Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. The following Privacy Policy explains how we handle your personal data when you use our website. "Personal data" refers to any information that can identify you personally.

1.2 The Controller (also referred to as "we", "us" or "our") for the purposes of the EU General Data Protection Regulation (GDPR), the UK GDPR, and other applicable data protection laws is:
Energy and Soul LLC
30N Gould St SteR
Sheridan, Wyoming 82801 USA
E-mail: kontakt@energy-and-soul-akademie.com

The "Controller" is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

If you have any questions about this Privacy Policy or our data practices, you can contact us at the above address or by e-mail.

For California residents: If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). These rights are outlined in section 13.3 of this Privacy Policy.

2) Data Collection When Visiting Our Website

2.1 Informational Use of the Website (Server Log Files)
When you use our website purely for informational purposes (i.e., you do not register or otherwise submit information), we collect only the data your browser transmits to our server (“server log files”). This data includes:

  • The pages visited on our website

  • Date and time of access

  • Amount of data transferred (in bytes)

  • Referring source/URL

  • Browser type

  • Operating system used

  • IP address (possibly anonymized)

Processing is carried out under Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used for other purposes. However, we reserve the right to check server log files subsequently if there are specific indications of illegal use.

2.2 SSL/TLS Encryption
For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries), our website uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" and the lock icon in your browser’s address bar.

3) Hosting & Content Delivery Network (CDN)

3.1 Amazon Web Services (AWS)
Hosting services are provided by:
Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA.

All data collected on our website is processed on the provider's servers. We have concluded a Data Processing Agreement (DPA) with AWS to ensure the protection of our visitors’ data and to prevent unauthorized disclosure to third parties.
For data transfers to the USA, AWS is certified under the EU–US Data Privacy Framework, ensuring compliance with EU data protection standards.

3.2 Squarespace
Hosting services are also provided by:
Squarespace Ireland Ltd., Squarespace House, Ship Street Great, Dublin 8, D08 N12C, Ireland.

All data collected is processed on the provider’s servers. We have a DPA in place with Squarespace. In some cases, data may also be transferred to Squarespace Inc., USA, which is certified under the EU–US Data Privacy Framework.

4) Cookies

We use cookies to make visiting our website attractive and to enable certain functions.
Some cookies are deleted after you close your browser (“session cookies”), while others remain on your device (“persistent cookies”) and store your settings.

If personal data is processed via cookies, processing is based on Art. 6(1)(b) GDPR (contract performance), Art. 6(1)(a) GDPR (consent), or Art. 6(1)(f) GDPR (legitimate interest).

You can set your browser to inform you about cookies and decide on a case-by-case basis or reject them entirely.
If you refuse cookies, some site functions may be limited.

5) Contacting Us

We may collect personal data when you contact us, including via:

  • WhatsApp Business (WhatsApp Ireland Ltd., with possible transfer to Meta Platforms Inc., USA)

  • Contact form or e-mail

Data is processed for the purpose of handling your inquiry and, if applicable, contract fulfillment (Art. 6(1)(b) GDPR) or based on our legitimate interest in responding to inquiries (Art. 6(1)(f) GDPR).

6) Comment Function

If you post comments on our website, we store your comment, the time of posting, your chosen username, and your IP address. This is for security reasons and to address potential legal violations.

7) Direct Marketing & Newsletter

7.1 Newsletter Subscription
We send newsletters only with your explicit consent (Art. 6(1)(a) GDPR) and via a double opt-in process.

7.2 Newsletter for Existing Customers
If you have purchased goods/services, we may send related product offers under our legitimate interest (Art. 6(1)(f) GDPR), unless you opt out.

7.3 Provider: Systeme.io
We use Systeme.io (ITACWT Ltd., Ireland) for email marketing, with a DPA in place.

8) Order Processing

We process your data for order fulfillment, including sharing with payment processors, shipping providers, and other necessary third parties (Art. 6(1)(b) GDPR).

9) Analytics Services

9.1 Google Analytics 4 – with IP anonymization, Google Signals, and User-ID features, only with consent (Art. 6(1)(a) GDPR).
9.2 Google Tag Manager – technical tool for managing scripts, only with consent.
9.3 Squarespace Analytics – pseudonymized analytics, only with consent.

10) Remarketing & Conversion Tracking

We use Google Ads Remarketing with consent (Art. 6(1)(a) GDPR). This may involve cross-device tracking and data transfers to Google LLC, USA.

11) Website Functionalities

11.1 Google reCAPTCHA – spam and bot protection, only with consent.
11.2 Zoom – for online meetings and webinars, with a DPA in place.

12) Cookie Consent Tool

We use a Cookie Consent Tool to manage user consents for cookies.
Technically necessary cookies are always active; all others require consent.

13) Data Subject Rights

13.1 Under GDPR / UK GDPR, you have the right to:

  • Access (Art. 15 GDPR)

  • Rectification (Art. 16 GDPR)

  • Erasure (Art. 17 GDPR)

  • Restrict processing (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR)

  • Withdraw consent (Art. 7(3) GDPR)

  • Complain to a supervisory authority (Art. 77 GDPR)

13.2 Right to Object
You may object at any time to processing based on legitimate interests or for direct marketing purposes.

13.3 California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose

  • Request deletion of your personal information

  • Opt-out of the sale or sharing of your personal information (we do not sell personal data)

  • Correct inaccurate personal information

  • Limit the use/disclosure of sensitive personal information

To exercise these rights, contact us via the details above. We will verify your identity before responding.

14) Data Retention

The retention period is based on the legal basis for processing, statutory retention obligations, and our legitimate interests. Data is deleted when it is no longer necessary for the purposes collected.

15) Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with the updated “Last Updated” date.

Last Updated: 11.08.2025