Privacy and Cookie Policies

My Privacy Policy and Cookie Policy are a good faith effort to be transparent about how my website and overall business deal with your data.  I never sell data.  I do outsource my website design someone else so changes in the intricacies of functionality related to cookies mean this information is not guaranteed to be comprehensive or entirely up-to-date, although I do attempt to keep it that way.  While I have reviewed the following in detail and it is accurate to the best of my knowledge, I rely on other experts to create and maintain both the website and these policies in accordance with best practices.  If this doesn’t meet your needs, please don’t use my website.

Privacy Policy

Welcome to my website at and thank you for your interest in this Privacy Policy.

In this Privacy Policy, I would like to inform you about the nature, scope, and purpose of Personal Identifiable Information (PII) we (that is me and the third parties acting on my behalf) process when you use my website and services.

General information and mandatory disclosures

What is PII?

PII in this sense is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not PII. This includes, for example, the number of users of a website.

Person responsible

The person responsible for processing pursuant to the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (“GDPR”) is:

Katie Weatherup
8900 Grossmont Blvd 4-8
La Mesa, California, 91941 USA

E-Mail: katie (at) handsoverheart (dot) com

Scope of the processing of PII

As a matter of principle, we only collect and use PII from you insofar as this is necessary to provide a functional website and our content and services.

Relevant legal basis

Of course, to process your PII, we not only need to have a purpose such as you are sending us an enquiry or entering into a contract with us, but we also need to have a lawful basis to do so. The processing of your PII may be based on the following legal grounds:

  • Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose.
  • Contract – This is where we process your information to fulfil a contractual arrangement, we have made with you.
  • Answering your business enquiries – This is where we process your information to reply to your messages, e-mails, posts, calls, etc.
  • Legitimate Interests – This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and service in the most secure and appropriate way. Of course, before relying on any of those legitimate interests we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.
  • Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime.

Your rights

GDPR Rights

If you are a European Citizen, you have the following rights:

  • to confirmation as to whether data relating to them is being processed,
  • to information about the data processed, to further information about the data processing and to copies of the data;
  • to correction or completion of incorrect or incomplete data;
  • to immediate erasure of the data concerning them;
  • to receive the data concerning them and provided by them and to transfer this data to other providers/controllers.
  • to lodge a complaint with the supervisory authority if they are of the opinion that the data concerning them is being processed by the provider in breach of data protection provisions.

California Specific Rights

If you are a California resident, you have the following rights:

  • the categories and specific pieces of personal information we have collected about you;
  • the categories of sources from which we collected the personal information;
  • the business or commercial purpose for which we collected or sold the personal information;
  • the categories of third parties with whom we shared the personal information; and
  • the categories of personal information about you that we sold or disclosed for a business purpose, and the categories of third parties to whom we sold or disclosed that information for a business purpose.

The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.

If you wish to exercise your right to object, simply contact us.

Automatic collection of general data and information


Each time you visit my website, a number of general data and information is transmitted – even if you use my website for purely informational purposes. I only collect the general data and information that your browser transmits to my website`s server. This data and information are collected are technically necessary for the display my website to you and that serve the stability, security and danger or threat prevention in the event of attacks on my website, such as:

  • IP address
  • date and time of an access to the website
  • type and version of browser used
  • operating system used and its interface
  • the website from which an accessing system arrives at my website (so-called referrer)
  • sub-websites that are accessed via an accessing system on my website,
  • Internet service provider of the accessing system.

This data is deleted after the storage is no longer necessary for error analysis or danger or threat prevention. The legal basis for this data processing is my legitimate interest (Art. 6 (1) f) GDPR). When analyzing these general data and information, I do not draw any conclusions about you as a data subject.

Use of cookies

I use so-called cookies on my website. Cookies are small text files that are stored on your respective device (PC, smartphone, tablet, etc.) and saved by your browser. The legal basis for the use of cookies is your consent as well as my legitimate interest. For more information on cookies, please refer to my Cookie Policy.

