PRIVACY POLICY

Effective Date: 26 February 2026

1. Data Controller

Sandra Halbe
25, rue d’Auvers
77123 Noisy-sur-Ecole
France
Email: info@sandrahalbe.com

I operate an international online coaching and education business. Processing of personal data is carried out in accordance with the General Data Protection Regulation (GDPR) and applicable French data protection law.

2. Scope

This Privacy Policy applies when you:

  • visit this website

  • purchase products or services

  • book 1:1 sessions or workshops

  • access online programs or communities

  • download free resources

  • subscribe to newsletters

  • communicate via email, Instagram, Telegram, WhatsApp or similar

  • participate in Zoom sessions

  • interact with embedded media

  • interact with my social media profiles

This policy applies to adults only. My services are not directed at minors.

3. Categories of Personal Data

Depending on your interaction, I may process:

Identification Data
Name, email address, billing address, phone number (if provided).

Contract & Payment Data
Order details, invoices, VAT number (if provided), transaction IDs, payment status, refunds, chargebacks.

Technical Data
IP address, browser type, device type, operating system, referrer URL, timestamps, log files.

Usage Data
Website interactions, page visits, clicks, duration, community participation, email interaction data (opens/clicks where applicable).

Communication Data
Emails, direct messages, Telegram or WhatsApp messages, booking notes.

Program & Community Data
Profile data you provide, posts, comments, participation logs.

4. Special Categories of Data (Art. 9 GDPR)

Due to the nature of somatic coaching and body-based work, you may voluntarily share information relating to:

  • physical health

  • emotional or psychological state

  • trauma-related experiences

  • body symptoms

  • nervous system responses

Such data may qualify as health-related data under Art. 9 GDPR.

Processing of such data occurs only:

  • when you voluntarily provide it

  • when it is necessary for the coaching or program you have requested

  • based on your explicit consent

  • and/or for the performance of a contract

Session notes are primarily kept handwritten and are not stored in digital systems unless required for operational purposes.

5. Legal Bases for Processing (Art. 6 GDPR)

Data is processed on one or more of the following legal bases:

Contract Performance (Art. 6(1)(b))
Delivery of services, program access, support, bookings, payments.

Legal Obligation (Art. 6(1)(c))
Accounting and tax requirements under French law.

Legitimate Interest (Art. 6(1)(f))
Website security, fraud prevention, system integrity, communication handling.

Consent (Art. 6(1)(a))
Newsletter subscription, analytics, marketing tracking (including Meta Pixel), optional cookies.

You may withdraw consent at any time.

6. Mandatory vs Optional Data

Mandatory data includes information necessary to deliver a purchased service (name, email, payment details).

Optional data includes newsletter subscription, voluntary community content, or additional profile information.

If mandatory data is not provided, services cannot be delivered.

7. Data Retention

Data is retained only as long as necessary:

Invoices & accounting records: 10 years (French tax law).
Contract-related records: up to 6 years.
Newsletter data: until you unsubscribe (suppression list retained to prevent re-mailing).
Community data: duration of membership; deletion upon request where legally possible.
Server logs: a few weeks unless required for security investigation.
Analytics data: up to 26 months (if activated).

Data may be retained longer if required for legal defense.

8. Service Providers & Processors

I use third-party providers to operate the business.

Checkout & Payments

ThriveCart
Stripe
PayPal
Klarna

Payment providers act as independent controllers for payment processing.

Email & Automation

Wildmail (powered by ActiveCampaign)
Used for newsletters, funnels and communication automation.

Booking

Calendly

Video Sessions

Zoom (for sessions and workshops)

Community & Courses

Communi App (community hosting and program access)

Hosting

ALL-INKL.COM – Neue Medien Münnich (Germany)

Website

WordPress + Divi Theme

Consent Management

Borlabs Cookie

Analytics

Google Analytics (activated only with consent)

Marketing Tracking

Meta Pixel (activated only with consent)

Media & Streaming

YouTube
Vimeo
SoundCloud
Spotify (if embedded)

Embedded media may transmit IP address and technical data when activated.

Cloud Storage

Google Drive (for operational documents)

Messaging Platforms

Instagram (Meta)
Telegram (groups & 1:1)
WhatsApp (currently private account use)

These platforms act as independent controllers under their own privacy policies.

9. International Data Transfers

Some providers operate outside the EU/EEA.

Where data is transferred internationally, transfers rely on:

  • EU adequacy decisions

  • Standard Contractual Clauses (SCCs)

  • Additional safeguards where required

10. Cookies & Tracking

This website uses cookies and similar technologies.

Strictly necessary cookies operate without consent.
Analytics, marketing and tracking technologies (including Meta Pixel and Google Analytics) operate only after explicit consent via the cookie banner.

Consent can be withdrawn at any time.

11. Server Log Files

Hosting provider automatically records:

IP address
Browser type
Referrer
Timestamp
Requested pages

Purpose: system security and stability.
Legal basis: legitimate interest.

12. Newsletter & Funnels

If you subscribe to a free resource or newsletter:

  • Double opt-in is used where required.

  • Email interaction data (opens, clicks) may be tracked.

  • You may unsubscribe at any time.

Service-related emails are sent independent of marketing consent when necessary to fulfill a contract.

13. Security

SSL/TLS encryption protects website transmission.
Access to systems is limited to what is necessary.
Appropriate technical and organisational measures are applied.

14. Your Rights Under GDPR

You have the right to:

  • Access your personal data

  • Rectify inaccurate data

  • Erase data

  • Restrict processing

  • Object to processing

  • Withdraw consent

  • Data portability

  • Lodge a complaint with a supervisory authority

Requests can be sent to: info@sandrahalbe.com

Response time: within statutory limits (generally 30 days).

15. Supervisory Authority

France:
CNIL – Commission Nationale de l’Informatique et des Libertés
https://www.cnil.fr

You may also lodge a complaint with your local EU authority.

16. Automated Decision-Making

No automated decision-making or profiling with legal effects takes place under Art. 22 GDPR.

17. French-Specific Right

Under French law, you may define instructions regarding the retention, deletion and communication of your data after death. Such instructions may be sent to info@sandrahalbe.com.

18. Updates

This Privacy Policy may be updated when legal or technical changes require it. The latest version is always published on this website.

19. Contact

Sandra Halbe
info@sandrahalbe.com
25, rue d’Auvers
77123 Noisy-sur-Ecole
France

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Melde dich an zu "Somatic Sales Mastery" und erfahre, wie du deines Salesgespräche in Einklang bringen kannst mit deinem Nervensystem.

Sei live dabei und stelle mir persönlich deine Fragen.

You have Successfully Subscribed!