Privacy Policy of KeyToBetterLife LLC

Last updated: December 1, 2025

1. Introduction

With this privacy policy, we inform you about which personal data we collect, how we process it, and for what purposes. Personal data includes all information that can directly or indirectly identify you.
The terms used are not gender-specific.

2. Data Controller

The controller for data processing is

KeyToBetterLife LLC
represented by Dr. med. Mariam Konner
30 North Gould Street
Sheridan
WY 82801
mariam@keytobetterlife.com
Germany +49 15679 710 323
USA: +1 (307) 527-0427

The legal notice can be found at [Link]

3. Types of Data Collected

Personal data is collected only to the extent necessary for contract fulfillment, appointment scheduling, and communication. Typically, this includes:

Master data (e.g. names, addresses)
Contact data (e.g. email, phone)
Content data (e.g. form inputs)
Contract and payment data (e.g. bank details, invoices)
Usage data (e.g. visit times, page views)
Meta-/communication data (e.g. IP addresses, browser info)

4. Purpose of Data Processing

Personal data is processed exclusively for the purposes specified in connection with the services offered. These typically include:

Compliance with legal obligations (e.g. accounting and tax retention duties
Fulfillment of contractual services and customer support
Creation of personalized hypnosis or coaching audios
Organization of appointments and handling of contact requests
Provision and optimization of our online services (e.g. web analytics)
Security measures
Compliance with legal obligations (e.g., accounting and tax retention duties)

5. Legal Bases

Consent (Art. 6 (1) (a) GDPR)
Contract performance (Art. 6(1)(b) GDPR)
Legal obligations (Art. 6 (1) (c) GDPR)
Legitimate interests (Art. 6 (1) (f) GDPR)
For special categories of data and transfers to third countries, special provisions apply (Art. 9, Art. 49 GDPR).

6. Disclosure to Third Parties

Your data will not be shared with third parties. Disclosure occurs only in the following exceptional cases:

if you have given your explicit consent,
if there is a legal obligation, or
if there is an acute danger to your life or the life of another person and disclosure is necessary to protect health and safety.

7. Confidentiality and Duty of Secrecy

All information obtained during sessions by KeyToBetterLife LLC is subject to professional confidentiality and is treated with strict confidentiality. Disclosure of this information occurs only if there is a legal obligation to disclose or if an acute threat situation (e.g., risk to self or others) necessitates it.

Sessions are generally not recorded. Audio, image, or video recordings by KeyToBetterLife LLC or by clients are expressly prohibited unless all parties involved have given prior written and explicit consent.

8. Cookies & Tracking

Use of Cookies

Our website uses cookies to make your experience more pleasant, secure, and efficient. Cookies are small text files stored on your device that contain certain information, for example, to save your login status, manage shopping carts, customize content, or analyze the use of our website. You can reject or delete cookies yourself via your browser settings, which may limit functionality. You can object to the use.

Consent Notice

We use cookies in accordance with legal regulations. Before using non-essential cookies, we obtain your express consent. Necessary cookies required to provide our service are exempt.

Legal Bases

The processing of your data is based either on your consent, because we have a legitimate interest in improving our offer, or because cookie use is necessary for contract fulfillment. You can adjust or object to your cookie settings at any time.

Storage Duration

Temporary cookies (session cookies) are deleted once you close your browser. Permanent cookies remain on your device and can be stored for up to two years depending on settings, for example, to save your preferences.

Withdrawal and Objection (Opt-Out)

You can adjust your cookie settings at any time or revoke the use of cookies, e.g., via browser settings or special opt-out sites (e.g., aboutads.info, youronlinechoices.com). You can also revoke your consent under Art. 7(3) GDPR or object to data processing under Art. 21 GDPR at any time. Please note that this may restrict the functionality of our website.

Essential Cookies and Services

Borlabs Cookie

We use Borlabs Cookie to manage cookie consent. Borlabs sets technically necessary cookies to store your consent settings. These cookies are essential for the operation of the website and cannot be disabled. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in legally compliant consent management).

WordPress System Cookies

WordPress uses essential cookies that are required for website functionality (e.g. login, session cookies). These cookies do not store personal data. Legal basis: Art. 6(1)(f) GDPR.

WPML – Multilingual support

WPML sets cookies to store the selected language and maintain it across pages. Cookies used: _icl_current_language, wpml_browser_redirect_test. Legal basis: Art. 6(1)(f) GDPR (providing a multilingual website).

Wordfence

We use Wordfence to protect our website from attacks and malicious traffic. Wordfence sets cookies to detect and prevent security threats. Legal basis: Art. 6(1)(f) GDPR (ensuring IT security).

External Services – Consent Required

Meetergo – Appointment Scheduling

We use Meetergo to offer online appointment scheduling. When loading the booking widget, personal data (e.g. IP address, browser information) is transferred to Meetergo and its hosting provider Amazon Web Services (AWS). The widget is only loaded after your explicit consent via our cookie banner / content blocker.

Provider: Meetergo GmbH, Düsseldorf, Germany. Privacy Policy: https://meetergo.com/en/data-privacy.
Legal basis: Art. 6(1)(a) GDPR (consent).

9. Contact Forms & Communication

Data for processing inquiries is used only with consent and is not shared.

10. Security Measures

To protect your data, we implement technical and organizational measures.

SSL/TLS Encryption
All data transmissions are encrypted via https (SSL encryption) to protect data you transmit through our online offering. You can recognize such encrypted connections by the prefix https:// in your browser’s address bar.
Storage Duration & Deletion
Personal data is stored only as long as necessary for the purpose or legally required, then deleted or anonymized. This means for contract and contact data: for the duration of the program and according to legal retention periods (usually 7 years for invoices). Intake forms, session notes, and audio recordings are kept for a maximum of 12 months after program completion, unless you expressly request longer retention.