Google reCAPTCHA

I also use Google Inc.`s reCAPTCHA to check whether data input is made by a human being or by an automated program. For this purpose, reCAPTCHA analyses the behavior of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. The legal basis for the data processing is our legitimate interest in operating a secure and spam free website.

Collection of PII and information when provided

Contact options via the website

Contacting me is made possible by e-mail, contact form and social media (Facebook). If you contact me, your transmitted PII will be automatically stored for the purpose of processing the request or contacting you. Data processing for the purpose of contacting me is carried out on the basis of your voluntarily given consent or, in the case of a (pre-)contractual relationship with me, the initiation of a contractual service. I delete the data accruing in this context after the storage is no longer necessary for the processing of your request or restrict the processing if there are legal retention obligations.

Working with me and my services

When requesting my services, it is necessary, among other things, to provide your name, e-mail address and postal address and, if applicable, your payment data, and other details. I process and store the PII provided when you request my services solely for the purpose of providing you with the ordered service. Accordingly, the data is processed on the basis of our contractual relationship as well as to fulfil my legal obligations.

Book a Session

For booking an appointment in an easy and convenient way, I use Bookeo. Your data from the form will be transferred to my appointment account with Bookeo after you press the “Book appointment” button. You will then receive a confirmation email with a link to the event. Your data will be kept at Bookeo until the purpose for storing the data no longer applies (appointment made) or you request me to delete it. Bookeo undertakes not to pass on your data to third parties. The legal basis for this is my legitimate interest in effective customer communication.

Financial Information

To make a purchase or donation, you may need to provide a valid payment method (e.g., credit card). Your payment information will be collected and processed by our authorized payment vendor PayPal. I do not directly collect or store credit or debit card numbers in the ordinary course of processing transactions.

Academy Of Practical Shamanism

My courses are hosted by Invanto. The Invanto platform provides the learning environment and offers the corresponding sales interface. In accordance with Invanto`s Privacy Policy your data is stored at Invanto, in their databases and applications on a secure server with up-to-date security standards.


If you register for our newsletter, we will regularly send you information about my offers. The only data required or sending the newsletter is your Name and e-mail address. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the responsible person named at the beginning. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately. The newsletter is sent using the dispatch service provider “MailChimp”, a newsletter dispatch platform of Intuit Inc.

Administration, financial accounting, and contact management

I process data within the scope of administrative tasks as well as organization of my business, financial accounting, and compliance with legal obligations, such as archiving. In doing so, I process the same data that I process in the context of providing our contractual services. The purpose and my interest in the processing thus lies in the administration, financial accounting, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. In this context, I disclose or transmit data to the tax authorities, consultants such as tax advisors or auditors as well as other fee offices and payment service providers.


I use Apple iTunes, and Google Podcasts to host and provide podcasts. When using the relevant podcasts service provider, data is transferred to the podcasts service provider. The data may possibly include the addresses of the websites visited as well as browser information, date and time of the connection. I have no knowledge of the content of the transmitted data or of the manner in which it is used or of the duration of its storage by the relevant podcasts service provider. The legal basis for the processing of the data is my legitimate interest, as I would like to offer you an appealing internet presence as well as various up-to-date information with me. Further information can be found in the relevant podcasts service provider Privacy Policy.

Disclosure of data to third parties, Security and Storage

Disclosure of data to third parties

I will only share your PII with third parties if:

  • you have given your express consent to do so,
  • the disclosure is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
  • in the event that there is a legal obligation for disclosure, as well as
  • this is legally permissible and necessary for the processing of contractual relationships with you.

General technical organizational measures (Security)

I have taken a variety of security measures to protect PII to an appropriate extent and adequately. All information held by me is protected by physical, technical, and procedural measures that limit access to the information to specifically authorised persons and in accordance with the CCPA and GDPR and this Privacy Policy.

