Privacy Policy

Last Update: 17 April 2026

Preamble

With the following privacy policy we would like to inform you which types of your personal data (hereinafter also abbreviated as "data") we process for which purposes and in which scope. The privacy statement applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online services").

The terms used are not gender-specific.

Controller

Overview of Processing Operations

The following table summarises the types of data processed, the purposes for which they are processed and the concerned data subjects.

Categories of Processed Data

• Inventory data
• Payment data
• Contact data
• Content data
• Contract data
• Usage data
• Meta, communication and process data
• Images and/or video recordings
• Audio recordings
• Log data

Categories of Data Subjects

• Service recipients and clients
• Prospective customers
• Communication partners
• Users
• Business and contractual partners
• Education and course participants
• Persons depicted

Purposes of Processing

• Provision of contractual services and fulfilment of contractual obligations
• Communication
• Security measures
• Direct marketing
• Web analytics
• Office and organisational procedures
• Feedback and surveys
• Marketing
• Provision of our online services and usability
• Information technology infrastructure
• Financial and payment management
• Business processes and management procedures
• Artificial Intelligence (AI)

Relevant Legal Bases

Relevant legal bases according to the GDPR: In the following, you will find an overview of the legal basis of the GDPR on which we base the processing of personal data. Please note that in addition to the provisions of the GDPR, national data protection provisions of your or our country of residence or domicile may apply.

• Consent (Article 6 (1) (a) GDPR) — The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
• Performance of a contract and prior requests (Article 6 (1) (b) GDPR) — Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Compliance with a legal obligation (Article 6 (1) (c) GDPR) — Processing is necessary for compliance with a legal obligation to which the controller is subject.
• Legitimate Interests (Article 6 (1) (f) GDPR) — The processing is necessary for the protection of the legitimate interests of the controller or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not prevail.

National data protection regulations in Austria: In addition to the data protection regulations of the GDPR, national regulations apply to data protection in Austria. This includes in particular the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act — DSG).

Relevant legal basis according to the Swiss Data Protection Act: If you are located in Switzerland, we process your data based on the Federal Act on Data Protection (Swiss DPA). Unlike the GDPR, the Swiss DPA does not generally require that a legal basis for processing personal data be stated, and the processing of personal data is conducted in good faith, lawfully and proportionately (Art. 6 para. 1 and 2 of the Swiss DPA).

Security Precautions

We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input, transmission, securing and separation of the data.

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect the data of users transmitted via our online services from unauthorized access, we employ TLS/SSL encryption technology. When a website is secured with an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL.

General Information on Data Retention and Deletion

We delete personal data that we process in accordance with legal regulations as soon as the underlying consents are revoked or no further legal bases for processing exist. Exceptions to this rule exist if statutory obligations or special interests require a longer retention or archiving of the data.

Retention Periods under Austrian Law

• 7 years — Personal data processed in connection with tax-relevant business records pursuant to the Austrian Federal Fiscal Code (Section 132 BAO) and the Austrian Commercial Code (Sections 190–212 UGB).
• 3 years — Data required for the assertion, exercise or defence of warranty claims, claims for damages or other contractual claims (Section 1489 ABGB).

Retention Periods under Swiss Law

• 10 years — Retention period for books and records, annual financial statements, accounting vouchers and invoices (Article 958f OR).
• 5–10 years — Data necessary to consider potential claims for damages or similar contractual claims (Articles 127, 128, 130 OR).

Rights of Data Subjects

Rights under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:

• Right to Object: You have the right, on grounds arising from your particular situation, to object at any time to the processing of your personal data which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions.
• Right of withdrawal for consents: You have the right to revoke consents at any time.
• Right of access: You have the right to request confirmation as to whether the data in question will be processed and to be informed of this data and to receive further information and a copy of the data.
• Right to rectification: You have the right to request the completion of the data concerning you or the rectification of the incorrect data concerning you.
• Right to Erasure and Right to Restriction of Processing: You have the right to demand that the relevant data be erased immediately or, alternatively, to demand that the processing of the data be restricted.
• Right to data portability: You have the right to receive data concerning you in a structured, common and machine-readable format, or to request its transmission to another controller.
• Complaint to the supervisory authority: You have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State where you habitually reside.

To exercise any of these rights, please contact us at connect@purebeing.eu.

Business Services

We process personal data of our contractual and business partners, such as customers, clients, prospective customers, and other cooperation partners, for the initiation, execution and settlement of contractual relationships as well as comparable legal relationships.

In particular, we process master data such as name, address and company name; contact details such as email address and telephone number; contract and service data; usage and performance data; payment and billing data; as well as communication content and histories.

• Legal Basis: Performance of a contract (Article 6 (1) (b) GDPR); Compliance with a legal obligation (Article 6 (1) (c) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).

Coaching and Consulting

We process the data of our clients in order to provide them with our coaching and consulting services. The processes include: initiating contact and communication with clients, needs analysis, planning and conducting sessions, documenting progress, scheduling appointments, providing materials and resources, invoicing and payment management, quality assurance and feedback processes.

Online Courses and Online Training

We process the data of participants in our online courses and training sessions in order to provide them with our course and training services. The data generally includes information on the courses and services utilized, as well as personal preferences and results of the participants.

