Hello and welcome to my website at www.nathaliebanaszak.com. Thank you for your interest in this Privacy Policy. In this Privacy Policy, I would like to inform you about the nature, scope, and purpose of the personal data we (that is me and the third parties acting on my behalf) process when you use my website and services.

General information and mandatory disclosures

What is personal data?

Personal data in this sense is any information relating to personal or material circumstances that relate to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not personal data. This includes, for example, the number of users of a website.

Person responsible

The person responsible for processing pursuant to the General Data Protection Regulation (“GDPR”) is:
Nathalie Banaszak International AB
Org. nr: 559531-2496 (registered in Sweden)
Registered for F-tax
Web: www.nathaliebanaszak.com
E-mail: contact form

Relevant legal bases

In accordance with GDPR, the following legal bases, unless specifically described below, apply to the processing of your personal data:

• consent,
• to fulfill services and carry out contractual measures and respond to inquiries,
• to fulfill legal obligations, and
• to protect my legitimate interests.

Your rights

You have the following rights with regard to personal data concerning you, which you can assert against me:

• Right of access,
• Right to rectification or erasure,
• Right to restriction of processing,
• Right to object to processing,
• Right to withdraw your consent,
• Right to receive the data in a structured, common, machine-readable format.

You can assert your rights by notifying me using the contact details provided.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data carried out by me. In Sweden, the competent authority is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY). I would, however, appreciate the chance to deal with your concerns before you approach any supervisory authority.

Automatic collection of general data and information

a) Logfiles

Each time you visit my website, a number of general data and information is transmitted – even if you use my website for purely informational purposes. We collect the general data and information that your browser transmits to my website’s server. This data and information are collected as they are technically necessary for the display of my website to you and serve the stability, security, and danger or threat prevention in the event of attacks on my website, such as:

• IP address
• date and time of access to the website
• type and version of browser used
• operating system used and its interface
• the website from which an accessing system arrives at my website (the so-called referrer)
• sub-websites that are accessed via an accessing system on my website
• Internet service provider of the accessing system.

This data is deleted after the storage is no longer necessary for error analysis or danger or threat prevention. The legal basis for this data processing is my legitimate interest. When analyzing these general data and information, I do not draw any conclusions about you as a data subject.

b) Use of cookies

We use so-called cookies on our website. Cookies are small text files that are stored on your respective device (PC, smartphone, tablet, etc.) and saved by your browser. For further details on the use of Cookies, please refer to my Cookie Policy. The legal basis for the use of cookies is your consent as well as our legitimate interest.

c) Content Management System (CMS)

We use the Content Management System (CMS) of WordPress, a service provided by Automattic Inc, to publish and maintain the created and edited content and texts on our website. This means that all content and texts submitted to us by users for publication is transferred to WordPress. In addition to texts, this also includes, for example, your data in our forms. The legal basis for this processing is our legitimate interest.

d) Google Fonts

We use Google Fonts on our website to display external fonts. This is a service provided by Google Inc. To enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is accessed. The connection to Google established when you call up our website enables Google to determine which website sent your request and to which IP address the display of the font is to be transmitted.

e) Contact Form

When you contact me through forms on my website, the information you provide (such as your name, email address, and message) is transmitted securely and used solely to process your inquiry. The forms are part of the website’s built-in system and may be connected to other services such as Zapier or Zenler to handle communication and follow-up. No personal data is stored on external servers unless required for these purposes.

The legal basis for this processing is your consent and my legitimate interest in effective customer communication.

f) Google Analytics

We use Google Analytics to analyze and improve the use of our website. Google Analytics collects data about your use of the website, such as pages visited, time spent on the site, and interactions. Information such as your IP address, device information, and browser type may be transmitted to and stored on Google servers, including servers in the USA.

The legal basis for this processing is your consent (Art. 6(1)(a) GDPR). Data transfers outside the EU/EEA are safeguarded by EU Standard Contractual Clauses (SCCs) and additional security measures provided by Google. You can withdraw your consent at any time by adjusting your cookie preferences or using the opt-out options provided by Google.

Collection of personal data and information when provided

a) Contact options via the website

Contacting me is made possible by e-mail, or social media. If you contact me, your transmitted personal data will be automatically stored for the purpose of processing the request or contacting you. Data processing for the purpose of contacting me is carried out on the basis of your voluntarily given consent or, in the case of a (pre-)contractual relationship with me, the initiation of a contractual service. I delete the data accruing in this context after the storage is no longer necessary for the processing of your request or restrict the processing if there are legal retention obligations.

b) Working with me and my services

When requesting my services, it is necessary, among other things, to provide personal data such as your name, e-mail address and postal address and, if applicable, your payment data, and other non-personal data. I process and store the personal data provided when you request my services, solely for the purpose of providing you with the ordered service. Accordingly, the data is processed on the basis of our contractual relationship as well as to fulfil my legal obligations.

c) Financial Information

To make a purchase, you may need to provide valid payment details (e.g., credit or debit card, or bank transfer). Payments are processed securely through authorized payment providers such as Stripe or via direct bank transfer.

Depending on the method chosen, your payment information may be transmitted to and processed by the relevant payment service provider in accordance with their own privacy policies. I do not directly collect or store full payment details myself, except where necessary to issue invoices or confirm completed transactions.

