Privacy concerns are very important to me. Currently just about every company claims that to be the case, but I do have some actual credentials in this area, in particular relating to my activities in the context of the Swiss NGO Digitale Gesellschaft.
Personal data is defined as “any information relating to an identified or identifiable natural person”.
Such personal data is unavoidably generated when anyone communicates with me in writing, as in practically every case, letters and email addresses and email messages are personal data. I read, store and archive letters and emails which I receive so that I can answer them, and so that I can find them later. Letters and email messages are not automatically processed in any other way. I will not use postal addresses or email addresses received in this way for any purpose except possibly for writing to you personally. So you can write to me without risk of thereby getting yourself added to a marketing mailing list of any kind.
The same applies when someone provides me with their contact information in any other way, for example by giving me their business card.
In the case of oral conversations, I sometimes write, exclusively for my personal purpose of being able to remind myself, brief notes on where we have met and/or on what we talked about.
When I make an appointment with someone, I always note the appointment in my electonic agenda, because I would probably forget about most my appointments if I didn't do that.
When I coach someone, I create electronic records in regard to whom I have coached, as well as the date, time and duration of the coaching sessions. The only way in which this information is processed in an automated manner is to determine the total amount of time that I have spent coaching during a given period of one or more months. I also keep the coachee's contact information and the written coaching agreement.
All of this information in relation to business communications and business activities is deleted when it is between ten and eleven years old. In addition, you can ask me at any time to immediately delete all personal data concerning you to the extent that I'm allowed to do so. (I am legally required to keep copies of some kinds of documents, e.g. invoices that I send, for ten years.)
I have organized my business activities so that they avoid generating personal data in any other way. In particular, I do not create any kind of records about the content of coaching conversations. My business website is hosted on a webserver which I have personally set up to avoid generating logfiles that would contain personal information. (This uses the “anonip” logfile anonymization tool.)
In my interactions with professional organizations in the field of coaching such as the International Coach Federation (ICF), I have a need to be able to not only make claims about my total number of coaching hours, but in addition to allow them to potentially audit my records to allow them to verify the veracy of my claims.
Such potential audits aside, I will, to the extent that is legally possible, avoid disclosing to anyone any of the personal information that I have collected in the context of my professional activities.
The legal basis of all my processing of personal data consists on one hand in the fact that when someone sends me an email or otherwise communicates their contact information, by the very act of communication, implicitly permission is given to receive and store the contents of the communication. On the other hand the permission to create records of my coaching activity, containing the information when I have coached whom for how long, is based on the written coaching agreement.
You have all the rights foreseen in the Swiss data protection law (Datenschutzgesetz, DSG) and in the EU's General Data Protection Regulation (GDPR), including in particular the right of access to and rectification or erasure of your personal data, the right to object to processing of your personal data, the right to data portability, and the right to lodge a complaint with a supervisory authority. In practical terms, as the only processing which takes place is for purposes of storing the information so that I can access it, any objection to processing will be addressed by means of erasure of the data. In the case of requests based on the right to data portability, emails will be provided in mbox format, all other information in csv format. All requests on the basis of these rights will be acknowledged and executed promptly.
An important notion in the context of the Swiss data protection law (Datenschutzgesetz, DSG), the EU's General Data Protection Regulation (GDPR), and other data protection laws is the notion of the “controller” of the data. In this case this is:
Norbert Bollow Coaching and Framework Solutions Weidlistrasse 18 CH-8624 Grüt Switzerland Phone: +41 44 972 20 59 Email: firstname.lastname@example.org Website: https://deeperpurpose.coach/
As foreseen in Article 27 of the EU's General Data Protection Regulation (GDPR), there is, in addition to the above-mentioned “controller” of the data, an EU representative who can be contacted in addition to or instead of the above-mentioned “controller”, on all issues related to processing of personal data by this company.
This EU representative is:
Mrs. Dr. Anna Bollow-Mannzen Max-Planck-Strasse 5 D-64807 Dieburg Germany