Crispycoaching Privacy Information

Version: April 2026

1. Introduction

Crispycoaching is pleased that you are visiting our website. The protection of your personal data is very important to us. Below, we inform you about how we process your personal data in connection with the use of our website, contacting us, and our services (in-house projects, open trainings (crispy academy), coaching (B2B, B2C), and digital learning programs) (hereinafter collectively referred to as the “Services”).

2. Controller

The controller responsible for data processing on this website is:

Resch Krahé Haus GbR – crispycoaching
Chausseestraße 116
10115 Berlin
Email: hello@crispycoaching.com

Authorized partners:
Eva Resch
Felix Krahé
Svenja Haus

3. General Information on Data Processing

We process personal data only insofar as this is necessary for providing a functional website, handling inquiries, performing our Services, safeguarding our legitimate interests, or where you have given us your consent to do so.

Personal data means all information relating to an identified or identifiable natural person, e.g. name, contact details, communication content, appointment details, invoice data, or usage data.

Processing takes place in particular on the basis of:

• Art. 6(1)(a) GDPR (consent),
• Art. 6(1)(b) GDPR (contract / pre-contractual measures),
• Art. 6(1)(c) GDPR (legal obligation),
• Art. 6(1)(f) GDPR (legitimate interests).

4. Provision of the Website and Server Log Files

Each time our website is accessed, information is automatically transmitted by the browser to the server. This may include in particular:

• IP address,
• date and time of access,
• page/file accessed,
• referrer URL,
• browser type and browser version,
• operating system,
• hostname of the accessing computer.

These data are processed in order to technically provide the website, ensure its stability and security, and detect and prevent misuse.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure and functional provision of our online offering.

5. Hosting and Provision of the Website

Our website is hosted by an external service provider. The personal data collected in connection with the use of this website are processed on the servers of the hosting provider.

This may include in particular IP addresses, metadata and communication data, website accesses, and other data generated via a website.

We use service providers for the hosting and technical provision of our website, in particular:

• Kinsta Inc., 8605 Santa Monica Blvd #92581, West Hollywood, CA 90069, USA
  (Managed WordPress hosting, cloud infrastructure based on Google Cloud)
  Privacy notice: https://kinsta.com/legal/privacy-policy/
• Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg
  (Cloud hosting, content delivery network, and technical infrastructure)
  Privacy notice: https://aws.amazon.com/de/privacy/

External hosting service providers are used for the purpose of securely, quickly, and efficiently providing our online offering through a professional provider. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the reliable presentation and provision of the website).

Where the above-mentioned providers process personal data on our behalf, this is done on the basis of data processing agreements pursuant to Art. 28 GDPR.

It cannot be ruled out that, in the context of hosting, personal data may be transferred to third countries, in particular the USA. In such cases, we ensure that appropriate safeguards within the meaning of Arts. 44 et seq. GDPR are in place, in particular through the conclusion of Standard Contractual Clauses or—where applicable—certification under the EU-U.S. Data Privacy Framework.

6. Cookies and Consent Management

Our website uses cookies and/or similar technologies. Where these are technically necessary for the operation of the website, they are used on the basis of our legitimate interests in providing the website in a user-friendly and secure manner.

Where cookies or similar technologies are not strictly necessary, we use them only with your consent. You may give, refuse, or withdraw your consent at any time with effect for the future via our consent banner.

We use the consent management tool CookieYes from CookieYes Limited, 3 Warren Yard, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom, on our website in order to obtain, manage, and document your consent for the use of cookies and comparable technologies.

In connection with the use of CookieYes, your consent data (e.g. consent status, timestamp, if applicable anonymized IP address, browser and device information) are processed insofar as this is necessary for the provision and storage of your cookie settings.

The tool enables us in particular to store and technically implement your decision regarding the placement of non-essential cookies. Non-essential scripts and cookies are blocked until you give your consent.

The legal bases are:

• Art. 6(1)(a) GDPR for the processing of personal data on the basis of your consent,
• Section 25(1) TDDDG for storing information on your terminal device or accessing such information,
• Section 25(2) TDDDG for technically necessary processes.

Further information on data protection at CookieYes can be found at: https://www.cookieyes.com/privacy-policy/.

You may change or withdraw your cookie settings at any time via the consent tool provided on the website.

7. Contacting Us

If you contact us by email, telephone, or via our contact form, we process the data you provide to us, e.g.:

• name,
• email address,
• telephone number,
• subject,
• message / inquiry content,
• if applicable, reference to an appointment or company.

Processing takes place for the purpose of handling your inquiry, communicating with you, and, where applicable, initiating or performing a contract.

