Data Protection at PEACE OUT YOGA
1. General Information
1.1. The use of person-related data by Eric Bennewitz – PEACE OUT YOGE with residence in Hamburg and corresponding business address Rübenkamp 80, 22307 Hamburg – takes place according to valid legal regulations as well as according to permissions given by the user concerning the use of his/her data.
1.2. Eric Bennewitz runs the yoga studion PEACE OUT YOGA (later in here referred to as POY). Via POY various services in the sector yoga may be ordered or purchased. Yoga services by POY are owner-offered services. The subject of the contract is the use of POY's services. The usage of services offered by POY takes place by the user.
1.3. POY/Eric Bennewitz are aware that the protection and careful handling of person-related data of the user is very important. Because data protection is of great significance for POY, POY strictly adheres to legal data protection regulations (DSGVO, TKG & TMG) valid in Germany.
1.4. The user is obligated to read the POY's General Terms of Service (GTS) with respect to the subject of contract, duties of the user, liability limitations and many other important information on the website of POY under the domain www.peaceoutyoga.de.
2. Collection of Data
2.1. POY collects and stores any information which the user provides in the registration form and/or the Eversports platform (www.eversports.de) which are submitted to POY by the user within the scope of online bookings or submitted in any other ways, e.g. personally at the location. POY use the user's person-related data as long as this is legally permitted and only with the permission of the user. As far as the permission is given electronically within the scope of online bookings via Eversports, Eversports is bound to legal informational duties and stores the permission via suitable technical systems.
3. Purpose of Data Collection
3.1. POY processes your data within the scope of fulfilling the contract for the following purposes
a. for carrying out the check-in, reservations and storage of open products
b. for the issuance of invoices
c. for compiling a booking history d. for informational purposes towards the customer, e.g. in case of enquiries about the booking history, validity term of products etc.
You may withdraw your permission to the processing of data. A withdrawal results in the ceasing of handling of data according to the above mentioned purposes from the moment the withdrawal was declared. Please note that the POY products may not be used any more in case of withdrawal. In order to withdraw your permission, please refer to email@example.com
3.2. If you have subscribed for our newsletter, we process your data for the purpose of sending the newsletter. The subscription may be withdrawn at any time directly via the link in the newsletter or via e-mail to firstname.lastname@example.org
3.3. We store your data for the duration of the contractual relationship, the regular visit of the POY studios, respectively. Usually POY profiles, incl. the profile data provided by the user will deleted after 2 years in case of inactivity and without a valid product, e.g. 10-visit-card. Data displayed on an invoice or data necessary for issuing an invoice will be stored for longer durations according to the legal obligation to preserve records. After expiry of this term, also those data will be deleted.
4. Data Security
4.1. Person-related data are stored in closed systems (Eversports) and are password-protected due to data security reasons. The registration forms filled out on paper are safely kept in a lockable cabinet to which only authorised employees of POY have access.
4.2. Eversports is commissioned handling agent of POY and have taken suitable measures to guarantee data security. (please see https://www.eversports.at/h/security).
4.3. If POY obtains knowledge that user data were treated severely illegal threatening the user with damage, POY will immediately inform the user.
4.5. POY commissions the following service providers for data processing. We forward your data to the following recipients/recipient categories: - software providers for the execution of bookings, administration of products, cash register etc. (Eversports) - communication tool for customer communication via newsletter (Mailchimp) - external web hosting providers for the storage of data (Domain Factory) Your data will partly be processed outside the EU/EEA, namely in the USA. The suitable protection level results from the Adequacy Decision of the European Commission according to Art. 45 General Data Protection Regulation. (DSGVO)
5. Newsletter (Information concerning newsletter by Dr. Thomas Schwenke, Bar. At Law)
5.1. Registration and Dispatch: We send newsletters only with permission of the recipient. The dispatch of the newsletters takes place by "Mailchimp", a newsletter dispatch platform of the US-based provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. Mailchimp is certified according to the EU-US- Data Protection Convention "Privacy Shield" and is therefore obligated to comply with EU data protection regulations. Further, we have concluded a Data Processing Agreement with Mailchimp. Double-Opt-In and Logging The subscription to our newsletter takes place according to the so-called Double-Opt-In method. This means that you receive a mail after registration asking you to confirm your subscription. This confirmation is necessary in order to prevent subscription using e-mail addresses which are not your own. The subscription to the newsletter is logged in order to prove that the subscription process takes place according to legal requirements. This includes the storage of subscription and confirmation date as well as the IP address. Also changes of your data stored at Mailchimp will be logged.
