Privacy Policy

Introduction

The following privacy policy provides a detailed overview of what happens to your personal data when you visit our website. Personal data refers to any information that can be used to personally identify you. We take the protection of your personal data very seriously and treat your data confidentially and in accordance with applicable data protection regulations, including the General Data Protection Regulation (GDPR).

This Privacy Policy applies to all processing of personal data carried out in connection with this website and any services offered through it.

Responsible

Responsible for data processing on this website is:

Name: Lena Alexandra Monser

Address: Elberfelder Str. 130, 40724 Hilden, Germany

Email: lenaa.mns@gmail.com

Phone: +49 160 95088218

Website: www.beyondblnc.com

1. Access Data (Server Log Files)

When you visit our website, we automatically collect and store access data in so-called server log files, which your browser automatically transmits to us. These include:

  • Browser type and version

  • Operating system used

  • Referrer URL (the previously visited page)

  • Host name of the accessing computer

  • Date and time of the server request

  • IP address (possibly in anonymized form)

These data cannot be attributed to specific individuals and are not merged with other data sources. The processing of such data is carried out in accordance with Art. 6 (1) lit. f GDPR to safeguard our legitimate interest in improving the stability and functionality of our website.

2. Cookies

To make visiting our website attractive and to enable the use of certain functions, we use so-called cookies. These are small text files that are stored on your device. Cookies cannot execute programs or transmit viruses to your computer system.

2.1 Categorization and Legal Basis

Technically Necessary Cookies: Cookies that are necessary for carrying out the electronic communication process or for providing certain functions you have requested (e.g., login, shopping cart, language settings) are stored on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in storing these cookies for the technically error-free and optimized provision of our services. Your consent is not required for these cookies, as they are essential for the website's basic functionality.

Non-Essential Cookies (e.g., for Analysis and Marketing): Insofar as other cookies (e.g., cookies for analyzing your Browse behavior, marketing cookies, or cookies for embedding third-party content) are stored, these are used only with your explicit consent in accordance with Art. 6(1)(a) GDPR. Information on specific non-essential cookies and the services they enable can be found in the "Use of Third-Party Services and Tools" section of this privacy policy.

2.2 Your Opt-Out and Consent Management Options

When you visit our website, a cookie banner (Consent Management Platform) will appear, allowing you to give or withdraw your consent for non-essential cookies. Through this banner, you can select which categories of non-essential cookies you agree to. You can change your cookie preferences or withdraw your consent at any time by clicking on the designated "Cookie Settings" or "Privacy Settings" link, which is usually located in the footer of our website. Your previous choices will be remembered, and you can adjust them as needed.

2.3 Browser Settings

Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit ends. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser the next time you visit.

You can configure your browser to inform you about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when the browser is closed. Please note that disabling cookies through your browser settings may limit the functionality of this website, especially concerning essential features. For non-essential cookies, the primary method for managing your preferences is through our cookie banner.

3. Contact Form

If you contact us via email or by using a contact form, the data you provide, including your contact details, will be stored in order to process your inquiry and to be available for any follow-up questions. This data will not be disclosed to third parties without your explicit consent.

The processing of the data entered into the contact form is carried out solely on the basis of your consent (Article 6(1)(a) GDPR). You may revoke your consent at any time. A simple informal notification by email is sufficient for this purpose. The legality of the data processing operations carried out up until the time of revocation remains unaffected.

Data transmitted via the contact form will remain with us until you request its deletion, revoke your consent to storage, or the purpose for data retention no longer applies. Mandatory statutory provisions – in particular legal retention periods – remain unaffected.

Further details on the duration of data storage can be found in the section ‘Storage Duration’ of this privacy policy.

4. Use and Disclosure of Data

The personal data you provide to us—such as your name, address, or email address, for example via email—will neither be sold nor otherwise marketed to third parties. Your personal data will be used solely for the purpose of corresponding with you and only for the purpose for which you have provided the data to us.

To process payments, we will transmit your payment data to the financial institution responsible for handling the payment.

Data that is automatically collected during your visit to our website will be used exclusively for the purposes mentioned above. No other use of such data will occur.

We assure you that your personal data will not be disclosed to third parties unless we are legally obligated to do so or you have given us your prior consent.

5. SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content—such as inquiries you send to us as the website operator—our website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of your browser changes from “http://” to “https://” and by the padlock symbol displayed in your browser’s address bar.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

6. Use of Third-Party Services and Tools

6.1 Web Hosting (Squarespace)

Our website is hosted on the platform provided by Squarespace Ireland Ltd., Le Pole House, Ship Street Great, Dublin 8, Ireland.

When you access our website, Squarespace automatically collects and stores certain information in server log files. This may include your IP address, browser type, operating system, referring URLs, access times, and pages visited. These data are necessary to ensure the secure and stable operation of the website and are processed based on Article 6(1)(f) GDPR (legitimate interest in the secure and efficient provision of our website).