The legal basis for this processing is the fulfillment of our contractual relationship and compliance with legal obligations related to financial record-keeping.

d) Discovery Calls and Application Forms

To schedule discovery or introductory calls, I use online forms provided by Typeform. The information you submit (such as your name, email, and answers to application questions) will be used to assess your application and arrange a suitable meeting time.

Scheduling and confirmations are managed through Calendly. Both Typeform and Calendly process data in accordance with GDPR, and data may be transferred outside the EU/EEA under EU Standard Contractual Clauses (SCCs).

The legal basis for this processing is your consent and my legitimate interest in effective client communication.

e) Newsletter and notifications

By using my services, you are giving your consent to receive notifications and messages per email. Equally, you may also sign up for my newsletter. Those typically include administrative information as well as service and product updates. I use Zenler for the dispatch of newsletters, email notifications, and customer communications. The legal bases are to provide you with my services and your consent.

f) Calls, sessions, workshops, and courses

I use Zoom for hosting live events, sessions, calls, workshops, and courses, and various types of data are processed when using an online platform for meetings. The scope of the data depends on the information you provide before or during the online meeting. The legal basis for this is my legitimate interest in effective customer communication and, insofar as it concerns an inquiry to enter into or fulfill a contract.

g) Administration and contact management

I process data within the scope of administrative tasks as well as the organization of my business, financial accounting, and compliance with legal obligations, such as archiving. In doing so, I process the same data that I process in the context of providing our contractual services. The purpose and my interest in the processing thus lie in the administration, and financial accounting including the management of bank transfers, and archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks, and provision of our services. In this context, I disclose or transmit data to the tax authorities, consultants such as tax advisors or auditors as well as other fee offices and payment service providers.

In addition to WordPress, I also use Zenler and Zapier as part of my business administration and automation. This may involve storing and transferring your personal data for purposes such as customer management, automation of processes, and integration between systems. The legal basis for this is my legitimate interest and, where applicable, our contractual relationship.

Disclosure of data to third parties, Security, and Storage

a) Disclosure of data to third parties

I will only share your personal data with third parties if:

• you have given your express consent to do so,
• the disclosure is necessary for the assertion, exercise, or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
• in the event that there is a legal obligation for disclosure, as well as
• this is legally permissible and necessary for the processing of contractual relationships with you.

b) General technical organizational measures (Security)

I have taken a variety of security measures to protect personal data to an appropriate extent and adequately. All information held by me is protected by physical, technical, and procedural measures that limit access to the information to specifically authorised persons and in accordance with the GDPR and this Privacy Policy. In addition, where I use third parties to carry out processing only those who need the information to perform a specific job are granted access to personal data. If this is the case, these companies act on my behalf by way of commissioned processing and may therefore use the data provided exclusively in accordance with our instructions.

As some of the service providers I use (such as Zenler, Zapier, Stripe, Google Analytics, Google Fonts, and Zoom) are based outside the EU/EEA, international data transfers may occur. In these cases, I ensure adequate safeguards such as the use of EU Standard Contractual Clauses (SCCs) and supplementary security measures in accordance with GDPR requirements.

Finally, I may need to disclose your data to authorities or government agencies if I am legally obliged to do so, for example, due to official or court orders, or because this is necessary for the prosecution of criminal offenses or for the exercise and enforcement of my rights and claims.

c) Duration of storage

I store your personal data for as long as necessary to achieve the respective storage purpose. Afterward, your data will be deleted, unless I am obliged to store it for a longer period of time due to tax, commercial or other legal storage or documentation obligations, or you have agreed to storage beyond this period.

Miscellaneous and closing

a) Links to others

My website contains so-called hyperlinks to the websites of other providers. When you activate these hyperlinks, you will be redirected from my website directly to the website of the other provider. You will recognize this by the change of URL, among other things. I cannot accept any responsibility for the confidential handling of your data on these third-party websites, as I have no influence on whether these companies comply with data protection regulations. Please inform yourself about the handling of your personal data by these companies directly on these websites.

b) Social Media

I am present in social media to communicate with my customers, interested parties, and users registered there and to be able to inform them about my offers there. I would like to point out that you use these platforms and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g., commenting, sharing, rating). The processing of users’ personal data is based on my legitimate interests in providing users with effective information and communicating with users.

c) Accuracy and updating your information

It is important that the data I hold about you is accurate and current, therefore please keep me informed of any changes to your personal data. If you believe that the information I hold about you is inaccurate or that I am no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting me.

For your protection and the protection of all of the users, I may ask you to provide proof of identity before I can answer your requests. Also please keep in mind, that I may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Lastly, I may not be able to accommodate certain requests to object to processing personal data, notably where such requests would not allow me to provide my service to you anymore.

d) Data Breaches/Notification

Databases or data sets that include personal data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, I will notify all affected individuals whose personal data may have been compromised, and the notice will be accompanied by a description of the action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after the breach was discovered.

e) Personal data and children

I will not knowingly collect, use, or disclose personal data from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.

f) Advertising and Marketing

Insofar as you have also given me your consent to process your data for marketing and advertising purposes, I am entitled to contact you for these purposes via the communication channels you have given your consent to.

You may give us your consent in several ways, including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving marketing communication based on your interactions or contractual relationship with me.

Direct Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by me, or by my contracted service providers. Every directly addressed marketing sent or made by me or on our behalf will include a means by which you may unsubscribe or opt-out.

Changes

I reserve the right to adapt this privacy policy with effect for the future, in particular in the event of further development of the website, the use of new technologies, or changes to the legal basis, or the relevant case law.