www.handandheart.eu, www.hospohotline.com, www.supercooltoxicworkplace & www.handandheart.shop is operated by
Hand & Heart GmbH
Business & Legal address: Reuterstrasse 80, 12053 BERLIN
Geschäftsführer: Kathleen Bailey
Contact: hq@handandheart.eu
Register code: Amtsgericht Berlin (Charlottenburg) HRB 228961 B
Umsatzsteuer-ID / Sales tax identification number according to §27a sales tax law: DE309335490
Throughout this privacy statement “Hand & Heart,” “H&H,” “we,” “us,” and “our” means Hand & Heart GmbH.
We would like to give you an overview of the processing of your personal data by us, as well as inform you of your rights under the General Data Protection Regulation.
This privacy statement is relevant with regard to all personal data of data subjects with whom we enter into contractual, business or other relationships, as well as of governing bodies or other employees of our contractual or business partners, which we process in the context of existing or emerging contractual, business or other relationships. This includes, among others, existing or potential suppliers, service providers, customers or consultants, as well as existing or potential cooperation partners or other partner companies.
What data do we process and where does it come from?
The subject of the processing is your personal data that you yourself provide to us in the context of contractual and business relationship, or that we receive from the respective contractual and business partners or that we have obtained otherwise. In some cases we process personal data that we collect from publicly accessible sources such as trade registers, the press or the internet. Furthermore, in some cases we receive information from third parties, e.g. business partners.
The types of personal data concerned are primarily: surname, first name, address, bank details, billing address, tax number/VAT ID and other contact or master data, such as telephone number or e-mail address. However, the specific types of personal data processed by us will depend on the characteristics of your relationship with us. This data regularly relates solely to the business context, i.e. we only process private contact data in exception cases, for example if this is necessary to fulfil the contract with you.
The scope of the data processed about a person also varies depending on the function which the person appears to us, such as the position they hold with the respective (business) partner and the subject of the (business) relationship.
Purposes and legal bases for processing
We process personal data for the following purposes and on the basis of the following legal grounds:
Data processing is primarily carried out for the execution of contracts concluded with you or your employer with whom we have a business relationship, or for the execution of pre-contractual measures (Art. 6 (1) b GDPR). This relates, for example, to purchase and supply contracts and the processing of purchase and sales inquiries, authentication of contractual partners, processing and review of corresponding offers and inquiries, preparation and signing of contractual documents, execution of purchases and sales, invoicing and processing of purchase price payments, sending of information letters, service and work contracts as well as other contractual relationships.
In addition, we process your data on the basis of legal requirements pursuant to Art. 6 (1) c GDPR, as well as to protect our legitimate interests pursuant to Art. 6 (1) f GDPR. This is done in particular for the fulfilment of tax and other legal control and reporting obligations, as well as audits by tax or other authorities and to comply with legal retention periods.
We may process your data for the assertion and defence of legal claims. This is the case, for example, if we conduct a judicial or extrajudicial dispute with you, for example, about the existence or non-existence of payment obligations. In the context of legal disputes, we may transfer your data to our external legal advisors or experts. The legal basis for this processing is Art. 6 (1) f GDPR in conjunction with Art. 9 (2) f GDPR.
If you use online meeting tools to interact with us, we might collect additional kinds of data. Please refer to the privacy statement on our website at handandheart.eu for further details.
In individual cases, we process data because you have expressly consented to this (Art. 6 (1) a GDPR), for example in the receipt of advertising by electronic mail and/or telephone. You will receive specific information on this in the context of granting your consent.
Under certain circumstances (beyond the cases already mentioned above), your personal data might be passed on to third parties for the purposes mentioned below:
Service providers, in particular data processors, receive personal data of our business partners or third parties we interact with that is required for the fulfilment of the respective service.
Information necessary for the processing of existing contracts is transferred to customers and suppliers.
Due to legal obligations to report and provide information, certain personal data is communicated to the competent authorities.
If it is necessary for the clarification or prosecution of illegal or abusive incidents or for the establishment, exercise or defence of legal claims, personal data is forwarded to our legal advisors, the law enforcement authorities and, if necessary, to injured third parties.
If you have designated recipients (e.g., emergency contacts), personal information will be provided to them when certain circumstances arise.
In cooperation with service providers and other organisations, legal instruments are used to ensure that your personal data is processed lawfully and stored only as long as necessary. These are, for example, order processing agreements according to Art. 28 GDPR or agreements between joint controllers according to Art. 26 GDPR.