11. Rights of the Data Subject

You have the right to access, rectification, deletion, restriction, objection, data portability, and to lodge complaints with supervisory authorities. These rights are granted to you under the GDPR, in particular Articles 15 to 21:

Your rights regarding your data:

Access: You may request confirmation as to whether and which personal data we process about you. You also have the right to information about processing purposes, categories, recipients, storage duration, origin of your data, and further details.
Rectification: You can have incorrect or incomplete data corrected.
Deletion: You have the right to request deletion of your data stored with us (“right to be forgotten”), unless statutory or contractual retention obligations prevent this.
Restriction of processing: Under certain conditions, you can request a restriction of processing, e.g., if you dispute the accuracy of your data or if the processing is unlawful.
Data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format or to have it transmitted to another controller.
Withdrawal and objection: If processing is based on your consent, you may withdraw it at any time. You also have the right to object to the processing of your data, e.g., for advertising or data analysis purposes.
Right to lodge a complaint with the supervisory authority
You have the right, according to legal provisions, to file a complaint with a supervisory authority, especially in the member state of your habitual residence, workplace, or the location of the alleged infringement, if you believe the processing of your personal data violates the GDPR. This right is independent of other legal options and remedies.

Important: If you believe your data protection rights are violated, you may also contact us directly. We strive to respect your rights and ensure your data protection at all times.

If you need further assistance with legal or formal translation, feel free to ask.

12. Data Processing in Third Countries

Data transfers to third countries (e.g., USA) take place only with protective measures (standard contractual clauses, Data Privacy Framework).
When personal data is transferred to a third country outside the European Union (EU) or the European Economic Area (EEA), or processed within third-party services, this always occurs in compliance with legal requirements.

Without explicit consent or a legally or contractually required transfer, data is only processed in countries with an adequate level of data protection, through contractual obligations such as the EU Commission’s standard contractual clauses, certifications, or internal data protection regulations (Art. 44–49 GDPR). Further information can be found on the EU Commission website.

Data transfers to the USA and the Data Privacy Framework (DPF)
Within the framework of the “Data Privacy Framework” (DPF), which has been recognized as adequate by the EU Commission since July 10, 2023, certain US companies may process personal data in accordance with European data protection standards. A list of certified companies and further information is available on the US Department of Commerce website.

13. External Service Providers

We cooperate with hosting providers, payment services, analytics tools, and video conferencing providers that comply with GDPR.

14. Use of Video Conferencing and Appointment Booking Platforms

a. Microsoft Teams

i. Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA, USA
ii. Purpose: Conducting online meetings, video conferences, team communication
iii. Processed Data: Names, email addresses, audio and video data, usage data
iv. Legal Basis: Art. 6(1)(b) GDPR for contract performance; alternatively Art. 6(1)(f) GDPR for legitimate interest; § 26 BDSG for employees
v. Special Features: Microsoft is certified under the Data Privacy Framework (DPF), end-to-end encryption is not applied to all data, data processing also occurs outside Germany (USA), Microsoft offers GDPR-compliant settings and EU standard contractual clauses.

b. Meetergo

i. Provider: meetergo GmbH, Im Mediapark 5, 50670 Cologne, Germany
ii. Purpose: GDPR-compliant appointment scheduling and meeting coordination
iii. Processed Data: User information (e.g., name, email address, phone number), appointment data
iv. Legal Basis: Art. 6(1)(b) GDPR (contract performance), Art. 6(1)(f) GDPR (legitimate interest in user-friendly scheduling).

c. Webex

i. Provider: Cisco Systems, Inc., San Jose, CA, USA
ii. Purpose: Conducting video conferences, webinars, and online meetings
iii. Processed Data: User data such as name, email, IP address, meeting data (audio, video, chat)
iv. Legal Basis: Art. 6(1)(b) GDPR for contract performance, Art. 6(1)(f) GDPR for legitimate interest
v. Special Features: Webex offers end-to-end encryption for meetings, has data centers in Germany, supports GDPR-compliant data processing.

d. Use of Alternative Platforms (e.g., Google Meet, Zoom, redconnect)

In exceptional cases, upon client request or due to technical problems, alternative services such as Google Meet, redconnect, or Zoom may be used.

Important Notice for All Platforms:
Some platforms cannot guarantee full GDPR compliance, especially regarding data processing by providers based in the USA, unclear storage practices, or lack of evidence for data protection-compliant data processing according to EU law. Use is exclusively with the explicit consent of the client and on the condition that the associated data protection risks are sufficiently acknowledged. I assume no liability or responsibility for any data protection risks.

15. Copyright and Protection of Content

All content provided or conveyed during the sessions, especially personalized audio recordings, is subject to copyright. The use, duplication, distribution, sale, or publication of this content is prohibited without the express written permission of the rights holder.

Violations of these regulations may result in legal consequences.

16. Liability & Changes

General Disclaimer

All information on this website has been carefully checked. Despite our efforts for accuracy, correctness, and completeness, errors cannot be entirely excluded. We do not guarantee the accuracy, completeness, or timeliness of the content, especially for journalistic-editorial information.
The publisher may change or delete content at any time without notice and is not obligated to regularly update the website. Use of the website is at your own risk. We are liable for material or non-material damage caused by the use of the offered information only in cases of proven intentional or grossly negligent conduct.
We assume no responsibility for the contents and availability of external websites accessible via links. The content of these external sites is solely the responsibility of their operators. The publisher expressly distances itself from illegal or objectionable content of third parties.

Changes

We reserve the right to update these notes at any time without prior notice. The current version is published on the website. For contractual agreements, we will inform you of changes via email or other appropriate means.