Privacy Policy (Datenschutzerklärung)

Last updated: November 2025

1. Name and Contact Details of the Responsible Person

Responsible within the meaning of the General Data Protection Regulation (GDPR):
Mariana Pacheco Correa
In & Out Networking
Address: Uhlenhorster Weg 11a, 22085 Hamburg, Germany
Email: [email protected]
Phone: +49 173 4968422

2. General Information on Data Processing

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations, particularly the GDPR and the German Federal Data Protection Act (BDSG). Personal data is only collected and processed to the extent necessary for providing a functional website and our mentoring services, or if you have given your consent.

This privacy policy applies only to our web pages. If links on our pages route you to other pages, please inquire there about how your data are handled in such cases.

3. Data We Collect

We collect and process the following categories of personal data:

  • Contact Information: Name, email address, phone number, LinkedIn profile link (if provided).
  • Contract and Billing Information: Service booked, payment details, invoice data.
  • Session Information: Appointment times, mentoring notes, program progress, feedback.
  • Technical Data: When visiting our website, we collect your IP address, browser type and version, operating system, access time, and the pages you view.
  • Communication Data: Contents of emails, messages, or other communications.

We do not intentionally collect sensitive personal data (special categories of data pursuant to Art. 9 GDPR) unless explicitly provided by you for mentoring purposes with your explicit consent.

4. Purpose and Legal Bases for Processing

We process your personal data for specific purposes and rely on clear legal bases as defined by the GDPR for doing so:

Processing Purpose Categories of Data Used Legal Basis
To initiate and fulfill our mentoring contract: This includes communicating with you, responding to inquiries, managing appointments, providing mentoring services, and processing payments. Contact, Contract, Session, Communication Data Contract (Art. 6(1)(b) GDPR): processing is necessary for the performance of a contract to which you are a party.
To comply with our legal obligations, such as commercial and tax law retention requirements for invoices. Contract and Billing Information Legal Obligation (Art. 6(1)(c) GDPR): processing is necessary for compliance with a legal obligation.
To ensure the security and proper operation of our website and to improve our services based on technical analysis. Technical Data Legitimate Interest (Art. 6(1)(f) GDPR): we have a legitimate interest in a secure and functional website and in improving our services.
For marketing and analytics using non-essential cookies and tools. Technical Data (via Cookies) Consent (Art. 6(1)(a) GDPR): this processing is based solely on your consent, which you can withdraw at any time.

5. Cookies and Tracking Technologies

Our website uses cookies and similar technologies (e.g., local storage, pixels). Cookies are small text files that are stored on your device.

We use a granular cookie consent management platform (CMP) that allows you to grant or deny consent for different categories of cookies before they are activated.

Categories of Cookies/Tools:

  • Technically Necessary (Type A): Essential for the basic functions of the website and cannot be deactivated. They are set based on our legitimate interest (Art. 6(1)(f) GDPR).
  • Functional & Performance (Type B): Allow us to analyze website usage to improve performance and user experience. These are only set with your consent (Art. 6(1)(a) GDPR).
  • Marketing (Type C): Used for cross-site tracking and creating user profiles for targeted advertising. These are only set with your consent (Art. 6(1)(a) GDPR).

You can manage your cookie preferences at any time by accessing the cookie settings, which are available via a link in the footer of our website.

6. External Service Providers and Tools

We use the following third-party services to provide our services. Where these providers process data outside the EU, we ensure an adequate level of data protection through legal mechanisms.

a) LinkedIn

We use LinkedIn for networking, communication, and marketing. When you interact with our LinkedIn profile or contact us via LinkedIn, your data is processed by LinkedIn Ireland Unlimited Company.

LinkedIn acts as an independent controller for this data.

LinkedIn may transfer data to the USA. The transfer is secured by LinkedIn's certification under the EU-US Data Privacy Framework.

Privacy Policy: https://www.linkedin.com/legal/privacy-policy

b) Mastermind.com

We use Mastermind.com to host and manage our online mentoring programs. When you register, your data is processed by Mindmint LLC, USA.

Mastermind.com acts as an independent controller for data collected through its platform.

Data is transferred to the USA. The transfer is secured through Standard Contractual Clauses (SCCs).

Privacy Policy: https://www.mastermind.com/privacy-policy

c) Google Meet

We conduct online sessions via Google Meet, a service of Google Ireland Limited. Google may process data on servers outside the EU.

Google acts as our processor for this service.

Data transfers are governed by Google's certification under the EU-US Data Privacy Framework and SCCs.

Privacy Policy: https://support.google.com/meet/answer/9852160?hl=en

d) Stripe

We use Stripe for secure payment processing. Stripe collects and processes your payment information.

Stripe acts as an independent controller for payment data.

Stripe Payments Europe Ltd. (Ireland) is the controller for the region. Data may be transferred to Stripe, Inc. (USA) under the EU-US Data Privacy Framework.

Privacy Policy: https://stripe.com/privacy

e) WhatsApp

By providing us with your phone number, you are giving us your consent to receive WhatsApp messages from our company.

https://www.whatsapp.com/legal/privacy-policy

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law.

  • Contract and Communication Data are deleted after the termination of the business relationship, unless longer retention is necessary for the establishment, exercise, or defense of legal claims (typically 3 years).
  • Technical Data (Log Files) are deleted after 7 days.
  • Tax-Relevant Documents (Invoices) are retained for 10 years as required by German commercial and tax law (§ 147 AO, § 257 HGB).

After the retention period, the data is securely deleted or anonymized.

8. Data Sharing

Your data will not be shared with unrelated third parties unless:

  • It is necessary for the fulfillment of a contract with you (e.g., payment processors, hosting providers),
  • We are legally obligated to do so (e.g., by court order or tax authorities), or
  • You have given your explicit consent.

If we use processors (service providers who process data on our behalf), we have concluded strict data processing agreements with them pursuant to Art. 28 GDPR.

9. Your Rights under the GDPR

You have the following rights regarding your personal data:

  • Right of Access (Art. 15 GDPR): You can request information about the data we store about you.
  • Right to Rectification (Art. 16 GDPR): You can request the correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten") (Art. 17 GDPR): You can request the deletion of your data, provided no legal obligation to retain it exists.
  • Right to Restriction of Processing (Art. 18 GDPR): You can request that we restrict the processing of your data under certain conditions.
  • Right to Data Portability (Art. 20 GDPR): You can receive your data in a structured, commonly used, and machine-readable format.
  • Right to Object (Art. 21 GDPR): You can object to the processing of the data based on our legitimate interests. We will no longer process your data unless we can demonstrate compelling legitimate grounds.
  • Right to Withdraw Consent (Art. 7(3) GDPR): You can withdraw your consent at any time with effect for the future.

To exercise these rights, please contact us at: [email protected].

Furthermore, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The competent authority for us is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str 22, 7. OG
20459 Hamburg
Germany
https://datenschutz-hamburg.de/

10. Data Security

We apply state-of-the-art technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments. These measures include password-protected systems, secure communication channels (SSL/TLS encryption), and strict access controls.

11. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other reasons. The current version will always be available on our website. We will notify you of any material changes.