Cookie Policy of olgamuller.com
This document informs Users about the technologies that help this Website to achieve the purposes described below. Such technologies allow the Owner to access and store information (for example by using a Cookie) or use resources (for example by running a script) on a User’s device as they interact with this Website.
For simplicity, all such technologies are defined as "Trackers" within this document – unless there is a reason to differentiate.
For example, while Cookies can be used on both web and mobile browsers, it would be inaccurate to talk about Cookies in the context of mobile apps as they are a browser-based Tracker. For this reason, within this document, the term Cookies is only used where it is specifically meant to indicate that particular type of Tracker.
Some of the purposes for which Trackers are used may also require the User's consent. Whenever consent is given, it can be freely withdrawn at any time following the instructions provided in this document.
This Website uses Trackers managed directly by the Owner (so-called “first-party” Trackers) and Trackers that enable services provided by a third-party (so-called “third-party” Trackers). Unless otherwise specified within this document, third-party providers may access the Trackers managed by them.
The validity and expiration periods of Cookies and other similar Trackers may vary depending on the lifetime set by the Owner or the relevant provider. Some of them expire upon termination of the User’s browsing session.
In addition to what’s specified in the descriptions within each of the categories below, Users may find more precise and updated information regarding lifetime specification as well as any other relevant information — such as the presence of other Trackers — in the linked privacy policies of the respective third-party providers or by contacting the Owner.
How this Website uses Trackers
Necessary
This Website uses so-called “technical” Cookies and other similar Trackers to carry out activities that are strictly necessary for the operation or delivery of the Service.
Technical Trackers
Storage duration: indefinite
Experience
This Website uses Trackers to improve the quality of the user experience and enable interactions with external content, networks and platforms.
Trackers managed directly by the Owner
-
Comment system managed directly (this Website)
This Website has its own internal content comment system.
Personal Data processed: Cookies, email address, first name, last name and username.
Trackers managed by third parties
-
Google Calendar widget (Google LLC)
Google Calendar widget is a calendar content visualization service provided by Google LLC that allows this Website to incorporate content of this kind on its pages.
Personal Data processed: Cookies and Usage Data.
Place of processing: United States – Privacy Policy.
-
Google Programmable Search Engine (Google LLC)
Google Programmable Search Engine is a search engine embedding service provided by Google LLC that allows this Website to incorporate content of this kind on its pages.
Personal Data processed: Cookies and Usage Data.
Place of processing: United States – Privacy Policy.
-
Instagram widget (Instagram, Inc.)
Instagram is an image visualization service provided by Instagram, Inc. that allows this Website to incorporate content of this kind on its pages.
Personal Data processed: Cookies and Usage Data.
Place of processing: United States – Privacy Policy.
-
Spotify widget (Spotify AB)
Spotify is an audio content delivery service provided by Spotify AB that allows this Website to incorporate content of this kind on its pages.
Personal Data processed: Cookies and Usage Data.
Place of processing: Sweden – Privacy Policy.
-
YouTube video widget (Google Inc.)
YouTube is a video content visualization service provided by Google Inc. that allows this Website to incorporate content of this kind on its pages.
Personal Data processed: Cookies and Usage Data.
Place of processing: United States – Privacy Policy.
Storage duration:
- PREF: 8 months
- VISITOR_INFO1_LIVE: 8 months
- YSC: duration of the session
-
LinkedIn button and social widgets (LinkedIn Corporation)
The LinkedIn button and social widgets are services allowing interaction with the LinkedIn social network provided by LinkedIn Corporation.
Personal Data processed: Cookies and Usage Data.
Place of processing: United States – Privacy Policy.
Storage duration:
- AnalyticsSyncHistory: 1 month
- JSESSIONID: duration of the session
- UserMatchHistory: 1 month
- bcookie: 1 year
- bscookie: 1 year
- lang: duration of the session
- lidc: 1 day
- lissc: 1 year
- lms_ads: 1 month
- lms_analytics: 1 month
-
PayPal button and widgets (PayPal Inc.)
The PayPal button and widgets are services allowing interaction with the PayPal platform provided by PayPal Inc.
Personal Data processed: Cookies and Usage Data.
Place of processing: See the PayPal privacy policy – Privacy Policy.
Storage duration:
- akavpau_ppsd: duration of the session
- ts: duration of the session
Measurement
This Website uses Trackers to measure traffic and analyse User behaviour to improve the Service.
Trackers managed by third parties
-
Google Analytics (Universal Analytics) (Google Inc.)
Google Analytics (Universal Analytics) is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
In order to understand Google's use of Data, consult Google's partner policy.
Personal Data processed: Cookies and Usage Data.
Place of processing: United States – Privacy Policy – Opt Out.
