Cookie Policy of olgamuller.com
This document informs Users about the technologies that help this Website to achieve the purposes described below. Such technologies allow the Owner to access and store information (for example by using a Cookie) or use resources (for example by running a script) on a User’s device as they interact with this Website.
For simplicity, all such technologies are defined as "Trackers" within this document – unless there is a reason to differentiate.
For example, while Cookies can be used on both web and mobile browsers, it would be inaccurate to talk about Cookies in the context of mobile apps as they are a browser-based Tracker. For this reason, within this document, the term Cookies is only used where it is specifically meant to indicate that particular type of Tracker.
Some of the purposes for which Trackers are used may also require the User's consent. Whenever consent is given, it can be freely withdrawn at any time following the instructions provided in this document.
This Website uses Trackers managed directly by the Owner (so-called “first-party” Trackers) and Trackers that enable services provided by a third-party (so-called “third-party” Trackers). Unless otherwise specified within this document, third-party providers may access the Trackers managed by them.
The validity and expiration periods of Cookies and other similar Trackers may vary depending on the lifetime set by the Owner or the relevant provider. Some of them expire upon termination of the User’s browsing session.
In addition to what’s specified in the descriptions within each of the categories below, Users may find more precise and updated information regarding lifetime specification as well as any other relevant information — such as the presence of other Trackers — in the linked privacy policies of the respective third-party providers or by contacting the Owner.
To find more information dedicated to Californian consumers and their privacy rights, Users may read the privacy policy.
Activities strictly necessary for the operation of this Website and delivery of the Service
This Website uses so-called “technical” Cookies and other similar Trackers to carry out activities that are strictly necessary for the operation or delivery of the Service.
First-party Trackers
Storage duration: indefinite
Other activities involving the use of Trackers
Basic interactions & functionalities
This Website uses Trackers to enable basic interactions and functionalities, allowing Users to access selected features of the Service and facilitating the User's communication with the Owner.
-
User database management
This type of service allows the Owner to build user profiles by starting from an email address, a personal name, or other information that the User provides to this Website, as well as to track User activities through analytics features. This Personal Data may also be matched with publicly available information about the User (such as social networks' profiles) and used to build private profiles that the Owner can display and use for improving this Website.
Some of these services may also enable the sending of timed messages to the User, such as emails based on specific actions performed on this Website.
SendinBlue Marketing Automation (SendinBlue SAS)
SendinBlue is a User database management service provided by SendinBlue SAS.
Personal Data processed: Cookies, email address and Usage Data.
Place of processing: France – Privacy Policy.
Storage duration:
Experience enhancement
This Website uses Trackers to provide a personalized user experience by improving the quality of preference management options, and by enabling interaction with external networks and platforms.
-
Content commenting
Content commenting services allow Users to make and publish their comments on the contents of this Website.
Depending on the settings chosen by the Owner, Users may also leave anonymous comments. If there is an email address among the Personal Data provided by the User, it may be used to send notifications of comments on the same content. Users are responsible for the content of their own comments.
If a content commenting service provided by third parties is installed, it may still collect web traffic data for the pages where the comment service is installed, even when Users do not use the content commenting service.
Comment system managed directly (this Website)
This Website has its own internal content comment system.
Personal Data processed: Cookies, email address, first name, last name and username.
-
Displaying content from external platforms
This type of service allows you to view content hosted on external platforms directly from the pages of this Website and interact with them.
This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it.
Google Calendar widget (Google LLC)
Google Calendar widget is a calendar content visualization service provided by Google LLC that allows this Website to incorporate content of this kind on its pages.
Personal Data processed: Cookies and Usage Data.
Place of processing: United States – Privacy Policy.
Google Programmable Search Engine (Google LLC)
Google Programmable Search Engine is a search engine embedding service provided by Google LLC that allows this Website to incorporate content of this kind on its pages.
Personal Data processed: Cookies and Usage Data.
Place of processing: United States – Privacy Policy.
Instagram widget (Instagram, Inc.)
Instagram is an image visualization service provided by Instagram, Inc. that allows this Website to incorporate content of this kind on its pages.
Personal Data processed: Cookies and Usage Data.
Place of processing: United States – Privacy Policy.
