Privacy Policy

Florian Lanzer – Coaching for Personal Development and Transformation (brand: Lucid Horizons)

1. Controller 

The responsible party for data processing on this website is: Florian Lanzer – Coaching for Personal Development and Transformation (brand: Lucid Horizons), e-mail: florian@lucid-horizons.com As the controller, I am responsible for deciding on the purposes and means of processing your personal data.

2. Data Collected 

When you use this website or contact me, I may collect the following categories of data:

  • Contact details: name, e-mail, phone number, address

  • Booking details: data submitted when booking sessions via Calendly

  • Newsletter data: e-mail address provided when signing up for the newsletter via Squarespace

  • Communication data: information you share when contacting me by e-mail or through forms on this website

  • Billing details: name, address, and payment-related information required for invoicing

  • Sensitive data: in the context of coaching or intake, you may voluntarily share health-related or personal background information so that sessions can be tailored appropriately

I do not collect data beyond what is necessary for communication, service delivery, invoicing, and legal obligations.

3. Purpose of Processing 

Your data is processed for the following purposes:

  • Responding to inquiries and communication

  • Organizing and delivering coaching, advisory, and facilitation services

  • Scheduling appointments via Calendly

  • Sending newsletters, if you have subscribed

  • Fulfilling contractual and billing obligations

  • Meeting legal and tax requirements

Sensitive data is only processed with your explicit consent and solely to tailor coaching and facilitation to your needs.

4. Legal Basis 

Data is processed according to:

  • Art. 6(1)(b) GDPR – performance of a contract or pre-contractual measures

  • Art. 6(1)(a) GDPR – your consent (e.g. newsletter, analytics cookies, sensitive data)

  • Art. 6(1)(c) GDPR – compliance with legal obligations (e.g. invoicing)

  • Art. 6(1)(f) GDPR – legitimate interests (e.g. efficient communication and service delivery)

Sensitive data (e.g. health-related information) is only processed based on Art. 9(2)(a) GDPR – your explicit consent.

5. Data Sharing 

Your data may be shared with the following processors:

  • Squarespace, Inc. (USA): website hosting, newsletter, and website analytics

  • Calendly, LLC (USA): appointment booking system

  • IONOS SE (Germany): e-mail hosting provider

  • Tax authorities: where legally required for invoicing and bookkeeping

Data transfers to the USA (Squarespace, Calendly) are based on the EU Standard Contractual Clauses, and where applicable on the providers' certification under the EU–US Data Privacy Framework.

6. Data Retention

  • Contact and communication data: until your request is resolved

  • Client and booking data: for the duration of the business relationship

  • Billing data: retained for at least 10 years under German tax law

  • Sensitive data: only for as long as necessary to deliver services, or until you request deletion

7. Your Rights 

You have the right to:

  • Request access to your personal data (Art. 15 GDPR)

  • Request rectification of incorrect data (Art. 16 GDPR)

  • Request erasure of your data (Art. 17 GDPR)

  • Restrict processing (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR)

  • Withdraw consent at any time (Art. 7(3) GDPR)

  • Lodge a complaint with a supervisory authority (Art. 77 GDPR)

8. Cookies and Tracking 

This website uses cookies. Strictly necessary cookies are required for the website to function. In addition, with your consent, Squarespace Analytics uses cookies to help me understand how the website is used so I can improve it. Non-essential cookies, including analytics cookies, are only set after you give your consent through the cookie banner. You can withdraw or change your consent at any time, and you can also control cookies through your browser settings. Where analytics cookies involve data processing in the USA, this is based on the safeguards described in section 5.

9. Security 

Appropriate technical and organizational measures are in place to protect your data against unauthorized access, loss, or misuse.

10. Updates 

This privacy policy may be updated to reflect legal or technical changes. The latest version will always be published on this page.