This Privacy Policy applies to the website https://ramona-oxenbauer.com, the Instagram account @ramona_oxenbauer, the Facebook page @sheaimshigher, and the CULT STATUS Podcast.
The controller responsible for this website within the meaning of the General Data Protection Regulation (GDPR / DSGVO) and other national data protection laws of the member states, as well as other data protection regulations, is:
AIMING HIGH CONSULTING LLC
Ramona Oxenbauer
3833 Powerline Road
Suite 201
Fort Lauderdale, FL 33309
United States
Website: https://ramona-oxenbauer.com
When you use this website, personal data is collected. Personal data is any data by which you can be personally identified. This Privacy Policy explains what data we collect and how we use it. It also explains how and for what purpose this data is processed.
Please note that data transmission over the internet (e.g. communication via email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.
In the context of operating this website, we process your personal data, among other things, as follows:
Legal Basis for the Processing of Personal Data
If we obtain the consent of the data subject for processing operations involving personal data, Article 6(1)(a) of the GDPR serves as the legal basis.
If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing operations necessary to carry out pre-contractual measures.
If processing of personal data is necessary to comply with a legal obligation to which our company is subject, Article 6(1)(c) of the GDPR serves as the legal basis.
If processing of personal data is necessary to protect vital interests of the data subject or another natural person, Article 6(1)(d) of the GDPR serves as the legal basis.
If processing is necessary for the purposes of the legitimate interests pursued by our company or a third party and the interests, fundamental rights, and freedoms of the data subject do not override those interests, Article 6(1)(f) of the GDPR serves as the legal basis for processing.
Data Retention Period
Unless a more specific retention period has been specified within this Privacy Policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you submit a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial law retention periods); in the latter case, deletion will take place once these reasons no longer apply.
SSL / TLS Encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser’s address bar.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Hosting and Content Delivery Networks (CDN)
This website is hosted by an external service provider (host). The personal data collected on this website is stored on the servers of the host. This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access data, and other data generated through a website.
The use of the host is for the purpose of fulfilling contractual obligations towards our potential and existing customers (Article 6(1)(b) GDPR) and in the interest of a secure, fast, and efficient provision of our online services by a professional provider (Article 6(1)(f) GDPR).
Our host will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions with regard to this data.
The recipient of the data, in addition to the controller, is our hosting provider ALL-INKL.COM, Hauptstraße 68, 02742 Friedersdorf, Germany, based in the European Union. The host receives the above-mentioned data as a data processor. If data is not received by our host, for example when using service providers or third parties, we will inform you of this at the relevant point in this Privacy Policy.
Data Transfers to Third Countries
If we transfer data to a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if processing takes place in the context of using third-party services or the disclosure or transfer of data to other persons, entities, or companies, this will only take place in accordance with legal requirements.
Subject to explicit consent or contractually or legally required transfers, we process or have data processed in third countries only if an adequate level of data protection is recognized or on the basis of appropriate safeguards, such as contractual obligations through so-called standard contractual clauses of the European Commission, the existence of certifications, or binding internal data protection regulations (Articles 44–49 GDPR; information page of the European Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection).
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if provided for by European or national legislators in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted when a retention period prescribed by the aforementioned provisions expires, unless further storage of the data is necessary for the conclusion or fulfillment of a contract.
Disclosure of Data
Your personal data will not be transferred to third parties for purposes other than those listed below.
We only disclose your personal data to third parties if:
you have given your explicit consent in accordance with Article 6(1)(a) GDPR,
the disclosure is necessary pursuant to Article 6(1)(f) GDPR for the assertion, exercise, or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,
there is a legal obligation for disclosure pursuant to Article 6(1)(c) GDPR, or
the disclosure is legally permissible and necessary pursuant to Article 6(1)(b) GDPR for the performance of contractual relationships with you.
Provision of the Website and Server Log Files
When using our website, our hosting provider records so-called “log file” data each time the servers are accessed. This includes, for example, the name of the accessed website, the previously visited page (referrer URL), product and version information of the browser and operating system used, the requesting provider, date and time of access, search engines used, country of access, amount of data transferred, names of downloaded files, and the IP address.
