Privacy Policy / Privacy Notice

Last updated: April 10, 2025
Version: 2.0

At walczyn.ski (Owner: Charles Walczynski) ("we," "us," or "our"), we value your privacy and are committed to safeguarding your personal data. This Privacy Policy outlines how we process your personal information in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Brazilian General Data Protection Law (LGPD), the India Personal Data Protection Bill (PDPB), and other relevant data protection laws.

Our Privacy Policy has a modular structure. It consists of a general section for any processing of personal data (A. General Information) and a specific section about processing when visiting our website and using our services (B. Website Visitors and Service Users).

This Privacy Policy is an integral part of our Policy Framework and should be read in conjunction with our Cookie Policy and our Terms and Conditions.

Following the model of Art. 4 GDPR, this Privacy Policy is based on the following definitions:

• Personal data (Art. 4 No. 1 GDPR) is any information relating to an identified or identifiable natural person ('data subject'). A person is identifiable if they can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, or online identifier.

• Processing (Art. 4 No. 2 GDPR) is any operation performed on personal data, whether or not by automated means, including collecting, recording, organizing, structuring, storing, adapting, using, disclosing, or deleting.

• Controller (Art. 4 No. 7 GDPR) is the natural or legal person which determines the purposes and means of the processing of personal data.

• Processor (Art. 4 No. 8 GDPR) is a natural or legal person which processes personal data on behalf of the controller.

• Consent (Art. 4 No. 11 GDPR) of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes signifying agreement to the processing of personal data.

The entity responsible for processing your personal data is:

walczyn.ski
Charles Walczynski
Breidenbacherstraße 25
55116 Mainz, Germany

Email: charles@walczyn.ski
Tel.: +49 160 20 90 634

For further information about our company, please refer to the legal notice on our website https://walczyn.ski/legal.

For any questions regarding data protection, you can reach us at:

Charles Walczynski
Breidenbacherstraße 25
55116 Mainz, Germany

Tel.: +49 160 20 90 634
Email: charles@walczyn.ski

As a sole proprietorship with fewer than 20 employees regularly handling personal data, we are not legally required to appoint a Data Protection Officer according to §38 BDSG (German Federal Data Protection Act). Nevertheless, we take the protection of your data very seriously and handle all data protection inquiries with the highest priority.

We process personal data based on the following legal grounds:

• Art. 6(1)(a) GDPR (Consent) - Where you have given us consent for one or more specific purposes

• Art. 6(1)(b) GDPR (Contract) - Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract

• Art. 6(1)(c) GDPR (Legal obligation) - Where processing is necessary for compliance with a legal obligation

• Art. 6(1)(f) GDPR (Legitimate interests) - Where processing is necessary for the purposes of our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms

For storing information on your device or accessing already stored information, we comply with §25 TTDSG (German Telecommunications Telemedia Data Protection Act) and only do so when:

• You have given your consent based on clear and comprehensive information
• It is strictly necessary to provide a service explicitly requested by you
• It is necessary to transmit a communication over a public telecommunications network

Your personal data will be deleted or blocked as soon as the purpose for storage ceases to apply. Specifically:

• Contact requests and waitlist registrations: Stored until service launch plus an additional 3 months for transition purposes, then deleted unless you have explicitly consented to further processing or have entered into a contractual relationship with us.

• Contractual relationships: Stored for the duration of the contract and for legally required retention periods thereafter (e.g., 6 years for commercial correspondence and 10 years for invoices and tax-relevant documents according to §257 HGB and §147 AO).

• Web analytics data: Stored for a maximum of 14 months.

• Newsletter subscriptions: Stored until you unsubscribe or the service is terminated.

• Mentoring session recordings: Stored for 12 months after recording unless otherwise agreed.

Storage may extend beyond these periods in the event of legal disputes or if required by law. If such an extension occurs, you will be informed if legally required.

We implement appropriate technical and organizational measures to protect your data against accidental or intentional manipulation, loss, destruction, or unauthorized access. These include:

• TLS encryption for our website (256-bit)
• Secure access controls to our systems (multi-factor authentication)
• Regular security assessments (quarterly)
• Staff training on data protection (annual)
• Daily backups with encrypted storage
• Server hosting in Germany (primary) and EU (backup)
• Firewall protection and intrusion detection systems
• Regular security patches and updates

Our security measures are continuously improved in line with technological developments. We conduct regular vulnerability assessments and penetration tests to identify and address potential security issues.

