Yuki Carlsson

1. Controller and Contact

Controller (legal name): Dr Carolin Lutz (operating as “Yuki Carlsson”)
Email (privacy contact): legal@yukicarlsson.com
Postal address: Erbigweg 15, 63743 Aschaffenburg, Germany

2. Scope of This Privacy Policy

This Privacy Policy explains how we process personal data when you:

  • visit our website
  • book calls via Calendly and attend calls via Google Meet
  • purchase digital products and services via our website (WooCommerce)
  • receive emails via MailerLite
  • join and participate in our Circle community (programme area)
  • interact with us for professional outreach (e.g., LinkedIn; Dripify where used)

3. Overview of Key Data Flows

A) Call Booking and Calls

  1. You book a call via Calendly (name, email address, answers to booking questions, scheduling metadata).
  2. Calendly creates the meeting in Google Meet (meeting/event details).
  3. Zapier transfers selected data to:
    • MailerLite (call-related emails and group/tag updates)
    • Google Sheets (lead tracking)

B) Purchases (Digital Products and Services)

  1. WooCommerce collects order data (name, email address, billing address, order details, transaction metadata).
  2. Payment is processed via the payment method you choose at checkout (currently WooPayments and PayPal).
  3. Zapier transfers selected data to:
    • MailerLite (customer groups/tags and transactional/service emails)
    • Google Sheets (sales tracking)

C) Programme and Community (Circle)

  1. You join via an invite link. Circle processes your account and community participation data.
  2. Circle hosts programme content and mentoring calls (live rooms) and, where enabled, replays.
  3. Some programme materials may be provided via Google Workspace/Google Drive (Docs, Sheets, Slides, PDFs), depending on the specific resource.

D) Outreach and Networking (LinkedIn + Dripify)

  1. For professional outreach (e.g., podcast hosts), we may process business contact data from LinkedIn (profile info, messages, interaction history).
  2. Where used, Dripify processes and automates outreach workflows and may store outreach logs.
  3. We may store selected outreach details in Google Sheets for relationship tracking.

4. Categories of Personal Data We Process

A) Website usage data

  • IP address (often shortened), device/browser data, timestamps, pages visited, referrer URL
  • Cookie identifiers (depending on your consent settings)

B) Call booking data

  • Name, email address
  • Scheduling details (availability, time zone, event details)
  • Responses to booking questions

C) Purchase data

  • Name, email address, billing address
  • Order contents, invoices, payment status, transaction IDs
  • Customer communications (support requests, administrative messages)

D) Programme and community data (Circle)

  • Profile data (name, photo, bio, optional profile fields)
  • Participation data (posts, comments, reactions)
  • Direct messages and group messages inside Circle
  • Files and submissions you upload (e.g., worksheets)
  • Attendance/participation metadata (e.g., live room participation)

E) Call content and recordings

  • Audio/video and chat messages, where a session is recorded and/or where chat is used

F) Special category data (only if you voluntarily share it)

If you choose to share health-related information (for example stress symptoms, burnout, diagnoses), this may constitute special category personal data under GDPR.

5. Purposes and Legal Bases (GDPR)

We process personal data for the following purposes and legal bases:

A) Website operation and security

  • Purpose: provide the website, ensure stability and security, prevent abuse
  • Legal basis: legitimate interests (Art. 6(1)(f))

B) Call booking and delivery

  • Purpose: schedule and conduct discovery/strategy/collaboration calls; communicate logistical information
  • Legal basis: pre-contract steps / contract (Art. 6(1)(b)) and legitimate interests for operations (Art. 6(1)(f))

C) Purchases and fulfilment

  • Purpose: process orders, deliver digital products/services, manage invoices and customer support
  • Legal basis: contract (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c)) for accounting/tax records

D) Email communications

  • Service emails: booking confirmations, prep emails, transactional and programme administration
    • Legal basis: contract / pre-contract (Art. 6(1)(b))
  • Newsletter and updates: insights and product updates (subscription-based)
    • Legal basis: consent (Art. 6(1)(a))
    • You can unsubscribe at any time via the link in each email.

E) Programme and community delivery (Circle)

  • Purpose: provide access to materials, community interaction, mentoring delivery, moderation and safety
  • Legal basis: contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f))

F) Recordings and replays

  • Purpose: provide replays for participants (service delivery)
  • Legal basis: contract (Art. 6(1)(b)) and/or consent (Art. 6(1)(a)), depending on the specific context and applicable law

G) Special category data

  • Purpose: mentoring/support in situations where you voluntarily share such information
  • Legal basis: explicit consent (Art. 9(2)(a)) where required
  • You can choose not to share sensitive information.