The legal basis is generally Art. 6(1)(b) GDPR, insofar as your inquiry is aimed at the conclusion or performance of a contract. In other cases, processing takes place on the basis of Art. 6(1)(f) GDPR; our legitimate interest lies in the proper handling of incoming inquiries.

The website contains a contact form with mandatory fields for name, email address, telephone number, and message. It also refers to free consultation calls as well as registrations for trainings and coaching sessions.

8. Initiation, Booking, and Performance of Our Services

8.1. General

We process personal data insofar as this is necessary for the planning, booking, organization, performance, and follow-up of our Services. This concerns in particular:

• in-house projects,
• open trainings (crispy academy),
• coaching (B2B, B2C),
• digital learning programs,
• free initial or introductory calls.

In particular, the following data may be processed:

• master and contact data,
• company and invoice data,
• communication and appointment data,
• contract-related information,
• participation-related information,
• content information that you voluntarily share in the course of coaching, training, or program participation.

Processing takes place for contract initiation and contract performance pursuant to Art. 6(1)(b) GDPR.

The services described on the website and in the GTC include, among others, in-house projects, open trainings (crispy academy), coaching (B2B, B2C), and digital learning programs; they are conducted online, in person, in our own premises, at the customer’s premises, or at external locations.

Processing of data – performance of services
In the course of performing our Services, content may be processed that you or your organization actively provide to us or that arises in the course of performance. This may include in particular goals, questions, conversation content, development areas, organizational framework information, or feedback.

We process these data exclusively insofar as this is necessary for carrying out the respective format. Confidentiality is very important to us. Data are disclosed to third parties only where necessary for contract performance, where there is a legal obligation, or where you have expressly consented. Crispycoaching does not take notes during the performance of Services.

8.2. In-person Events

Where in-house projects, open trainings (crispy academy), and coaching (B2B, B2C) take place on site, in our premises, at external locations, or at the customer’s premises, we process the data necessary for organization and performance. This includes in particular:

• participant and contact data,
• appointment and location details,
• if applicable, company affiliation,
• organizational information,
• if applicable, documentation and billing data.

Where events take place on customers’ premises or are organizationally integrated by customers, the respective customer may bear independent responsibility under data protection law for certain processing operations, for example in connection with access controls, internal participant lists, IT systems, or building and security processes.

8.3. Online Events

Where our Services are provided wholly or partly online, digitally, or using digital program components as part of in-house projects, open trainings (crispy academy), coaching, or other formats, video conferencing and collaboration tools are used for implementation. These include in particular Microsoft Teams, Zoom, Google Meet, and other video conferencing and collaboration solutions specified by the customer or agreed between the parties.

Unless expressly agreed otherwise in writing, the selection of the video conferencing or collaboration tool used is made by the customer. In these cases, responsibility for the data protection assessment, approval, and permissibility of the respective tool vis-à-vis participants and other affected persons also lies with the customer. The customers and crispycoaching each act as separate controllers under data protection law in this respect. To the extent legally permissible, crispycoaching’s liability for the data protection permissibility, legal assessment, technical security, third-country transfer, configuration, or other compliance characteristics of a tool specified or approved by the customer is excluded. The provisions of crispycoaching’s GTC also apply.

Where the video conferencing or collaboration tool used is selected and provided solely by crispycoaching, e.g. in the case of consumers participating in coaching or the Lead Yourself program, the general provisions of data protection and civil law apply. In these cases, the tool is selected taking into account the legal and technical requirements apparent at the time of use. The tools used include:

• Microsoft Teams – a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA
  Privacy notice: https://privacy.microsoft.com/de-de/privacystatement
• Zoom – a service of Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA
  Privacy notice: https://explore.zoom.us/de/privacy/
• Google Meet – a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
  Privacy notice: https://policies.google.com/privacy

The providers generally process personal data as independent controllers within the meaning of the GDPR where they pursue their own purposes (e.g. operation, security, and further development of the services). Where providers process data on our behalf, this is done on the basis of corresponding data processing agreements.

It cannot be ruled out that individual providers also process data in third countries, in particular the USA. Where a transfer to a third country takes place, we ensure appropriate safeguards within the meaning of Arts. 44 et seq. GDPR, in particular through the conclusion of Standard Contractual Clauses or certification under the EU-U.S. Data Privacy Framework, where such certification exists.

8.4. Types of Data Processed

When using the respective video conferencing and collaboration tools, and depending on the specific service used, the activated functions, and the manner in which the event is conducted, the following personal data in particular may be processed:

• name, display name, and email address,
• meeting, appointment, and usage metadata,
• IP address,
• device, system, and browser information,
• audio, video, and chat data,
• contents of screen shares, presentations, documents, and other shared content,
• dial-in, connection, and log data,
• voluntarily provided profile pictures, status information, or other account-related details,
• purposes and legal bases of processing.

