Legal Disclaimer: This document was generated based on my inputs and reference examples.
This text has been created with the help of automated policy generation and has not been reviewed by a professional. However, I have tried to make the policy as transparent and easy to understand as possible.
Information regarding the processing of personal data for the website and services of Elena Soroka.
1. Introduction & General Rights
Welcome to my Privacy Policy. This document explains how I, Elena Soroka, collect, process, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).
You have the following rights regarding your personal data:
- Right to access (Art. 15 GDPR): You can request information about your data processed by me.
- Right to rectification (Art. 16 GDPR): You can request correction of inaccurate data.
- Right to erasure (Art. 17 GDPR): You can request deletion of your data (“right to be forgotten”).
- Right to restriction of processing (Art. 18 GDPR).
- Right to data portability (Art. 20 GDPR).
- Right to object (Art. 21 GDPR): You can object to processing based on legitimate interests.
Supervisory Authority: If you believe your rights have been violated, you may lodge a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde), Barichgasse 40-42, 1030 Vienna.
2. Controller
The party responsible for data processing on this website is:
Elena Soroka
Vienna, Austria
(Please refer to the Legal Notice / Impressum for full contact details including email and phone number.)
3. Security & Hosting
Hosting (All-Inkl)
I use All-Inkl.com to host my website and email services. All-Inkl provides the technical infrastructure. When you visit my site, technical data (IP address, server logs) is processed automatically to ensure security and site stability.
Provider:ALL-INKL.COM – Neue Medien MünnichHauptstraße 6802742 FriedersdorfGermany
Location: Germany (EU)
Data Processed:
IP Address, Browser Type, Access Time, Referrer URL
Legal Basis:
Art. 6(1)(f) GDPR (Legitimate Interest)
Safeguards:
Data Processing Agreement (AV-Vertrag) concluded pursuant to Art. 28 GDPR.
4. Content Management System
WordPress
My website is built on the WordPress Content Management System. It handles the display of content and management of user interactions.
Provider:Automattic Inc.60 29th Street #343San Francisco, CA 94110USA
Location: USA (Third Country)
Data Processed:
Technical usage data, Cookies
Legal Basis:
Art. 6(1)(f) GDPR
Safeguards:
Standard Contractual Clauses (SCCs).
Divi Theme (Elegant Themes)
I use the Divi theme for the visual design of my website. While Divi is primarily a design framework, certain assets (fonts, icons) might be loaded from their servers.
Provider:Elegant Themes, Inc.1233 Howard St #2FSan Francisco, CA 94103USA
Location: USA (Third Country)
Data Processed:
IP Address (when loading external assets)
Legal Basis:
Art. 6(1)(f) GDPR
Safeguards:
Standard Contractual Clauses (SCCs).
5. Communication & Scheduling
WPForms
I use WPForms to provide a contact form on my website. When you send me a message, the data you enter is transmitted to me via email and stored in my website database for follow-up.
Provider:WPForms, LLC7732 Maywood Crest DrWest Palm Beach, FL 33412USA
Location: USA (Third Country)
Data Processed:
Name, Email Address, Message Content
Legal Basis:
Art. 6(1)(b) GDPR (Pre-contractual measures)
Safeguards:
Standard Contractual Clauses (SCCs).
Calendly
To simplify appointment booking, I use Calendly. When you book an appointment, your data is entered into the Calendly interface. This allows us to find a suitable time slot without back-and-forth emails.
Provider:Calendly LLC271 17th St NW, Ste 1000Atlanta, GA 30363USA
Location: USA (Third Country)
Data Processed:
Name, Email, Phone Number, Appointment Details
Legal Basis:
Art. 6(1)(b) GDPR (Contract performance)
Safeguards:
Data Processing Agreement (DPA) and Standard Contractual Clauses (SCCs).
Zoom
I use Zoom for video calls, webinars, and online meetings. If we have a scheduled call, data regarding the meeting (time, participants) is processed by Zoom.
Provider:Zoom Video Communications, Inc.55 Almaden Boulevard, 6th FloorSan Jose, CA 95113USA
Location: USA (Third Country)
Data Processed:
Video/Audio stream, Participant names, Chat content
Legal Basis:
Art. 6(1)(b) GDPR
Safeguards:
Standard Contractual Clauses (SCCs).
