Data Handling & Privacy Policy

Soul Impact Berlin


Last updated: 1 April 2026

1. Data Controller

I am Hekate, operating as Soul Impact Berlin.

Email: hekate@soulimpactberlin.de
Tel: +49 1525 9466172

For all matters concerning your personal data, you may contact me using the details above.

2. General Principles

I process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable German data protection laws.

I only collect and process personal data that is necessary for specific purposes. Your data is handled confidentially and is never sold or shared for marketing purposes.

Processing is based on the principles of:

  • lawfulness

  • fairness

  • transparency

  • data minimisation

  • storage limitation

  • integrity and confidentiality

3. Data Collection & Purpose

a) Contact Form

Data collected:

  • Name or nickname

  • Email address

  • Message content

  • Information on how you heard about me

Purpose:
To respond to inquiries and provide information.

Legal basis:
Art. 6(1)(f) GDPR (legitimate interest)

b) Newsletter Subscription

Data collected:

  • Name (may be a nickname)

  • Email address

Purpose:
To send updates, event announcements, and editorial content.

Legal basis:
Art. 6(1)(a) GDPR (consent)

Newsletter subscriptions use a double opt-in process. You may unsubscribe at any time.

c) Events & Workshops

Data collected:

  • Full legal name

  • Nickname / pseudonym

  • Email address

  • Pronouns

  • Experience level

  • Information about participation (e.g. items brought)

  • Optional comments

  • Information on how you heard about the event

Purpose:
To organise and conduct events and workshops, manage participation, and ensure a safe and respectful environment.

Legal basis:

  • Art. 6(1)(b) GDPR (contract performance)

  • Art. 6(1)(f) GDPR (legitimate interest)

For event organisation, I may temporarily create participant lists for on-site registration.

d) Private Sessions

Data collected (online):

  • Full legal name

  • Nickname / pseudonym

  • Email address

  • Pronouns

  • Optional comments

Additional data (offline):

  • Signed consent forms (name and signature)

  • Health-related and safety-relevant information (provided voluntarily)

Purpose:
To safely prepare and deliver private sessions.

Legal basis:

  • Art. 6(1)(b) GDPR (contract performance)

  • Art. 9(2)(a) GDPR (explicit consent for health-related information)

Health-related information is collected only where necessary and handled with strict confidentiality.

4. Payments

Payments are processed via Stripe.

I do not store or have access to full payment details. Stripe processes payment data under its own privacy policy and complies with applicable data protection regulations.

5. Data Processing Systems

I use the following service providers:

  • Squarespace (website and forms)

  • Google Workspace (email communication)

  • MailerLite (newsletter)

These providers process data on my behalf under GDPR-compliant terms.

6. Data Retention

Event & Workshop Data

Participant lists and temporary operational data are deleted regularly as part of structured data clean-up processes.

Email Communication

I retain email communication for as long as necessary to manage client relationships and business operations. Emails are not routinely deleted but are protected through appropriate security measures.

Newsletter Data

Stored until you withdraw your consent.

Accounting Data

Invoices and payment records are retained for the legally required period (up to 10 years).

Consent Forms

Consent forms are retained for documentation and legal protection purposes for an appropriate period.

Technical Limitations

Due to technical constraints, certain transactional data may remain stored within the website system. This data is not actively used beyond its original purpose.

7. Event Notifications

If you participate in an event, I may inform you about future editions of the same event series.

This is based on legitimate interest (Art. 6(1)(f) GDPR).
You may opt out of such notifications at any time.

8. Data Sharing

I do not sell or share personal data with third parties for marketing purposes.

Data is shared only:

  • with the service providers listed above

  • where necessary to fulfil contractual obligations

  • where required by law

Co-facilitators may receive nicknames only, not full personal data.

9. Data Security

I implement appropriate technical and organisational measures to protect your data, including:

  • secure storage systems

  • access restrictions

  • encrypted services where applicable

10. Your Rights

You have the right to:

  • access your data (Art. 15 GDPR)

  • correct inaccurate data (Art. 16 GDPR)

  • request deletion (Art. 17 GDPR)

  • restrict processing (Art. 18 GDPR)

  • object to processing (Art. 21 GDPR)

  • withdraw consent at any time (Art. 7(3) GDPR)

  • data portability (Art. 20 GDPR)

To exercise your rights, contact: hekate@soulimpactberlin.de

11. Complaints

You have the right to lodge a complaint with a supervisory authority.

In Germany, this is your local Datenschutzbehörde.
A list is available at:
https://www.bfdi.bund.de/SharedDocs/Adressen/EN/LfD/LfD_Liste.html

12. Updates

I may update this privacy policy from time to time.
The latest version will always be available on my website.