Spotify widget (Spotify AB)
Spotify is an audio content delivery service provided by Spotify AB that allows this Website to incorporate content of this kind on its pages.
Personal Data processed: Cookies and Usage Data.
Place of processing: Sweden – Privacy Policy.
YouTube video widget (Google Inc.)
YouTube is a video content visualization service provided by Google Inc. that allows this Website to incorporate content of this kind on its pages.
Personal Data processed: Cookies and Usage Data.
Place of processing: United States – Privacy Policy.
Storage duration:
- PREF: 8 months
- VISITOR_INFO1_LIVE: 8 months
- YSC: duration of the session
-
Interaction with external social networks and platforms
This type of service allows interaction with social networks or other external platforms directly from the pages of this Website.
The interaction and information obtained through this Website are always subject to the User’s privacy settings for each social network.
This type of service might still collect traffic data for the pages where the service is installed, even when Users do not use it.
It is recommended to log out from the respective services in order to make sure that the processed data on this Website isn’t being connected back to the User’s profile.
LinkedIn button and social widgets (LinkedIn Corporation)
The LinkedIn button and social widgets are services allowing interaction with the LinkedIn social network provided by LinkedIn Corporation.
Personal Data processed: Cookies and Usage Data.
Place of processing: United States – Privacy Policy.
Storage duration:
- AnalyticsSyncHistory: 1 month
- JSESSIONID: duration of the session
- UserMatchHistory: 1 month
- bcookie: 1 year
- bscookie: 1 year
- lang: duration of the session
- lidc: 1 day
- lissc: 1 year
- lms_ads: 1 month
- lms_analytics: 1 month
PayPal button and widgets (PayPal Inc.)
The PayPal button and widgets are services allowing interaction with the PayPal platform provided by PayPal Inc.
Personal Data processed: Cookies and Usage Data.
Place of processing: See the PayPal privacy policy – Privacy Policy.
Storage duration:
- akavpau_ppsd: duration of the session
- ts: duration of the session
Measurement
This Website uses Trackers to measure traffic and analyze User behavior with the goal of improving the Service.
-
Analytics
The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.
Google Analytics (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
Personal Data processed: Cookies and Usage Data.
Place of processing: United States – Privacy Policy – Opt Out.
Storage duration:
- AMP_TOKEN: 1 hour
- _ga: 2 years
- _gac*: 3 months
- _gat: 1 minute
- _gid: 1 day
User ID extension for Google Analytics (Google Ireland Limited)
Google Analytics on this Website makes use of a feature called User ID. This setup allows for a more accurate tracking of Users by associating that User with the same ID over various sessions and devices. It is set up in a way that doesn’t allow Google to personally identify an individual or permanently identify a particular device.
The User ID extension might make it possible to connect Data from Google Analytics with other Data about the User collected by this Website.
The opt-out link below will only opt you out for the device you are on, but not from tracking performed independently by the Owner. Contact the Owner via the email address provided in this privacy policy to object to the aforementioned tracking as well.
Personal Data processed: Cookies.
Place of processing: Ireland – Privacy Policy – Opt Out.
-
Anonymized analytics services
The services contained in this section allow the Owner, through the use of third-party Trackers, to collect and manage analytics in an anonymized form.
Google Analytics with anonymized IP (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
This integration of Google Analytics anonymizes your IP address. It works by shortening Users' IP addresses within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the complete IP address be sent to a Google server and shortened within the US.
Personal Data processed: Cookies and Usage Data.
Place of processing: United States – Privacy Policy – Opt Out.
Storage duration:
- AMP_TOKEN: 1 hour
- _ga: 2 years
- _gac*: 3 months
- _gat: 1 minute
- _gid: 1 day
Targeting & Advertising
This Website uses Trackers to deliver personalized marketing content based on User behavior and to operate, serve and track ads.
Some of the advertising services used by the Owner adhere to the IAB Transparency and Consent Framework, an initiative that facilitates responsible privacy practices across the digital advertising industry - providing Users with enhanced transparency and control over how their data are used for advertising tracking purposes. Users can customize their advertising preferences at any time by accessing the advertising preferences panel from within the cookie notice or via the relevant link on this Website.
This Website participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. This Website uses iubenda (identification number 123) as a Consent Management Platform.