Storage duration:
- AMP_TOKEN: 1 hour
- _ga: 2 years
- _gac*: 3 months
- _gat: 1 minute
- _gid: 1 day
-
User ID extension for Google Analytics (Google Ireland Limited)
Google Analytics on this Website makes use of a feature called User ID. This setup allows for a more accurate tracking of Users by associating that User with the same ID over various sessions and devices. It is set up in a way that doesn’t allow Google to personally identify an individual or permanently identify a particular device.
The User ID extension might make it possible to connect Data from Google Analytics with other Data about the User collected by this Website.
The opt-out link below will only opt you out for the device you are on, but not from tracking performed independently by the Owner. Contact the Owner via the email address provided in this privacy policy to object to the aforementioned tracking as well.
Personal Data processed: Cookies.
Place of processing: Ireland – Privacy Policy – Opt Out.
-
Google Analytics (Universal Analytics) with anonymized IP (Google Inc.)
Google Analytics (Universal Analytics) is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
This integration of Google Analytics anonymizes your IP address. It works by shortening Users' IP addresses within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the complete IP address be sent to a Google server and shortened within the US.
In order to understand Google's use of Data, consult Google's partner policy.
Personal Data processed: Cookies and Usage Data.
Place of processing: United States – Privacy Policy – Opt Out.
Storage duration:
- AMP_TOKEN: 1 hour
- _ga: 2 years
- _gac*: 3 months
- _gat: 1 minute
- _gid: 1 day
Marketing
This Website uses Trackers to deliver personalized ads or marketing content, and to measure their performance.
Some of the advertising services used by the Owner adhere to the IAB Transparency and Consent Framework, an initiative that facilitates responsible privacy practices across the digital advertising industry - providing Users with enhanced transparency and control over how their data are used for advertising tracking purposes. Users can customize their advertising preferences at any time by accessing the advertising preferences panel from within the cookie notice or via the relevant link on this Website.
This Website participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. This Website uses iubenda (identification number 123) as a Consent Management Platform.
Trackers managed by third parties
-
SendinBlue
This article provides an overview of Sendinblue's initial and ongoing initiatives to ensure our own GDPR compliance as your data processor, as well as our efforts to support our users' compliance as data controllers.
These initiatives focus on five key areas which are outlined in detail below:
Key features
Security
Management of partners and processors
Legal documentation
Organization
1 – The adaptation of key features
Sendinblue identified the key GDPR milestones to meet by collaborating with a sample of our users, our account managers, the product team, the technical team, and our legal counsel.
The duty of providing information in the context of accountability
Several informational resources are available on our website and blog regarding email marketers' rights under the GDPR and best practices that can be put in place to conform with the law.
These resources are available on the platform to help users be compliant in the key usage steps of our platform:
Importing contacts
Building email subscription forms to acquire consent from contacts
Creating email campaigns to send to subscribers
A GDPR-specific section has been added to the help center, and we continue to organize regular informational webinars on the subject as well.
The right to rectification, portability, and to be forgotten
The rights to rectification, portability, and to be forgotten have been well established for several years. Therefore, we don’t have any operational changes related to these rights. However, as indicated above, we have provided more details on the modalities of exercising these rights.
Email subscription forms
Special attention was given to email subscription forms during the compliance process because it is such an integral part of compliance for our users.
It is now possible to manage email subscriber preferences by adding them to specific lists according to their choices at the time of signup. We also allow users to add a standardized note at the bottom of subscription forms that provides subscribers access to the brand’s privacy policy.
Proof of consent
Once the contact information is collected, proof of consent will be available in the contact profile.
Each contact profile will include the exact moment of subscription, the ID of the form used to subscribe, and their IP address. This information will be exportable to allow Sendinblue users to provide easy proof of consent if necessary.
2 – An advanced security review
We know data security is a sensitive issue for many, which is why it has always been one of our top priorities. The GDPR has empowered us to take this priority even further: ensuring airtight data transfers and data storage as well as improving data monitoring and control for easier and more secure access for our users.
The installation of data archiving and traceability systems
To prevent data breaches, it’s necessary to have tight control over the data processing that occurs on our platform.
Using data tracking and log identification, we have enacted a data traceability system across all of the data processing procedures on our platform.
Additionally, we sought to maximize the security of our users’ archived data. This data is now being stored in separate databases and the personal data has been encrypted.
These archives are stored solely for legal purposes. Once the retention period completed, the data is purged from the database.
Network penetration tests
We have begun working with a consulting firm that specializes in cybersecurity and received very positive feedback regarding the difficulty of penetrating our system.
Knowing that we can always do more to ensure our data security, we turned to Bounty Factory. This British platform allows us to crowdsource additional research into our network and data security from a large community of “white hat” or ethical hackers and security researchers.