The legal basis for processing is Article 6(1)(f) GDPR. Our legitimate interest in storing log file data lies in ensuring system security, including the investigation of misuse. IP addresses are deleted after a maximum of 7 days, unless they are required for a longer period due to a security-related incident, for example for investigation or evidentiary purposes.
You do not have the right to object to the above-mentioned processing of your personal data, as the aforementioned compelling legitimate grounds for our processing override your interests, rights, and freedoms, and our processing also serves the assertion, exercise, or defense of legal claims.
When you contact us, in particular via the contact form and the application form on our website or by telephone, we process your personal data such as name, address, email address, etc., which we require in order to respond to your inquiry.
For the provision of video conferencing services, we use the service provider Zoom, an application software of Zoom Video Communications, Inc., based in the United States, address: 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA.
Website: https://zoom.us/
Privacy Policy: https://zoom.us/docs/en-us/privacy-and-legal.html
Cookie Policy: https://zoom.us/cookie-policy.html
Zoom receives this data as our data processor. In addition, we have concluded a contract with Zoom containing EU Standard Contractual Clauses to ensure an adequate level of data protection in accordance with the GDPR (Article 46 GDPR).
https://zoom.us/docs/en-us/privacy-and-legal.html
The legal basis for the processing of your personal data in the context of contact requests is Article 6(1)(b) GDPR, insofar as your inquiry is related to the performance of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of inquiries addressed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), provided that such consent has been requested.
In the context of contact requests, we store your personal data for as long as necessary to process your inquiry, plus an appropriate retention period for follow-up questions. The data you provide in the form will remain with us until you request its deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g. after your inquiry has been fully processed). In addition, data is stored where statutory retention obligations apply.
The provision of this personal data is neither legally nor contractually required, nor is it necessary for the conclusion of a contract. However, if you do not provide this data, we will not be able to respond to your contact request, or – in the case of limited contact details – not via all requested communication channels.
HeyClients
We use HeyClients to manage business-related processes on our website, in particular for appointment scheduling, inquiries, and application forms. HeyClients is a client and workflow management platform that enables the collection, processing, and transmission of personal data required to handle requests, applications, and contractual communication efficiently.
HeyClients is operated by HeyClients, PO Box 1608, Gaylord, MI 49734, United States
When you use these functions, personal data such as name, email address, phone number, and any information you provide in forms or booking processes may be processed.
HeyClients processes this data on our behalf as a data processor within the meaning of Article 28 GDPR and solely in accordance with our instructions.
The use of HeyClients serves the purpose of efficient appointment coordination, processing of inquiries and applications, and the preparation or execution of contractual relationships.
The legal basis for processing personal data is:
Article 6(1)(a) GDPR if you have given your consent,
Article 6(1)(b) GDPR if the processing is necessary for the performance of a contract or pre-contractual measures, and
Article 6(1)(f) GDPR based on our legitimate interest in the efficient organization and optimization of our business processes and online services.
You are not obliged to use these functions to contact us or request information. Alternatively, you may contact us via other communication channels provided on this website, such as email.
We transfer personal data to third parties only where this is necessary for the performance of the contract, for example to the financial institution or service provider responsible for payment processing.
Any further transfer of data does not take place, or only if you have expressly consented to such transfer. Your data will not be passed on to third parties without your explicit consent, for example for advertising purposes.
The legal basis for data processing is Article 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or for pre-contractual measures.
For these purposes, we use ThriveCart and HeyClients as payment and transaction processing service providers.
When you click on one of our product or booking buttons, you may be redirected from our website to an individual checkout or booking page operated by ThriveCart or HeyClients.
All functions on the respective checkout or booking pages, as well as the entire downstream sales, payment, and contract processing, are carried out via the respective provider.
The privacy policy of ThriveCart can be found here:
https://legal.thrivecart.com/platform/privacy/
The privacy policy of HeyClients can be found here:
https://heyclients.io/legal-info
The legal basis for the processing of personal data in connection with the redirection from our website to the checkout or booking pages and the subsequent contractual processing is Article 6(1)(b) GDPR.
