processing is based on Art. 6(1)(e) or (f) GDPR. This is particularly the case if the processing is not necessary for the performance of a contract with you. Unless it is an objection to direct marketing, when exercising such an objection, we ask you to explain the reasons why we should not process your data as we have done. In the case of your justified objection, we will examine the situation and will either stop or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing;
  • In accordance with Art. 7(3) GDPR, to revoke your consent once given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent in the future; and
  • In accordance with Art. 77 GDPR, to lodge a complaint with a data protection supervisory authority about the processing of your personal data in our company, for example with the supervisory authority responsible for us: State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate (Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz), Hintere Bleiche 34, 55116 Mainz, Email: poststelle@datenschutz.rlp.de.

(13) Changes to the Privacy Notice

In the course of the further development of data protection law as well as technological or organizational changes, our Privacy Notice is regularly reviewed for adaptation or supplementation needs. This Privacy Notice is as of March 18, 2025.

When we make significant changes to this Privacy Notice, we will inform registered users by email about the update. For visitors to our website, the current version of the Privacy Notice is always available at https://walczyn.ski/privacy. Previous versions of the Privacy Notice can be requested by contacting us using the details provided in section A.(2).

B. Visiting Our Website

(1) Function Explanation

You can obtain information about our company and the services we offer in particular at https://walczyn.ski and its associated subpages (hereinafter collectively: ‘Websites’). When you visit our websites, personal data about you may be processed.

(2) Processed Personal Data

When using the websites for informational purposes, the following categories of personal data are collected, stored, and further processed by us:

  • Analytics data: When visiting the website, the IP address (anonymized through hashing as described in section B.(6)) as well as the user agent are used for analysis purposes. This data is processed in an anonymized form that doesn’t allow direct identification of individual users.
  • Contact data (for email exchange): When making contact through our email address or contact options, the data transmitted in this way is processed (e.g., gender, name and first name, address, company, email address, and the time of transmission). This data is only used to respond to your inquiry and for the subsequent communication.
  • Waitlist registration data: When signing up for the waitlist through our Typeform integration, we collect and process the email address you provide, along with any optional information you choose to share regarding your leadership experience, challenges, and preferences. This information is used to inform you about our service launch and to customize our offerings based on collected feedback.
  • Booking data: When scheduling an appointment through our Google Calendar integration, we process data necessary for the appointment (name, email address, selected date and time, and any information you provide regarding the purpose of the meeting).
  • Log-in data: When registering on our website, the data you provide (email address) is processed. As part of your registration, you will be informed that separate data protection provisions apply to the use of our services, which we provide to you as part of the registration. With the log-in, you leave the purely informative offer of our website and the separate data protection provisions described above apply.

(3) Purpose and Legal Basis of Data Processing

We process the personal data specified above in accordance with the provisions of the GDPR, the other relevant data protection regulations, and only to the extent necessary. Insofar as the processing of personal data is based on Art. 6(1)(f) GDPR, the purposes mentioned represent our legitimate interests.

Specific purposes and legal bases:

  • Analytics data: The processing serves statistical purposes and to improve the quality of our website, in particular its stability and usability.
    • Legal basis: Art. 6(1)(f) GDPR (legitimate interests). Our legitimate interest lies in optimizing our website for our users.
    • Balance of interests: By using anonymization techniques, we ensure minimal privacy impact while gaining valuable insights to improve user experience.
  • Contact data: The processing is carried out to respond to and process customer inquiries and provide requested information.
    • Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) when the contact relates to a potential contract, or Art. 6(1)(f) GDPR (legitimate interests) for other inquiries. Our legitimate interest lies in responding to inquiries about our services.
  • Waitlist registration data: The processing is carried out to inform you about our service launch and to customize our offerings.
    • Legal basis: Art. 6(1)(a) GDPR (consent) for the initial collection through our Typeform, and Art. 6(1)(b) GDPR (pre-contractual measures) for subsequent communication related to the services you’ve expressed interest in.
  • Booking data: The processing is carried out to schedule and manage appointments you request.
    • Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures or contract fulfillment) as the appointment is typically a precursor to or part of our service delivery.
  • Log-in data: The processing is carried out to provide you with access to our services, in particular your personal dashboard.
    • Legal basis: Art. 6(1)(b) GDPR (contract fulfillment), as this access is part of our contractual obligations to you.

If the processing of the data requires the storage of information in your end device or access to information already stored in the end device, §25(1), (2) TTDSG is the legal basis for this. Our website is designed to minimize such access, which is why we use cookie-free analytics as described in section B.(6).

(4) Duration of Data Processing

Your data will only be processed for as long as necessary to achieve the above-mentioned processing purposes; the legal bases specified in the context of the processing purposes apply accordingly.

Third parties employed by us will store your data on their system for as long as necessary in connection with the provision of services for us in accordance with the respective order.

For more information on storage duration, please refer to A.(5).

(5) Transfer of Personal Data to Third Parties; Justification Basis

The following categories of recipients, who are generally processors (see A.(7)), may receive access to your personal data if applicable:

  • Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g., for data center services, payment processing, IT security). The legal basis for the transfer is then Art. 6(1)(b) or (f) GDPR, insofar as these are not processors;
  • Government agencies/authorities, insofar as this is necessary to fulfill a legal obligation. The legal basis for the transfer is then Art. 6(1)(c) GDPR;
  • Persons employed to carry out our business operations (e.g., auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company purchases or the establishment of joint ventures). The legal basis for the transfer is then Art. 6(1)(b) or (f) GDPR.

