Privacy Policy
Last updated: 01.01.2026
This privacy policy explains how personal data is processed when you visit and use this website.
1. Controller
The controller responsible for this website is:
Dr. Wilhelm E. J. Klein
Frankfurt am Main, Germany
Postal address available upon legitimate request.
Email: hello@wilhelmklein.net
2. General information
I take the protection of personal data seriously and process personal data only in accordance with applicable data protection law, in particular the General Data Protection Regulation (“GDPR”).
Personal data means any information relating to an identified or identifiable natural person. This may include, for example, your name, email address, IP address, booking information, payment information, or information you provide through a contact form.
3. Data processed when visiting this website
When you visit this website, certain technical data may be processed automatically in order to display the website, maintain security, and ensure technical stability.
This may include:
IP address
date and time of access
browser type and version
operating system
referrer URL
pages accessed
host name of the accessing device
technical log and security data
The legal basis for this processing is Article 6(1)(f) GDPR. My legitimate interest lies in the secure, stable, and reliable operation of this website.
4. Hosting and website platform: Squarespace
This website is created and hosted using Squarespace.
In connection with the technical provision of the website, Squarespace may process personal data, including technical usage data, log data, cookie data, and information submitted through website features such as forms, scheduling tools, payment functions, or other interactive elements.
Squarespace may process data both on my behalf and, in certain cases, as an independent controller, depending on the specific service and processing context.
Further information about Squarespace’s data processing is available in Squarespace’s own privacy documentation.
Where personal data is transferred outside the European Union or European Economic Area, such transfers are made subject to appropriate safeguards as described by Squarespace, which may include adequacy decisions, the EU-U.S. Data Privacy Framework, and/or Standard Contractual Clauses.
5. Contact forms and email inquiries
If you contact me by email or through a contact form on this website, I process the information you provide in order to respond to your inquiry.
This may include:
name
email address
message content
subject of inquiry
any other information you voluntarily provide
The legal basis for this processing is Article 6(1)(b) GDPR where your inquiry relates to a possible or existing contractual relationship, and Article 6(1)(f) GDPR where my legitimate interest is to respond to your inquiry and communicate with you.
Please do not submit sensitive personal data through the contact form unless it is necessary for your inquiry.
6. Booking and scheduling
This website may use booking or scheduling functionality, including Squarespace Scheduling or a comparable scheduling service.
If you book a call, consultation, workshop, or other appointment, the following data may be processed:
name
email address
appointment date and time
time zone
phone number, if provided
organization, if provided
message or notes entered during booking
technical booking data
The legal basis for this processing is Article 6(1)(b) GDPR where the booking relates to the initiation or performance of a service, and Article 6(1)(f) GDPR where my legitimate interest is to organize appointments and manage inquiries efficiently.
7. Payments and shop functions
This website may include payment, invoicing, checkout, or shop functions.
If you purchase a service, book a paid session, buy a product, or make a payment through this website, personal data necessary for processing the transaction may be processed. This may include:
name
email address
billing information
payment status
transaction data
purchased service or product
tax-relevant information
communication relating to the transaction
Payment processing may be carried out by third-party payment providers integrated into Squarespace or otherwise connected to this website. These providers may process payment data as independent controllers according to their own privacy terms.
The legal basis for this processing is Article 6(1)(b) GDPR for contract performance and Article 6(1)(c) GDPR where processing is required for legal, accounting, or tax obligations.
8. Analytics
This website may use analytics tools, including Squarespace Analytics or other analytics services, to understand how visitors use the site and to improve its content, structure, and performance.
Analytics may process information such as:
pages visited
time spent on pages
referrer information
approximate location
device and browser information
interaction data
IP address or shortened/anonymized IP address, depending on configuration
cookie or similar identifier, where used
Where analytics involve non-essential cookies, tracking technologies, or third-party processing requiring consent, they are activated only after you have given consent through the cookie banner or consent settings.