As a rule, the servers on which your personal data is stored by us or one of our service providers are located on the territory of the EU. In the course of some processing activities, your personal data may be stored outside the EU or personal data may be accessed by persons performing their activities in countries outside the EU (e.g., consultants). These countries might provide a lower level of data protection. If there is no adequacy decision according to Art. 45 GDPR for these countries, legal instruments are used that also ensure the confidentiality, integrity and availability of the (your) personal data. This includes in particular the signing of the so-called EU standard data protection clauses according to Art. 46 (2) c GDPR
We will retain and process your personal data for as long as we can claim a legitimate interest, we have valid consent from you, or there is a legal obligation for a certain period of time, which is determined or specified by applicable law and our company's IT security and data protection policies
You have the following rights under applicable data protection laws:
Right to data portability if the legal requirements are met
Right to complain to a supervisory authority
Right to information about your personal data stored by us
The right to erasure or restriction of processing, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or in the event that the processing serves the purpose of asserting, exercising or defending legal claims
The right to have your personal data corrected
The right to object to processing which serves our legitimate interest, a public interest or profiling, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or in the event that the processing serves the purpose of asserting, exercising or defending legal claims
The right to withdraw your consent for the processing of your personal data at any time with effect for the future
If you wish to exercise your rights, please send your request to admin@handandheart.eu.
In case of any questions regarding the protection of your personal data, you can contact our data protection officer at the following address:
If you remain unhappy with how we’ve used your data after raising a complaint with us, you retain the right to lodge a complaint with your local data protection authority.
Status and amendment of this privacy statement
The status of this privacy statement is 30.04.2025.
We reserve the right to change this data protection declaration in the future within the framework of the applicable data protection laws.
At Hand & Heart, we believe transparency is the foundation of trustful collaboration. Below we will provide you with information on how we handle your personal data when you use our website. We handle your personal data because this is necessary to make certain functionalities of our website available and give you the best possible experience. Unless otherwise indicated, the legal basis for the handling of your personal data results from our legitimate interest to make available the functionalities of the website requested by you and to promote our business interests, according to (Art. 6(1)(f) General Data Protection Regulation).
As Hand & Heart GmbH is not yet an e-commerce platform, we do not think we need to have data from our site visitors. This is principally because we do not need or want to participate in targeted advertising, nor do we need site visitor data to perform or enhance the services we provide, or need to market. We take data super seriously, and anytime we use our websites or digital platforms to solicit user data - we use individual consent forms.
SQUARESPACE
We use Squarespace to host our websites and to schedule discovery calls. Squarespace is an American company headquartered at 8 Clarkson St. New York New York 10014 USA. By default, Squarespace use functional cookies to run our site and obtain information about visitors for Squarespace analytics. As a consequence, log information may be transmitted from our website to Squarespace. This log data may contain your IP address, the browser type and settings, the date and time of your request and cookies.
You can find out more information about data collection, how your data is evaluated and processed by Squarespace and your rights relating to Squarespace’s privacy policy here: https://www.squarespace.com/privacy
Hand & Heart do not want to collect any such data from our site users. We do not use any third party applications to collect visitor data or analytics from any H&H digital platform. In order to ensure we do not collect this data, and to help us comply with legal requirements, we have taken the follow steps:
We have disabled the Activity Log so we don’t collect or see visitors’ IP addresses or other personal data.
We have disabled Squarespace analytics cookies so we don’t place these non-essential cookies on visitors’ browsers.
We still display a customisable cookie banner so visitors can opt into any use of cookies, which we do not collect.
For scheduling discovery calls we have taken the following measures:
We display terms and conditions in your scheduling instructions.
We use intake forms to get consent to our terms from our clients.
We delete client information in the Client List.
Export client data to comply with a client's data portability request, as per the above terms.
You can contact us directly by using the contact form available on our website. In particular, you may provide us with the following information:
Name, surname and title
Address (street, postal code, city)
Country
Contact data (e.g. e-mail address, phone number)
Message
We collect, process and use the information you provide via the contact forms exclusively for the processing of your specific request. We will store the information you provide to us in contact forms for as long as we are legally obliged to or we can claim a legitimate interest. The same applies to data you send to us when using one of the designated email addresses indicated on our website.
We sometimes include third-party services and/or content on our website. When you use such third-party services or when third-party content is displayed, communication data are exchanged between you and the respective provider for technical reasons. The respective provider of the services or content may also process your data for its own additional purposes. To the best of our knowledge, we have configured the services and content of providers known to process data for their own purposes in such a way that either any communication for other purposes than to present their services or content on our website is blocked, or communication only takes place once you have actively opted to use the respective service. However, since we have no control over data collected and processed by third parties, we are not in a position to provide binding information regarding the scope and purpose of such processing of your data.
