SANDRA NIETHEN  consulting

Privacy Policy

Last updated: June 2025

Sandra Niethen Consulting takes the protection of your personal data seriously. This Privacy Policy explains what information we collect when you visit our website (sandraniethen.com), contact us, or use our services, and how we use, store and protect that information.

This policy applies to all processing of personal data by Sandra Niethen Consulting and complies with the General Data Protection Regulation (GDPR) and applicable German data protection law.

1. Controller

The controller responsible for the processing of your personal data is:

Sandra Niethen Consulting

Sonderburgstr. 11

40545 Düsseldorf, Germany

E-mail: sandra@sandraniethen.com

Phone: +49 171 195 6777

Website: sandraniethen.com

2. Data We Collect

2.1 When You Visit Our Website

When you access our website, our web server automatically records the following data in server log files:

  • IP address (anonymised where technically possible)
  • Date and time of access
  • Pages and files accessed
  • Browser type and version
  • Operating system
  • Referring URL

This data is processed on the basis of Art. 6 (1) (f) GDPR (legitimate interest) to ensure the technical functioning of the website and to detect and prevent misuse. It is deleted after 14 days unless required for longer retention for security purposes.

2.2 When You Contact Us

When you contact us by e-mail, telephone or via a contact form, we collect:

  • Your name
  • Your e-mail address and/or phone number
  • The content of your message
  • Date and time of the enquiry

This data is processed on the basis of Art. 6 (1) (b) GDPR (pre-contractual measures or contract performance) or, where applicable, Art. 6 (1) (f) GDPR (our legitimate interest in responding to your enquiry). We retain this data for as long as necessary to respond to your enquiry, and for up to three years thereafter for documentation purposes unless a longer retention period is required by law.

2.3 When You Engage Our Services

In the context of a consulting or coaching engagement, we may process additional personal data including:

  • Contact and identification data
  • Professional background and organisational context
  • Information shared during sessions, assessments or written exchanges

This data is processed on the basis of Art. 6 (1) (b) GDPR and, where it concerns particularly sensitive categories of data (e.g. health-related information), with your explicit consent pursuant to Art. 9 (2) (a) GDPR. It is retained for the duration of the engagement and for up to ten years thereafter in accordance with applicable commercial and tax law retention obligations.

3. Cookies and Analytics

Our website currently does not use tracking cookies or third-party analytics tools. Should this change, this Privacy Policy will be updated accordingly and, where required by law, your prior consent will be obtained.

Technically necessary cookies required solely for the functioning of the website (e.g. session management) may be set without your consent on the basis of Art. 6 (1) (f) GDPR.

4. Disclosure of Data to Third Parties

We do not sell, rent or trade your personal data. We may share your data only in the following circumstances:

  • With service providers who assist us in operating our website or delivering our services (e.g. IT hosting, e-mail infrastructure), subject to appropriate data processing agreements pursuant to Art. 28 GDPR;
  • Where we are legally obliged to do so (e.g. in response to a court order or request from a supervisory authority);
  • In connection with a business transfer, merger or acquisition, subject to appropriate confidentiality and data protection obligations.

We do not transfer personal data to recipients outside the European Economic Area (EEA) unless adequate safeguards are in place in accordance with Chapter V GDPR.

5. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration or disclosure. These include encrypted transmission (TLS/SSL), access controls and regular security reviews.

Whilst we take data security seriously, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any data breach in accordance with applicable law.

6. Your Rights

Under the GDPR, you have the following rights in relation to your personal data:

  • Right of access (Art. 15 GDPR) — to obtain confirmation of whether and how we process your data, and to receive a copy;
  • Right to rectification (Art. 16 GDPR) — to have inaccurate data corrected;
  • Right to erasure (Art. 17 GDPR) — to request deletion of your data where there is no lawful basis for continued processing;
  • Right to restriction of processing (Art. 18 GDPR) — to request that we limit processing in certain circumstances;
  • Right to data portability (Art. 20 GDPR) — to receive your data in a structured, commonly used format;
  • Right to object (Art. 21 GDPR) — to object at any time to processing based on legitimate interests;
  • Right to withdraw consent (Art. 7 (3) GDPR) — where processing is based on your consent, to withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at sandra@sandraniethen.com. We will respond within the statutory period (generally one month).

You also have the right to lodge a complaint with a supervisory authority. The competent authority for Sandra Niethen Consulting is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen

Kavalleriestr. 2–4, 40213 Düsseldorf

www.ldi.nrw.de

7. Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Specific retention periods are set out in the relevant sections above. When data is no longer required, it is securely deleted or anonymised.

8. Links to Third-Party Websites

Our website may contain links to third-party websites. We have no control over the content or privacy practices of those sites and are not responsible for their data processing. We recommend that you review the privacy policies of any third-party sites you visit.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The current version will always be available on our website. Where changes are material, we will notify you by appropriate means.

Sandra Niethen Consulting  ·  Sonderburgstr. 11, 40545 Düsseldorf  ·  sandra@sandraniethen.com  ·  sandraniethen.com