Last updated: 05/8/2025
1. Introduction
Thank you for visiting www.simonbowen.coach. I take data protection seriously and handle your personal data in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the Telecommunications and Telemedia Data Protection Act (TTDSG).
This Privacy Policy informs you about how your personal data is processed when you visit my website or work with me as a coaching or mentoring client.
2. Data Controller
Name: Simon Bowen
Business Name: Simon Bowen, Business Coach & Mentor
Address: Weitzgrunder Allee 3, 14806 Bad Belzig, Germany
Email: privacy@simonbowen.coach
As a freelancer, I am not legally required to appoint a Data Protection Officer.
3. Types of Personal Data Processed
Website Visitors:
- IP address, browser information, and device type
- Session cookies and consent preferences
- Analytics and tracking data (if consent is given)
Via Contact Forms:
- Name, email address, and any content you submit
Clients and Prospective Clients:
- Contact and billing details
- Coaching session notes
- Communication history
- Files or data shared as part of coaching
- CRM records
4. Legal Basis for Processing
Your personal data is processed under the following lawful bases:
- Consent (Art. 6(1)(a) GDPR) – for analytics, tracking cookies, and enquiries via the contact form
- Contractual necessity (Art. 6(1)(b) GDPR) – for coaching sessions and client onboarding
- Legal obligation (Art. 6(1)(c) GDPR) – for accounting and tax purposes
- Legitimate interests (Art. 6(1)(f) GDPR) – for operating a secure, functioning website and business
5. Data Retention
- Client data: Retained for up to 12 months after contract expiry
- Website enquiries: Retained for 12 months
- Invoices and financial records: Retained for 10 years in accordance with §147 AO (German tax law)
6. Cookies and Tracking Technologies
This website uses cookies. You will be prompted to give or refuse consent via the cookie banner tool. For details please see the cookie policy.
https://simonbowen.coach/cookie-policy/
To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at https://devowl.io/rcb/data-processing/.
The legal basis for the processing of personal data in this context are Art. 6 (1) (c) GDPR and Art. 6 (1) (f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.
The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.
7. Embedded Third-Party Services
The website integrates the following services, which may process personal data:
- Google Fonts and Google Maps (Google Ireland Ltd.)
- Fluent Booking for scheduling sessions
- WP Forms – form data submission
These services may store data outside the EU. Where applicable, I rely on Standard Contractual Clauses (SCCs) as safeguards for international data transfers.
8. Other Third-Party Services
As part of my coaching services, I collect and process personal data in compliance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
a. Types of Data Collected
- Full name
- Email address, phone number
- Invoicing and payment details
- Appointment and communication history
- Coaching session notes and reflections
- Uploaded documents or assessments (if applicable)
- Voluntary feedback or testimonials
b. Purpose of Processing
- To deliver coaching sessions
- To organise and manage appointments
- To issue invoices and maintain financial records
- To document the coaching process
- For optional feedback, testimonials, or service improvement
- For the use of digital tools to support self-reflection and progress tracking
c. Legal Basis for Processing (Article 6 GDPR)
- Art. 6(1)(b) – Performance of a contract (coaching agreement)
- Art. 6(1)(a) – Consent (e.g. testimonials or optional communication channels)
- Art. 6(1)(c) – Legal obligation (e.g. record-keeping)
- Art. 6(1)(f) – Legitimate interest (e.g. efficient service delivery)
d. Tools and Services Used
| Service | Purpose | Location | Data Transfer Outside EU? | Safeguards / Notes |
|---|---|---|---|---|
| Google Workspace | Email, calendar, document storage | USA | Yes | Google commits to GDPR within its contractual terms, including incorporating a Data Processing Agreement (DPA) and standard contractual clauses (SCCs) as required by EU law. |
| Trello | Task and process management, client notes from sessions | USA | Yes | SCCs, limited data processed |
| Granola AI | AI-supported reflection and insight tools | USA | Yes | GDPR-compliant data processing agreement |
| Zoom | Online video sessions | USA | Yes | SCCs, no recording without explicit consent |
| Fluent Booking | Online scheduling and booking | EU | No | GDPR-compliant data processing agreement |
| YouSign | Electronic signing of coaching agreements | France (EU) | No | EU-based data storage |
| WhatsApp Business (optional) | Communication if explicitly chosen by client | Ireland / USA | Yes | End-to-end encryption; used only with consent. If you choose to communicate via WhatsApp, you acknowledge that this platform does not meet full EU data protection standards and agree to its use for non-sensitive communications only. You are encouraged to request to use an alternative service that you feel comfortable with. |
| Telegram (optional) | Alternative messaging channel | UAE | Yes | Only used upon explicit request. If you choose to communicate via Telegram, you acknowledge that this platform does not meet full EU data protection standards and agree to its use for non-sensitive communications only. You are encouraged to request to use an alternative service that you feel comfortable with. |
| Papierkram | Accounting and invoicing | Germany | No | Servers located in Germany |
| All-Inkl.com | Website hosting, server infrastructure | Germany | No | Servers located in Germany. Data processing agreement (DPA) in place according to Art. 28 GDPR. |
9. Your Rights under the GDPR
a. Your Rights
You have the right to:
- Access your personal data (Art. 15 GDPR)
- Rectify inaccurate data (Art. 16 GDPR)
- Erase your data (“right to be forgotten”, Art. 17 GDPR)
- Restrict or object to processing (Art. 18, 21 GDPR)
- Data portability (Art. 20 GDPR)
- Withdraw consent at any time (Art. 7(3) GDPR)
To exercise any of these rights, contact me at privacy@simonbowen.coach.
You also have the right to lodge a complaint with a supervisory authority. In Germany, this is the Berliner Beauftragte für Datenschutz und Informationsfreiheit (https://www.datenschutz-berlin.de/).
b. Response Time for Data Subject Requests
In accordance with Article 12(3) of the GDPR, I aim to respond to all valid data subject requests (e.g. access, rectification, erasure, objection) within 30 days of receipt. In cases where the request is particularly complex or if I receive multiple requests from the same individual, this period may be extended by up to an additional 60 days. In such cases, I will inform you of the extension and the reasons for the delay.
c. Automated Decision-Making
I do not use automated decision-making or profiling as part of my coaching or website services.
10. Data Security
I use industry-standard security measures (e.g. SSL encryption, secure backups, and limited access control) to protect your data. External service providers are chosen carefully and bound by data processing agreements where applicable.
11. Changes to this Privacy Policy
This Privacy Policy may be updated occasionally to reflect legal or operational changes. The date of the last update will always be indicated at the top of this page.
12. Contact
If you have questions about this Privacy Policy or how your data is handled, please contact:
Simon Bowen
privacy@simonbowen.coach