For further information regarding the scope and purpose of such collection and processing of your data, please consult the privacy statements of the providers whose services and/or content we include and who are responsible for the protection of your data in this context:
For the purpose of an interactive design of our website third-party content from Spotify and Youtube is integrated into this website. This serves to safeguard our predominant legitimate interests in a multimedia presentation of our services and our activities in accordance with Art. 6(1)(f) GDPR.
This website uses plug-ins from the American company Spotify USA Inc., 150 Greenwich Street, Floor 62, New York, New York 10007 USA.
As a consequence, log information may be transmitted from our website to Spotify. Spotify’s server in the United States thus automatically stores information (log data) such as the information that your browser sends to a website when you visit, or the information that your mobile app sends when you use it. This log data may contain your IP address, the address of the website you visited that uses Spotify features, the browser type and settings, the date and time of your request, information about your use of Spotify and cookies.
You can find out more information about data collection, how your data is evaluated and processed by Spotify and your rights relating to this in Spotify’s Privacy Policy: https://www.spotify.com/us/legal/privacy-policy/
This website uses plug-ins from the American company Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google") which Youtube is operated by.
As a consequence, log information may be transmitted from our website to Google. Google’s server in the United States thus automatically stores information (“log data”), such as the information that your browser sends to a website when you visit, or the information that your mobile app sends when you use it. This log data may contain your IP address, the address of the website you visited that uses Google features, the browser type and settings, the date and time of your request, information about your use of Google, and cookies.
You can find out more information about data collection, how you data is evaluated and processed by Youtube and your rights relating to this in Youtube’s / Google’s Privacy Policy: **https://www.google.com/intl/en/policies/privacy**/
Hand & Heart uses the tool "Google Meet" to enable online meetings with our customers and business partners. "Google Meet" is a service from the American company Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google")
As a consequence, log information may be transmitted from our website to Google. Google’s server in the United States thus automatically stores information (“log data”), such as the information that your browser sends to a website when you visit, or the information that your mobile app sends when you use it. This log data may contain your IP address, the address of the website you visited that uses Google features, the browser type and settings, the date and time of your request, information about your use of Google, and cookies.
You can find out more information about data collection, how you data is evaluated and processed by Google Meet and your rights relating to this in Google’s Privacy Policy: **https://www.google.com/intl/en/policies/privacy**/
With regards to visiting "Google Meet’s" internet presence, the provider of "Google Meet" is responsible for any processing of personal data related thereto.
The scope of the data that we process when you participate in an online meeting with “Google Meet” depends on the functionalities you will use and what kind of data you will provide to us in the meeting. Usually, the following categories of personal data will be processed by Hand & Heart when using “Google Meet”:
User details: first name, last name, telephone (optional), e-mail address, password (if "single sign-on" is not used), profile picture (optional), department, entity or occupation (optional)
Meeting data: Topic, description (optional), attendee IP addresses, device/hardware information.
In case of recordings (only optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
If you participate via telephone, the following data will be processed to make this possible: information about the incoming and outgoing call number, country name, start and end time.
Content data: If you make use of the chat or survey functions, the text entries you make are processed in order to display them and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the "Google Meet" applications.
If we want to record “Google Meet” meetings, we will transparently inform you in advance and - if necessary - ask for your consent.
If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will generally not be the case.
The legal basis for the processing of your personal data as outlined above is Art. 6 (1) lit. b) GDPR, insofar as the meetings are conducted in the context of contractual relationships.
Should no contractual relationship exist, the legal basis is Art. 6 (1) lit. f) GDPR. Here, too, our interest is in the effective implementation of "online meetings". In these cases, our interest is in the effective implementation of online meetings.
As we cannot exclude the possibility that parts of the data processed in “Google Meet” meetings will be transferred to the US, an adequate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses. As an additional safeguard, we have also configured “Google Meet” in a way that only data centers in the EU, the EEA or secure third countries are used to conduct online meetings.
Your data will partly be processed in countries outside the European Union (“EU”) or the European Economic Area (“EEA”). The respective countries may have a lower data protection level than European countries. In such cases, we will ensure that a sufficient level of protection is provided for your data, e.g. by concluding specific agreements with our contractual partners. Alternatively, we will ask for your explicit consent to such processing.
You have the following rights according to applicable data privacy laws:
right of information about your personal data stored by us;
right to request the correction, deletion (provided that we are not legally obliged to keep the data) or restricted processing of your personal data;
right to object to a processing for reasons of our own legitimate interest, public interest or profiling, unless we are able to prove that compelling, warranted reasons overruling your interests, rights and freedom exist, or that such processing is done for purposes of the assertion, exercise or defense of legal claims;
right to data portability;
right to file a complaint with a data protection authority.
right to revoke your consent to the collection, processing and use of your personal data at any time with future effect. For further information please refer to the chapters above describing the processing of data based on your consent.
