Privacy Policy (GDPR Compliant – Sacred Power)
Last updated: 17 July 2025
Contact Us
Our Commitment to Your Privacy
This Privacy Policy explains how we collect, use, and protect your personal data when you interact with the Sacred Power programme, including signing up for courses, submitting forms, and using our services. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the Telecommunications Digital Services Data Protection Act (TTDSG).
Controller Information
Sacred Power UG (limited liability) is operated by Christakis Christodoulou and Patricia Heinis
Address: Grillparzerstraße 23, 81675, Munich, Germany
Telephone: +49 (0) 1520 6925 347
Website: sacredpower.de
For all data protection matters, please contact: empowered404@gmail.com
Data Protection Officer
Based on the size of our organisation, we are not required to appoint a Data Protection Officer under German law. For all data protection enquiries, please contact us directly at empowered404@gmail.com.
3. Personal Data We Collect
We collect the following categories of personal data:
3.1 Registration and Course Data
  • Full name
  • Email address
  • Telephone number (when provided)
  • Postal address (when required for course materials)
  • Course preferences and selections
  • Attendance records for sessions
3.2 Communication Data
  • Messages sent through contact forms
  • Email correspondence
  • Application or intake form responses
  • Survey responses and feedback
3.3 Payment Information
  • Billing name and address
  • Payment method details (processed securely by Stripe)
  • Transaction records
  • Invoice information
3.4 Technical Data
  • IP address (anonymised after 7 days)
  • Browser type and version
  • Device information
  • Access logs (retained for 90 days for security purposes)
4. Legal Basis for Processing
We process your personal data based on the following legal grounds under Article 6 GDPR:
4.1 Contractual Necessity (Article 6(1)(b) GDPR)
  • Processing registration and course enrolment
  • Delivering course content and materials
  • Managing your participation in programmes
  • Processing payments
4.2 Consent (Article 6(1)(a) GDPR)
  • Marketing communications (only with explicit opt-in)
  • Optional survey participation
  • Newsletter subscriptions
4.3 Legal Obligation (Article 6(1)(c) GDPR)
  • Maintaining financial records for tax purposes (7 years retention)
  • Compliance with accounting regulations
4.4 Legitimate Interests (Article 6(1)(f) GDPR)
  • Website security and fraud prevention
  • Improving our services based on feedback
  • Administrative communications related to your course participation
5. How We Use Your Data
5.1 Course Administration
  • Register you for selected courses and events
  • Send course materials and updates
  • Track attendance and participation
  • Provide certificates of completion
5.2 Communication
  • Send essential course-related information
  • Respond to your enquiries
  • Provide customer support
5.3 Payment Processing
  • Process course fees securely
  • Generate invoices and receipts
  • Maintain financial records
5.4 Service Improvement
  • Analyse course effectiveness (using anonymised data)
  • Improve programme content and delivery
  • Conduct participant satisfaction surveys (with consent)
6. Data Sharing and Third Parties
We only share your personal data in the following circumstances:
6.1 Form Processing
Tally Forms (Tally BVBA) processes registration and application forms on our behalf under their standard Data Processing Agreement. Tally is a Belgium-based (EU) company that is fully GDPR compliant, with all data encrypted in transit and at rest, and stored within the European Union. Their privacy policy is available at: tally.so/help/privacy-policy
6.2 Payment Processing
Mollie B.V. processes payments on our behalf under their standard terms. Mollie is a Dutch (EU) company that is fully GDPR compliant, with all payment data stored on Dutch servers within the European Union. Their privacy policy is available at: mollie.com/legal/privacy
6.3 Course Delivery Platform
Gamma Technologies Inc. hosts our pilot course content through their platform (gamma.app). Gamma is a presentation and website building platform where our course materials are delivered. Their privacy policy is available at: gamma.app/privacy
6.3 Video Conferencing Platform
Zoom Video Communications Inc. processes video call data during our live course sessions under their standard Data Processing Agreement. Zoom provides EU data residency options and is GDPR compliant. During live sessions, video, audio, and chat data may be processed through Zoom's platform. Their privacy policy is available at: zoom.us/privacy
6.5 Legal Requirements
We may disclose data when required by German or EU law, court orders, or regulatory authorities.
6.6 No Commercial Sharing
We never sell, rent, or commercially share your personal data with third parties for marketing purposes.
7. International Data Transfers
When we transfer data outside the EU/EEA, we ensure adequate protection through:
  • Adequacy decisions (for transfers to countries with adequate protection)
  • Standard Contractual Clauses approved by the European Commission
  • Certification schemes such as the EU-US Data Privacy Framework
Specific transfers:
  • Zoom (USA): Offers EU data residency options and uses Standard Contractual Clauses for GDPR compliance
  • Mollie (Netherlands): No international transfer - EU-based payment processor with data stored in the Netherlands
  • Gamma.app (USA): Course content delivery for pilot programme - data processed under their standard privacy framework
  • Tally (Belgium): No international transfer - EU-based service with data stored in Europe
8. Data Retention Periods
We retain your personal data for the following periods:
8.1 Course Participants
  • Active participation data: Duration of course plus 2 years
  • Course completion certificates: 10 years
  • Contact details: Until you withdraw consent or 3 years after last interaction
8.2 Financial Records
  • Payment information: 7 years (German tax law requirement)
  • Invoices and receipts: 10 years (commercial law requirement)
8.3 Marketing Communications
  • Newsletter subscriptions: Until you unsubscribe
  • Marketing consent: 2 years from last interaction
8.4 Technical Data
  • Server logs: 90 days
  • IP addresses: Anonymised after 7 days
After these periods, data is securely deleted or anonymised beyond recognition.
