Privacy Policy
1. Controller of This Website
This website is operated by:
Sara Rahimi
The Wealth Lab
Belfortstraße 9
50668 Köln
Germany
Email:
sarahrahimi.official@yahoo.com
info@thewealthlab.de
support@thewealthlab.de
contact@thewealthlab.de
For privacy-related requests, users may contact us at:
info@thewealthlab.de
We process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable German data protection laws.
2. General Information About Data Processing
We collect and process personal data only where this is necessary to operate this website, respond to inquiries, provide consultation services, improve our services, manage customer relationships, or comply with legal obligations.
Personal data means any information that can identify a person directly or indirectly, such as name, email address, phone number, IP address, financial information, or communication history.
3. Categories of Personal Data We Process
We may process the following categories of data:
Personal identification data
Name
Email address
Phone number
Address, if provided
Communication data
Emails
Contact form messages
Call notes
Appointment requests
Messages submitted through forms or platforms
Financial and consultation data
Income-related information
Insurance-related information
Pension planning data
Investment preferences
Financial goals
Household or family-related financial information, if voluntarily provided
Information submitted through calculators, questionnaires, or consultation forms
Technical data
IP address
Browser type and version
Device information
Operating system
Access time
Referrer URL
Server log files
Account and community data
Login credentials
Profile information
Community registration data
Participation data
Submitted answers or preferences
Marketing and analytics data
Cookie consent choices
Website behavior
Analytics data
Advertising interaction data
Campaign source data
4. How We Collect Personal Data
We collect personal data when users:
Visit this website
Submit a contact form
Book an appointment
Register for a community, program, webinar, or event
Use a calculator or financial tool
Subscribe to email communication
Contact us by email or phone
Interact with embedded content, social media links, or third-party tools
Leave comments, if comments are enabled
5. Purposes of Processing
We process personal data for the following purposes:
To operate and secure this website
To respond to inquiries
To schedule consultations
To provide financial consultation and strategic planning services
To prepare individual recommendations or calculations
To manage client relationships through CRM and automation systems
To send service-related communication
To send marketing emails, where consent exists
To improve our website, services, and user experience
To analyze website performance
To run advertising and retargeting campaigns, where consent exists
To manage community registrations and user accounts
To comply with legal obligations
6. Legal Basis for Processing
We process personal data based on the following legal grounds:
Art. 6(1)(a) GDPR – Consent
For cookies, analytics, marketing emails, advertising tracking, newsletter subscriptions, and optional form submissions.
Art. 6(1)(b) GDPR – Contractual or pre-contractual necessity
For responding to consultation requests, preparing appointments, providing services, and processing information needed before or during a client relationship.
Art. 6(1)(c) GDPR – Legal obligation
Where we must retain or process data to comply with legal, tax, commercial, or regulatory obligations.
Art. 6(1)(f) GDPR – Legitimate interest
For website security, basic technical operation, fraud prevention, internal organization, customer relationship management, and service improvement, provided that the user’s rights do not override our interests.
7. Contact Forms and Inquiries
When users contact us through forms, we may collect name, email address, phone number, message content, and any other information voluntarily submitted.
We use this data to respond to inquiries, provide information, schedule appointments, and prepare consultation services.
The legal basis is Art. 6(1)(b) GDPR where the request relates to services, and Art. 6(1)(f) GDPR for general communication and internal organization.
8. Appointment Booking
We may use appointment booking tools such as Calendly or similar services.
When users book an appointment, data such as name, email address, phone number, selected time, time zone, and answers to booking questions may be processed.
This data is used to schedule and manage consultations.
Third-party booking providers may process data outside the European Union. Where required, appropriate safeguards are used.
9. Online Meetings
We may conduct consultations or meetings through tools such as Zoom, Google Meet, or similar providers.
During online meetings, personal data such as name, email address, meeting metadata, audio, video, chat messages, and shared information may be processed.
Meetings are not recorded unless users are informed in advance and, where required, have given consent.
10. CRM and Automation Systems
We may use CRM, automation, and client management systems to store and manage user and client information.