Squarespace acts as our data processor pursuant to Article 28 GDPR and processes personal data exclusively on our behalf and in accordance with our instructions. For more information, please refer to Squarespace’s privacy policy: www.squarespace.com/privacy

6.2 Squarespace Analytics

We use Squarespace Analytics, a web analytics service provided by Squarespace Ireland Ltd., Le Pole House, Ship Street Great, Dublin 8, Ireland.

This service helps us analyze how visitors use our website (e.g. page views, device types, location approximations, duration of visit). IP addresses are pseudonymized before being stored.

Data processing is carried out based on your consent (Article 6(1)(a) GDPR), which you provide via the cookie banner. No tracking occurs without your explicit consent.

Please note that Squarespace is a US-based provider. As a result, data may be transferred to and processed in countries outside the European Union. In such cases, the data transfer is based on EU Standard Contractual Clauses (SCCs).

For more information, please see: www.squarespace.com/privacy

6.3 Instagram

Our website includes a simple link to our profile on the social media platform Instagram, operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.

Clicking the link takes you directly to Instagram. No personal data is transmitted to Instagram when you visit our website unless you actively click the link. Once you visit Instagram, Meta may collect and process your personal data. If you are logged into your Instagram account, your visit can be associated with your profile.

The link is provided based on our legitimate interest in promoting our online presence in accordance with Article 6(1)(f) GDPR.

For more information on how Instagram processes personal data, please refer to their privacy policy: privacycenter.instagram.com/policy

6.4 Use of Zoom for Consultations

For online consultations, we use the video conferencing service Zoom, provided by Zoom Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA.

When you participate in a Zoom meeting, the following personal data may be processed: name, email address, video/audio data, chat messages, IP address, and technical data (device, operating system). The extent of the data processed depends on your usage and settings.

Zoom meetings are not recorded unless explicitly agreed upon beforehand.

The processing is based on Article 6(1)(b) GDPR (contract initiation or performance) or Article 6(1)(a) GDPR (consent).

As Zoom is a US-based provider, data may be transferred outside the EU. Such transfers are safeguarded by Standard Contractual Clauses (SCCs) approved by the European Commission.

For more information, see: explore.zoom.us/en/privacy

6.5 Use of WhatsApp for Communication

We offer communication via the messenger service WhatsApp, operated by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

If you contact us via WhatsApp, your phone number and any other personal data you provide (e.g. name, message content, profile picture) will be processed. The messages are end-to-end encrypted, but WhatsApp may access metadata (e.g. time and date of messages, IP address, device data).

The processing is carried out on the basis of your consent (Art. 6(1)(a) GDPR) or for the initiation/fulfillment of a contract (Art. 6(1)(b) GDPR).

Please note that by using WhatsApp, you are bound by its terms of use and privacy policy: www.whatsapp.com/legal/privacy-policy-eea

We do not use WhatsApp for unsolicited marketing.

6.6 Alternative Communication Channels

Please note that the use of third-party messaging services, such as WhatsApp, is voluntary. If you prefer not to use such services, you may also contact us via email or telephone using the contact details provided on this website. Communication via these alternative channels ensures that your data remains within the European Economic Area (EEA), subject to the relevant data protection standards.

7. Storage Duration

Personal data that has been transmitted to us via our website will be stored only for as long as necessary to fulfill the purpose for which it was provided. Insofar as commercial or tax-related retention periods must be observed, certain data may be stored for up to ten years.

8. Rights of Data Subjects

With regard to your personal data, you - as the data subject - have the following rights vis-à-vis the data controller in accordance with the applicable legal provisions:

8.1 Right to Withdraw Consent

Many data processing operations are only possible with your explicit consent. If the processing of your data is based on your consent, you have the right to withdraw that consent at any time with effect for the future, pursuant to Article 7(3) of the GDPR. The withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of the consent before its withdrawal. The continued storage of data for billing and accounting purposes remains unaffected by such a withdrawal.

8.2 Right of Access

Pursuant to Article 15 of the GDPR, you have the right to obtain confirmation from us as to whether personal data concerning you is being processed. If such processing is taking place, you are entitled to receive information about the personal data we process about you, the purposes of the processing, the categories of personal data involved, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria used to determine that period, the existence of rights to rectification, erasure, restriction of processing, objection to processing, and the right to lodge a complaint with a supervisory authority. You also have the right to obtain information about the source of your data if it was not collected directly from you, the existence of automated decision-making including profiling, and, where applicable, meaningful information about the logic involved as well as the significance and intended consequences of such processing. Furthermore, you are entitled to be informed about the appropriate safeguards in accordance with Article 46 of the GDPR in the event that your data is transferred to third countries.

8.3 Right to Rectification

You have the right, pursuant to Article 16 of the GDPR, to request the immediate rectification of inaccurate personal data concerning you and/or the completion of your incomplete data at any time.