We use external service providers to handle our business operations. These processors act according to our instructions and are contractually obligated to comply with data protection regulations under Art. 28 GDPR. Our main processors include:

• Web hosting: ALL-INKL.COM (Germany)
• CRM: Pipedrive (EU)
• Email marketing: Mailchimp (USA with EU Standard Contractual Clauses)
• Automation: Zapier (USA with EU Standard Contractual Clauses)
• Appointment scheduling: Calendly and Google Calendar (USA with EU Standard Contractual Clauses)
• Email and file management: Google Workspace (USA with EU Standard Contractual Clauses)
• Learning platform: LearnWorlds (EU)
• Video hosting: Vimeo (USA with EU Standard Contractual Clauses)
• Session recording: Loom (USA with EU Standard Contractual Clauses)
• Content creation tools: Canva, CapCut (USA with EU Standard Contractual Clauses)
• Text processing tools: ChatGPT, Claude, Grammarly, DeepL (Various, with appropriate safeguards)

We maintain a complete and up-to-date register of all processors, including details of their data protection measures, which is available upon request.

Some of our processors are based outside the European Economic Area (EEA). When transferring data to these countries, we ensure appropriate safeguards through:

• EU Commission adequacy decisions (where available)
• EU Standard Contractual Clauses (Art. 46(2)(c) GDPR)
• Additional technical and organizational measures where necessary, including: (1) End-to-end encryption for sensitive data, (2) Data minimization principles, (3) Regular audits of third-country processors, (4) Contractual commitments to challenge government access requests

You can request more information about these safeguards by contacting us at the details provided in Section A.3.

We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significantly affects you.

The provision of personal data is generally voluntary. However, in certain cases, it is necessary:

• To sign up for our waitlist (email address required)
• To book a consultation call (name and email address required)
• To use our services (data required for contractual fulfillment)

If you choose not to provide necessary data, we may not be able to provide certain services or may only be able to provide them to a limited extent.

Under certain circumstances, we may be legally obligated to disclose personal data to third parties, particularly public authorities (Art. 6(1)(c) GDPR). Such disclosures are documented and only made to the extent legally required.

As a data subject, you have the following rights:

• Right to information (Art. 15 GDPR): Request information about your data we process

• Right to rectification (Art. 16 GDPR): Request correction of inaccurate data

• Right to erasure (Art. 17 GDPR): Request deletion of your data under certain conditions

• Right to restriction of processing (Art. 18 GDPR): Request limitation of how we use your data

• Right to data portability (Art. 20 GDPR): Receive your data in a machine-readable format

• Right to object (Art. 21 GDPR): Object to processing based on legitimate interests

• Right to withdraw consent (Art. 7(3) GDPR): Withdraw previously given consent at any time

• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise these rights, please contact us using the details in Section A.3. We will respond to your request within 30 days. This period may be extended by up to 60 additional days if necessary, taking into account the complexity and number of requests. We will inform you of any such extension within the first 30 days, together with the reasons for the delay.

We regularly review and update this Privacy Policy to reflect legal developments, changes in our services, or technological advancements. The current version is always available at https://walczyn.ski/privacy.

When we make significant changes, we will inform registered users by email. Previous versions can be requested by contacting us.

You can obtain information about our company and the services we offer at https://walczyn.ski and its associated subpages ("Websites"). When you visit our websites, personal data about you may be processed as described below.

When using our websites and services, the following categories of personal data may be processed:

• Analytics data: IP address (anonymized), user agent, usage patterns, and technical information
• Contact data: Name, email address, and information you provide in contact forms
• Waitlist registration data: Email address and optional information about leadership experience, challenges, and preferences (collected directly through our website)
• Booking data: Name, email address, selected date/time, and meeting purpose
• Account registration data: Email address and authentication information when you register via email, Apple, Google, or LinkedIn
• Newsletter subscription data: Email address and preference information
• Blog usage data: Anonymous data about which blog content you view
• Mentoring session data: Audio/video recordings, transcripts, and session notes
• Testimonial data: Feedback, ratings, and testimonials you provide (with your consent)
• Social media interaction data: Public interactions with our social media profiles
• Advertising data: Information processed when you interact with our advertisements on Google, LinkedIn, Meta (Instagram), and TikTok

We process your personal data for the following purposes, with the corresponding legal bases:

