Privacy Policy

Last updated: March 2026

1. Data Controller

Alexander Zalana

Zalana-Mentaltraining

Am Steinbach 35, 84544 Aschau a. Inn, Germany

Phone: +49 8638 209 94 14

Email: info@zalana-mentaltraining.de

2. Our Promise: 100% Data Sovereignty

All your personal data is exclusively processed and stored on servers in Germany. We use the sovereign cloud infrastructure of STACKIT (Schwarz IT KG), a German provider with data centers in Germany.

We deliberately do not use any US cloud services (no AWS, no Google Cloud, no Microsoft Azure, no Cloudflare CDN). This ensures that your data is not subject to the US CLOUD Act or comparable access regulations.

This architectural decision is not a marketing claim but is technically anchored in our infrastructure: All website resources (CSS, JavaScript, images) are delivered from our own servers. No external CDNs or third-party scripts are loaded.

3. Data We Collect

3.1 When Visiting the Website (automatic)

Each time you access our website, the web server automatically collects the following data (so-called server log files):

  • IP address of the requesting device (not stored permanently)
  • Date and time of access
  • Name and URL of the requested file
  • Website from which access is made (referrer URL)
  • Browser and operating system used

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the security and stability of the web server).

3.2 When Joining the VIP Waitlist

When you sign up for our VIP waitlist, we collect:

  • Your email address
  • Timestamp of consent
  • An anonymized hash of your IP address (for abuse protection)

Legal basis: Art. 6(1)(a) GDPR (your explicit consent). You may revoke your consent at any time. An informal message by email is sufficient. The lawfulness of processing carried out prior to revocation remains unaffected.

4. Cookies and Tracking

This website does not use tracking cookies or web analytics tools. Neither Google Analytics nor comparable services are used.

We use only technically necessary functions (e.g., storing your cookie banner decision in your browser via localStorage). These do not require consent under applicable law.

5. Data Processing

For hosting our website and processing data submitted via our forms, we use the following data processor:

STACKIT (Schwarz IT KG)

Stiftsbergstraße 1, 74172 Neckarsulm, Germany

A Data Processing Agreement (DPA) pursuant to Art. 28 GDPR has been concluded. STACKIT processes data exclusively in German data centers.

6. No Third-Country Transfers

No transfer of your personal data to countries outside the EU/EEA takes place. We exclusively use service providers that process data within Germany.

7. Data Retention

Server log files: automatically deleted after 7 days.

Email addresses (waitlist): stored until you revoke your consent, but no longer than 24 months after the last interaction.

8. Your Rights

You have the right at any time to:

  • a Access your stored personal data (Art. 15 GDPR)
  • b Rectification of inaccurate data (Art. 16 GDPR)
  • c Erasure of your data (Art. 17 GDPR)
  • d Restriction of processing (Art. 18 GDPR)
  • e Data portability (Art. 20 GDPR)
  • f Object to processing (Art. 21 GDPR)
  • g Lodge a complaint with a supervisory authority (Art. 77 GDPR)

Competent supervisory authority: The Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht).

9. Special Categories of Personal Data

In the context of our mental training services, information may be processed that qualifies as special categories of personal data within the meaning of Art. 9 GDPR (e.g., health data).

Such processing occurs exclusively on the basis of your explicit consent (Art. 9(2)(a) GDPR) and only within the framework of direct collaboration. Visiting this website and joining the waitlist does not involve the collection of health data.

10. SSL/TLS Encryption

This website uses TLS encryption for security reasons. You can recognize an encrypted connection by the browser address bar changing from "http://" to "https://" and by the lock icon. When TLS encryption is active, the data you transmit to us cannot be read by third parties.