9. Your Rights Under GDPR
You have the following rights regarding your personal data:
9.1 Right of Access (Article 15 GDPR)
Request a copy of all personal data we hold about you, including processing purposes and recipients.
9.2 Right to Rectification (Article 16 GDPR)
Request correction of inaccurate or incomplete personal data.
9.3 Right to Erasure (Article 17 GDPR)
Request deletion of your personal data when:
  • No longer necessary for original purposes
  • You withdraw consent (where consent was the legal basis)
  • Data has been unlawfully processed
  • Required for compliance with legal obligations
9.4 Right to Restrict Processing (Article 18 GDPR)
Request limitation of processing when:
  • You contest the accuracy of data
  • Processing is unlawful but you prefer restriction to deletion
  • We no longer need the data but you need it for legal claims
9.5 Right to Data Portability (Article 20 GDPR)
Receive your personal data in a structured, commonly used format (CSV/JSON) and transmit it to another controller.
9.6 Right to Object (Article 21 GDPR)
Object to processing based on legitimate interests, including direct marketing.
9.7 Rights Related to Automated Decision-Making (Article 22 GDPR)
We do not use solely automated decision-making or profiling that produces legal or significant effects.
9.8 How to Exercise Your Rights
  • Post: Nabburger Straße 2, 81737, Munich, Germany
  • Response time: Within one month of receipt
  • Verification: We may request proof of identity
  • Free of charge: Unless requests are manifestly unfounded or excessive
10. Data Security
10.1 Technical Measures
  • SSL/TLS encryption for data transmission
  • Encrypted data storage
  • Regular security updates and patches
  • Access controls and authentication
  • Regular backups with encryption
10.2 Organisational Measures
  • Staff training on data protection
  • Confidentiality agreements
  • Regular security assessments
  • Incident response procedures
  • Data minimisation principles
11. Cookies and Tracking Technologies
11.1 Current Cookie Use
We currently use only essential cookies that are strictly necessary for website functionality:
  • Session cookies: To maintain your session while browsing
  • Security cookies: To protect against fraud and unauthorised access
11.2 Consent for Non-Essential Cookies
Before implementing any analytics, marketing, or tracking cookies, we will:
  • Obtain your explicit consent through a compliant cookie banner
  • Provide clear information about each cookie's purpose
  • Offer granular choices with equally prominent Accept/Reject options
  • Allow easy withdrawal of consent
11.3 Your Cookie Controls
You can control cookies through your browser settings. Note that disabling essential cookies may affect website functionality.
12. Data Breach Notification
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will:
  • Notify you without undue delay (within 72 hours where feasible)
  • Describe the nature of the breach
  • Explain likely consequences and measures taken
  • Provide contact information for further enquiries
13. Children's Privacy
Our services are not directed at children under 16. We do not knowingly collect personal data from children under 16 without parental consent. If you believe we have collected such data, please contact us immediately.
14. Complaints and Supervisory Authority
14.1 Internal Complaints
If you have concerns about our data processing, please contact us first at empowered404@gmail.com.
14.2 Supervisory Authority
You have the right to lodge a complaint with the relevant German data protection authority:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) Promenade 18 91522 Ansbach
Telephone: +49 (0) 981 180093-0 Email: poststelle@lda.bayern.de
A complete list of German supervisory authorities is available at: bfdi.bund.de
15. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we make material changes:
  • We will post the updated policy on our website
  • We will notify you by email if you have an active account
  • The "Last updated" date will be revised
  • Continued use of our services constitutes acceptance of changes
For significant changes affecting your rights, we will seek fresh consent where required.
16. Legal Compliance
This Privacy Policy complies with:
  • EU General Data Protection Regulation (GDPR)
  • German Federal Data Protection Act (BDSG)
  • Telecommunications Digital Services Data Protection Act (TTDSG)
  • German Commercial Code (HGB) for record-keeping requirements
17. Contact Information
For all privacy-related enquiries, data subject rights requests, or complaints:
Email: empowered404@gmail.com
Post: Sacred Power UG (limited liability), Grillparzerstraße 23, 81675, Munich, Germany
Telephone: +49 (0) 1520 69253 47
Response time: We will acknowledge your enquiry within 3 business days and provide a full response within one month.
This Privacy Policy was last reviewed and updated on 17 July 2025 to ensure compliance with current German and EU data protection laws.