Payment Procedure

Within the framework of contractual and other legal relationships, we offer data subjects efficient and secure payment options and use other service providers for this purpose in addition to banks and credit institutions. Payment transactions are carried out exclusively via encrypted connections.

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, total and recipient-related information.

• Apple Pay: Service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA. Privacy Policy.
• PayPal: Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. Privacy Policy.
• Stripe: Service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA. Privacy Policy.
• Salesfunnels.io: CRM and payment processing system used for booking and course purchases.

Provision of Online Services and Web Hosting

We process user data in order to be able to provide them with our online services. For this purpose, we process the IP address of the user, which is necessary to transmit the content and functions of our online services to the user's browser or terminal device.

Collection of Access Data and Log Files: Access to our online service is logged in the form of so-called "server log files". Server log files may include the address and name of the accessed web pages and files, date and time of access, transferred data volumes, browser type along with version, the user's operating system, referrer URL, and typically IP addresses. Log file information is stored for a maximum period of 30 days and then deleted or anonymized.

• STRATO: Services in the field of the provision of information technology infrastructure and related services. Service provider: STRATO AG, Pascalstraße 10, 10587 Berlin, Germany. Privacy Policy. Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

Use of Cookies

The term "cookies" refers to functions that store information on users' devices and read it from them. Cookies can also be used for different purposes, such as ensuring the functionality, security, and convenience of online services, as well as analyzing visitor traffic. We use cookies in accordance with legal regulations. If necessary, we obtain users' consent in advance.

Storage duration:

• Temporary cookies (session cookies): Temporary cookies are deleted at the latest after a user leaves an online service and closes their device.
• Permanent cookies: Permanent cookies remain stored even after the device is closed. Unless we provide explicit information to users about the type and storage duration of cookies, users should assume that these are permanent and may have a storage duration of up to two years.

Users can withdraw their consent at any time and also object to the processing according to legal regulations, including through the privacy settings of their browser.

This website itself does not set tracking or advertising cookies. The embedded third-party forms and booking widgets from Salesfunnels.io may set functional cookies that are strictly necessary for those services to operate.

Contact and Inquiry Management

When contacting us (e.g., by mail, contact form, e-mail, telephone or via social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to respond to the contact requests and any requested measures.

If you contact us via connect@purebeing.eu, we process your e-mail address and the content of your message solely to respond to your enquiry.

• Legal Basis: Performance of a contract (Article 6 (1) (b) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).

Artificial Intelligence (AI)

We use AI-based tools and services in the context of our business operations. These tools may process data provided by us or generated in the course of our activities. We use AI services on the basis of our legitimate interests in efficient and innovative service delivery.

Services used include: Adobe AI, ChatGPT (OpenAI Ireland Ltd), DALL-E, DeepL, Midjourney, Stable Diffusion, Synthesia, ElevenLabs, and others. For each service, the respective provider's privacy policy applies. Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

Newsletter and Electronic Communications

We send newsletters, e-mails and other electronic notifications (hereinafter "newsletter") only with the consent of the recipients or with a legal permission. If the contents of the newsletter are specifically described within the scope of a registration, they are decisive for the consent of the users.

If you subscribe to our newsletter DISTILLED via the embedded form, your e-mail address is processed by Salesfunnels.io. Subscription is based on your consent (Art. 6(1)(a) GDPR). You may unsubscribe at any time via the link in every newsletter.

• Salesfunnels.io: CRM system used for newsletter subscription management. Please refer to their privacy policy at salesfunnels.io for details.

Profiles in Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. In addition, user data is usually processed within social networks for market research and advertising purposes.

• Instagram: Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. Privacy Policy.
• Facebook Pages: Service provider: Meta Platforms Ireland Limited. Privacy Policy. Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
• LinkedIn: Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Dublin 2, Ireland. Privacy Policy. Legal Basis: Consent (Article 6 (1) (a) GDPR).
• TikTok: Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. Legal Basis: Consent (Article 6 (1) (a) GDPR).
• YouTube: Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy Policy. Legal Basis: Consent (Article 6 (1) (a) GDPR).

Plugins and Embedded Functions and Content

Within our online services, we integrate functional and content elements that are obtained from the servers of their respective providers. The integration always presupposes that the third-party providers of this content process the IP address of the user, since they could not send the content to their browser without the IP address.

• Google Fonts: Provision of font files for the purpose of a user-friendly presentation of our online services. The Google Fonts are hosted on our server; no data is transmitted to Google. Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
• YouTube videos: Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy Policy. Legal Basis: Consent (Article 6 (1) (a) GDPR).
• LinkedIn plugins and contents: Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Dublin 2, Ireland. Privacy Policy. Legal Basis: Consent (Article 6 (1) (a) GDPR).
• Instagram plugins and contents: Service provider: Meta Platforms Ireland Limited. Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
• Facebook plugins and contents: Service provider: Meta Platforms Ireland Limited. Legal Basis: Consent (Article 6 (1) (a) GDPR).

Changes and Updates

We kindly ask you to inform yourself regularly about the contents of our data protection declaration. We will adjust the privacy policy as changes in our data processing practices make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

The current version is always available at purebeing.eu/privacy.html.