WhatsApp Business
I offer communication via WhatsApp Business for quick inquiries. Please note that by contacting me via WhatsApp, you consent to your phone number and message data being processed by Meta.
Provider:WhatsApp Ireland Limited4 Grand Canal SquareGrand Canal HarbourDublin 2Ireland
Location: Ireland (EU) (EU)
Data Processed:
Phone number, Message content, Profile name
Legal Basis:
Art. 6(1)(a) GDPR (Consent)
Safeguards:
Data transfers to parent company Meta Platforms Inc. (USA) are protected by SCCs.
6. Marketing & Newsletter
Brevo (formerly Sendinblue)
I use Brevo to manage my email newsletter. If you subscribe, your email address and name are stored on Brevo’s servers. I use the “Double Opt-In” procedure to ensure you truly want to receive emails.
Provider:Brevo SAS106 boulevard Haussmann75008 ParisFrance
Location: France (EU)
Data Processed:
Email address, Name, Interaction data (opens/clicks)
Legal Basis:
Art. 6(1)(a) GDPR (Consent)
Safeguards:
Data Processing Agreement (AV-Vertrag) concluded.
7. Analytics & Tracking
CookieYes
This tool provides the cookie consent banner on my website. It saves your privacy preferences (which cookies you allow or reject). No personal tracking data is stored by this tool itself, only your consent status.
Provider:CookieYes Limited3 Warren Yard, Warren ParkWolverton Mill, Milton KeynesMK12 5NWUnited Kingdom
Location: UK (Adequacy Decision) (Third Country)
Data Processed:
Consent status, IP address (anonymized)
Legal Basis:
Art. 6(1)(c) GDPR (Legal Obligation)
Safeguards:
Data Processing Agreement concluded.
Google Analytics 4 (GA4)
I use Google Analytics to understand how visitors interact with my website to improve my offers. GA4 uses artificial intelligence and cookies. IP anonymization is active by default. I have configured the settings to ensure maximum privacy.
Provider:Google Ireland LimitedGordon House, Barrow StreetDublin 4Ireland
Location: Ireland (EU) (EU)
Data Processed:
Usage data, Location (coarse), Device info
Legal Basis:
Art. 6(1)(a) GDPR (Consent via Cookie Banner)
Safeguards:
Data may be transferred to Google LLC (USA). Safeguarded by SCCs.
Matomo
As a privacy-friendly alternative, I may use Matomo analytics. If self-hosted, data never leaves my server infrastructure.
Provider:InnoCraft Ltd7 Waterloo Quay PO6256140 WellingtonNew Zealand
Location: New Zealand (Third Country)
Data Processed:
Anonymized IP, Usage data
Legal Basis:
Art. 6(1)(f) GDPR (Legitimate Interest)
Safeguards:
New Zealand has an adequacy decision from the EU Commission.
8. Internal Organization
Notion
I use Notion for my own internal structuring and project management. Here I plan the content of my offers. I do not create general customer lists here, but it may happen that I store filled-out questionnaires from you (including your name) to plan joint projects (e.g., VIP Days).
Provider:Notion Labs, Inc.548 Market StSan Francisco, CA 94104-5401USA
Location: USA (Third Country)
Data Processed:
Project notes, Questionnaire answers, Client Names
Legal Basis:
Art. 6(1)(f) GDPR (Legitimate Interest)
Safeguards:
Standard Contractual Clauses (SCCs) and Data Processing Agreement (DPA).
Trello
I use Trello for Kanban-style project management. Similar to Notion, this helps me organize tasks related to client projects.
Provider:Atlassian Pty LtdLevel 6, 341 George StreetSydney NSW 2000Australia
Location: Australia (Third Country)
Data Processed:
Task details, Project deadlines
Legal Basis:
Art. 6(1)(f) GDPR
Safeguards:
Standard Contractual Clauses (SCCs).
Last Updated: 18 February 2026
9. Social Media & Fonts
Social Media Profiles:
I maintain profiles on Instagram, Pinterest, Threads, TikTok, and LinkedIn. When you visit these platforms, the respective providers (Meta, TikTok Inc, Microsoft) are responsible for data processing. I have no direct influence on their tracking algorithms.
Google Fonts