If you subscribe to our newsletter, we process the data entered in the registration form, such as your email address and first and last name. In addition, the IP address of the accessing device as well as the date and time of registration are collected at the time of sign-up.
If you purchase products or services on our website and provide your email address in the process, this email address may subsequently be used by us to send a newsletter. In such cases, the newsletter will contain direct advertising exclusively for our own similar products or services.
The processing of the data is carried out solely for the purpose of delivering the newsletter to subscribers. For this purpose, we use HeyClients as our email communication and client management platform.
HeyClients processes personal data on our behalf as a data processor. Data may include email address, name, IP address, and registration metadata, and is processed exclusively in accordance with our instructions and applicable data protection laws.
The privacy policy of HeyClients can be found here:
https://heyclients.io/legal-info
The legal basis for the processing of your personal data in connection with the receipt of our newsletter is Article 6(1)(a) GDPR (consent).
The legal basis for sending newsletters following the purchase of goods or services is Section 7(3) of the German Act Against Unfair Competition (UWG).
We store the personal data required for sending the newsletter for as long as you remain subscribed to the newsletter or until you revoke your consent.
You may unsubscribe from the newsletter at any time. For this purpose, each newsletter contains a corresponding unsubscribe link. By unsubscribing, you also revoke your consent to the storage of the personal data collected during the registration process.
In this section, we inform you about the use of cookies on our website.
Description and Functionality
Cookies are small text files that are stored on the user’s computer and enable an analysis of the user’s use of the website.
First-Party Cookies
We use cookies to make the use of the website easier and more convenient for visitors or to enable certain functions in the first place.
Accordingly, we have a legitimate interest within the meaning of Article 6(1)(f) GDPR in this processing. The legal basis for the processing of your personal data by us in connection with the use of cookies is Article 6(1)(f) GDPR.
Within the scope of using cookies, we store your personal data for as long as is necessary to make the use of our website easier and more convenient.
The provision of this personal data is neither legally nor contractually required, nor is it necessary for the conclusion of a contract. If you do not provide this data, we will not be able to make the use of our website easier and more convenient.
Third-Party Cookies
Cookies from third-party providers may also be used on the website to collect or receive information from our website and other locations on the internet and then use this information, for example, to provide web tracking services, evaluation services, or targeted advertising.
Accordingly, there is a legitimate interest within the meaning of Article 6(1)(f) GDPR in this processing. The legal basis for the processing of your personal data by third parties in connection with the use of cookies is Article 6(1)(f) GDPR.
Within the scope of using cookies, your personal data is stored for as long as is necessary to achieve the purposes described above.
The provision of this personal data is neither legally nor contractually required, nor is it necessary for the conclusion of a contract. If you do not provide this data to third parties, they will not be able to achieve the purposes described above.
Right to Object and Removal Options
You can configure your browser settings so that cookies are only accepted if you consent to them, reject new cookies, or disable cookies that have already been stored. However, if you reject cookies, you may not be able to use certain website functions, services, applications, or tools.
With regard to advertising cookies, many can be blocked and/or managed via the following services:
www.aboutads.info/choices/
www.youronlinechoices.com/uk/your-ad-choices/
www.networkadvertising.org/managing/opt_out.asp
We process personal data for the purposes of online marketing. This includes, in particular, the display of advertising and other content based on the potential interests of users, as well as the measurement of the effectiveness of such content.
For these purposes, so-called user profiles are created and stored in a file (so-called “cookies”) or similar technologies are used, by means of which information relevant to the display of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, communication partners, and technical information such as the browser used, the computer system used, as well as information on usage times. If users have consented to the collection of their location data, this data may also be processed.
Users’ IP addresses are also stored. However, we use IP masking procedures (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear personal data of users (such as email addresses or names) is stored within the scope of online marketing procedures; instead, pseudonyms are used. This means that neither we nor the providers of the online marketing procedures know the actual identity of the users, but only the information stored in their profiles.