The processing of personal data takes place for the performance of contractual services and pre-contractual measures pursuant to Art. 6(1)(b) GDPR.

8.5. Recordings

Online events, trainings, coaching sessions, or other digital formats are not recorded.

8.6. Program “LEAD_yourself”

In connection with our LEAD_yourself program, we process personal data insofar as this is necessary for registration, participation, implementation, communication, provision of content, supporting materials, live sessions, organizational handling, and invoicing.

In particular, the following may be processed:

• master and contact data,
• booking and payment data,
• access data or participation-related information,
• communication content,
• reflection or work-related content voluntarily provided within the program,
• shipping data for digital or physical materials.

The legal basis is Art. 6(1)(b) GDPR. Where you voluntarily provide special personal information in the program, this is done on your own initiative. We recommend that you share only such information as you wish to disclose in the relevant context.

The website describes LEAD_yourself as a multi-week online program with self-study phases, digital and print materials, and live sessions.

8.7. Invoicing, Accounting, and Retention

For contract handling, invoicing, payment allocation, accounting, and tax documentation, we process the personal data required for these purposes.

The legal bases are:

• Art. 6(1)(b) GDPR,
• Art. 6(1)(c) GDPR in conjunction with commercial and tax law retention obligations.

8.8. Recipients of Data

We transfer personal data to third parties only where this is legally permitted. Recipients may in particular include:

• IT and hosting service providers,
• email and communication service providers,
• providers of video conferencing and collaboration tools,
• payment, accounting, and tax service providers,
• customers organizationally involved in in-house measures,
• other service providers that we use in compliance with data protection law.

Where service providers act for us as processors, this is done on the basis of a data processing agreement pursuant to Art. 28 GDPR.

9. Social Media

We maintain online presences in social networks in order to communicate there with interested persons, customers, and users and to provide information about our Services, offers, and other activities. In this context, personal data of users are processed by the respective platform operators and, where applicable, also by us.

We are currently represented in particular on the following platforms:

• Instagram (provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; privacy notice: https://privacycenter.instagram.com/policy)
• LinkedIn (provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; privacy notice: https://www.linkedin.com/legal/privacy-policy)
• Facebook (provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; privacy notice: https://www.facebook.com/privacy/policy)

When visiting our profiles, the respective providers may in particular process master data, usage data, communication data, device and connection data, and, where applicable, location data. This regularly also applies where users do not themselves hold an account on the respective platform or are not logged in there.

Processing takes place for the purpose of presenting crispycoaching externally, providing information about our Services, and communicating with interested persons and users. The legal basis is Art. 6(1)(f) GDPR. Where contact is made or a contract is initiated via a social platform, Art. 6(1)(b) GDPR additionally applies.

Where platform operators provide us with aggregated usage statistics, reach analyses, or so-called page insights, joint controllership with the respective platform operator cannot be ruled out in this respect. This applies in particular to those processing operations where anonymized or aggregated analyses regarding the use of our company pages, posts, interactions, or reach are made available to us. In such cases, processing additionally takes place on the basis of our legitimate interest in the analysis, optimization, and economically sensible provision of our online presence pursuant to Art. 6(1)(f) GDPR.

Please note that data processing by the operators of the social networks otherwise regularly takes place under their own data protection responsibility. We do not have full influence over the nature, scope, and further purposes of the processing operations carried out by the platform operators.

It cannot be ruled out that personal data may also be processed by the providers outside the European Union or the European Economic Area, in particular in the USA. Where a transfer to a third country takes place, this is made, according to the statements of the respective providers, on the basis of appropriate safeguards within the meaning of Arts. 44 et seq. GDPR, in particular through the use of Standard Contractual Clauses or—where applicable—on the basis of certification under the EU-U.S. Data Privacy Framework.

Further information on the processing of personal data by the respective platform operators, on options to object, and on the assertion of data subject rights can be found in the privacy notices of the respective providers listed above.

10. Additional Service Providers

10.1. Google Workspace

For the organization of our internal and external communication and for the management of documents, appointments, and emails, we use Google Workspace, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When using Google Workspace, personal data may be processed, in particular:

• contact data (e.g. name, email address),
• communication content (e.g. emails, calendar entries),
• usage and metadata (e.g. times, participants, device information).

Processing takes place for the implementation of pre-contractual measures and contract performance pursuant to Art. 6(1)(b) GDPR and on the basis of our legitimate interest in efficient organization and communication pursuant to Art. 6(1)(f) GDPR.