In addition, where I use third parties to carry out processing only those who need the information to perform a specific job are granted access to PII. If this is the case these companies act on my behalf by way of commissioned processing and may therefore use the data provided exclusively in accordance with our instructions. In this case, I`m legally responsible for appropriate data protection measures at the companies I commission. I therefore agree on specific data security measures with these companies and monitor them regularly.

If I use service providers in third countries, I take additional measures to ensure an adequate level of data protection for the transfer of PII and thus ensure that the transfer is generally permissible and that the special requirements for a transfer to a third country are met (e.g., by concluding standard contracts and additional guarantees, supplementary technical and organizational measures such as encryption or anonymization).

Finally, I may need to disclose your data to authorities or government agencies if I`m legally obliged to do so, for example, due to official or court orders, or because this is necessary for the prosecution of criminal offenses or for the exercise and enforcement of my rights and claims.

Duration of storage

I store your PII for as long as necessary to achieve the respective storage purpose. Afterwards, your data will be deleted, unless I am obliged to store it for a longer period of time due to tax, commercial or other legal storage or documentation obligations, or you have agreed to a storage beyond this period.

Miscellaneous and closing

Links to others

My website contains so-called hyperlinks to websites of other providers. When you activate these hyperlinks, you will be redirected from my website directly to the website of the other provider. You will recognise this by the change of URL, among other things. I cannot accept any responsibility for the confidential handling of your data on these third-party websites, as I have no influence on whether these companies comply with data protection regulations. Please inform yourself about the handling of your PII by these companies directly on these websites.

Social Media

I`m present on Facebook and Instagram to communicate with my customers, interested parties and users registered there and to be able to inform them about my offers there. I would like to point out that you use these platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating). The processing of users’ PII is based on my legitimate interests in providing users with effective information and communicating with users.

Accuracy and updating your information

It is important that the data I hold about you is accurate and current, therefore please keep me informed of any changes to your PII. If you believe that the information, I hold about you is inaccurate or that I am no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting me.

For your protection and the protection of all of users, I may ask you to provide proof of identity before I can answer your requests. Also please keep in mind, that I may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Lastly, I may not be able to accommodate certain requests to object to the processing of PII, notably where such requests would not allow me to provide my service to you anymore.

Data Breaches/Notification

Databases or data sets that include PII may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, I will notify all affected individuals whose PII may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

PII and children

My services are aimed at people aged 18 and over. I will not knowingly collect, use, or disclose PII from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.


I reserve the right to adapt this privacy policy with effect for the future, in particular in the event of further development of the website, the use of new technologies or changes to the legal basis or the relevant case law.

Questions or Comments

If you have any questions or comments about our Privacy Policy or wish to exercise your rights under applicable laws, please contact us using the following contact details:

Katie Weatherup
8900 Grossmont Blvd 4-8
La Mesa, California, 91941 USA

E-Mail: katie (at) handsoverheart (dot) com

This Privacy Policy was last updated on Sunday, October 9, 2022

Cookie Policy

Thank you for your interest in this Cookie Policy. In the below, I inform you about the use of cookies on my website.

Why do I have a Cookie Policy?

The provision of information about use of cookies is required and set out in the California Consumer Privacy Act (CCPA), the Privacy and Electronic Communications Directive (PECD) and in part in the General Data Protection Regulation (GDPR).

What are cookies and why I use them?

A cookie is a simple small file that is sent with the pages of an Internet address and can be stored by the web browser on the PC or device. The information stored in it may be sent to our or relevant third-party servers during subsequent visits.

To obtain information about the use of our web sites, we (that is me and the third parties helping to provide my website), use cookies. Whenever you browse the Internet, you use a browser. Most websites store small text files in your browser. These files are called cookies.

These cookie files are automatically placed in the cookie folder, effectively the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you return to our site, your browser transmits the “user-related” information back to our site. Thanks to cookies, our site knows who you are and offers you your usual default setting.