The legal basis for analytics requiring consent is Article 6(1)(a) GDPR. If privacy-preserving or technically necessary analytics are used without consent, the legal basis is Article 6(1)(f) GDPR.
9. Cookies and similar technologies
This website uses cookies and similar technologies.
Some cookies are technically necessary for the proper functioning, security, and operation of the website. These may be used without consent where legally permitted.
Other cookies or similar technologies, especially those used for analytics, embedded media, marketing, personalization, or social media features, are used only if you have given your consent through the cookie banner or consent settings.
When you first visit this website, you may be asked to choose which categories of cookies and similar technologies you allow. You can change or withdraw your consent at any time through the cookie settings on this website.
You can also manage or delete cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the website.
The legal basis for technically necessary cookies is Article 6(1)(f) GDPR. My legitimate interest lies in providing a secure and functional website. Where consent is required, the legal basis is Article 6(1)(a) GDPR.
10. Embedded third-party content
This website may include embedded third-party content, such as videos, maps, social media posts, audio players, or other external media.
Where embedded content is used, third-party providers may process personal data, including your IP address and information about your interaction with the embedded content. They may also set cookies or use similar technologies.
Where required by law, such embedded content is loaded only after you have given consent.
11. Social media links and external websites
This website may contain links to external websites or social media profiles. If you click such links, you leave this website. The respective third-party provider is responsible for data processing on its own website or platform.
Please review the privacy policies of those external providers before using their services.
12. Newsletter or direct marketing
If this website offers a newsletter or email updates, personal data such as your email address and, where applicable, your name may be processed for that purpose.
Newsletter or marketing emails are sent only where you have given consent or where another legal basis applies. You can unsubscribe at any time using the unsubscribe link in the email or by contacting me directly.
The legal basis is generally Article 6(1)(a) GDPR.
13. Legal bases of processing
Depending on the context, personal data may be processed on one or more of the following legal bases:
Article 6(1)(a) GDPR — consent
Article 6(1)(b) GDPR — performance of a contract or steps prior to entering into a contract
Article 6(1)(c) GDPR — compliance with a legal obligation
Article 6(1)(f) GDPR — legitimate interests
14. Storage period
Personal data is stored only for as long as necessary for the respective processing purpose, unless a longer storage period is required by law or necessary for the establishment, exercise, or defense of legal claims.
Contact inquiries are generally stored only for as long as necessary to respond to and manage the inquiry. Contract, booking, payment, and tax-relevant data may be stored for longer periods where required by applicable law.
15. Recipients of personal data
Personal data may be shared with service providers where necessary for operating this website and providing related services. These may include:
website hosting and platform providers
scheduling providers
email and communication providers
analytics providers
payment processors
tax, accounting, or legal advisors where necessary
other technical service providers
Where service providers process personal data on my behalf, appropriate contractual arrangements are used where required by law.
16. International data transfers
Some service providers may process personal data outside the European Union or European Economic Area.
Where such transfers occur, they are carried out only where legally permitted and subject to appropriate safeguards, such as adequacy decisions, the EU-U.S. Data Privacy Framework, Standard Contractual Clauses, or other mechanisms recognized under applicable data protection law.
17. Your rights
Subject to the applicable legal requirements, you have the following rights under the GDPR:
right of access
right to rectification
right to erasure
right to restriction of processing
right to data portability
right to object to processing
right to withdraw consent at any time with effect for the future
right to lodge a complaint with a supervisory authority
To exercise your rights, you can contact me at:
18. Right to object
Where personal data is processed on the basis of Article 6(1)(f) GDPR, you have the right to object to such processing on grounds relating to your particular situation.
Where personal data is processed for direct marketing purposes, you have the right to object at any time.
19. Supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority.
For a controller based in Hesse, the competent supervisory authority is generally:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden
Germany
Email: poststelle@datenschutz.hessen.de
Phone: +49 611 1408-0
20. Data security
I use appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access.
21. Changes to this privacy policy
This privacy policy may be updated from time to time to reflect legal, technical, or operational changes. The current version published on this website applies.