The information in the profiles is generally stored in cookies or by means of similar technologies. These cookies can later also be read on other websites that use the same online marketing procedures and analyzed for the purpose of displaying content, as well as supplemented with additional data and stored on the servers of the respective online marketing service providers.
In exceptional cases, clear personal data may be assigned to the profiles. This is the case, for example, if users are members of a social network whose online marketing procedures we use and the network links the users’ profiles with the aforementioned information. We ask users to note that they may enter into additional agreements with the providers, for example by giving consent as part of the registration process.
As a rule, we only receive access to aggregated information about the success of our advertisements. However, within the scope of so-called conversion tracking, we can check which of our online marketing measures have led to a so-called conversion, i.e. for example, to the conclusion of a contract with us. Conversion tracking is used exclusively to analyze the success of our marketing measures.
Legal bases: Consent (Article 6(1)(a) GDPR), Legitimate interests (Article 6(1)(f) GDPR).
Facebook Pixel / Facebook Custom Audiences
Service provider: Facebook Ireland Ltd.,
4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Parent company: Facebook,
1 Hacker Way, Menlo Park, CA 94025, USA
Website: https://www.facebook.com
Privacy Policy: https://www.facebook.com/about/privacy
Data protection safeguards for processing data in the USA:
https://www.facebook.com/legal/technology_terms
Facebook Custom Audiences are used on individual pages of our website.
Facebook Custom Audiences enable interest-based advertising on Facebook. The Facebook Pixel also allows us to track which visits to our website result from clicks on our Facebook ads. Facebook Custom Audiences and the Facebook Pixel therefore serve our legitimate interest in analyzing, optimizing, and operating our online advertising in an economically efficient manner.
When using Facebook Custom Audiences via the pixel method, an invisible Facebook pixel is integrated into our website. This pixel transmits, among other things, the Facebook user ID of the user (if logged into Facebook) and data about the use of our website to Facebook. This allows Facebook to track the online behavior of users of our website. Facebook can then display targeted advertisements to registered users (for example, advertisements for products that were viewed but not purchased).
You may object to the collection of your data by the Facebook Pixel at any time. In your Facebook account settings, you can also determine which types of advertisements are shown to you on Facebook.
Further information can be found in Facebook’s Privacy Policy:
https://www.facebook.com/policy.php
Opt-out option (advertising settings):
https://www.facebook.com/settings?tab=ads
ManyChat
We use the service ManyChat, provided by ManyChat Inc.,
14 Mint Plaza, San Francisco, CA 94103, USA, to interactively communicate with visitors on our social media channels. ManyChat is a chatbot service that enables us to conduct automated conversations and personalized interactions with users.
When using ManyChat, personal data such as name and message content may be collected and processed. This data is used to respond to inquiries, provide relevant information, and improve our services.
The processing of your personal data is based on your consent pursuant to Article 6(1)(a) GDPR or for the performance of a contract or pre-contractual measures pursuant to Article 6(1)(b) GDPR. You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal.
Data transfers to the United States are carried out on the basis of the Standard Contractual Clauses of the European Commission, which are intended to ensure an adequate level of data protection.
Further information on data processing by ManyChat can be found in ManyChat’s Privacy Policy:
https://manychat.com/privacy.html
Our website integrates social media buttons and plugins that allow access to content such as images, photographs, audio, videos, or text entries from our company pages or profiles on external social media platforms and video platforms.
Social media buttons are graphical symbols of social media services that are embedded on our website as links to the respective services. When you click on one of these graphics, you are redirected directly to the page of the respective provider. Only then is user information transmitted to the respective provider. A direct connection is established between your browser and the server of the social media service.
For these purposes, cookies are generally stored on users’ devices in which user behavior and interests are recorded (see also the section “Cookies”). In addition, data may be stored in user profiles independently of the devices used by users (in particular if users are members of the respective platforms and are logged in).