6. Programme and Community (Circle)

Visibility in the community

  • Content you post in shared spaces (posts/comments) is visible to members who have access to those spaces.
  • Your profile information may be visible to other members according to the Circle community settings.

Moderation

We may review and moderate content to maintain a respectful and safe environment, enforce community rules, and prevent abuse.

Leaving the community

  • If your paid term ends, your access to premium spaces ends. You may still remain in free community spaces.
  • If you leave the community or delete your Circle account, Circle applies its account deletion mechanisms.
  • To preserve conversation continuity, posts and comments may remain visible in the community unless you request deletion, subject to legal obligations and the rights and freedoms of others. Where appropriate, we may anonymise content instead of deleting it.

7. Calls and Recordings

Google Meet

Discovery/strategy/collaboration calls are conducted via Google Meet.

Circle Live Rooms

Client mentoring calls are conducted via Circle Live Rooms.

Recordings

  • Some sessions may be recorded to provide replays to participants.
  • Information about recordings is provided in the session/event description and programme terms.
  • Where enabled, Circle may display an in-room recording indicator.
  • You may keep your camera off, participate via chat only, or submit questions in advance.

Testimonials and marketing use (separate permission)

  • Anonymous testimonials may be used as described in the programme terms.
  • If we wish to use a testimonial in a way that identifies you (name, handle, voice, video, photo), we will request your consent.
  • If a testimonial includes sensitive information, we will request your explicit consent.
  • You can withdraw consent for future use at any time.

8. Recipients and Processors

We use selected service providers (“processors”) to operate our website, deliver calls and the programme, and manage communications.

Core processors

  • WordPress.com / Automattic (hosting, domain, and website infrastructure)
  • WooCommerce (store system)
  • WooPayments (payment processing)
  • Stripe (payment infrastructure for WooPayments)
  • PayPal (payment processing)
  • Calendly (call scheduling)
  • Google (Meet, Sheets, Docs, Drive) (calls, operational tracking, and programme materials where applicable)
  • Circle (community platform and programme delivery)
  • MailerLite (email delivery and automations)
  • Zapier (automation and data transfer)
  • LinkedIn (professional networking/outreach)
  • Dripify (outreach automation, where used)
  • Titan Email (email mailbox hosting for @yukicarlsson.com addresses)

Website tracking and advertising integrations

  • Depending on your consent choices, our website may use tracking and advertising technologies from providers such as Meta/Facebook and Google (for example via site integrations like “Facebook for WooCommerce” and “Google for WooCommerce”), as described in our Cookie Policy.

9. International Transfers

Some of the processors listed above may process data outside the EEA/UK (for example in the United States). Where applicable, transfers rely on adequacy decisions or appropriate safeguards (such as Standard Contractual Clauses) and supplementary measures.

10. Retention

We retain personal data only as long as necessary for the purposes described above.

  • Call booking data (Calendly): typically up to 12 months after the call date, unless you become a client.
  • Lead lists and outreach logs (Google Sheets / Dripify): typically up to 24 months after last interaction.
  • Do-not-contact records: if you ask us not to contact you again, we may retain a minimal record (e.g., email address + “do-not-contact” status) to respect your preference.
  • Orders, invoices, and accounting records: retained for the legally required period under applicable tax/commercial law.
  • Programme/community (Circle): retained for the duration of your membership and thereafter according to account settings, deletion requests, and legal requirements.
  • Recordings: replays are available while you have access to premium spaces. Recordings are typically deleted after 12 months, except for excerpts you have consented to for testimonials/marketing.
  • Email marketing: until you unsubscribe or withdraw consent; we keep a minimal suppression record to respect opt-outs.

11. Your Rights (GDPR)

Depending on your location and applicable law, you may have the right to:

  • request access to your personal data
  • request rectification
  • request erasure
  • request restriction of processing
  • request data portability
  • object to processing based on legitimate interests
  • withdraw consent at any time where processing is based on consent
  • lodge a complaint with a supervisory authority (e.g., in your habitual residence, place of work, or place of the alleged infringement)

How we handle access requests

Because we use multiple systems (e.g., Circle, MailerLite, Calendly, WooCommerce), we may provide your data in multiple files and may redact information where necessary to protect the rights and freedoms of others.

12. Cookies and Tracking

We use cookies and similar technologies to operate our website and, depending on your consent choices, for analytics and marketing. Details (including cookie categories and detected services) are provided in our Cookie Policy and managed via our cookie banner.

13. Security

We apply appropriate technical and organisational measures to protect personal data, including access controls, least-privilege principles, and the use of reputable service providers with security safeguards.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The current version will be published on this page with an updated effective date. Where changes are material, we may additionally notify you by email.