Privacy Policy

Last Updated On 27-Jul-2025
Effective Date 27-Jul-2025

This Privacy Policy describes the policies of

Simon Haberfellner EI,
3 Cité Rougemont, 75009 Paris, France
email: simon(at)joyful-impact(dot)org,

on the collection, use and disclosure of your information that I collect when you use my website ( https://joyful-impact.org ) and all my coaching services (the “Service”). By accessing or using the Service, you are consenting to the collection, use and disclosure of your information in accordance with this Privacy Policy. If you do not consent to the same, please do not access or use the Service.

I may modify this Privacy Policy at any time without any prior notice to you and will post the revised Privacy Policy on the Service. The revised Policy will be effective 180 days from when the revised Policy is posted in the Service and your continued access or use of the Service after such time will constitute your acceptance of the revised Privacy Policy. I therefore recommend that you periodically review this page.

Types of Personal Data I Collect:

I collect and process the following categories of personal data:

Contact Information: Full Name, Email Address, Phone Number, Postal Address.
Inquiry & Communication Content: Details of your inquiries, messages, and content of email correspondence.
Coaching-Specific Data: Your situation, goals, feedback, testimonial content, and notes I take during coaching sessions. This may include sensitive personal data (special categories of data) such as health information, mental health details, physical health details, racial/ethnic origin, religious beliefs, or sexual orientation, if you choose to share such information during sessions.
Website Usage Data: IP Address (often anonymized), Browser User Agent, cookie consent preferences, and information about how you interact with my website (e.g., pages visited).
Scheduling Information: Your name, email, and chosen time for appointments.
Payment Information: IBAN/BIC details for bank transfers, and transaction details if using Revolut.
Session Media (if consented): Video and audio files, and transcripts of recorded coaching sessions.How I Use Your Information and Legal Basis:

I will use the information that I collect about you for the following purposes and based on the following legal grounds under the GDPR:

To Respond to Inquiries & Initiate Client Relationships: I collect your Full Name, Email, and Inquiry Content from contact forms (Jetpack, WPForms Lite) to communicate with you.
Legal Basis: My legitimate interest in responding to your queries and taking pre-contractual steps at your request.
To Provide Coaching Services: I collect your Full Name, Email, Client Situation & Goals from intake forms, and Communication Content via Titan Email, along with Client Documents & Notes (on Google Drive) to deliver personalized coaching.
Legal Basis: Contractual Necessity, as this data is essential to fulfill our coaching agreement.
To Process Sensitive Coaching Data: If you share sensitive personal data (special categories of data, e.g., health information) during coaching sessions or in intake forms/notes, I process this to provide tailored coaching.
Legal Basis: Your Explicit Consent, which I obtain as part of the intake form and/or verbally during sessions.
To Collect Feedback & Testimonials: I collect Full Name, Email, Feedback, and Testimonial Content from wrap-up forms.
Legal Basis: Your Explicit Consent, as I specifically ask for your consent for this purpose on the form.
For Marketing/Promotional Communications: I collect your Email Address via OptinMonster to send you newsletters and promotional updates.
Legal Basis: Your Consent, obtained when you sign up for the newsletter. You can withdraw this consent at any time.
For Anti-Spam Protection: I collect your IP Address and Browser User Agent via Akismet.
Legal Basis: My legitimate interest in protecting my website from spam and malicious activity.
To Manage Cookie Consent: I collect your Cookie Consent Preferences and IP Address via CookieYes.
Legal Basis: Legal Obligation, to comply with GDPR and the ePrivacy Directive.
For Website Analytics & Improvement: I collect Website Usage Data (e.g., IP Address, browsing behavior) via WordPress, Yoast SEO, and **Independent Analytics**. This data helps me understand website performance and improve user experience.
Legal Basis: My legitimate interest in understanding website performance and improving user experience. For specific analytics cookies, consent is managed by CookieYes.
To Schedule Calls: I collect your Full Name, Email, and Scheduling Information via Calendly.
Legal Basis: Contractual Necessity (taking pre-contractual steps at your request to arrange services).
To Process Payments: I collect Payment Information (IBAN/BIC, Revolut transaction details) for services rendered.
Legal Basis: Contractual Necessity (to fulfill payment obligations) and Legal Obligation (for tax and accounting purposes under French law).
To Process Transcripts with LLMs (if consented): If you request, I may process transcripts of coaching sessions using Large Language Models (LLMs) like Claude, ChatGPT, or Gemini for analysis or summarization. I ensure that your data is *not* used to train these models.
Legal Basis: Your Explicit Consent, obtained when you actively express the wish for session recording and LLM processing.
To Store Session Media (if consented): If you actively express the wish to record sessions, I may store Video/Audio Files and Transcripts on my computer, Zoom cloud, or Google Drive.
Legal Basis: Your Explicit Consent.