External social media services may create usage profiles based on your usage behavior and the resulting interests and actions, and store cookies on your device in which your usage behavior is recorded. These log data may include your IP address, the addresses of visited websites that also contain functions of the respective online service, browser type and settings, date and time of the request, your use of the online service, and cookies. If you have an account with the respective service and are logged in—for example, when clicking a “Like” or “Share” button while logged into your user account—your usage behavior may even be stored across devices. Your usage profile may be used, for example, to display advertisements that are presumed to correspond to your interests.
This data is generally processed outside the European Union. With regard to US-based providers that, for example, agree to the EU Standard Contractual Clauses, we point out that these providers thereby undertake to comply with EU data protection standards.
We process the pseudonymized user data provided by the online services within social networks for marketing and analysis purposes of our company. Communication with you via the external service you have chosen serves to optimize our online offerings, such as providing information about our services through videos and blog posts. Using this data, we aim to ensure that our advertising as well as audio, video, and image content within and outside the networks corresponds to the potential interests of users and does not appear intrusive.
Where we request users’ consent for the use of third-party providers, the legal basis for data processing is consent pursuant to Article 6(1)(a) GDPR. Furthermore, the use of third-party providers may form part of our (pre-)contractual services if agreed in this context. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient, economic, and user-friendly services).
If you do not wish the respective social media service to associate your visit to our website with your user account, please log out of your user account beforehand.
Recipients of the data are the respective third-party providers. Requests for information and the exercise of data subject rights must be directed to the respective providers. Only the providers have access to users’ data and can take appropriate measures or provide information directly. If you nevertheless require assistance, you may contact us. For a detailed description of the respective processing operations and opt-out options, we refer to the privacy policies and information provided by the operators of the respective networks.
Information on the External Media We Use
Facebook
An online service provided by Facebook Ireland Ltd.,
4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Information on data processing by Facebook can be found here:
https://www.facebook.com/about/privacy/
For the operation of our Facebook fan page, we are jointly responsible with Facebook in accordance with the case law of the Court of Justice of the European Union (CJEU). There is an agreement with Facebook within the meaning of Article 26 GDPR:
https://www.facebook.com/legal/terms/page_controller_addendum
Instagram
A social network operated by Facebook Ireland Ltd.,
4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Information on data processing by Instagram can be found here:
https://instagram.com/about/legal/privacy/
If personal data relating to you is processed by us, you are a data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the controller:
Right of Access, Rectification, and Erasure
As a data subject, you have the right, under the conditions of Article 15 GDPR, to obtain information about the personal data stored about you, their origin and recipients, and the purpose of the data processing.
Furthermore, under the conditions of Article 16 GDPR, you have the right to rectification, and under the conditions of Article 17 GDPR, the right to erasure (“right to be forgotten”) of this data.
Right to Restriction of Processing
You have the right to request the restriction of the processing of your personal data. This means that you may request us to restrict processing if one of the conditions listed in Article 18(1) GDPR is met. This may be the case, for example, if you contest the accuracy of the personal data. In this case, processing will be restricted for a period enabling us to verify the accuracy of the personal data (Article 18(1)(a) GDPR).
Restriction means the marking of stored personal data with the aim of limiting their future processing (Article 4(3) GDPR).
Right to Data Portability
As a data subject, you have the right, under the conditions of Article 20 GDPR, to data portability. This means that you have the right to receive personal data that we process automatically on the basis of your consent or for the performance of a contract, in a structured, commonly used, and machine-readable format, and to transmit those data to another controller. If you request the direct transfer of the data to another controller, this will only take place insofar as it is technically feasible.
Right to Object to Processing in Specific Cases and to Direct Marketing
As a data subject, you have the right to object under the conditions of Article 21 GDPR. If your personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR, insofar as there are grounds relating to your particular situation or the objection is directed against direct marketing.
In the case of direct marketing, you have a general right to object, which will be implemented by us without the need to state a particular situation.
Right to Withdraw Your Consent to Data Processing
If processing is based on consent pursuant to Article 6(1)(a) GDPR, you have the right, under Article 7(3) GDPR, to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint with the Supervisory Authority
As a data subject, you have the right, under the conditions of Article 57(1)(f) GDPR, to lodge a complaint with the competent supervisory authority.
Last updated: 11 February 2026