-
Advertising
This type of service allows User Data to be utilized for advertising communication purposes. These communications are displayed in the form of banners and other advertisements on this Website, possibly based on User interests.
This does not mean that all Personal Data are used for this purpose. Information and conditions of use are shown below.
Some of the services listed below may use Trackers to identify Users or they may use the behavioral retargeting technique, i.e. displaying ads tailored to the User’s interests and behavior, including those detected outside this Website. For more information, please check the privacy policies of the relevant services.
Services of this kind usually offer the possibility to opt out of such tracking. In addition to any opt-out feature offered by any of the services below, Users may learn more on how to generally opt out of interest-based advertising within the dedicated section "How to opt-out of interest-based advertising" in this document.
Google AdSense (Google Ireland Limited)
Google AdSense is an advertising service provided by Google Ireland Limited. This service uses the “DoubleClick” Cookie, which tracks use of this Website and User behavior concerning ads, products and services offered.
Users may decide to disable all the DoubleClick Cookies by going to: Google Ad Settings.
In order to understand Google's use of data, consult Google's partner policy.
Personal Data processed: Cookies and Usage Data.
Place of processing: Ireland – Privacy Policy – Opt Out.
Storage duration:
- AID: 2 years
- ANID: 2 years
- Conversion: 3 months
- DSID: 14 days
- FCNEC: 1 year
- FLC: 10 seconds
- FPAU: 3 months
- FPGCLAW: 3 months
- FPGCLDC: 3 months
- FPGCLGB: 3 months
- IDE: 2 years
- NID: 6 months
- RUL: 1 year
- TAID: 14 days
- __gads: 2 years
- __gsas: 2 years
- _gac_: 3 months
- _gac_gb_: 3 months
- _gcl_au: 3 months
- _gcl_aw: 3 months
- _gcl_dc: 3 months
- _gcl_gb: 3 months
- _gcl_gf: 3 months
- _gcl_ha: 3 months
- id: 2 years
- test_cookie: 15 minutes
-
Commercial affiliation
This type of service allows this Website to display advertisements for third-party products or services. Ads can be displayed either as advertising links or as banners using various kinds of graphics.
Clicks on the icon or banner posted on the Application are tracked by the third-party services listed below, and are shared with this Website.
For details of which data are collected, please refer to the privacy policy of each service.
iTunes affiliation (Apple Inc.)
iTunes affiliation is a commercial affiliation service provided by Apple Inc.
Personal Data processed: Cookies and Usage Data.
Place of processing: United States – Privacy Policy.
-
Managing contacts and sending messages
This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User.
These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.
SendinBlue
This article provides an overview of Sendinblue's initial and ongoing initiatives to ensure our own GDPR compliance as your data processor, as well as our efforts to support our users' compliance as data controllers.
These initiatives focus on five key areas which are outlined in detail below:
Key features
Security
Management of partners and processors
Legal documentation
Organization
1 – The adaptation of key features
Sendinblue identified the key GDPR milestones to meet by collaborating with a sample of our users, our account managers, the product team, the technical team, and our legal counsel.
The duty of providing information in the context of accountability
Several informational resources are available on our website and blog regarding email marketers' rights under the GDPR and best practices that can be put in place to conform with the law.
These resources are available on the platform to help users be compliant in the key usage steps of our platform:
Importing contacts
Building email subscription forms to acquire consent from contacts
Creating email campaigns to send to subscribers
A GDPR-specific section has been added to the help center, and we continue to organize regular informational webinars on the subject as well.
The right to rectification, portability, and to be forgotten
The rights to rectification, portability, and to be forgotten have been well established for several years. Therefore, we don’t have any operational changes related to these rights. However, as indicated above, we have provided more details on the modalities of exercising these rights.
Email subscription forms
Special attention was given to email subscription forms during the compliance process because it is such an integral part of compliance for our users.
It is now possible to manage email subscriber preferences by adding them to specific lists according to their choices at the time of signup. We also allow users to add a standardized note at the bottom of subscription forms that provides subscribers access to the brand’s privacy policy.
Proof of consent
Once the contact information is collected, proof of consent will be available in the contact profile.
Each contact profile will include the exact moment of subscription, the ID of the form used to subscribe, and their IP address. This information will be exportable to allow Sendinblue users to provide easy proof of consent if necessary.
