Data protection at a glance

General information

Your privacy is important to us. It is Transformation Unlocked’s policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website, https://transformationunlocked.com, and other sites we own and operate.
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. Detailed information can be found in the sections below.

By using our website, you hereby consent to our Privacy Policy and agree to its terms.

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us through email at contact@transformationunlocked.com.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. The operator’s contact details can be found in section “Controller”.

How do we collect your data?

Your data is collected in two ways:

• Data you provide to us (e.g., via email, contact form, appointment booking, applications).
• Data collected automatically or based on your consent when you visit the website (mainly technical data such as browser, operating system, time of page access). Collection occurs automatically when you access the website. In the event our site contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, you should read their posted privacy policy information about how they collect and use personal information. This Privacy Policy does not apply to any of your activities after you leave our site.

What do we use your data for?

Some of the data is collected to ensure that the website is provided without errors. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders, or other order inquiries.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipient, and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances.
Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
You can contact us at any time if you have any further questions on this or other data protection issues.

Analysis tools and third-party tools

When you visit this website, your surfing behavior may be statistically evaluated. This is done primarily with so-called analysis programs.
If such tools are used, you will find details in this Privacy Policy and, where required, they will only be used after consent.

Controller

Controller within the meaning of Art. 4(7) GDPR:

Transformation Unlocked
Marina Titov
Freiberuflerin
Wormser Str. 33

69469 Weinheim
Germany
Email: contact@transformationunlocked.com
Phone: +49 6221 3277981

Hosting

External hosting: HOSTINGER.COM – Hostinger International Ltd.

This website is hosted externally. The personal data collected on this website is stored on the host’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website.
We use the following host:
Hostinger International Ltd.
61 Lordou Vironos str., 6023 Larnaca, Cyprus
Privacy policy: https://www.hostinger.com/legal/privacy-policy

Legal basis:

External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6(1)(b) GDPR) and in our legitimate interest in a secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR).

If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Our host(s) will only process your data to the extent necessary to fulfill their service obligations and will follow our instructions regarding this data.

Data processing agreement

We have concluded a data processing agreement (Art. 28 GDPR) with our host to ensure processing only under our instructions and in compliance with GDPR.

General Information and Mandatory Disclosures

Data protection

We treat your personal data confidentially and in accordance with statutory data protection regulations and this Privacy Policy. Please note that data transmission on the Internet (e.g., email communication) can have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Storage duration

Unless a more specific storage period is stated in this Privacy Policy, your personal data remains with us until the purpose for processing ceases. If you submit a legitimate deletion request or withdraw consent, your data will be deleted unless we have other legally permissible reasons for storing your data (e.g., statutory retention periods under tax or commercial law). In that case, deletion takes place after those reasons cease to apply.

Legal bases for processing (overview)

Depending on the context, processing occurs on the basis of:

• Art. 6(1)(a) GDPR consent
• Art. 6(1)(b) GDPR contract / pre-contractual measures
• Art. 6(1)(c) GDPR legal obligation
• Art. 6(1)(f) GDPR legitimate interest
• §25(1) TDDDG storage of cookies or access to information on the end device (where applicable)

If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR, if special categories of data are processed in accordance with Art. 9 (1) GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 (1) (a) GDPR. If you have consented to the storage of cookies or access to information on your end device (e.g., via device fingerprinting), data processing is also carried out on the basis of Section 25 (1) TDDDG. Consent can be revoked at any time. If your data is necessary for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 (1) lit. b GDPR. Furthermore, we process your data if it is necessary to fulfill a legal obligation on the basis of Art. 6 (1) lit. c GDPR.

Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. The relevant legal basis in each individual case is explained in the following paragraphs of this privacy policy.
If special categories of personal data are processed (Art. 9(1) GDPR), processing is only carried out under the conditions of Art. 9(2) GDPR (typically explicit consent). If you explicitly consent to transfers to third countries, processing may also be based on Art. 49(1)(a) GDPR.

Recipients of personal data

In the course of our business, we work with external parties. Personal data is only disclosed when:

• necessary for contract performance,
• we are legally obliged to do so,
• we have a legitimate interest (Art. 6(1)(f) GDPR), or
• another legal basis permits disclosure.