This may include:
Contact details
Submitted form data
Consultation notes
Communication history
Appointment history
Client status
Financial planning information
Marketing preferences
The purpose is to manage client relationships, improve service delivery, organize follow-ups, and provide a structured consultation experience.
11. Financial Data and Calculators
We may collect financial information through forms, questionnaires, calculators, pension planning tools, investment-related tools, or consultation processes.
This may include income data, savings goals, pension-related data, investment preferences, insurance-related details, and other financial information voluntarily provided by users.
This data is used only for analysis, preparation of consultations, strategy development, and service delivery.
We do not sell financial data to third parties.
12. Community, Membership, and User Accounts
Users may register for communities, programs, webinars, events, or restricted areas of this website.
During registration, we may collect name, email address, phone number, login credentials, profile information, and answers to registration questions.
If user accounts are created, passwords are stored in encrypted form where technically supported by the platform.
Users are responsible for keeping their login credentials confidential.
13. Email Communication and Marketing
We may send users service-related emails, appointment confirmations, follow-ups, and relevant information.
Marketing emails, newsletters, or promotional communication are sent only where legally permitted or where the user has given consent.
Where required, we use a double opt-in procedure.
Users can unsubscribe from marketing communication at any time.
14. Phone Communication
If users provide a phone number, we may contact them by phone for appointment scheduling, consultation preparation, follow-ups, or service-related communication.
The legal basis is Art. 6(1)(b) GDPR for service-related communication and Art. 6(1)(a) GDPR where consent is required.
15. Hosting and Server Log Files
This website is hosted by a third-party hosting provider.
When users visit this website, the hosting provider may automatically collect server log data, including IP address, browser type, operating system, date and time of access, visited pages, and referrer URL.
This processing is necessary for website operation, security, troubleshooting, and abuse prevention.
The legal basis is Art. 6(1)(f) GDPR.
16. Cookies and Consent Management
This website uses cookies and similar technologies.
Cookies may be used for:
Website functionality
Security
Consent management
Analytics
Marketing
Embedded content
User preferences
Users can manage their cookie preferences through the cookie banner and privacy settings.
Non-essential cookies are used only after consent has been given.
17. Cookie Policy
Detailed information about cookies, cookie categories, cookie duration, and third-party cookies is provided in our separate Cookie Policy.
The Cookie Policy is generated and maintained through our cookie consent management tool.
18. Analytics
We may use analytics tools such as Google Analytics or similar services to understand how users interact with this website.
Analytics tools may process data such as page views, device information, approximate location, browser data, interactions, and usage behavior.
Analytics cookies and tracking technologies are used only with consent, where required.
IP anonymization and consent-based tracking are used where technically available.
19. Advertising and Meta Pixel
We may use advertising tools such as Meta Pixel, Google Ads, or similar services.
These tools may help us measure campaign performance, optimize advertising, and show relevant content to users.
Advertising and retargeting technologies are used only with consent, where required.
Data may be processed by third-party providers, including providers outside the European Union.
20. Google Services
We may use Google services such as Google Analytics, Google Fonts, Google Maps, Google reCAPTCHA, Google Meet, or other Google tools.
Depending on the service, Google may process technical data, IP addresses, device information, usage data, location-related data, or interaction data.
Where possible, we configure Google services in a privacy-friendly way, including consent-based loading, IP anonymization, or local hosting of fonts.
21. Google Fonts
This website may use Google Fonts or locally hosted fonts.
Where fonts are loaded from Google servers, technical data such as IP address may be transmitted to Google.
Where possible, Google Fonts are self-hosted to reduce external data transfers.
22. Google reCAPTCHA
We may use Google reCAPTCHA or similar tools to protect forms against spam and abuse.
reCAPTCHA may process IP address, browser data, device data, interaction behavior, and other technical information.
Where required, reCAPTCHA is loaded only after consent.
23. Embedded Content
This website may include embedded content from third-party providers, such as YouTube, Vimeo, Google Maps, Instagram, LinkedIn, or similar platforms.
Embedded content may behave as if the user visited the third-party website directly.
These providers may collect data, use cookies, track interactions, and process data outside the European Union.
