Privacy policy.

Privacy policy last updated on 22 December 2022

I (Karl Mohr, I/me/my) am committed to safeguarding the privacy of my clients, prospective clients, and registered- and unregistered users (you/your), who visit my website ( or my site). The scope of my commitment is detailed in my privacy policy, which sets out what personal information I’m collecting, how this personal information is used, stored, and protected, and what your rights are in connection with my collection and use of your personal information.

Please see my terms of use for more information about my online policies in general.

If you have any questions, concerns, or comments in connection with my Privacy Policy, please feel free to contact me, the controller and data privacy officer, at:

Karl A. Mohr
43 rue de la Providence
29000 Quimper, France
+33 971 20 56 85
email :

My site is using cookies to identify you and provide you with an optimized viewing experience. Cookies are small pieces of text, which are stored on your device to help me identify which browser, screen display, operating system, type of device, and language settings you are using, and which areas of my site you have been interested in. Using cookies represents a legitimate interest on my part, which is further defined in Art. 6, Par. 1 lit. f GDPR (EU General Data Protection Regulation).

You can choose browser settings to either permit or reject the use of cookies, authorize their use on a case-by-case basis, and have them deleted automatically at the end of each session. If you do not accept cookies, my site may not work as intended and you may be asked to log in each time you try to access a restricted area of my site.

Among other things, I’m using tools (e.g., plugins) and services of companies that are domiciled in the United States or elsewhere in the world, which, from a data protection perspective, are deemed non-secure, non-EU countries. If these tools are in use, your personal information may potentially be transferred to these non-EU countries to be processed there.

If you are browsing my site as a prospective client; hence, as an unregistered user, I will only collect the personal information that your browser sends to my server. In such cases, I will collect the following information, which is technically necessary to display my site and provide you with an optimized viewing experience. The legal basis for this practice is defined by Art. 6 Par. 1 cl. 1 lit. f GDPR.

• IP address
• Date and time of inquiry
• Time zone difference from Greenwich Mean Time (GMT)
• Requested content (actual page(s) and/or downloaded file(s))
• Access status / HTTP status code
• Quantity of data transmitted
• Website from which the request was sent
• Browser, including language settings
• Operating system and its interface
• Display setup

I also collect your personal information if you provide it to me, for instance, when (i) you use my contact form, (ii) contact me to discuss a potential professional relationship, (iii) subscribe to my newsletter, (vi) register for an online event, (v) purchase premium content, or (vi) apply to have access to restricted areas of my site. Personal information that is collected in these instances varies, but typically includes your name, e-mail address, mailing address, and mobile phone number. I won’t share your personal information with third parties unless doing so is necessary to process your request, or you have authorized such an exchange (e.g., for payment purposes), or if I am compelled to comply with such a request by a court order of a court of competent jurisdiction, law enforcement, or any other legal or regulatory authority. If you contact me by email, then such email correspondence will be stored on my mail server. I may also store your inquiry and the information associated with it in my CRM system. This may include a copy of your emails in case I deem it necessary to process your request or evaluate a potential relationship with you as a client. My contact form is encrypted using SSL/TLS, which you can recognize by the “https” before my domain. My mail server also uses conventional encryption protocols.

Prospective clients

If you are a prospective client, I will collect additional details on the issue you are seeking help with, including information about your business, your business strategy, business model, and business objectives, your financial situation and financing objectives, your employees, customers, partners, and vendors, and your investors, if any, along with any other information that may be relevant for assisting you with your matter. Naturally, I will treat this information as strictly confidential and use it solely to process your inquiry or request; however, I will not consider you a client merely because you contacted me.

The legal basis for this practice is Art. 6 Par. 1 lit. b GDPR.


My site is not designed for or directed at children 16 years of age or younger; hence, I won’t intentionally collect, maintain, or use any personal information of anyone under this age.

I have implemented generally accepted standards of technology-enabled and operational security to protect your personal information from loss, misuse, alteration, or destruction. Only authorized personnel are provided access to your personal information and they are required to treat your information as strictly confidential. But even despite these precautions, I cannot guarantee that unauthorized parties will not be able to gain access to your personal information.

Like most other sites on the web, my site uses analytical tools and functions provided by Google Analytics. The provider of these tools and functions is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google” or “Google Analytics”).

Google Analytics enables website operators like me to analyze traffic- and behavioral patterns of their website visitors. To that end, I harness a broad cross-section of data about you as a user, including the time when you accessed my site, your origin, how you found my site, which pages you accessed, how much time you spent on such pages, which type of device and operating system you use, and other analytical information. However, none of this information can be used to identify you as an individual. Google may consolidate this data in profiles, which can merely be attributed to you as a visitor to my site and the device(s) you have been using to access my site. Information collected on my site by Google is typically transferred to a Google data center in the United States, where it is analyzed, stored, and packaged for use by website operators like me. I’m using Google Analytics and the services they provide, based on Art. 6(1)(f) GDPR. As the owner and operator of, I have a legitimate interest in Google’s analysis of user traffic- and behavioral patterns on my site in order to be able to optimize both the structure and content of my site along with potential advertising activities. If you consented to the placement of cookies on your device(s), the processing of your personal information is carried out on the basis of Art. 6(1)(a) GDPR. Naturally, you can revoke your consent at any time.

The data transmission to the United States is based on Standard Contractual Clauses (SCC) of the European Union. Additional details can be found here:

IP masking and browser plugin

Although Google claims to neither log nor store IP addresses in connection with providing analytical insights into the traffic- and behavioral patterns of visitors to subscribed sites (in Google Analytics 4), I decided to activate the IP masking function to protect the privacy of visitors to my site. As a result, your IP address will be abbreviated by Google within the jurisdiction of the European Union prior to its submission to Google’s data centers in the United States.