When using processors, data is transferred only on the basis of a valid data processing agreement (Art. 28 GDPR). In case of joint processing, an agreement pursuant to Art. 26 GDPR is concluded where applicable.

Withdrawal of consent

Many processing operations are only possible with your explicit consent. You can withdraw consent at any time. The lawfulness of processing carried out up to the withdrawal remains unaffected.

Right to object (Art. 21 GDPR) and direct marketing

If processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object at any time for reasons arising from your particular situation. This also applies to profiling based on those provisions. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms or processing serves the establishment, exercise, or defense of legal claims.

If your personal data is processed for direct marketing, you have the right to object at any time. If you object, your personal data will no longer be used for direct marketing.

Right to lodge a complaint (Art. 77 GDPR)

In the event of GDPR violations, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

Right to data portability

You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract in a common, machine-readable format, and to have it transferred to another controller where technically feasible (Art. 20 GDPR).

Access, rectification, erasure

You have the right to obtain information free of charge at any time about your stored personal data, its origin and recipients, and the purpose of processing, and, if applicable, the right to rectification or erasure (Art. 15–17 GDPR).

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data.

You have the right to request restriction of processing (Art. 18 GDPR), for example if:

• you contest the accuracy of your data (for the duration of verification),
• processing is unlawful and you oppose erasure,
• we no longer need the data, but you need it to assert legal claims,
• you have objected pursuant to Art. 21(1) GDPR (pending balancing of interests).

You can contact us at any time to do so. The right to restriction of processing applies in the following cases:

If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.

If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.

If we no longer need your personal data, but you need it to exercise, defend, or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of its deletion.

If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data may—apart from its storage—only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

SSL/TLS encryption

This site uses SSL/TLS encryption for security and to protect transmission of confidential content. You can recognize an encrypted connection by “https://” and the lock symbol in your browser. If SSL/TLS is active, data transmitted to us cannot be read by third parties.

Objection to advertising emails

The use of contact details published in the Imprint for sending unsolicited advertising and information materials is hereby objected to. We reserve the right to take legal action in the event of unsolicited advertising, such as spam emails.

Data Collection on This Website

Cookies

Our website uses cookies. Cookies are small data packages and do not cause damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted after your visit. Persistent cookies remain stored until you delete them or your browser deletes them automatically.

Cookies may originate from us (first-party cookies) or from third-party companies (third-party cookies). Third-party cookies can enable the integration of certain third-party services.

Cookies have various functions. Many cookies are technically necessary because certain website functions would not work without them.

Legal basis:
Necessary cookies are stored on the basis of Art. 6(1)(f) GDPR unless another legal basis is stated. Where consent is required, processing is based on Art. 6(1)(a) GDPR and §25(1) TDDDG. Consent can be withdrawn at any time.

You can configure your browser to inform you about cookie settings, to allow cookies only in individual cases, to exclude cookies generally, and to delete cookies automatically. Disabling cookies may limit website functionality.

Contact form

If you send inquiries via the contact form, we store the data you provide for processing your request and follow-up questions.

Legal basis:
Art. 6(1)(b) GDPR (pre-contract/contract) or Art. 6(1)(f) GDPR (legitimate interest in efficient handling). Where consent is requested, Art. 6(1)(a) GDPR applies.

Retention:
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular retention periods—remain unaffected.

Inquiries by email, phone, or fax

If you contact us by email, phone, or fax, your inquiry including all resulting personal data is stored and processed to handle your request.

Legal basis:
Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR; where consent is requested, Art. 6(1)(a) GDPR.

Processing of Customer and Contract Data

If you purchase or request coaching, consulting, training, mentoring, facilitation, or workshops, we process personal data necessary to initiate and perform the contract.

Data categories may include:

• Name, contact details
• Company/organization details (where applicable)
• Contract and billing data
• Appointment and communication data
• Service-related notes/documentation (only insofar as necessary and as provided by you)

Purposes:

• offer preparation, contract performance, invoicing
• scheduling and service delivery
• accounting and compliance with retention obligations

Legal bases:

• Art. 6(1)(b) GDPR (contract/pre-contract)
• Art. 6(1)(c) GDPR (legal obligations, e.g., tax law)

Retention:

• Commercial and tax documents: typically 10 years under German law
• Other contract-related documents: as required by law and business necessity

Appointment Scheduling with Cal.com

We use Cal.com to provide appointment scheduling.

