A village in the Zurich highlands area of Switzerland

Data protection

Privacy concerns are very important to me. Currently, just about every company claims that to be the case, but I do have some actual credentials in this area, in particular relating to my activities in the context of the Swiss NGO Digitale Gesellschaft, where I have served as president for some time.

Personal data is defined as “any information relating to an identified or identifiable natural person”.

Such personal data is unavoidably generated when anyone communicates with me in writing, as in practically every case, letters, email addresses, and email messages are personal data. I read, store and archive letters and emails which I receive so that I can answer them, and so that I can find them later.

Letters and email messages are not automatically processed in any other way. I will not use postal addresses or email addresses received in this way for any purpose except possibly for writing to you personally. So you can write to me without risk of thereby getting yourself added to a marketing mailing list of any kind.

The same applies when someone provides me with their contact information in any other way, for example by giving me their business card.

In the case of oral conversations, I sometimes write, exclusively for my personal purposes of being able to remind myself, brief notes on where we have met and/or on what we talked about, together with the relevant contact information, so that I can personally contact you again.

I do this systematically in the case of business networking contacts of all kinds.

When I have a reason to do so, I will also find published contact information, e.g. on websites or on LinkedIn.

I will use contact information collected in any of the above-mentioned ways only when seeking to contact someone personally, individually. (I am quite strongly opposed to practices of “list-building” where people are added to mailing lists without explicitly requesting that.)

When someone requests a subscription to my Thoughtsletter, their email address is, of course, stored and used for that purpose. The subscription request emails are archived together with the relevant data for authenticity validation, so that I can use them as evidence if I ever get accused of having sent an unsolicited automated email (i.e. spam) to a specific email address.

When I make an appointment with someone, I always note the appointment in my electronic agenda, because I would probably forget about most of my appointments if I didn't do that.

When I coach someone, I create electronic records in regard to whom I have coached, as well as the date, time and duration of the coaching sessions. The only way in which this information is processed in an automated manner is to determine the total amount of time that I have spent coaching during a given period of one or more months. I also keep the coachee's contact information and the written coaching agreement.

I similarly also keep track of my activities in the context of consulting projects.

Most information in relation to business communications and business activities is deleted when it is between ten and eleven years old. For most kinds of data, the time period which determines its age in this sense starts when I receive or create the data. However, for archived thoughtsletter subscription requests, this time period starts when the subscription ends. For my personal notes e.g. about where I have met someone and for their contact information, this time period is measured from the last time that I have received any form of communication from them.

In addition, you can ask me at any time to immediately delete all personal data concerning you to the extent that it is legal for me to do so. (I am legally required to keep copies of some kinds of documents, e.g. invoices that I send, for ten years.)

I have organised my business activities so that they avoid generating personal data in any other way except as documented here. In particular, I do not create any kind of records about the content of coaching conversations. My business website is hosted on a webserver which I have personally set up to avoid generating logfiles that would contain personal information. (This uses the “anonip” logfile anonymisation tool.)

This website does not use cookies, or “tracking pixels”, or profiling, or any kind of external “web analytics”, or externally hosted graphics or fonts.

In my interactions with professional organizations in the field of coaching such as the International Coach Federation (ICF), I have a need to be able to not only make claims about my total number of coaching hours, but in addition to allow them to potentially audit my records to allow them to verify the truth of my claims.

Such potential audits aside, I will, to the extent that is legally possible, avoid disclosing to anyone any of the personal information that I have collected in the context of my professional activities.

The legal basis of all my processing of personal data consists, on one hand, in the fact that when someone sends me an email or otherwise communicates their contact information, by the very act of communication, implicitly permission is given to receive and store the contents of the communication. On the other hand, the permission to create records of my coaching activity, containing the information whom I have coached, when, and for how long, is based on the written coaching agreement.

You have all the rights foreseen in the Swiss data protection law (Datenschutzgesetz, DSG) and in the EU's General Data Protection Regulation (GDPR), including in particular, the right of access to and rectification or erasure of your personal data, the right to object to processing of your personal data, the right to data portability, and the right to lodge a complaint with a supervisory authority. In practical terms, as the only processing which takes place is for purposes of storing the information so that I can access it, any objection to processing will be addressed by means of erasure of the data. In the case of requests based on the right to data portability, emails will be provided in mbox format, all other information in csv format. All requests on the basis of these rights will be acknowledged and executed promptly.

Name and address of the “controller”

An important notion in the context of the Swiss data protection law (Datenschutzgesetz, DSG), the EU's General Data Protection Regulation (GDPR), and other data protection laws is the notion of the “controller” of the data. In this case this is:

Norbert Bollow Coaching and Framework Solutions
Weidlistrasse 18
CH-8624 Grüt
Switzerland

Phone: +41 44 972 20 59
Email: info@nb.clearthink.ing
Website: https://clearthink.ing/

EU representative

As foreseen in Article 27 of the EU's General Data Protection Regulation (GDPR), there is, in addition to the above-mentioned “controller” of the data, an EU representative who can be contacted in addition to or instead of the above-mentioned “controller”, on all issues related to the processing of personal data by this company.

This EU representative is:

Mrs.
Dr. Anna Bollow-Mannzen
Ludwig-Finckh-Weg 10
D-78343 Gaienhofen
Germany