For the informational use of our website and the services we offer, the following processors may be involved in data processing, depending on the specific use:

  • ALL-INKL.COM – Neue Medien Münnich, Owner René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany
    • Purpose: Web hosting services for our website
    • Data processed: All data submitted through our website, IP addresses, browser information
    • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
    • Data protection declaration: https://all-inkl.com/datenschutzinformationen/
    • Data processing agreement: In place according to Art. 28 GDPR
    • Data transfer outside the EU: No
  • Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland
    • Purpose: Google Workspace for appointment and contact management as well as email communication (only for contact or registration)
    • Data processed: Name, email address, contact information, appointment details
    • Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR) or Legitimate interests (Art. 6(1)(f) GDPR)
    • Data protection declaration: https://policies.google.com/privacy
    • Data processing agreement: In place according to Art. 28 GDPR
    • Data transfer outside the EU: Yes, based on EU standard contractual clauses (Art. 46(2)(c) GDPR)
  • TypeForm S.L., Carrer Bac de Roda, 163, 08018 Barcelona, Spain
    • Purpose: Form processing for waitlist signup
    • Data processed: Email address, name, and other information provided in the waitlist form
    • Legal basis: Consent (Art. 6(1)(a) GDPR) and Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR)
    • Data protection declaration: https://admin.typeform.com/to/dwk6gt
    • Data processing agreement: In place according to Art. 28 GDPR
    • Data transfer outside the EU: Possible, based on EU standard contractual clauses (Art. 46(2)(c) GDPR)
  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
    • Purpose: Google Calendar for appointment scheduling
    • Data processed: Name, email address, scheduled appointment times
    • Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR)
    • Data protection declaration: https://policies.google.com/privacy
    • Data processing agreement: In place according to Art. 28 GDPR
    • Data transfer outside the EU: Yes, based on EU standard contractual clauses (Art. 46(2)(c) GDPR)

For guarantees of an adequate level of data protection when transferring data to third countries, see A.(8).

Beyond this, we will only pass on your personal data to third parties if you have expressly consented to this in accordance with Art. 6(1)(a) GDPR.

(6) Web Analysis

We use web analysis procedures to obtain information about the use of our website. This allows us to better understand the behavior and interests of our visitors and optimize our offers accordingly. For web analysis, we use technologies from Pirsch Analytics.

Pirsch Analytics is a cookie-free web analysis software that was developed according to the principle of privacy by design. To analyze visitor flows, Pirsch Analytics generates a 16-digit number as a visitor ID with the help of a hashing algorithm when receiving the page view. The input values are the IP address, the user agent, the date, and a salt.

The visitor’s IP address is neither persisted in full nor in parts and is completely and irreversibly anonymized by the hash. By integrating the date and using a salt per website, it is ensured that website visitors can only be recognized for up to 24 hours and cannot be tracked across multiple websites. A local database is used to provide rough localization (country/city).

(7) Use of Cookies

We do not use cookies on our website. Our web analysis is carried out via the cookie-free analysis solution Pirsch Analytics.

(8) Social Media Plugins

We do not use social media plugins on our websites. If our websites contain symbols or links from social media providers (e.g., LinkedIn, Instagram, TikTok, Threads, YouTube), we only use these for passive linking to the pages of the respective providers.

(9) Social Media Presence

We maintain online presences on social media platforms including but not limited to TikTok, Instagram, Threads, YouTube, and LinkedIn to communicate with customers, interested parties, and users active there and to inform them about our services.

Joint Controllership

Please note that when you visit our social media pages, there may be a situation of joint controllership according to Art. 26 GDPR between us and the respective platform operator. We have no influence on the data that the social media providers collect and process when you visit their platforms.

When visiting our social media pages, the terms and conditions and data processing policies of the respective platform operators apply. We would like to explicitly point out that user data may be processed outside the European Union, which could create data protection risks. In many cases, transfers to the United States occur, which the European Court of Justice has determined does not provide an adequate level of data protection comparable to the EU.

Scope of Data Processing

Data processing by the social networks is generally beyond our control. However, insofar as we do have influence over the processing of your data, we work within the scope of our social media presences to ensure that the operators of the social networks provide us with anonymized statistics only. We do not receive personal data of individual users, only aggregated statistics.

These statistics may include the number of visitors, the demographic distribution of visitors, and interaction with posts and content. We use this data based on our legitimate interests (Art. 6(1)(f) GDPR) to optimize our social media presence and better tailor our content to your interests.

Our Social Media Presences

We maintain presences on the following platforms:

Your Rights and Risks

When using social media platforms, you should be aware that your data may be processed for advertising purposes or for market research and to customize the platform, creating user profiles. Depending on your usage behavior, the platform operators can create interest profiles that can be used to show you personalized advertisements inside and outside the respective platform.

To protect your data, we recommend:

  • Regularly reviewing your privacy settings on the social networks you use
  • Logging out of social networks before visiting our website to avoid correlation of your social media profile with your browsing behavior
  • Clearing cookies regularly from your browser
  • Using the opt-out options provided by the respective platforms

For detailed information on the processing of your data by these providers, your rights, and setting options for protecting your privacy, please refer to the privacy policies of the respective providers as linked above.