2 – An advanced security review
We know data security is a sensitive issue for many, which is why it has always been one of our top priorities. The GDPR has empowered us to take this priority even further: ensuring airtight data transfers and data storage as well as improving data monitoring and control for easier and more secure access for our users.
The installation of data archiving and traceability systems
To prevent data breaches, it’s necessary to have tight control over the data processing that occurs on our platform.
Using data tracking and log identification, we have enacted a data traceability system across all of the data processing procedures on our platform.
Additionally, we sought to maximize the security of our users’ archived data. This data is now being stored in separate databases and the personal data has been encrypted.
These archives are stored solely for legal purposes. Once the retention period completed, the data is purged from the database.
Network penetration tests
We have begun working with a consulting firm that specializes in cybersecurity and received very positive feedback regarding the difficulty of penetrating our system.
Knowing that we can always do more to ensure our data security, we turned to Bounty Factory. This British platform allows us to crowdsource additional research into our network and data security from a large community of “white hat” or ethical hackers and security researchers.
The program, known as a bug bounty, strongly encourages research into the vulnerabilities of our system, with each vulnerability (or “bug”) that is found being rewarded with a financial bounty.
The compensation system creates a strong incentive for researchers to discover any possible vulnerabilities in the Sendinblue system, minimizing our risk of potential malicious attacks.
3 – The management of our partners and processors
One of the main principles introduced by the GDPR is shared accountability. This essentially means that all stakeholders, whether they be the controller (the party who determines the purposes and means of the data processing), or one of the processors further down the chain, carry a portion of legal responsibility since the processing is being performed on personal data.
Carrying the dual role of controller and processor, Sendinblue is required to approach the principle of accountability from both sides.
As a processor, we have established means to guarantee GDPR compliance across our entire chain of data processing with all of our partner software providers.
As a controller, we must also guarantee the compliance of our own processors with the new regulations. Consequently, we contacted processors with specific questions regarding their data processing methods. This has allowed us to ensure that their procedures surrounding the processing of our data are in line with the GDPR and the commitments we have to our customers.
We ceased collaboration with any processors who were not able to provide satisfactory responses to our questions.
Once we were able to receive satisfactory responses from our other processors, we contractualized our requirements with DPAs (Data Processing Agreements).
The DPA is a document specifying the type and methods of data processing being carried out by the processor on behalf of Sendinblue, which makes it possible to ensure a legal framework and data traceability.
For our processors located in the United States, we have also verified their Privacy Shield certification, which is a necessary condition for processing the data of European citizens.
4 – Legal documentation
In light of the new requirements brought about by the GDPR, we have updated our legal documentation as a matter of course. Specifically, we have made changes to our General Terms and Conditions and our privacy policy, both of which are available on our website.
A processor clause has been drawn up and appended to our Terms and Conditions in order to detail the role and responsibilities of Sendinblue vis-à-vis our users as a third-party service provider.
5 – The internal implications of the GDPR on the Sendinblue organization
The GDPR also compelled us to optimize our internal organization and come up with best practices and procedures that support the main principles put forth by the regulation.
Employee awareness
Certain individuals in Sendinblue have roles that require privileged access to personal data.
For example, account managers might need to access certain elements of a user account in order to answer a support question.
We have started by expanding the confidentiality clause in the contracts of salaried employees and facilitating training sessions.
The training includes a general overview course on GDPR requirements, as well as specialized training courses designed to build off of the initial training for specific teams that deal with sensitive data on a regular basis.
This provides all personnel with a clear understanding of their obligations with regards to the new regulation.
Internal procedures and controls
In order to ensure a smooth application of our compliance measures, we reviewed all of our internal procedures surrounding the management of employee access to personal data, the handling of requests from individuals seeking to exercise their rights regarding their personal data, and the processes involving the preservation and purging of data.
A control plan has been established to regularly verify the proper application of these procedures and the updating of the corresponding documentation.
The nomination of individuals charged with maintaining proper compliance
The implementation of our compliance measures was managed by our Chief Operating Officer. In parallel, we have appointed Jule Jeanroy as our DPO (Data Protection Officer), who is responsible for ensuring Sendinblue’s continued compliance with the GDPR over time.