• Website analytics: To improve user experience and website quality. Legal basis: Art. 6(1)(a) GDPR (consent) for Google Analytics
• Contact and waitlist management: To respond to inquiries and provide information about our services. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) when related to potential services or Art. 6(1)(f) GDPR (legitimate interests) for general inquiries
• Appointment scheduling: To manage consultation bookings. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures or contract fulfillment)
• Account registration and authentication: To provide access to our services via email, Apple, Google, or LinkedIn authentication. Legal basis: Art. 6(1)(b) GDPR (contract fulfillment)
• Newsletter communication: To send information and updates about our services. Legal basis: Art. 6(1)(a) GDPR (consent)
• Blog functionality: To provide and manage our blog content. Legal basis: Art. 6(1)(f) GDPR (legitimate interests) for displaying content; Art. 6(1)(a) GDPR (consent) for comments if applicable
• Mentoring sessions: To provide, record, and analyze mentoring sessions. Legal basis: Art. 6(1)(a) GDPR (consent) for recording and AI processing; Art. 6(1)(b) GDPR (contract performance) for providing the service
• CRM and relationship management: To manage customer relationships via HubSpot. Legal basis: Art. 6(1)(b) GDPR (contract) for customers; Art. 6(1)(f) GDPR (legitimate interests) for prospects
• Advertising: To display targeted advertisements on Google, LinkedIn, Meta (Instagram), and TikTok. Legal basis: Art. 6(1)(a) GDPR (consent)
• Testimonials: To collect and publish feedback and testimonials. Legal basis: Art. 6(1)(a) GDPR (consent)
  

Your data will only be processed for as long as necessary to fulfill the purposes outlined above, as detailed in Section A.5.

Your personal data may be shared with the following processors:

ALL-INKL.COM - Neue Medien Münnich (Germany)

• Purpose: Web hosting services
• Data processed: Website data, IP addresses, browser information
• Legal basis: Art. 6(1)(f) GDPR (legitimate interests)
• Data protection: https://all-inkl.com/datenschutzinformationen/
• Data transfer outside EU: No
• Security measures: ISO 27001 certified, data centers in Germany

Google Cloud EMEA Limited (Ireland)

• Purpose: Google Workspace for email communication and file management
• Data processed: Name, email address, file content
• Legal basis: Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR
• Data protection: https://policies.google.com/privacy
• Data transfer outside EU: Yes, based on EU standard contractual clauses
• Security measures: Encryption at rest and in transit, access controls, regular security audits

Google Ireland Limited (Ireland)

• Purpose: Google Analytics 4 for web analytics, Google Calendar for appointments, Google Ads for advertising, Google Fonts for website display, and Google authentication for account login
• Data processed: Anonymized usage data, appointment information, advertising data, authentication data
• Legal basis: Art. 6(1)(a) GDPR (consent) for analytics and advertising; Art. 6(1)(b) GDPR for appointments and authentication; Art. 6(1)(f) GDPR for fonts
• Data protection: https://policies.google.com/privacy
• Data transfer outside EU: Yes, based on EU standard contractual clauses
• Opt-out: Via cookie settings on our website for analytics and advertising
• Security measures: IP anonymization, data retention limits, access controls

Pipedrive OÜ (Estonia/EU)

• Purpose: CRM and customer relationship management
• Data processed: Contact information, interaction history, sales pipeline data
• Legal basis: Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR
• Data protection: https://www.pipedrive.com/en/privacy
• Data transfer outside EU: No
• Security measures: ISO 27001 certified, encryption, access controls

The Rocket Science Group LLC (Mailchimp) (USA)

We use Google Analytics 4 (GA4) to analyze how visitors use our website. This helps us to improve our services and user experience.

GA4 processes your data only with your explicit consent (Art. 6(1)(a) GDPR). When you first visit our website, you can decide whether to allow analytics cookies through our consent management platform.

Google Analytics 4 uses cookies and similar technologies to collect information about:

• Pages you visit
• Time spent on the website
• Features used
• General location information (country/region level)
• Technical information like browser type and operating system

To protect your privacy:

• We have enabled IP anonymization, which truncates your IP address before storage
• We have configured data retention periods (14 months)
• We have signed a data processing agreement with Google

You can withdraw your consent at any time through our cookie settings.

For more information about how Google processes data, please see: https://policies.google.com/privacy.

We use LearnWorlds as our consent management platform to manage cookie preferences in compliance with GDPR and TTDSG.