The program, known as a bug bounty, strongly encourages research into the vulnerabilities of our system, with each vulnerability (or “bug”) that is found being rewarded with a financial bounty.
The compensation system creates a strong incentive for researchers to discover any possible vulnerabilities in the Sendinblue system, minimizing our risk of potential malicious attacks.
3 – The management of our partners and processors
One of the main principles introduced by the GDPR is shared accountability. This essentially means that all stakeholders, whether they be the controller (the party who determines the purposes and means of the data processing), or one of the processors further down the chain, carry a portion of legal responsibility since the processing is being performed on personal data.
Carrying the dual role of controller and processor, Sendinblue is required to approach the principle of accountability from both sides.
As a processor, we have established means to guarantee GDPR compliance across our entire chain of data processing with all of our partner software providers.
As a controller, we must also guarantee the compliance of our own processors with the new regulations. Consequently, we contacted processors with specific questions regarding their data processing methods. This has allowed us to ensure that their procedures surrounding the processing of our data are in line with the GDPR and the commitments we have to our customers.
We ceased collaboration with any processors who were not able to provide satisfactory responses to our questions.
Once we were able to receive satisfactory responses from our other processors, we contractualized our requirements with DPAs (Data Processing Agreements).
The DPA is a document specifying the type and methods of data processing being carried out by the processor on behalf of Sendinblue, which makes it possible to ensure a legal framework and data traceability.
For our processors located in the United States, we have also verified their Privacy Shield certification, which is a necessary condition for processing the data of European citizens.
4 – Legal documentation
In light of the new requirements brought about by the GDPR, we have updated our legal documentation as a matter of course. Specifically, we have made changes to our General Terms and Conditions and our privacy policy, both of which are available on our website.
A processor clause has been drawn up and appended to our Terms and Conditions in order to detail the role and responsibilities of Sendinblue vis-à-vis our users as a third-party service provider.
5 – The internal implications of the GDPR on the Sendinblue organization
The GDPR also compelled us to optimize our internal organization and come up with best practices and procedures that support the main principles put forth by the regulation.
Employee awareness
Certain individuals in Sendinblue have roles that require privileged access to personal data.
For example, account managers might need to access certain elements of a user account in order to answer a support question.
We have started by expanding the confidentiality clause in the contracts of salaried employees and facilitating training sessions.
The training includes a general overview course on GDPR requirements, as well as specialized training courses designed to build off of the initial training for specific teams that deal with sensitive data on a regular basis.
This provides all personnel with a clear understanding of their obligations with regards to the new regulation.
Internal procedures and controls
In order to ensure a smooth application of our compliance measures, we reviewed all of our internal procedures surrounding the management of employee access to personal data, the handling of requests from individuals seeking to exercise their rights regarding their personal data, and the processes involving the preservation and purging of data.
A control plan has been established to regularly verify the proper application of these procedures and the updating of the corresponding documentation.
The nomination of individuals charged with maintaining proper compliance
The implementation of our compliance measures was managed by our Chief Operating Officer. In parallel, we have appointed Jule Jeanroy as our DPO (Data Protection Officer), who is responsible for ensuring Sendinblue’s continued compliance with the GDPR over time.
It is also the DPO’s responsibility to monitor the application of the different aspects of the regulation and ensure that we respect the main principles of the GDPR, particularly the principle of “Privacy by Design,” which refers to the compliance of a data processing procedure before it’s actually implemented.
Our DPO will be assisted by a SecOps for aspects specifically related to data security and traceability. If you need to get in contact with our DPO, he can be reached directly by email at dpo@sendinblue.com.
Current status and next steps
GDPR compliance, in itself, is never truly finished. It’s an ongoing process that requires regular monitoring and confirmation that the principles of the law are being upheld internally with our current data processing, as well as continued evaluation using the criterion of Privacy by Design for each new procedure that involves the processing of personal data.
Sendinblue is proud to have accomplished the first part of the challenge. We will continue to maintain our dedication to compliance in order to remain a trusted third-party software provider for our users.
Undertaking this massive compliance operation has provided Sendinblue with several benefits, including:
Rallying our entire organization around a common goal and collaborating across different teams in order to achieve it
Implementing even more rigorous procedures around our data management and processing to continue improving our security
Quickly achieving compliance with the help external partners
Performing an innovative assessment of our network security and implementing the necessary corrective measures
Reinforcing the link between Sendinblue and our users by providing the tools necessary for GDPR compliance in our platform
Sendinblue is an organization comprised of nearly 150 people, and we are all committed to ensuring the security and confidentiality of the personal data entrusted to us. We take this responsibility seriously as part of our core mission to provide an all-in-one digital marketing platform for small and medium-sized businesses to grow and succeed.