If, as the data subject, you have any questions regarding our data privacy or if you do not agree with the way in which Hand & Heart process your data you can get in touch with us by e-email or by mail using the details below:
Hand & Heart GmbH
hq@handandheart.eu
[Re: Privacy Compliance]
Reuterstrasse 80 Berlin, Germany, 12053
If you remain unhappy with how we’ve used your data after raising a complaint with us, you retain the right to lodge a complaint with your local data protection authority.
Amendment of Privacy Statement
We may update our Data Privacy Statement from time to time and we will publish these updates on our website. They become effective upon publication. So we recommend you regularly visit the site to keep yourself informed on possible amendments.
This Data Privacy Statement was last updated on 30th April 2025.
COPYRIGHT
The content and works on these pages created by the website operator are subject to German copyright law. The duplication, processing, distribution and any kind of exploitation outside the limits of the copyright law require the written consent of the respective author or creator. Downloads and copies of this website are only permitted for private, non-commercial use. Insofar as the content on this site was not created by the operator, the copyrights of third parties are observed. In particular, the contents of third parties are marked as such. Should you nevertheless become aware of a copyright infringement, we would ask you to notify us accordingly. As soon as we become aware of legal violations, we will remove such content immediately
TRADEMARK
Hand & Heart, as a business name, is a registered trademark under the German Act on Trade Marks and the Ordinance for the implementation of trademarks (Trade Mark Ordinance).
Access to and use of this website are subject to the following conditions. By using this website you agree to these conditions. Please refrain from using the website if you disagree with these conditions.
This website has been published by Hand & Heart GmbH (hereinafter referred to as “Hand & Heart” or “we”) and is administered by the same.
There is no promotional marketing of the website or support by sponsors. This website does not allow third party advertising. It does not host any third party advertisements and at the same time does not receive any funds from advertisements or advertisements with a commercial background.
We reserve the right to discontinue or to make partial or complete modifications to this website or to these terms of use (“Terms of Use”). Please note that we may make such changes at our sole discretion and do not announce them upfront. Hence, we recommend to check these Terms of Use each time you access our website.
All terms and conditions for services offered via this website require the completion of individual contracts between Hand & Heart and the customer.
By accessing and using this website you must not:
(a) use our website in any way or take any action that causes, or may cause, damage to the website or impairment of the performance, availability or accessibility of the website;
(b) use our website in any way that is unlawful, illegal, fraudulent or harmful, or in connection with any unlawful, illegal, fraudulent or harmful purpose or activity;
(c) use our website to copy, store, host, transmit, send, use, publish or distribute any material which consists of (or is linked to) any spyware, computer virus, Trojan horse, worm, keystroke logger, rootkit or other malicious computer software; or
(d) conduct any systematic or automated data collection activities (including without limitation scraping, data mining, data extraction and data harvesting) on or in relation to our website without our express written consent.
(e) use any information on this website or accrued through further contact as a representation of your own work. All work on this website, and any subsequent content, is owned by Hand & Heart
This website is Hand & Heart’s corporate internet presence and the information contained on this website is purely meant for presenting Hand & Heart. We have compiled this information to the best of our knowledge and with professional diligence. However, no representation is made or warranty given, either expressly or tacitly for the completeness or correctness of the information on this website. Please not that information that was accurate on the day it was published may no longer be up to date. We therefore recommend you check any information you obtain from this website prior to using it in whatever way. Advice given on this website, if any, does not exempt you from conducting your own checks.
As a service provider, we are responsible for our own content on these pages in accordance with general law in accordance with Section 7 (1) of the German Telemedia Act. According to §§ 8 to 10 TMG, as a service provider, we are not obliged to monitor transmitted or stored third-party information or to research circumstances that indicate illegal activity.
Obligations to remove or block the use of information in accordance with general laws remain unaffected. Liability in this regard is only possible from the point in time at which we become aware of a specific legal violation. As soon as we become aware of such legal violations, we will remove this content immediately.
Users of this website irrevocably agree to access the website and its content at their own risk. Neither Hand & Heart nor any third parties involved in creating and administering this website can be held liable for damage of injury from access or the impossibility of access or from the use or impossibility of use of this website or from the fact that you have relied on information given on this website. These limitations do not apply in case of wilful intent, gross negligence or injuries to life and limb.
The website contains hypertext references ("Links") to information located on servers which are operated by third parties and which are not subject to the control of Hand & Heart. The respective provider or operator of these websites remains solely responsible for the contents of such third party websites. At the time we published the Link, we could not identify any illegal or improper content on these websites. However, we cannot reasonably be expected to permanently monitor the content of the linked pages without concrete evidence of a violation of the law. We therefore accept no liability whatsoever for content that has been changed since the link was created. We expressly point out that you use these linked websites at your own risk.