Provider: Cal.com, Inc.
Privacy policy: https://cal.com/de/privacy (or https://cal.com/privacy depending on locale)

Processed data may include:

• Name
• Email address
• Appointment metadata (time, type)
• Information you voluntarily provide (e.g., topics)

Purpose: scheduling and managing appointments and preparation of service delivery.

Legal basis: Art. 6(1)(b) GDPR.

Third-country transfers:
If Cal.com processes data outside the EU/EEA, safeguards may include:

• Art. 45 GDPR (adequacy decision), or
• Art. 46 GDPR (Standard Contractual Clauses).

Online Meetings via Zoom

We use Zoom for online sessions, workshops, and trainings.

Provider: Zoom Video Communications, Inc. (USA)
Privacy policy: https://zoom.us/privacy

Processed data may include:

• account/profile data (if you have a Zoom account)
• meeting metadata
• IP address, device information
• audio/video, chat content (as used)

Legal basis: Art. 6(1)(b) GDPR (contract/pre-contract) and/or Art. 6(1)(f) GDPR (efficient communication).

Recordings:
Recordings are only made with explicit consent (Art. 6(1)(a) GDPR) or a documented agreement.

Third-country transfers:
Where applicable, transfers are safeguarded via Art. 45/46 GDPR mechanisms (adequacy decisions/SCCs).

LinkedIn

We maintain a profile on LinkedIn.

Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Privacy policy: https://www.linkedin.com/legal/privacy-policy

LinkedIn processes personal data under its own responsibility. We may receive aggregated statistics (e.g., page insights).

If you contact us via LinkedIn, we process your data to respond and manage communication.

Legal basis:

• Art. 6(1)(f) GDPR (legitimate interest in professional communication and presentation)
• Art. 6(1)(b) GDPR (pre-contract) where communication relates to services

Social Media Profiles

We operate social media profiles to provide information and communicate with interested parties.

Depending on the platform, processing may occur:

• solely under the platform’s responsibility, or
• under joint responsibility arrangements for “insights” features (Art. 26 GDPR), where applicable.

You can generally exercise your rights directly with the platform provider. Where we receive messages or inquiries, we process the data to respond.

Legal basis: Art. 6(1)(f) GDPR and Art. 6(1)(b) GDPR depending on context.

Applicant Data

If you apply to work with us or for cooperation, we process application data.

Processed data may include:

• name, contact details
• CV, certificates
• correspondence and interview notes

Legal basis:

• Art. 6(1)(b) GDPR (pre-contractual measures)
• §26 BDSG (employment-related processing) where applicable

Retention:
If no contract is concluded, data is typically deleted after 6 months unless statutory obligations or consent justify longer storage.

Newsletter

If we offer a newsletter in the future, we will process your email address and verification information (double opt-in) exclusively based on consent (Art. 6(1)(a) GDPR). If you would like to subscribe to the newsletter offered on the website in the future, we need your email address and information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. No further data will be collected unless you provide it voluntarily. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 (1) (a) GDPR). You can revoke your consent to the storage of data, your email address, and its use for sending the newsletter at any time, for example via the “Unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.You can withdraw consent at any time via the unsubscribe link. The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose ceases to apply. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 (1) (f) GDPR. Data stored by us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) (f) GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

Until activation of a newsletter, this section is informational and not currently applicable.

Plugins and Tools

YouTube, if embedded

If we embed YouTube videos, a connection to YouTube servers may be established. YouTube may process usage and technical data. The YouTube website is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of these websites that incorporates YouTube, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

After a YouTube video has been activated, further data processing operations may be triggered over which we have no control.

YouTube is used in the interest of an appealing presentation of our online offerings.

This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Further information about data protection on YouTube can be found in their privacy policy at: https://policies.google.com/privacy

Transfers to Third Countries

If personal data is transferred outside the EU/EEA, processing occurs only under the conditions of GDPR, in particular based on:

• Art. 45 GDPR (adequacy decisions), or
• Art. 46 GDPR (Standard Contractual Clauses), or
• Art. 49 GDPR (exceptions) where applicable.

Data Security (Art. 32 GDPR)

We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy to reflect legal, technical, or operational changes. The current version is always available on this website.