If I want to use your information for any other purpose, I will ask you for consent and will use your information only on receiving your consent and then, only for the purpose(s) for which grant consent unless I am required to do otherwise by law.

How I Share Your Information:

I will not transfer your personal information to any third party without seeking your consent, except in limited circumstances as described
below:

Website & CRM Services: Jetpack (Automattic Inc., USA) for comments, anti-spam, and CRM functionalities. Data shared: Full Name, Email, Inquiry Content, IP Address, Browser User Agent, Client Contact Details.
Legal Safeguard: Standard Contractual Clauses (SCCs).
Form Management: WPForms Lite (WPForms, USA) for contact, intake, and wrap-up forms. Data shared: Full Name, Email, Inquiry Content, Client Situation & Goals, Feedback & Testimonial Content.
Legal Safeguard: Standard Contractual Clauses (SCCs).
SEO Tools: Yoast SEO (Yoast BV, Netherlands). Primarily processes website content; no direct sharing of personal identifiable information with Yoast themselves.
Legal Safeguard: Within EU/EEA.
Email Marketing: OptinMonster (Retyp LLC, USA) for newsletter sign-ups. Data shared: Email Address. (Future use of Substack Inc., USA, will also rely on SCCs).
Legal Safeguard: Standard Contractual Clauses (SCCs).
Anti-Spam Service: Akismet (Automattic Inc., USA). Data shared: IP Address, Browser User Agent.
Legal Safeguard: Standard Contractual Clauses (SCCs).
Cookie Consent Management: CookieYes (CookieYes Pvt. Ltd., India). Data shared: Cookie Consent Preferences, IP Address (for consent logging).
Legal Safeguard: Standard Contractual Clauses (SCCs).
Web Hosting: Bluehost (Newfold Digital, USA). As my web host, they process all data that resides on my website, including personal data collected via forms, comments, etc.
Legal Safeguard: Standard Contractual Clauses (SCCs).
Website Platform: WordPress (Automattic Inc., USA, for some associated services). As the core CMS, it processes all data on the website.
Legal Safeguard: Standard Contractual Clauses (SCCs) for any services provided by Automattic.
Website Analytics (Self-Hosted): Independent Analytics (USA). Data processed on my Bluehost server. While the plugin itself is developed in the USA, the data typically remains on your hosting server, reducing direct data transfers to a third-party analytics company.
Legal Safeguard: Data processed on server hosted by Bluehost (SCCs apply to Bluehost).
Email Communication: Titan Email (Titan Email, India). Data shared: Full Name, Email, Communication Content, and any personal data shared in emails.
Legal Safeguard: Standard Contractual Clauses (SCCs).
Cloud Storage: Google Drive (Google LLC, USA). Data shared: Client Documents & Notes (including potentially sensitive data).
Legal Safeguard: Standard Contractual Clauses (SCCs).
Video Conferencing: Zoom Video Communications, Inc. (USA). Data shared: Full Name, Email (for meeting invites), Video/Audio Files, and Transcripts (if recorded with consent, potentially sensitive data).
Legal Safeguard: Standard Contractual Clauses (SCCs).
Scheduling: Calendly LLC (USA). Data shared: Full Name, Email, Scheduling Information.
Legal Safeguard: Standard Contractual Clauses (SCCs).
Payment Processing: Revolut Ltd. (UK/Lithuania). Data shared: Payment Information (transaction details, names).
Legal Safeguard: UK benefits from an EU adequacy decision. If using the Lithuanian entity, it’s within EU/EEA.
LLM Processing (if consented): Claude (Anthropic PBC, USA), ChatGPT (OpenAI, USA), Gemini (Google LLC, USA). Data shared: Transcripts of coaching sessions (containing personal and potentially sensitive data). I ensure this data is *not* used to train their models.
Legal Safeguard: Standard Contractual Clauses (SCCs).