8.4 Right to Erasure

You have the right, pursuant to Article 17 of the GDPR, to request the erasure of your personal data where one of the following grounds applies:

  • Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

  • You withdraw your consent on which the processing was based in accordance with Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal basis for the processing.

  • You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.

  • Your personal data have been unlawfully processed.

  • The erasure of your personal data is required for compliance with a legal obligation under Union law or the law of the Member State to which we are subject.

  • The personal data were collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

However, this right does not apply to the extent that processing is necessary:

  • for exercising the right of freedom of expression and information;

  • for compliance with a legal obligation which requires processing under Union or Member State law to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;

  • for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) as well as Article 9(3) of the GDPR;

  • for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) of the GDPR, insofar as the right referred to above is likely to render impossible or seriously impair the achievement of the objectives of such processing; or

  • for the establishment, exercise, or defence of legal claims.

If we have made your personal data public and are obliged to erase it in accordance with the above, we will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure of any links to, or copies or replications of, such personal data.

8.5 Right to Restriction of Processing

In accordance with Article 18 of the General Data Protection Regulation (GDPR), you have the right to request the restriction (blocking) of the processing of your personal data. You may exercise this right at any time by contacting us using the address provided in the legal notice (Impressum).

The right to restriction of processing applies in the following cases:

If you contest the accuracy of the personal data we hold about you, we generally require time to verify this. For the duration of the verification process, you have the right to request that the processing of your personal data be restricted.

If the processing of your personal data has been or is being carried out unlawfully, you may request the restriction of data processing instead of erasure.

If we no longer need your personal data for processing purposes, but you require it for the establishment, exercise, or defense of legal claims, you have the right to request the restriction of processing instead of deletion.

If you have lodged an objection to processing pursuant to Article 21(1) GDPR, a balancing of interests must be carried out between your interests and ours. While it has not yet been determined whose interests prevail, you have the right to request that the processing of your personal data be restricted.

Where the processing of your personal data has been restricted, such data—apart from being stored—may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

8.6 Right to Notification

If you have asserted your right to rectification, erasure, or restriction of processing against us, we are obligated—pursuant to Article 19 of the GDPR—to inform all recipients to whom your personal data has been disclosed of such rectification, erasure, or restriction, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about those recipients upon request.

8.7 Right Not to Be Subject to Automated Decision-Making, Including Profiling

In accordance with Article 22 of the General Data Protection Regulation (GDPR), you have the right not to be subject to a decision based solely on automated processing—including profiling—that produces legal effects concerning you or similarly significantly affects you.

This right does not apply if the decision:

a) is necessary for the conclusion or performance of a contract between you and us,

b) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or

c) is based on your explicit consent.

However, decisions in the cases referred to in points (a) to (c) may not be based on special categories of personal data referred to in Article 9(1) GDPR unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to safeguard your rights and freedoms as well as your legitimate interests.

In the cases referred to in points (a) and (c), we will implement suitable measures to safeguard your rights and freedoms and your legitimate interests. These measures will include at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.

8.8 Right to Data Portability

Where the processing is based on your consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, or on a contract pursuant to Article 6(1)(b) GDPR, and is carried out by automated means, you have the right—pursuant to Article 20 GDPR—to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller or to request that the data be transmitted directly to another controller, where technically feasible.

8.9 Right to Object

Where the processing of your personal data is based on the balancing of interests pursuant to Article 6(1)(f) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data; this also applies to profiling based on that provision. The specific legal basis on which processing is carried out can be found in this privacy policy.

If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims (objection pursuant to Article 21(1) GDPR).

Where your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing. If you object, your personal data will no longer be used for direct marketing purposes (objection pursuant to Article 21(2) GDPR).

You also have the option—regardless of Directive 2002/58/EC—to exercise your right to object in connection with the use of information society services by means of automated procedures using technical specifications.

8.10 Right to Lodge a Complaint with a Supervisory Authority pursuant to Article 77 GDPR

Pursuant to Article 77 of the General Data Protection Regulation (GDPR), data subjects shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place of the alleged infringement, if they consider that the processing of personal data relating to them infringes the GDPR.

This right exists without prejudice to any other administrative or judicial remedy.

The supervisory authority responsible for our organization is:

State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia

P.O. Box 20 04 44

40102 Düsseldorf

Kavalleriestraße 2–4

40213 Düsseldorf

Germany

Phone: +49 (0)211 38424-0

Email: poststelle@ldi.nrw.de

Website: www.ldi.nrw.de

9. Validity and Amendments to This Privacy Policy

This Privacy Policy is effective as of July 1, 2025. We reserve the right to amend this Privacy Policy at any time, in compliance with applicable data protection regulations. Such amendments may become necessary, for example, to reflect changes in legal requirements or to account for modifications to our website or the introduction of new services on our website.

The version of the Privacy Policy available at the time of your visit shall apply.

Should this Privacy Policy be amended, we intend to publish the changes on this page to ensure that you are fully informed about the personal data we collect, how we process it, and under what circumstances it may be disclosed.