Datenschutz · Privacy Policy
How we collect, use and protect your personal data — in accordance with the EU General Data Protection Regulation (GDPR / DSGVO) and the German Federal Data Protection Act (BDSG).
1.Controller / Verantwortlicher
The controller responsible for the processing of personal data on this website within the meaning of Art. 4 (7) GDPR is:
- NAME
- Meekail Faqiri
- info@meekail.de
- PHONE
- +49 163 6233170
You can contact the controller at any time using the contact details above to exercise your data subject rights.
2.Data Protection Officer
We are not legally obliged to appoint a data protection officer (Art. 37 GDPR / § 38 BDSG). If you have any privacy-related questions, please contact the controller directly using the details in section 1.
3.Categories of personal data we process
Depending on how you interact with this website, we may process the following categories of personal data:
- Server log data (IP address, user agent, referrer, requested URL, timestamp) — automatically collected when you visit the site, see § 5
- Contact form submissions (name, email, phone number, message, selected interest)
- Coaching intake data (health, fitness, body composition, goals — only when you sign up for coaching)
- Payment data (name, email, billing address, last 4 digits of card / PayPal account / IBAN — depending on payment method, processed by the relevant payment provider)
- Communication content (emails and WhatsApp messages you send to us)
- Cookie data (only with your consent — see § 8)
4.Purposes & legal bases
| Purpose | Legal basis | Storage period |
|---|---|---|
| Operating the website & ensuring stability | Art. 6(1)(f) GDPR — legitimate interest | 7 days (server logs) |
| Replying to contact-form messages | Art. 6(1)(b) GDPR — pre-contractual measures, or Art. 6(1)(f) — legitimate interest | Until inquiry is resolved + statutory retention |
| Providing the coaching / digital programs you purchased | Art. 6(1)(b) GDPR — performance of contract | Duration of contract + statutory retention (max 10 yrs · § 257 HGB / § 147 AO) |
| Payment processing | Art. 6(1)(b) GDPR — performance of contract | 10 years (German tax law) |
| WhatsApp / email communication | Art. 6(1)(a) GDPR — consent (initiating contact); Art. 6(1)(b) — execution of contract | Until withdrawn or contract ends |
| Cookies (statistics / marketing) | § 25(1) TTDSG + Art. 6(1)(a) GDPR — consent | Per cookie declaration; max 12 months |
| Defending legal claims | Art. 6(1)(f) GDPR — legitimate interest | Up to 3 years (regular limitation period) |
5.Server log files
When you visit this website, our hosting provider automatically collects and stores information that your browser transmits, in so-called server log files:
- Anonymised / shortened IP address
- Date and time of the request
- Time-zone difference to GMT
- Content of the request (specific page)
- Access status / HTTP status code
- Volume of data transferred
- Referrer URL
- Browser, language, and operating system
This data is not merged with other data sources. It is processed on the basis of Art. 6(1)(f) GDPR (legitimate interest in stable, secure operation) and is deleted after a maximum of 7 days unless required for evidentiary purposes following a security incident.
6.Contact form & email
If you contact us via the contact form, by email, or via WhatsApp, your details (including the contents of the message and any phone numbers / email addresses you provide) will be stored to process the inquiry and for follow-up questions. We do not share this data without your consent.
The legal basis for processing is Art. 6(1)(b) GDPR (pre-contractual / contractual) or Art. 6(1)(f) GDPR (legitimate interest in answering inquiries). Data submitted through the contact form remains on this server until you ask us to delete it, withdraw your consent, or the purpose of storage no longer applies — for example, when your inquiry has been resolved. Mandatory statutory provisions, particularly retention periods, remain unaffected.
7.Payment processing
When you place an order on this website, your data is shared with the payment provider you select. We never store full payment-card details on this server.
7.1 PayPal
If you select PayPal at checkout, your name, email address, billing address, and amount are transmitted to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. The transmission takes place on the basis of Art. 6(1)(b) GDPR (performance of contract) and only when you actively choose PayPal. PayPal's privacy policy: paypal.com/de/webapps/mpp/ua/privacy-full.
7.2 Stripe
If you select credit / debit card, Apple Pay or Google Pay, payment is processed via Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Stripe receives your name, email, and billing address; card details are entered directly into Stripe's PCI-DSS-compliant form and never reach our server. Stripe's privacy policy: stripe.com/de/privacy.
