DSGVO

PRIVACY POLICY (GDPR)
Status: April 2026

1. Introduction
The protection of your personal data is of particular importance to us. We process your data exclusively on the basis of applicable legal regulations, in particular the GDPR (General Data Protection Regulation), the Austrian Data Protection Act (DSG), and the Telecommunications Act (TKG 2021).

This Privacy Policy informs you about the most important aspects of data processing within our website and our services.

2. Data Controller
Sarah Lechner, BA
Herklotzgasse 26/9
1150 Vienna, Austria

Phone: +43 676 5968388
Email: info@sarah-theresa.com

3. Overview of Data Processing
We process the following categories of personal data:

Master data (name, company)
Contact data (email address, phone number)
Content data (e.g. messages, videos, form submissions)
Usage data (e.g. website access, timestamps)
Payment data
Invoicing data (including VAT ID, if applicable)
Communication data

Purposes of Processing
We process personal data for the following purposes:

Contract execution and customer support
Performance of pre-contractual measures
Communication with clients
Newsletter distribution (where consent is given)
Organisation of online services

Legal Bases
Art. 6 (1) (b) GDPR – contract performance / pre-contractual measures
Art. 6 (1) (a) GDPR – consent
Art. 6 (1) (f) GDPR – legitimate interests

4. Cookies
Our website uses cookies.

Cookies are small text files stored on your device. They do not cause any harm.

Types of Cookies
Necessary cookies (for website functionality)
Functional cookies (to improve user experience)
→ We currently do not use analytics or marketing cookies.

Legal Basis
§ 165 (3) TKG 2021
Art. 6 (1) (a) GDPR (where consent is required)
You may disable or delete cookies at any time in your browser settings.

5. Tools and Services Used
5.1 Payment and Sales Processing – ThriveCart
We use ThriveCart for payment processing.

Processed data includes:

Name
Email address
Payment data
Country
Place of residence
Service provider:
ThriveCart Inc., USA

→ Data may be transferred to the United States. This is based on:

Standard Contractual Clauses (Art. 46 GDPR)

5.2 Forms – Google Forms
We use Google Forms for data collection.

Service provider:
Google Ireland Limited, Dublin, Ireland

→ Data may be transferred to the USA.
Legal basis: Art. 6 (1) (a) and (b) GDPR

5.3 Documents & Collaboration – Google Docs
We use Google Docs for internal processing.

Data may also be transferred to third countries.

5.4 Newsletter – Mailchimp
We use Mailchimp for sending newsletters.

Processed data:

Email address
Name
Service provider:
The Rocket Science Group LLC, USA

→ Data transfer to the USA based on Standard Contractual Clauses.

You may unsubscribe at any time via the unsubscribe link in each email.

5.5 Online Meetings – Zoom
We use Zoom for online sessions and meetings.

Service provider:
Zoom Video Communications Inc., USA

Processed data:

Name
Email address
Communication content

5.6 Video Hosting – Vimeo
We use Vimeo for embedding videos.

Service provider:
Vimeo Inc., USA

When videos are played, a connection to Vimeo servers may be established.

5.7 Appointment Booking – TidyCal
We use TidyCal for scheduling appointments.

Processed data:

Name
Email address
Additional information provided during booking
Service provider:
AppSumo LLC, USA

Data processing is carried out for the organisation and scheduling of appointments.

→ Data may be transferred to the USA on the basis of:

Standard Contractual Clauses (Art. 46 GDPR)
Legal basis:

Art. 6 (1) (b) GDPR (contract / pre-contractual measures)

6. Social Media
Instagram
Our website includes features of Instagram.

When visiting our website, a connection to Instagram servers may be established.

YouTube
We use embedded YouTube videos.

When playing videos, personal data may be transmitted to Google.

7. Contacting Us
If you contact us (e.g. by email, phone, form, or social media), your data will be processed for the purpose of handling your request.

Legal Bases
Art. 6 (1) (b) GDPR
Art. 6 (1) (f) GDPR

8. Storage Duration
We store personal data only as long as necessary for the respective purposes or as required by statutory retention obligations (e.g. Austrian Commercial Code or Tax Code).

9. Data Security
We implement technical and organisational security measures to protect your data.

However, complete protection of data transmitted over the internet cannot be guaranteed.

10. Data Subject Rights
You have the right to:

Access
Rectification
Erasure
Restriction of processing
Data portability
Objection
If you believe that the processing of your data violates data protection law, you may lodge a complaint with the supervisory authority:

Austrian Data Protection Authority
Barichgasse 40–42
1030 Vienna, Austria

11. Withdrawal of Consent
You may withdraw any consent given at any time.

The lawfulness of processing carried out prior to withdrawal remains unaffected.

12. Changes to this Privacy Policy
We reserve the right to update this Privacy Policy as necessary.

13. Contact
Sarah Lechner, BA
Herklotzgasse 26/9
1150 Vienna, Austria

Email: info@sarah-theresa.com
Phone: +43 676 5968388