📄 Privacy Policy

1. Data Controller

The responsible party for data processing on this website is:

Josephine Thill
I am currently in the process of setting up a business address. Until then, you may contact me via email at rosali.records@gmail.com

Berlin
Germany

Email: rosali.records@gmail.com
Phone: +49 (0)152 0467 6209

2. General Information

Protecting your personal data is very important to me. I therefore process your data exclusively on the basis of the applicable legal provisions (GDPR, BDSG). This privacy policy informs you about the most important aspects of data processing on my website.

3. Data Collection When Visiting My Website

When you visit my website, certain information is automatically collected by my website provider Squarespace and stored in so-called server log files. This includes:

• IP address of the requesting device

• Date and time of access

• Name and URL of the accessed file

• Website from which the access was made (referrer URL)

• Browser type and version, and possibly the operating system

• Your internet service provider

• Country from which the access is made

• Number of visitors

These data are collected and processed to ensure the smooth operation and statistical analysis of the website. The data is not combined with other data sources.

Processing is based on Art. 6(1)(f) GDPR and serves my legitimate interest in the stability, security, and optimization of my website.

4. Cookies and Tracking Tools

I do not use any cookies or tracking tools myself.
However, Squarespace may use technically necessary cookies to ensure the basic functionality and security of the website. These cookies are not used for tracking or advertising purposes.

The legal basis for the use of strictly necessary cookies is Art. 6(1)(f) GDPR.

5. External Booking Platform – Calendly

On my website, you can book appointments with me via an external link to the service Calendly. When using this service, Calendly collects personal data such as your name and email address to facilitate the scheduling of appointments.

I use this data solely to communicate with you before and after the scheduled appointment. The processing is based on Art. 6(1)(b) GDPR (for the performance of a contract or pre-contractual measures).

Calendly is a service provided by Calendly LLC, based in the United States. It cannot be ruled out that your data may be transferred to third countries (in particular, the U.S.). Calendly relies on the EU Standard Contractual Clauses to safeguard such transfers.
You can find Calendly’s privacy policy here:
👉 https://calendly.com/privacy

6. Contact via Email

If you contact me via email, I process the data you provide (e.g., your email address, name) in order to respond to your inquiry. Processing is based on Art. 6(1)(b) GDPR (contractual or pre-contractual communication) or Art. 6(1)(f) GDPR (legitimate interest in effective communication).

Please note that email communication may have security vulnerabilities. Complete protection of your data from access by third parties is not possible.

7. Social Media and External Links

My website includes links to my profiles on external platforms such as Instagram or LinkedIn. When you click on one of these links, you leave my website and are subject to the privacy policies of the respective third-party provider.

I have no influence over the data processing by these providers. Please refer to their respective privacy policies:

• Instagram: https://privacycenter.instagram.com/policy

• LinkedIn: https://www.linkedin.com/legal/privacy-policy

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR)

• Right to rectification of inaccurate or incomplete data (Art. 16 GDPR)

• Right to erasure (“right to be forgotten”) (Art. 17 GDPR)

• Right to restriction of processing (Art. 18 GDPR)

• Right to data portability (Art. 20 GDPR)

• Right to object to processing (Art. 21 GDPR)

• Right to withdraw consent at any time (Art. 7(3) GDPR)

• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

9. Data Retention Period

Unless a more specific storage period is stated in this privacy policy, I will retain your personal data only for as long as necessary for the purposes for which it was collected or as required by statutory retention obligations.

Once the purpose for data processing no longer applies, or the legal retention period expires, the data will be routinely deleted, unless there are legitimate reasons for continued storage (e.g., contract performance or legal obligations).

10. Changes to This Privacy Policy

I reserve the right to update this privacy policy at any time in compliance with applicable data protection regulations. The current version is always available here.

Last updated: July 3, 2025