You can also prevent the recording and processing of your personal information by Google by downloading and installing the browser plugin available at

For more information about the handling of user data by Google Analytics, please feel free to review Google’s Data Privacy Declaration at

Archiving period

Personal information collected through cookies at the user or incident level, including user IDs and/or advertising IDs, will be anonymized or deleted after 14 months. For additional information on Google’s archiving practices, please feel free to visit

I’m hosting my site with GoDaddy. GoDaddy Europe Limited is located on the 5th Floor of The Shipping Building, The Old Vinyl Factory HAYES, UB3 1HA United Kingdom (hereinafter referred to as “GoDaddy”).

When you visit my site, your personal information will be processed on GoDaddy servers. This will likely result in the transfer of your personal information to the parent company of GoDaddy Europe Limited in the United States. The transfer of your personal information is based on the EU’s Standard Contractual Clauses. For additional information please visit:

I’m using GoDaddy as a hosting provider for my site based on Art. 6(1)(f) GDPR because I have a legitimate interest in my site being rendered as intended and being available on a reliable basis regardless of your location as a visitor to my site. If your consent was obtained, the processing of your requests and personal information will take place exclusively based on Art. 6(1)(a) GDPR. Naturally, you are free to revoke your consent at any time.

I’m using plugins of the Vimeo video portal on my site. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA (hereinafter referred to as “Vimeo”).

Hence, whenever you visit one of my pages featuring Vimeo videos, a connection with Vimeo’s servers is established. In this process, the Vimeo server receives information about which pages of my site you have visited. Vimeo also logs your IP address. However, I have configured Vimeo in such a way that Vimeo does not place any cookies and track your browsing history, activities, and consumption of Vimeo videos.

I’m using Vimeo to display select videos to enhance the overall presentation of my site and make browsing of available content more enjoyable for you. This is a legitimate interest on my part pursuant to Art. 6(1)(f) GDPR.

If a corresponding request for your consent was requested (e.g., concerning the storage of cookies), all your requests for Vimeo videos shall be processed exclusively on the basis of Art. 6(1)(a) GDPR. Naturally, you may revoke your consent at any time.

Data transmission to Vimeo in the US is based on the Standard Contractual Clauses (SCC) of the European Commission and on “legitimate business interests”. Details can be found here:

For more information on the handling of user data, please consult Vimeo’s data privacy policy at:

I may provide links to third-party websites as a service to you as a registered- or non-registered user of my site. In addition, some of the content appearing to be on my site is in fact supplied by third parties, for example, (i) embedded videos that are stored on YouTube, Vimeo, or other platforms, (ii) content, such as articles and posts that have been published on third-party blogs and blogging platforms, such as Medium, or (iii) content that has been published on social media platforms, such as Facebook, Twitter, Instagram, and their likes. Please be aware that I cannot control and that I am not responsible for the information collection practices on such third-party websites, which may differ from those on my site. I encourage you to review and understand the privacy policies on these websites before providing any information to them.

I’m running the Facebook page to be able to connect with members of the Facebook community. Facebook collects data on how users interact with each other and this page and processes this data outside of the EU. To mitigate any negative effects this could have on users, Facebook maintains a Privacy Shield certification (, which requires it to adhere to EU data protection standards. Naturally, Facebook uses the personal information generated by the use of my Facebook page for the purposes of advertising, analytics, and market research, for example, to develop a profile of your interests and habits, so that it can display ads specifically tailored to your profile. Facebook can also directly associate your activities on my Facebook page with your Facebook account (if you have one). In addition, Facebook provides me with a variety of aggregate data, which, generally, cannot be used to identify you as an individual. I use the insights from this data to make my Facebook page and corresponding activities more relevant, more attractive, and more entertaining to you. The legal basis for processing any of your user data on Facebook is my legitimate interest (as per GDPR article 6(1)(f)) in communicating with visitors to my Facebook page and the Facebook community at large in a more targeted and effective fashion.

You have the right to inquire whether I’m using and processing your personal information at any time according to Art. 15 GDPR. If I am, you may have additional rights and I may have additional obligations to provide you with additional information.

You also have the right to request a copy of the personal information I collected, to have that personal information to be corrected pursuant to Art. 16 GDPR, deleted according to Art 17 GDPR, and request my processing to be limited pursuant to Art 18 GDPR – provided that no other rules or regulation would keep me from complying with such requests.

Naturally, you can also, at any time, revoke your consent to have your personal information collected, stored, or processed according to Art. 6 Par. 1 lit. a, or Art. 9, Par. 2 lit. a GDPR, without having to provide any reasons for your decision. Please note that this won’t affect the processing of your personal information that was done prior to the date of your notice to revoke your consent.

You also have the right to data portability based on Art. 20 GDPR.

Based on Art. 21 GDPR, you also have the right to object to my processing of your personal information, particularly on the basis of Art. 6 Par. 1 lit. e or f GDPR. Should you wish to exercise that right, please provide me with a short explanation as to why you object to my processing of your personal information the way it’s done on my site. If your concerns are valid and your objection is deemed justified, I will review your case and either cease processing your personal information, make changes to the way I process it, or provide you with a reasonably acceptable explanation as to why I will have to continue processing your personal information as before.

In addition, and where granted by local law, you have the right to lodge a complaint with a competent data protection authority. In France, it’s the Commission nationale de l’informatique et des libertés (CNIL). Their website is available at

I reserve the right to make changes to my Privacy Policy from time to time. If you are a client, a prospective client, or a registered user, I will alert you to any such changes by sending you an email to your registered email address. If you are a non-registered user, I will try to notify you by prominently posting information about such changes on my site. So, please check back to review my Privacy Policy from time to time.

© 2024 Karl A. Mohr. All rights reserved.