This allows you to:

• View all cookies and tracking technologies we use
• Give or withdraw consent for specific categories
• Update your preferences at any time

We use the following types of cookies:

• Essential/Strictly Necessary cookies: Necessary for the website to function (legal basis: §25(2) TTDSG)
• Functional cookies: Used to remember your preferences and enhance your experience (legal basis: Art. 6(1)(a) GDPR - consent)
• Analytics cookies: Used to improve our website (legal basis: Art. 6(1)(a) GDPR - consent)
• Marketing/Targeting cookies: Used for personalized content and advertisements (legal basis: Art. 6(1)(a) GDPR - consent)

You can access cookie settings anytime by clicking on the cookie icon at the bottom of our website. 

For detailed information about the specific cookies we use, please refer to our Cookie Policy.

We offer a newsletter to keep you informed about our services, events, and relevant content. When you subscribe:

• We collect your email address and optional preference information
• We use a double opt-in process to confirm your subscription
• Each newsletter contains an unsubscribe link

We use Mailchimp to manage our newsletter, which tracks:

• Email opens and clicks (using tracking pixels and links)
• Subscription status and preferences
• Email engagement metrics

The legal basis for newsletter processing is your consent (Art. 6(1)(a) GDPR). You can withdraw this consent at any time by:

• Clicking the unsubscribe link in any newsletter
• Contacting us directly at charles@walczyn.ski
• We offer a multi-part "Introduction to Business Responsibility" educational series via email. When you request this content:

"An Introduction to Business Responsibility"-Series

We offer a multi-part "Introduction to Business Responsibility" educational series via email. When you request this content:

• We collect your email address
• You agree to receive both the educational series and occasional emails containing practical insights and updates about new content, offerings, and tools
• Your email is processed using Mailchimp, which implements a double opt-in procedure requiring you to confirm your email address
• You can unsubscribe at any time using the unsubscribe link in any email
• Email engagement is analyzed using Mailchimp analytics integrated with Google Analytics

The legal basis for processing this data is your consent (Art. 6(1)(a) GDPR) and our legitimate interest in providing requested educational content (Art. 6(1)(f) GDPR).

Our website includes a blog managed through LearnWorlds.

When you visit our blog:

• We collect your IP address for security purposes
• We collect anonymous usage data to understand which content is most popular

We embed videos from Vimeo on our website to showcase our content. When you play these videos:

• Vimeo may collect your IP address, browser information, and usage data
• Cookies or similar technologies may be placed on your device

We use a two-click solution where video content is only loaded after you actively consent. The legal basis for video embedding is your consent (Art. 6(1)(a) GDPR).

You can withdraw consent at any time through our cookie settings.

We offer 1:1 mentoring sessions that may be recorded using Loom. For these sessions:

• We collect audio, video, and chat content
• Loom generates AI transcripts and summaries
• We use these recordings for service improvement and analysis

We use various tools to create and edit content:

Unsplash: For royalty-free stock images
Canva and CapCut: For image and video editing
ChatGPT, Claude, Grammarly, and DeepL: For text creation, editing, and translation

We do not use social media plugins that automatically connect to social media platforms when you visit our website. Instead, we use simple links to our social media profiles, which do not transfer data to these platforms unless you actively click on them.

We maintain profiles on the following social media platforms:

• LinkedIn
• YouTube
• Instagram
• TikTok

When you interact with our social media profiles:

• The respective platform processes your data according to its own privacy policy
• We receive anonymized statistics about interactions with our content
• There may be joint controllership according to Art. 26 GDPR

We have no direct control over how these platforms process your data. Please review their privacy policies:

• LinkedIn: https://www.linkedin.com/legal/privacy-policy
• YouTube: https://policies.google.com/privacy
• Instagram: https://help.instagram.com/519522125107875
• TikTok: https://www.tiktok.com/legal/privacy-policy

When using social media, you should be aware that your data may be processed for advertising purposes and to create user profiles. To protect your privacy, we recommend:

• Regularly reviewing privacy settings on these platforms
• Logging out of social networks before visiting our website
• Using available opt-out options

Information for California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights:

• Right to Know: Request information about personal data collected, disclosed, or sold
• Right to Access: Request a copy of personal data we've collected about you
• Right to Deletion: Request deletion of your personal data (with certain exceptions)
• Right to Correction: Request correction of inaccurate personal data
• Right to Opt-Out: We do not sell or share personal data as defined by CCPA/CPRA
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at charles@walczyn.ski with the subject line "CCPA Request."