-
SendinBlue Email (SendinBlue SAS)
SendinBlue is an email address management and message sending service provided by SendinBlue SAS.
Personal Data processed: Cookies, email address and Usage Data.
Place of processing: France – Privacy Policy.
-
Google AdSense (Google Ireland Limited)
Google AdSense is an advertising service provided by Google Ireland Limited. This service uses the “DoubleClick” Cookie, which tracks use of this Website and User behavior concerning ads, products and services offered.
Users may decide to disable all the DoubleClick Cookies by going to: Google Ad Settings.
In order to understand Google's use of data, consult Google's partner policy.
Personal Data processed: Cookies and Usage Data.
Place of processing: Ireland – Privacy Policy – Opt Out.
Storage duration:
- AID: 2 years
- ANID: 2 years
- Conversion: 3 months
- DSID: 14 days
- FCNEC: 1 year
- FLC: 10 seconds
- FPAU: 3 months
- FPGCLAW: 3 months
- FPGCLDC: 3 months
- FPGCLGB: 3 months
- GCL_AW_P: 3 months
- GED_PLAYLIST_ACTIVITY: duration of the session
- IDE: 2 years
- NID: 6 months
- RUL: 1 year
- TAID: 14 days
- __gads: 2 years
- __gpi: 2 years
- __gpi_optout: 2 years
- __gsas: 2 years
- _gac_: 3 months
- _gac_gb_: 3 months
- _gcl_ag: 3 months
- _gcl_au: 3 months
- _gcl_aw: 3 months
- _gcl_dc: 3 months
- _gcl_gb: 3 months
- _gcl_gf: 3 months
- _gcl_gs: 3 months
- _gcl_ha: 3 months
- id: 2 years
- receive-cookie-deprecation: 6 months
- test_cookie: 15 minutes
-
iTunes affiliation (Apple Inc.)
iTunes affiliation is a commercial affiliation service provided by Apple Inc.
Personal Data processed: Cookies and Usage Data.
Place of processing: United States – Privacy Policy.
-
SendinBlue Marketing Automation (SendinBlue SAS)
SendinBlue is a User database management service provided by SendinBlue SAS.
Personal Data processed: Cookies, email address and Usage Data.
Place of processing: France – Privacy Policy.
Storage duration:
How to manage preferences and provide or withdraw consent on this Website
Whenever the use of Trackers is based on consent, users can provide or withdraw such consent by setting or updating their preferences via the relevant privacy choices panel available on this Website.
With regard to any third-party Trackers, Users can manage their preferences via the related opt-out link (where provided), by using the means indicated in the third party's privacy policy, or by contacting the third party.
How to control or delete Cookies and similar technologies via your device settings
Users may use their own browser settings to:
- See what Cookies or other similar technologies have been set on the device;
- Block Cookies or similar technologies;
- Clear Cookies or similar technologies from the browser.
The browser settings, however, do not allow granular control of consent by category.
Users can, for example, find information about how to manage Cookies in the most commonly used browsers at the following addresses:
Users may also manage certain categories of Trackers used on mobile apps by opting out through relevant device settings such as the device advertising settings for mobile devices, or tracking settings in general (Users may open the device settings and look for the relevant setting).
How to opt out of interest-based advertising
Notwithstanding the above, Users may follow the instructions provided by YourOnlineChoices (EU and UK), the Network Advertising Initiative (US) and the Digital Advertising Alliance (US), DAAC (Canada), DDAI (Japan) or other similar services. Such initiatives allow Users to select their tracking preferences for most of the advertising tools. The Owner thus recommends that Users make use of these resources in addition to the information provided in this document.
The Digital Advertising Alliance offers an application called AppChoices that helps Users to control interest-based advertising on mobile apps.
Consequences of denying the use of Trackers
Users are free to decide whether or not to allow the use of Trackers. However, please note that Trackers help this Website to provide a better experience and advanced functionalities to Users (in line with the purposes outlined in this document). Therefore, if the User chooses to block the use of Trackers, the Owner may be unable to provide related features.
Owner and Data Controller
Gutierrez Escobedo / Müller GbR
Buechnerstr. 24, 72760 Reutlingen
Owner contact email: olgamuller.coaching@gmail.com
Since the use of third-party Trackers through this Website cannot be fully controlled by the Owner, any specific references to third-party Trackers are to be considered indicative. In order to obtain complete information, Users are kindly requested to consult the privacy policies of the respective third-party services listed in this document.
Given the objective complexity surrounding tracking technologies, Users are encouraged to contact the Owner should they wish to receive any further information on the use of such technologies by this Website.