It is also the DPO’s responsibility to monitor the application of the different aspects of the regulation and ensure that we respect the main principles of the GDPR, particularly the principle of “Privacy by Design,” which refers to the compliance of a data processing procedure before it’s actually implemented.
Our DPO will be assisted by a SecOps for aspects specifically related to data security and traceability. If you need to get in contact with our DPO, he can be reached directly by email at dpo@sendinblue.com.
Current status and next steps
GDPR compliance, in itself, is never truly finished. It’s an ongoing process that requires regular monitoring and confirmation that the principles of the law are being upheld internally with our current data processing, as well as continued evaluation using the criterion of Privacy by Design for each new procedure that involves the processing of personal data.
Sendinblue is proud to have accomplished the first part of the challenge. We will continue to maintain our dedication to compliance in order to remain a trusted third-party software provider for our users.
Undertaking this massive compliance operation has provided Sendinblue with several benefits, including:
Rallying our entire organization around a common goal and collaborating across different teams in order to achieve it
Implementing even more rigorous procedures around our data management and processing to continue improving our security
Quickly achieving compliance with the help external partners
Performing an innovative assessment of our network security and implementing the necessary corrective measures
Reinforcing the link between Sendinblue and our users by providing the tools necessary for GDPR compliance in our platform
Sendinblue is an organization comprised of nearly 150 people, and we are all committed to ensuring the security and confidentiality of the personal data entrusted to us. We take this responsibility seriously as part of our core mission to provide an all-in-one digital marketing platform for small and medium-sized businesses to grow and succeed.
SendinBlue Email (SendinBlue SAS)
SendinBlue is an email address management and message sending service provided by SendinBlue SAS.
Personal Data processed: Cookies, email address and Usage Data.
Place of processing: France – Privacy Policy.
How to manage preferences and provide or withdraw consent
There are various ways to manage Tracker related preferences and to provide and withdraw consent, where relevant:
Users can manage preferences related to Trackers from directly within their own device settings, for example, by preventing the use or storage of Trackers.
Additionally, whenever the use of Trackers is based on consent, Users can provide or withdraw such consent by setting their preferences within the cookie notice or by updating such preferences accordingly via the relevant consent-preferences widget, if available.
It is also possible, via relevant browser or device features, to delete previously stored Trackers, including those used to remember the User’s initial consent.
Other Trackers in the browser’s local memory may be cleared by deleting the browsing history.
With regard to any third-party Trackers, Users can manage their preferences and withdraw their consent via the related opt-out link (where provided), by using the means indicated in the third party's privacy policy, or by contacting the third party.
Locating Tracker Settings
Users can, for example, find information about how to manage Cookies in the most commonly used browsers at the following addresses:
Users may also manage certain categories of Trackers used on mobile apps by opting out through relevant device settings such as the device advertising settings for mobile devices, or tracking settings in general (Users may open the device settings and look for the relevant setting).
How to opt out of interest-based advertising
Notwithstanding the above, Users may follow the instructions provided by YourOnlineChoices (EU), the Network Advertising Initiative (US) and the Digital Advertising Alliance (US), DAAC (Canada), DDAI (Japan) or other similar services. Such initiatives allow Users to select their tracking preferences for most of the advertising tools. The Owner thus recommends that Users make use of these resources in addition to the information provided in this document.
The Digital Advertising Alliance offers an application called AppChoices that helps Users to control interest-based advertising on mobile apps.
Consequences of denying consent
Users are free to decide whether or not to grant consent. However, please note that Trackers help this Website to provide a better experience and advanced functionalities to Users (in line with the purposes outlined in this document). Therefore, in the absence of the User's consent, the Owner may be unable to provide related features.
Owner and Data Controller
Gutierrez Escobedo / Müller GbR
Buechnerstr. 24, 72760 Reutlingen
Owner contact email: olgamuller.coaching@gmail.com
Since the use of third-party Trackers through this Website cannot be fully controlled by the Owner, any specific references to third-party Trackers are to be considered indicative. In order to obtain complete information, Users are kindly requested to consult the privacy policies of the respective third-party services listed in this document.
Given the objective complexity surrounding tracking technologies, Users are encouraged to contact the Owner should they wish to receive any further information on the use of such technologies by this Website.