top of page
  • LinkedIn
  • Instagram
  • Whatsapp

DATA PRIVACY

Self-Confidence Academy is operated by Britta Berger and Katerina Salandova (together, “we”, “us”, “our”). We are independent professionals collaborating on this website and on joint offerings (e.g., online group sessions, programs and retreats). For website operations we act as co-controllers. For 1:1 sessions, the relevant practitioner acts as the sole controller.

​

If you have questions about this notice or wish to exercise your rights, please contact us at:

​​

​

What data we collect

​​

  • Identity & contact data: name, email, phone, country/city.

  • Booking & transaction data: session type, dates, invoices, payment status (payments are processed by third-party providers; we do not store full card details).

  • Session data (may include special-category data): information you share in 1:1 or group sessions, intake forms, reflections/notes you choose to provide. This can include health and well-being information and other details you disclose voluntarily.

  • Communications: emails, messages, feedback.

  • Anonymised website & device data: basic analytics, browser information, cookie preferences (see “Cookies” below).

​

​

How we use your data (purposes & legal bases)

​

We only process personal data when we have a valid legal basis under the GDPR and, where applicable, a separate condition for special-category data.

​

  • To provide services (bookings, sessions, retreats, customer support).

    • Legal basis: Contract (Art. 6(1)(b) GDPR).

  • To send service communications (confirmations, reminders, logistics, materials).

    • Legal basis: Contract (Art. 6(1)(b)) and Legitimate interests (Art. 6(1)(f)).

  • To send optional updates or marketing (only if you opt in).

    • Legal basis: Consent (Art. 6(1)(a)); you can withdraw at any time.

  • To maintain website security, prevent misuse, and improve our services.

    • Legal basis: Legitimate interests (Art. 6(1)(f)).

  • To meet legal/financial obligations (invoices, tax).

    • Legal basis: Legal obligation (Art. 6(1)(c)).

​

Special-category (sensitive) data (e.g., health-related information you share during sessions) is processed only when an additional condition under Art. 9 GDPR applies—most commonly your explicit consent (Art. 9(2)(a)). You may withdraw consent at any time; this does not affect processing that has already occurred.

​

​

Confidentiality and boundaries of sessions

 

We treat all session content as confidential. We do not disclose session information to third parties unless:

  1. you give explicit consent;

  2. we are legally required to do so; or

  3. we reasonably believe disclosure is necessary to protect vital interests (e.g., risk of serious harm).
    These principles align with GDPR requirements for lawful processing and special-category safeguards.

​

​

Sharing your data

 

We share data only as needed to deliver our services and manage the website, for example with:

  • IT/hosting and website providers

  • Video-conferencing and scheduling tools

  • Email and communications services

  • Accounting and payment processors

Where these parties act as processors, they only process data on our instructions and must protect it appropriately under a data processing agreement. If any partner is outside the EEA/UK, we use appropriate safeguards (e.g., Standard Contractual Clauses) for international transfers, as required by GDPR.

​

​

Retention

 

We keep personal data only as long as necessary for the purposes described above:

  • Client records and session notes: for the duration of the client relationship and for a reasonable period thereafter (e.g., to respond to queries or legal requirements).

  • Invoices and tax records: for the period required by applicable law.

  • Marketing data: until you withdraw consent or opt out.
    We regularly review retention periods and securely delete or anonymise data when it is no longer needed.

​​

​

Security

 

We use administrative, technical and organizational measures appropriate to the risk, including access controls, encryption in transit where supported by our tools, and staff confidentiality commitments. No method of transmission or storage is 100% secure, but we work to safeguard your information in line with GDPR principles of integrity and confidentiality.

​

​

Your rights

 

Subject to conditions under the GDPR, you have the right to access, rectify, erase, restrict processing, object, and data portability, as well as the right to withdraw consent at any time (where processing is based on consent). You also have the right to lodge a complaint with a supervisory authority (e.g., the Austrian Data Protection Authority for clients of Britta, or the authority of your habitual residence). We will respond to requests without undue delay, in line with GDPR requirements.

​

​

Children

 

Our services and website are not directed to individuals under 18. We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us so we can delete it.

​

​

Cookies & analytics

 

We use only the cookies necessary to run the site and any optional analytics you consent to. You can manage preferences via our cookie banner or your browser settings. Further details are provided in our Cookie Notice.

​

​

International activities

 

We deliver online sessions worldwide and host retreats mainly in Europe. Depending on the services you use and your location, your data may be processed by either Britta or Katerina as controller. For 1:1 services, your booking confirmation will state which controller is responsible for your data.

​

​

Updates to this policy

 

We may update this notice from time to time. Material changes will be highlighted on this page with a new “Last updated” date.

​

​

Last updated: September 2025

bottom of page