There are two classes of cookies, namely first-party cookies, and third-party cookies.

First-party cookies are created directly by our website, whereas third-party cookies are created by a partner website.

Each cookie stores different data, has a lifespan (that can vary from a few minutes to a few years) and thus must be assessed on individual basis. Because of that there are several types of cookies.

The least privacy invasive type of cookies are Essential or Necessary cookies. These cookies are essential or necessary to ensure that a website works properly and is secure so that you can navigate a website and use its features. Without these cookies, certain features of a website would not function, and thus you would not be able to use certain services.

There are also Functional cookies or sometimes called convenience cookies. These cookies allow a website to remember the options a user has made (including user ID`s stored, consents given, or languages selected) and other personalization options you have selected when browsing.

Further there are also Analysis and performance cookies, which are used to monitor and improve the function and service of a website. Those can track down problems when using a website, facilitate online surveys, record visitor numbers, and provide analytics metrics.

Lastly, Advertising cookies or targeting cookies. They are used to deliver customized advertising to the user. This can be very convenient, but also very annoying.

Advertising cookies or targeting cookies)

The Cookies used on my website

Below you can find the cookies we use listed in accordance with their Name, Description, Lifespan, and Type. Please note that this list maybe updated from time to time to adapt to changes on our website and applicable data protection law.

    • This cookie is native to PHP applications. The cookie is used to store and identify a users’ unique session ID for the purpose of managing user session on the website. The cookie is a session cookie and is deleted when all the browser windows are closed.
    • session
    • Necessary
  • YSC
    • YSC cookie is set by YouTube and is used to track the views of embedded videos on YouTube pages.
    • session
    • Advertisement
    • A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
    • 5 months 27 days
    • Advertisement
  • _ga
    • The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
    • 2 years
    • Analytics
  • _gid
    • Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website’s performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
    • 1 day
    • Analytics
  • _gat
    • This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.
    • 1 minute
    • Performance
  • ts
    • PayPal sets this cookie to enable secure transactions through PayPal.
    • 3 years
    • Necessary
  • ts_c
    • PayPal sets this cookie to make safe payments through PayPal.
    • 3 years
    • Necessary
  • enforce_policy
    • PayPal sets this cookie for secure transactions.
    • 1 year
    • Necessary
  • x-pp-s
    • PayPal sets this cookie to process payments on the site.
    • session
    • Functional
  • nsid
    • This cookie is set by the provider PayPal to enable the PayPal payment service in the website.
    • session
    • Functional
  • l7_az
    • This cookie is necessary for the PayPal login-function on the website.
    • 30 minutes
    • Performance
  • tsrce
    • PayPal sets this cookie to enable the PayPal payment service on the website.
    • 3 days
    • Functional
    • YouTube sets this cookie via embedded YouTube-videos and registers anonymous statistical data.
    • 2 years
    • Analytics
  • yt-remote-device-id
    • YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
    • never
    • Advertisement
  • yt-remote-connected-devices
    • YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
    • never
    • Advertisement

How can I delete cookies?

How and whether you want to use cookies is up to you. Regardless of which service or website the cookies come from, you always have the option to delete, only partially allow or disable cookies. To do so follow the link to your browser Google Chrome, Mozilla Firefox, Flash cookies, Microsoft Internet Explorer/ Edge,  Opera, Safari.

Does this policy change?

I may from time to time update our Cookie Policy, to reflect a change in the law, in our business practices or the cookies we use.

Who should I contact for more information?

If you have any questions or comments about our Cookie Policy or wish to exercise your rights, please contact us using the following contact details:

Katie Weatherup
8900 Grossmont Blvd 4-8
La Mesa, California, 91941 USA

E-Mail: katie (at) handsoverheart (dot) com

This Cookie Policy was last updated on Sunday, October 9, 2022