Privacy Policy

Stand / Last Updated: 9th of July 2025

With this privacy policy, we inform you about which personal data we process in connection with our activities and operations, including our website https://sarahkartika.com. We particularly inform you about the purposes, methods, and locations of the personal data we process, as well as about the rights of individuals whose data we process.

Additional privacy policies or legal documents such as General Terms and Conditions (GTC), Terms of Use, or Participation Conditions may apply for specific or additional activities.

1. Contact Information

Controller for data processing:

Name: Sarah Kartika Haller
Adresse / Address: Bahnhofstrasse 6, 8942 Oberrieden, Schweiz
E-Mail: info@sarahkartika.com
Website: www.sarahkartika.com

2. Terms and Legal Bases

2.1 Terms

  • Personal data: Any information relating to an identified or identifiable natural person.

  • Sensitive personal data includes data on union membership, political/religious views, health, intimacy, ethnicity, genetic and biometric data, criminal records, or social assistance measures.

  • Processing includes any handling of personal data, such as collecting, storing, modifying, using, disclosing, or deleting it.

  • Data subject: A natural person whose data is being processed.

2.2 Legal Bases

We process data in accordance with Swiss data protection law, particularly the Federal Act on Data Protection (FADP) and its Ordinance (DPO).

3. Type, Scope, and Purpose of Data Processing

We process only the personal data necessary for the sustainable, user-friendly, secure, and reliable operation of our services. This includes contact data, browser/device data, content data, metadata, location data, sales, contract, and payment information.

We only retain data as long as required for its purpose or as legally necessary. Unneeded data is anonymized or deleted.

We may involve third parties in data processing, share data with them, or let them process it on our behalf—always ensuring data protection.

We generally process personal data only with consent. If legally permitted, we may process data without consent, for example:

  • To fulfill contracts

  • To meet legal obligations

  • To pursue overriding legitimate interests

  • Coaching services

  • Payment processing

  • Communication

  • Sending newsletters

  • Marketing

  • Website analytics

We also process data from public sources or third parties, where legally allowed.

4. Communication

We process personal data for communication with third parties (e.g., via email or mail). This may include storing data in an address book.

Third parties sharing data must ensure its accuracy and comply with privacy laws.

5. Applications

We process applicant data to assess suitability for employment or to carry out employment contracts. This includes data from applications and public online profiles.

6. Data Security

We take appropriate technical and organizational measures to ensure a level of data security appropriate to the risk—especially confidentiality, integrity, traceability, and availability.

Access to our website and digital platforms is protected by SSL/TLS encryption (HTTPS).

Note: Digital communication may be subject to mass surveillance by state authorities in Switzerland, Europe, the USA, or other countries. We cannot influence or prevent this.

7. Personal Data

We primarily process data in Switzerland but may transmit it abroad for processing.

We protect your data using SSL/TLS encryption and implement appropriate technical and organizational measures.

We only transfer data to countries with adequate data protection or ensure protection via standard contractual clauses or other safeguards. In special cases, we may transfer data with consent or due to direct contractual relevance.

We provide information on safeguards upon request.

8. Data Subject Rights

8.1 Data Protection Rights

Data subjects have the following rights:

  • Access: Know if and which personal data we process.

  • Correction/Restriction: Correct incomplete or inaccurate data and restrict processing.

  • Deletion/Objection: Delete data or object to future processing.

  • Data Portability: Receive or transmit their data to another controller.

We may restrict or refuse these rights when legally allowed (e.g., to protect third parties or trade secrets, or due to retention obligations).

In rare cases, we may charge fees and will inform in advance.

We must verify the identity of requesters and may ask for cooperation.

8.2 Legal Remedies

Data subjects can enforce their rights legally or file a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC).

9. Website Usage

9.1 Cookies

We use first-party and third-party cookies, which may be stored as session cookies (deleted when browser closes) or persistent cookies.

Cookies help recognize users, measure website reach, and support online marketing.

Users can deactivate or delete cookies in browser settings. Some functions may not work fully without cookies.

We request explicit consent where required.

Opt-out options are available for marketing cookies (e.g., AdChoices, EDAA).

9.2 Logging

We log data for every website access:

  • Date/time with time zone

  • IP address

  • HTTP status

  • OS and browser (with version and language)

  • Visited subpages and data volume

  • Referrer URL

Logs are necessary for functionality and security and may include personal data.

9.3 Tracking Pixels

We use tracking pixels (web beacons)—small invisible images or JavaScript used to monitor user behavior, similar to logs.

10. Social Media

We are present on social media platforms to communicate and inform. Personal data may be processed outside Switzerland.

Each platform's terms and privacy policies apply, including user rights like access.

11. Third-Party Services

We use third-party providers to ensure reliable, secure, and user-friendly services. These providers may process data temporarily, including IP addresses and usage stats.

Examples include:

  • Providers: Google LLC (USA), Google Ireland Ltd. (Ireland)

    Policies: Google Privacy & Security Principles, Data Privacy Guide, Cookies, Personalized Ads

  • Payment providers: Stripe, PayPal

  • Newsletter & E-Mail: kit.com (formerly ConvertKit), Apple Mail

  • Scheduling: Appointlet

  • Forms: Google Forms

  • Hosting & Analytics: Squarespace

  • Video & Events: Zoom, YouTube, Insight Timer

  • Social media: Facebook, Instagram

  • Community: Facebook Gruppen

    These services operate under their own privacy policies.

12. Use of Media

Photos and videos from live or online events are only used publicly with the participants’ explicit consent.

13. EU Representative

Gemäß Art. 27 DSGVO benennen wir eine Vertretung in der EU für Datenschutzanfragen.
According to Art. 27 GDPR, we appoint a representative in the EU for data protection inquiries.

Hinweis / Note: Wird ergänzt, sobald benannt / Will be added once appointed.