About
MyInvestPrivacy Policy
Effective: February 2026
1. Controller
Data Controller according to GDPR:
Thomas Puhl
Freelance Coach & Consultant
Weiherplatz 22
51674 Wiehl
Germany
Email: io@thomaspuhl.eu
2. General Information on Data Processing
We take the protection of your personal data very seriously and treat your personal data confidentially in accordance with statutory data protection regulations (GDPR, BDSG) and this privacy policy.
The use of our website is generally possible without providing personal data. Insofar as personal data (e.g., name, email address) is collected on our pages, this is always done on a voluntary basis.
3. Collection and Storage of Personal Data
3.1 Visiting the Website
When you visit our website thomaspuhl.eu, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a log file:
IP address of the requesting computer
Date and time of access
Name and URL of the retrieved file
Website from which access is made (referrer URL)
Browser used and, if applicable, the operating system of your computer as well as the name of your access provider
Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in providing a functional website).
The data mentioned is processed for the following purposes:
Ensuring a smooth connection setup
Ensuring comfortable use of our website
Evaluation of system security and stability
Other administrative purposes
The data is deleted as soon as it is no longer required to achieve the purpose of its collection. This is usually the case after a maximum of 7 days.
3.2 Contact via Email or Contact Form
When you contact us by email or via a contact form, the data you provide (name, email address, message) will be stored by us in order to answer your questions.
Legal basis: Art. 6 (1) lit. b GDPR (contract initiation) or Art. 6 (1) lit. f GDPR (legitimate interest in responding to your inquiry).
We delete the data arising in this context after storage is no longer necessary, or restrict processing if statutory retention obligations exist (e.g., tax retention periods of 10 years according to § 147 AO).
3.3 Newsletter & Waitlists
If you register for our newsletter or waitlists (e.g., for UNLEER, LEERZEIT), we use the data you voluntarily provide (email address, optionally name) to send you regular information about our services.
Legal basis: Art. 6 (1) lit. a GDPR (consent).
You can unsubscribe at any time via the link in each newsletter email or by email to [insert email address]. After your unsubscription, your email address will be immediately deleted from the distribution list.
3.4 Booking Coaching Sessions
When you book coaching sessions via our website (e.g., Discovery Call, Orientation Session, MyInvest ISO Program), we process the following data:
Last name, first name
Email address
Phone number (optional)
Appointment preferences
Payment data (see Section 3.5)
Legal basis: Art. 6 (1) lit. b GDPR (contract fulfillment).
The data is stored for the duration of the contract execution and then retained according to statutory retention periods (e.g., 10 years for tax-relevant documents according to § 147 AO, § 257 HGB).
3.5 Payment Processing
For payment processing, we work with external payment service providers (e.g., PayPal, Stripe, SEPA direct debit, bank transfer). Your payment data is processed exclusively by these service providers. We do not store complete credit card data or account data ourselves.
Legal basis: Art. 6 (1) lit. b GDPR (contract fulfillment).
Further information on the data protection of the respective payment service providers can be found in their privacy policies.
4. Disclosure of Data to Third Parties
Your personal data is generally not disclosed to third parties unless:
You have expressly consented (Art. 6 (1) lit. a GDPR)
Disclosure is necessary for contract fulfillment (Art. 6 (1) lit. b GDPR)
There is a legal obligation to disclose (Art. 6 (1) lit. c GDPR)
We work with the following external service providers who process data on our behalf (so-called data processors according to Art. 28 GDPR):
Hosting Provider: [Strato AG, Germany]
Email Service: [n/a]
Payment Service Providers: PayPal, Stripe (see Section 3.5)
Data processing agreements according to Art. 28 GDPR have been concluded with all data processors.
5. Data Transfer to Third Countries
Your data is only transferred to countries outside the European Union (third countries) if:
You have expressly consented (Art. 49 (1) lit. a GDPR)
It is necessary for contract fulfillment (Art. 49 (1) lit. b GDPR)
Appropriate safeguards exist (e.g., EU Commission standard contractual clauses)
Note: Certain tools and service providers (e.g., PayPal, Stripe) may operate servers in the USA. In these cases, data transfer is based on standard contractual clauses or adequacy decisions.
6. Cookies
Our website uses cookies. Cookies are small text files that are stored on your device and saved by your browser.
We use exclusively technically necessary cookies that are required for the operation of the website (e.g., session cookies to maintain functionality).
Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in the technical functionality of the website).
These cookies are automatically deleted when you close your browser or after a certain storage period.
You can set your browser to inform you about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser.
7. Analysis Tools
We currently do not use analysis tools such as Google Analytics or comparable tracking tools.
If we use such tools in the future, we will update this privacy policy accordingly and obtain your express consent.
8. Social Media
We currently do not use social media plugins on our website.
If you contact us via social media channels (e.g., LinkedIn, Facebook), the privacy policies of the respective platform apply.
9. Your Rights as a Data Subject
According to GDPR, you have the following rights:
9.1 Right to Access (Art. 15 GDPR)
You have the right to obtain information about the data stored about you.
9.2 Right to Rectification (Art. 16 GDPR)
You have the right to request the correction of inaccurate data or the completion of incomplete data.
9.3 Right to Erasure (Art. 17 GDPR)
You have the right to request the deletion of your personal data, provided the requirements of Art. 17 GDPR are met (e.g., purpose of processing has ceased, withdrawal of consent).
9.4 Right to Restriction of Processing (Art. 18 GDPR)
You have the right to request restriction of processing of your data if one of the conditions of Art. 18 GDPR is met.
9.5 Right to Data Portability (Art. 20 GDPR)
You have the right to receive your data in a structured, commonly used, and machine-readable format.
9.6 Right to Object (Art. 21 GDPR)
You have the right to object at any time to the processing of your data for reasons arising from your particular situation, provided the processing is based on Art. 6 (1) lit. e or f GDPR.
9.7 Right to Withdraw Consent (Art. 7 (3) GDPR)
If you have given us consent to process your data, you can withdraw this consent at any time with effect for the future.
9.8 Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)
You have the right to lodge a complaint with a data protection supervisory authority about the processing of your data.
Competent supervisory authority for North Rhine-Westphalia:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
P.O. Box 20 04 44
40102 Düsseldorf
Phone: 0211/38424-0
Email: cG9zdHN0ZWxsZUBsZGkubnJ3LmRl@invalid
Website: https://www.ldi.nrw.de
10. Confidentiality & NDA
For corporate and high-profile clients, there is the option to conclude an individual Non-Disclosure Agreement (NDA) before signing the contract.
Standard NDA: Mutual, duration 3 years after contract end, legal basis: German law.
Details upon request.
11. Data Security
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons:
SSL/TLS encryption for all data transmissions
Regular backups
Access restrictions to server data
Secure passwords and two-factor authentication
Our security measures are continuously improved in line with technological developments.
12. Updates and Changes to this Privacy Policy
This privacy policy is currently valid and has the status February 2026.
Due to the further development of our website and services or due to changed legal or official requirements, it may be necessary to change this privacy policy. The current privacy policy can be accessed and printed at any time on the website at https://www.thomaspuhl.eu/common/info/privacy.html.