Where Google processes personal data on our behalf, this is done on the basis of a data processing agreement pursuant to Art. 28 GDPR.

It cannot be ruled out that personal data may also be transmitted to Google servers in third countries, in particular the USA, in the context of using Google Workspace. According to its own statements, Google bases such data transfers on appropriate safeguards within the meaning of Arts. 44 et seq. GDPR, in particular through the use of Standard Contractual Clauses and—where applicable—certification under the EU-U.S. Data Privacy Framework.

Further information on Google’s data processing can be found at: https://policies.google.com/privacy

10.2. Google Calendar

We use functions of the Google Calendar service, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for organizing and displaying appointments.

When using Google Calendar, personal data may be processed, in particular:

• name and email address,
• appointment and calendar data,
• usage and metadata (e.g. times, IP address, device information).

Processing takes place for the implementation of pre-contractual measures and contract performance pursuant to Art. 6(1)(b) GDPR and on the basis of our legitimate interest in efficient appointment organization pursuant to Art. 6(1)(f) GDPR.

It cannot be ruled out that personal data may also be transmitted to Google servers in third countries, in particular the USA, in the context of using Google Calendar. According to its own statements, Google bases such data transfers on appropriate safeguards within the meaning of Arts. 44 et seq. GDPR, in particular through the use of Standard Contractual Clauses and—where applicable—certification under the EU-U.S. Data Privacy Framework.

Further information on Google’s data processing can be found at: https://policies.google.com/privacy

10.3. Google Fonts

External fonts (“Google Fonts”) provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, are used on our website.

Google Fonts are integrated only after you have given your express consent via the consent management tool used. The legal basis for processing is Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

If you give your consent, a connection to Google’s servers is established when accessing a page that uses Google Fonts. In particular, your IP address may be transmitted to Google.

Please note that, in the context of using Google Fonts, a transfer of personal data to third countries, in particular the USA, cannot be ruled out. Google states that it maintains appropriate safeguards within the meaning of Arts. 44 et seq. GDPR, in particular through the use of Standard Contractual Clauses and—where applicable—certification under the EU-U.S. Data Privacy Framework.

Consent may be withdrawn at any time with effect for the future via the settings of the consent tool.

Further information on Google’s data processing can be found at:
https://policies.google.com/privacy
https://developers.google.com/fonts/faq

10.4. Brevo (Email Marketing and Marketing Automation)

We use the service Brevo (formerly Sendinblue), provided by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany, for sending emails, newsletters, and for marketing and automation purposes.

In connection with the use of Brevo, personal data may be processed, in particular:

• name and email address,
• communication and interaction data (e.g. open and click rates),
• usage data and technical information (e.g. IP address, device information).

Processing takes place on the basis of your consent pursuant to Art. 6(1)(a) GDPR (e.g. when subscribing to the newsletter) and on the basis of our legitimate interest in effective communication and marketing measures pursuant to Art. 6(1)(f) GDPR.

Where Brevo processes personal data on our behalf, this is done on the basis of a data processing agreement pursuant to Art. 28 GDPR.

Further information can be found at: https://www.brevo.com/de/legal/privacypolicy/

10.5. LinkedIn Ads

We use advertising services of LinkedIn Corporation (for Europe: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) in order to promote our offers in a targeted manner.

In connection with LinkedIn Ads, cookies and similar technologies may be used to analyze the behavior of users on our website and to display personalized advertising. Personal data such as IP address, device information, usage behavior, and interactions may be processed.

Processing takes place exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

Further information: https://www.linkedin.com/legal/privacy-policy

10.6. Mentimeter

We use Mentimeter, a service of Mentimeter AB, Tulegatan 11, 113 53 Stockholm, Sweden, for interactive surveys and voting during events.

In particular, entered content (e.g. responses, feedback), possibly pseudonymous identifiers, and technical data may be processed during use.

Use takes place for the interactive design of events and is based on Art. 6(1)(f) GDPR (legitimate interest in modern and participatory event delivery).

Further information: https://www.mentimeter.com/privacy

10.7. Miro

For conducting online trainings and collaborative workshops, we use the Miro tool of Miro Inc., 201 Spear Street, Suite 1100, San Francisco, CA 94105, USA.

In the course of use, personal data may be processed, in particular name, email address, board contents, communication data, and technical connection data (e.g. IP address).

Processing takes place for the purpose of conducting trainings, workshops, and collaboration with participants. The legal basis is Art. 6(1)(b) GDPR (contract performance) or Art. 6(1)(f) GDPR (legitimate interest in the efficient conduct of online formats).