Where possible, embedded content is blocked until the user gives consent.
24. Social Media Links
This website may contain links to social media platforms such as LinkedIn, Instagram, Facebook, TikTok, WhatsApp, or similar platforms.
When users click these links, they leave our website. The privacy policies of the respective platforms apply.
We are not responsible for the data processing of external social media platforms.
25. Comments
If comments are enabled on this website, we may collect the data shown in the comment form, the user’s IP address, browser user agent, and comment content.
This data may be used for spam detection, moderation, and website security.
If Gravatar or similar services are used, an anonymized email hash may be transmitted to check whether the user has a profile image.
26. Plugins and Website Tools
This website uses WordPress plugins and technical tools to provide functionality, security, performance optimization, forms, popups, caching, SEO, analytics, and consent management.
Some plugins may process personal data depending on their function.
We aim to use plugins in a privacy-conscious way and limit processing to what is necessary.
27. Data Transfers Outside the European Union
Some third-party providers may process personal data outside the European Union or the European Economic Area.
Where data is transferred internationally, we rely on appropriate safeguards, such as EU Standard Contractual Clauses, adequacy decisions, or other legally recognized transfer mechanisms.
28. Data Processing Agreements
Where required, we conclude data processing agreements with service providers that process personal data on our behalf.
This applies especially to hosting providers, CRM providers, email providers, analytics providers, form tools, and automation systems.
29. Data Retention
We store personal data only as long as necessary for the purposes described in this Privacy Policy.
Retention periods depend on:
The type of data
The purpose of processing
Legal retention obligations
Contractual requirements
User consent
Legitimate business needs
If data is no longer needed, it will be deleted or anonymized unless legal retention obligations require further storage.
30. Data Security
We use appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.
This includes SSL/TLS encryption, access restrictions, secure systems, and reasonable administrative safeguards.
However, no online transmission or storage system can be guaranteed to be completely secure.
31. SSL / TLS Encryption
This website uses SSL/TLS encryption.
Users can recognize an encrypted connection by the lock symbol in the browser address bar and the use of “https://”.
32. Data Minimization
We collect only the personal data that is necessary for the purposes described in this Privacy Policy.
Users should not submit sensitive or unnecessary information unless it is required for the requested service or consultation.
33. Profiling and Analysis
We may analyze user-provided information to prepare personalized consultation strategies, financial planning structures, or service recommendations.
We do not use fully automated decision-making that produces legal effects or similarly significant effects on users.
Any financial consultation or recommendation is reviewed in a human-led process.
34. User Rights
Users have the following rights under GDPR:
Right of access
Right to rectification
Right to erasure
Right to restriction of processing
Right to data portability
Right to object to processing
Right to withdraw consent
Right to lodge a complaint with a supervisory authority
Requests can be sent to:
35. Right to Withdraw Consent
Users may withdraw consent at any time with future effect.
The withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.
Cookie consent can be changed through the privacy settings on this website.
36. Right to Object
Users have the right to object to processing based on legitimate interests under Art. 6(1)(f) GDPR.
Users may also object to direct marketing at any time.
If users object to direct marketing, their personal data will no longer be processed for that purpose.
37. Right to Lodge a Complaint
Users have the right to lodge a complaint with a competent data protection supervisory authority if they believe that the processing of their personal data violates applicable data protection laws.
38. Obligation to Provide Data
Users are not legally required to provide personal data through this website.
However, certain services, such as appointment booking, consultation preparation, community registration, calculators, or contact requests, may not be available without the necessary data.
39. No Sale of Personal Data
We do not sell personal data.
Personal data is shared only where necessary for website operation, service delivery, communication, legal compliance, or with user consent.
40. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, technologies, legal requirements, or business operations.
The current version is available on this website.
41. Financial Services Disclaimer
The information provided on this website and during initial communications is for general informational purposes only.
It does not constitute legally binding financial, tax, legal, or investment advice.
Individual financial decisions should be made based on a personal consultation and the user’s specific circumstances.
Investment products involve risks, including possible loss of capital, and past performance does not guarantee future results.