Information for Brazilian Residents
If you are a Brazilian resident, the Lei Geral de Proteção de Dados (LGPD) gives you similar rights to those under GDPR, including:

• Right to confirmation of the existence of processing
• Right to access your data
• Right to correct incomplete, inaccurate, or outdated data
• Right to anonymization, blocking, or deletion of unnecessary or excessive data
• Right to portability of data to another service provider
• Right to deletion of personal data processed with consent
• Right to information about public and private entities with which we have shared data Right to information about the possibility of not providing consent
• Right to revoke consent

To exercise these rights, please contact us at charles@walczyn.ski with the subject line "LGPD Request."

Information for Indian Residents

If you are an Indian resident, the Personal Data Protection Bill (PDPB) provides you with certain rights regarding your personal data. While the law is still evolving, we commit to respecting your data protection rights, including:

• Right to confirmation and access
• Right to correction and erasure
• Right to data portability
• Right to be forgotten

To exercise these rights, please contact us at charles@walczyn.ski with the subject line "PDPB Request."

Information for Australian Residents

If you are an Australian resident, the Privacy Act 1988 and Australian Privacy Principles (APPs) apply to your personal information. You have the right to:

• Access your personal information
• Correct inaccurate, out-of-date, or incomplete information
• Opt out of direct marketing communications
• Make a complaint about a breach of the APPs

To exercise these rights, please contact us at charles@walczyn.ski with the subject line "Australian Privacy Request."

We may collect testimonials, feedback, and reviews from our customers to showcase the quality of our services. When you provide a testimonial:

• We will only publish it with your explicit consent (Art. 6(1)(a) GDPR)
• We may display your name, position, company, and/or photo alongside your testimonial, but only with your consent
• We document this consent securely and retain it for as long as we use your testimonial

You can withdraw your consent at any time, and we will remove your testimonial from our promotional materials within 14 days of your request.

Additionally, customers may leave reviews of our services on third-party platforms such as Google. These reviews are governed by the privacy policies of those platforms. We may reference or link to these public reviews on our website based on our legitimate interest (Art. 6(1)(f) GDPR) in promoting our services.

We use various online advertising platforms to promote our services, including:

• Google Ads
• LinkedIn Advertising
• Meta (Instagram) Advertising
• TikTok Advertising

When you interact with our advertisements or visit our website after clicking on an ad:

• The advertising platform may collect data including your IP address, device information, and browsing behavior
• This data may be used to measure ad performance and optimize our campaigns
• Personalized advertising is only activated with your explicit consent

The legal basis for basic advertising measurement is our legitimate interest (Art. 6(1)(f) GDPR) in evaluating and improving our marketing. For personalized advertising that involves profiling, we rely on your consent (Art. 6(1)(a) GDPR).

You can opt out of personalized advertising through the cookie consent banner, in your account settings on the respective advertising platforms, or via the following opt-out-links: 

• Google: https://adssettings.google.com
• LinkedIn: https://www.linkedin.com/psettings/guest-controls
• Meta: https://www.facebook.com/settings/?tab=ads
• TikTok: In the app privacy settings

To purchase our content and services, you need to create an account. We offer multiple authentication methods:

• Email registration
• Sign in with Apple
• Sign in with Google
• Sign in with LinkedIn

When you use these third-party authentication services:

• We receive basic profile information (such as your name and email address)
• The authentication provider verifies your identity without sharing your password with us
• We do not receive or store your passwords for these third-party services

The legal basis for processing this data is the performance of our contract with you (Art. 6(1)(b) GDPR). The specific data shared depends on your privacy settings with the respective provider and may include:

• Email address (always shared)
• Name
• Profile picture (if you have one and have made it available)
• Unique identifier from the authentication provider

You can manage which information is shared in your settings with the respective authentication provider.

In the unlikely event of a personal data breach, we follow a strict notification procedure:

• We will assess the nature and scope of the breach within 24 hours
• If the breach is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours
• If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay
• We will document all breaches, including the facts, effects, and remedial actions taken

For more information on our data breach response plan, please contact us at charles@walczyn.ski.

Charles Walczynski

Email: charles@walczyn.ski
Phone: +49 160 20 90 634

Thank you for trusting us with your data.