A transfer of personal data to third countries (in particular the USA) cannot be ruled out. In such cases, we ensure appropriate safeguards pursuant to Arts. 44 et seq. GDPR (e.g. Standard Contractual Clauses).

Further information: https://miro.com/legal/privacy-policy/

10.8. Passcreator

For the provision of digital customer cards and bonus programs, we use the service Passcreator of Passcreator GmbH, Reichenberger Straße 124, 10999 Berlin, Germany.

In the course of use, personal data are processed, in particular name, contact data, usage data of the customer card, and, where applicable, transaction and interaction data.

Processing takes place for the provision and management of customer loyalty programs and is based on Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in customer loyalty and marketing measures).

Further information: https://www.passcreator.com/de/privacy

10.9. The Events Calendar

We use the plugin The Events Calendar by StellarWP (Liquid Web LLC, 2703 Ena Drive, Lansing, MI 48917, USA) for the presentation and management of events on our website.

Personal data may be processed during use, in particular in connection with event registrations or in the presentation of event content (e.g. names of speakers). Technical data such as IP address may also be processed.

Use takes place on the basis of Art. 6(1)(f) GDPR (legitimate interest in the structured presentation of our events).

Where data are transferred to the USA, this takes place on the basis of appropriate safeguards pursuant to Arts. 44 et seq. GDPR.

Further information: https://theeventscalendar.com/privacy-policy/

10.10. Typeform

We use the service Typeform, provided by Typeform S.L., Carrer Bac de Roda, 163, 08018 Barcelona, Spain, for forms, surveys, and interactive input masks.

If you fill in a form, the data you enter are transmitted directly to Typeform and processed there.

Processing takes place for the implementation of pre-contractual measures and the handling of your inquiry pursuant to Art. 6(1)(b) GDPR, and on the basis of our legitimate interest in user-friendly form design pursuant to Art. 6(1)(f) GDPR.

Further information can be found at: https://admin.typeform.com/to/dwk6gt

11. Retention Period

We store personal data only for as long as this is necessary for the respective processing purposes or where statutory retention obligations exist.

• We generally store inquiries for the duration of handling them and beyond that insofar as this is necessary for follow-up communication or for evidentiary purposes.
• We store contract, billing, and tax-relevant data in accordance with the statutory retention periods.
• We store data from coaching, trainings, and programs only for as long as this is necessary for organization, implementation, follow-up, proof, or legal obligations.

12. Rights of Data Subjects

The following rights are available to persons affected by data processing:

• Right of access (Art. 15 GDPR)
  You have the right to request information about whether and which personal data concerning you we process. This includes in particular information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned retention period, and the existence of further rights.
• Right to rectification (Art. 16 GDPR)
  You have the right to request the immediate correction of inaccurate personal data stored by us concerning you, or the completion of incomplete data.
• Right to erasure (Art. 17 GDPR)
  You have the right to request the erasure of your personal data where the statutory requirements are met. This is the case in particular where the data are no longer necessary for the purposes for which they were collected, consent has been withdrawn, or the processing is unlawful.
• Right to restriction of processing (Art. 18 GDPR)
  You may request restriction of the processing of your personal data, in particular where the accuracy of the data is contested, the processing is unlawful, or we no longer need the data but you require them for the establishment, exercise, or defense of legal claims.
• Right to data portability (Art. 20 GDPR)
  You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format or—where technically feasible—to request transmission to another controller.
• Right to object (Art. 21 GDPR)
  Where we process personal data on the basis of Art. 6(1)(f) GDPR, you have the right to object at any time to the processing of your personal data on grounds relating to your particular situation. Where we process your personal data for direct marketing purposes, you have the right to object at any time, without giving reasons, to the processing of your personal data for such advertising purposes. In the event of your objection to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
• Right to withdraw consent
  You have the right to withdraw any consent given at any time with effect for the future. The lawfulness of processing carried out before the withdrawal remains unaffected.

13. Right to Lodge a Complaint with a Supervisory Authority

You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement.

One competent data protection supervisory authority is:

Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59–61
10555 Berlin

14. Data Security

Taking into account the statutory requirements, in particular the requirements of Art. 32 GDPR, we implement appropriate technical and organizational measures in order to ensure a level of protection appropriate to the risk for the personal data processed by us.

These measures serve in particular to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access, as well as against other forms of unlawful processing.

Our security measures are continuously improved in line with technological developments and adapted to the current state of the art.

15. Amendments to this Privacy Policy

We reserve the right to amend this privacy policy so that it always complies with the current legal requirements or reflects changes to our Services and processes. The version published on our website shall apply in each case.