7.3 SEPA bank transfer
If you choose bank transfer, you transfer the amount to the IBAN displayed on the checkout page. We receive your name and IBAN through our bank and use this information solely to match the payment to your order. Storage period: 10 years (§ 257 HGB / § 147 AO).
7.4 Cryptocurrency
If you choose to pay in cryptocurrency, you send the amount to the wallet address displayed on the checkout page. The transaction itself is publicly visible on the blockchain; we receive only the transaction hash you share with us via WhatsApp. We do not link the wallet address to your identity unless you provide it.
8.Cookies
This website uses cookies. A cookie is a small text file stored on your device. We distinguish between two categories:
8.1 Strictly necessary cookies (no consent required)
These cookies are required for the website to function and cannot be switched off:
- PHPSESSID — server-side session, used during checkout and admin login. Lifetime: end of browser session.
- mf_consent — stores your cookie-banner choices. Lifetime: 12 months.
- mf_csrf — anti-CSRF token for form submissions. Lifetime: end of browser session.
Legal basis: § 25(2) Nr. 2 TTDSG and Art. 6(1)(f) GDPR (legitimate interest in technical operation).
8.2 Optional cookies (consent required)
Currently, no statistics or marketing cookies are set by this website. Should we add tracking in the future (e.g. Google Analytics, Meta Pixel), they will only be loaded after you have actively consented through the cookie banner — § 25(1) TTDSG and Art. 6(1)(a) GDPR.
You can withdraw your consent at any time at our cookie policy page or via the link in the footer.
9.Embedded third-party content
9.1 Instagram
This website contains links to our Instagram profile. Embedded Instagram content (if present) loads media from Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. To prevent automatic data transmission, embedded posts on this site are loaded only after explicit click. Meta's privacy policy: privacycenter.instagram.com/policy.
9.2 Google Fonts
We use Google Fonts to display typefaces. Fonts are loaded from Google's CDN (fonts.googleapis.com / fonts.gstatic.com), operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When a font is requested, your IP address is transmitted to Google. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in consistent, performant typography). Google's privacy policy: policies.google.com/privacy.
9.3 WhatsApp
If you contact us via the WhatsApp link, communication runs through WhatsApp Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (a Meta company). The link only opens WhatsApp; we receive no data until you actively send a message. WhatsApp's privacy policy: whatsapp.com/legal/privacy-policy-eea.
10.International data transfers
Some of our processors (PayPal, Stripe, Meta, Google) are located in or transfer data to countries outside the EU/EEA, including the USA. The EU Commission has adopted an adequacy decision for certified US recipients under the EU-US Data Privacy Framework (DPF). Our processors are either DPF-certified or rely on EU Standard Contractual Clauses (Art. 46(2)(c) GDPR) and additional safeguards.
11.Your rights as a data subject
Under the GDPR you have the following rights regarding the processing of your personal data:
- Right of access (Art. 15 GDPR) — to receive confirmation whether we process data about you and a copy of that data
- Right to rectification (Art. 16 GDPR) — to correct inaccurate data
- Right to erasure (Art. 17 GDPR / "right to be forgotten") — subject to retention obligations
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR) — to receive your data in a structured, machine-readable format
- Right to object (Art. 21 GDPR) — at any time against processing based on Art. 6(1)(f), particularly for direct marketing
- Right to withdraw consent (Art. 7(3) GDPR) — without affecting the lawfulness of prior processing
- Right to lodge a complaint (Art. 77 GDPR) — with a supervisory authority. The competent authority for our state is listed at bfdi.bund.de
To exercise any of these rights, please email info@meekail.de. We will respond within one month (Art. 12(3) GDPR).
12.Right to object — Art. 21 GDPR
13.Data security
This website uses SSL / TLS encryption for security reasons (recognisable by the https:// address bar lock). All data transmitted between your browser and our server — including form submissions and login credentials — is encrypted in transit. We employ technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or against unauthorised access. Our security measures are continuously improved in line with technological developments.
14.Automated decision-making
We do not use any automated decision-making (including profiling) within the meaning of Art. 22 GDPR.
15.Changes to this privacy policy
We may update this privacy policy from time to time to reflect legal or operational changes. The current version is always available on this page. The version date is shown at the top of the page (last updated: 2026-04-26).