1. Overview of data protection

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally.

Data Collection on this Website

Who is responsible for data collection? The data processing on this website is carried out by the website operator:

• Victoria Gonsior

• Volksgartenstr. 9, 50677 Cologne, Germany

• Email: vicky@victoriagonsior.com

How do we collect your data?

1. Directly provided: Data you enter (e.g., in a contact form or during checkout).

2. Automatically collected: Technical data (IP address, browser, time of access) collected by our hosting provider, Podia, to ensure site stability and security.

3. Consent-based: Data collected via tracking pixels or cookies after you have given explicit consent via our Consent Management Tool.

2. Mandatory statutory information

Revocation of your Consent to Data Processing

Many data processing operations are only possible with your express consent. You can revoke consent at any time with future effect. The legality of the data processing carried out until the revocation remains unaffected.

Right to Lodge a Complaint with a Supervisory Authority

In the event of GDPR violations, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement.

Right to Data Portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format.

3. Hosting and Content Delivery Networks (CDN)

External Hosting via Podia

This website is hosted by Podia Labs, Inc. (228 Park Ave S, PMB 96490, New York, NY, 10003-1502). Personal data collected on this website is stored on Podia’s servers.

• Legal Basis: The use of Podia is based on Art. 6(1)(b) GDPR (contract fulfillment) and Art. 6(1)(f) GDPR(legitimate interest in a secure and fast website).

• Data Processing Agreement: We have concluded a Data Processing Agreement (DPA) with Podia to ensure they process your data only according to our instructions.

International Transfers (USA)

Podia is based in the USA. However, Podia participates in the EU-U.S. Data Privacy Framework (DPF). This means that an "adequacy decision" exists, ensuring that your data is handled with a level of protection equivalent to EU standards.

4. Payment Services (Stripe)

We integrate payment services from Stripe (Stripe Payments Europe, Ltd., Ireland).

• Processing: When you make a purchase, your payment data is transmitted to Stripe. This is necessary for contract fulfillment (Art. 6(1)(b) GDPR).

• Note: We do not see or store your credit card numbers; they are handled entirely by Stripe.

5. Cookies and Tracking (TDDDG Compliance)

This website uses cookies. We distinguish between:

• Essential Cookies: Necessary for the technical operation of the site (e.g., your login state, shopping cart). Legal basis: § 25 Abs. 2 TDDDG.

• Analytical/Marketing Cookies: Used only with your explicit consent (Art. 6(1)(a) GDPR and § 25 Abs. 1 TDDDG).

6. Retention Periods

We store your data only as long as required by the purpose of processing or legal retention periods (e.g., 10 years for tax-relevant documents under German commercial law).

Last update: 27 January 2026