I require such third party’s to use the personal information I transfer to them only for the purpose for which it was transferred and not to retain it for longer than is required for fulfilling the said purpose.

I may also disclose your personal information for the following: (1) to comply with applicable law, regulation, court order or other legal process; (2) to enforce your agreements with me, including this Privacy Policy; or (3) to respond to claims that your use of the Service violates any third-party rights. If the Service or my company is merged or acquired with another company, your information will be one of the assets that is transferred to the new owner.

Data Retention:

I retain your personal information for specific periods based on the purpose for which it was collected and legal obligations:

Website comments and metadata: Retained indefinitely to allow for automatic recognition and approval of follow-up comments.
Contact form submissions: Retained for 3 years after the inquiry is resolved for administrative and potential legal defense purposes.
Newsletter subscriber emails (after unsubscribe): Deleted immediately upon your unsubscribe request. A record may be kept on a suppression list for a short period to prevent accidental re-subscription.
Client contact details (after coaching relationship ends): Retained for 5 years after the last coaching session for administrative purposes and potential re-engagement.
Coaching session notes/records (including sensitive data): Retained for 5 years after the last coaching session to support your ongoing progress and for potential legal defense, then securely deleted.
Payment records: Retained for 10 years as required by French tax law.
Zoom recordings/transcripts: Retained for a maximum of 1 year, or as specifically requested and consented to by the client, then securely deleted.
LLM processed transcripts: Transcripts are processed by the LLM service only for the immediate purpose requested and are not used for training. The original transcripts are retained by me as per the “Coaching session notes/records” policy.
Website analytics data (Independent Analytics): Retained for 26 months (or as configured in Independent Analytics settings) for website performance analysis.
Calendly booking logs: Retained for 3 years for administrative purposes.

Your Rights:

Depending on the law that applies, you may have a right to access and rectify or erase your personal data or receive a copy of your personal data, restrict or object to the active processing of your data, ask me to share (port) your personal information to another entity, withdraw any consent you provided to me to process your data, a right to lodge a complaint with a statutory authority and such other rights as may be relevant under applicable laws. To exercise these rights, you can write to me at simon(at)joyful-impact(dot)org.
I will respond to your request in accordance with applicable law. You also have the right to lodge a complaint with the French supervisory authority, the Commission Nationale de l’Informatique et des Libertés (CNIL).

Do note that if you do not allow me to collect or process the required personal information or withdraw the consent to process the same for the required purposes, you may not be able to access or use the services for which your information was sought.

Children’s Privacy:

My services are not directed at children under 16 years of age, and I do not knowingly collect personal data from them. If I become aware that I have collected personal data from a child under 16 without verifiable parental consent, I will take steps to remove that information from my servers.

Automated Decision-Making:

I do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals.

Cookies Etc.

To learn more about how I use these and your choices in relation to these tracking technologies, please refer to my Cookie Policy.

Security:

The security of your information is important to me and I will use reasonable security measures to prevent the loss, misuse or unauthorized alteration of your information under my control. However, given the inherent risks, I cannot guarantee absolute security and consequently, I cannot ensure or warrant the security of any information you transmit to me and you do so at your own risk.

Privacy Contact:

If you have any queries or concerns about the processing of your information that is available with me, you may email my Privacy Contact at Simon Haberfellner EI, 342 Rue des Pyrenees, email: simon(at)joyful-impact(dot)org. I will address your concerns in accordance with applicable law.