5.2. Cancellation/Withdrawal You may cancel the reception of the newsletter at any time, meaning withdrawing your permission. At the same time your permission to the dispatch by Mailchimp and statistical interpretation is withdrawn. An individual withdrawal of the dispatch via Mailchimp and the statistical interpretation is not possible. You find a link to unsubscribe from the newsletter at the bottom of any newsletter. You may also directly unsubscribe via e-mail under email@example.com
5.3. Statistical Collection and Analysis The newsletters contain a so-called "web beacon", i.e. a pixel-sized file which is executed on retrieving the newsletter from the server. Within the scope of retrieval at first technical data will be collected, such as information about the browser and operating system as well as your IP address and the time of query. This information are used for the technical improvement of the service according to the technical data or target groups and their browsing behaviour according to the place of query(which can be determined by the IP address) or access times. Determining whether the newsletters were opened, when they were opened and which links were clicked also belongs to statistical collection. This information can technically be associated with individual newsletter recipients, however, it is neither our goal nor Mailchimp's goal to monitor individual users. The analysis rather serves the purpose to identify the reading behaviour of our users and to adapt our contents respectively or to send various contents to them according to their interests.
5.5. Legal Basis General Data Protection Regulation According to the provisions of the General Data Protection Regulation(DSGVO), valid as of 25th May 2018, we inform you that the permission to the forwarding of e-mail addresses is based on Art. 6, para. 1 lit. a, 7 DSGVO, as well as Sec. 7, para. 2 No. 3 of the German Act Against Unfair Competition (UWG). The commissioning of the forwarding service provider Mailchimp, the conduct of statistical collections and interpretation as well a protocolling of the registration procedure are carried out on the basis of our justified interest according to Art. 6, para. 1 lit. f DSVGO. Our interest is directed to the operation of a user-friendly and secure newsletter system which serves out economic interest as well as the user's expectations.
We would like to further inform you that you may object to the future processing of your person-related data according to the legal provision of Art. 21 DSVGO at any time. In particular, the objection may be explicitly declared against the processing for the purpose of direct mail.
6. Website (source: www.e-recht24.de)
Server-Log-Files: The provider of these websites automatically collects and stores information in log files which your browser automatically transmits to us, such as - browser type/version - used operating system - referrer URL - host name of the accessing computer - time of query Those data cannot be associated with individual persons. A merging with other data sources does not take place. We reserve the right to retrospectively check the data if reasonable evidences concerning illegal use become known. Contact form If you send enquiries to us via the contact form, your data entered into the contact form, including the stated contact data, are stored for the purpose of dealing with your enquiry and in case of additional enquiries. Those data will not be passed on without your permission.
Newsletter: If you would like to receive the newsletter offered on our website, we require your email address as well as information which allow us to check that you are the owner of the provided email address and that you agree to the reception of the newsletter. Further data will not be collected. We use those data exclusively for the sending of the requested information and do not transmit them to third parties. The given permission to the storage of the data, the email address as well as the use of such for the purpose of sending the newsletter can be withdrawn at any time via the “Unsubscribe”-link within the newsletter.
Processing of data (customer data and contract data): We collect, process and use person-related data only as far as necessary for the establishment, content-related arrangement or change of the legal relationship (stock data). We only collect, process and use person-related data about the use of our websites (usage data) insofar it is necessary for enabling, improving or invoicing the use of the service. Transmission of data on contract conclusion for online shops, traders and product shipment We transmit person-related data to third parties only if it necessary to fulfil the contract, e.g transmitting data to the forwarding agent or the commissioned credit institution in charge with the payment. A further transmission of data to third parties does not take place unless you have given your explicit permission. A transmission of data to third parties for commercial purposes does not take place.
Right to Information, Deletion, Blocking: You have the right to be informed about your person-related data, their origin and addressee and the purpose of data processing as well as the right to correction, blocking or deletion of those data at any time and free of charge. For further questions and questions concerning person-related data, feel free to contact us under the address published in the legal note.
Objection to commercial mails: Providers are obligated to publish contact information in the Legal Note/Impressum. The use of such contact information by third parties for the purpose of distributing unsolicited advertisements or other commercial information is prohibited. The operators of this website reserve the right to take legal measures in case of being sent unsolicited commercial information, e.g. spam mails etc.
8. Legal Note
8.1 We are available using the following contact details: By letter to: Eric Bennewitz - PEACE OUT YOGA, Rübenkamp 80, 22307 Hamburg By e-amail to: firstname.lastname@example.org
8.2 You have the general right to information, correction, deletion, restriction, transfer of data and objection. If so, please contact us. We you feel that the processing of your data violates data protection laws or if your data protection requirements are violated in some way, you may contact us directly. If we are not able to solve your case to your satisfaction, you have the right contact the responsible supervising authority at any time. In Germany the Data Protection Authority is in charge.
Dr. Thomas Schwenke:https://drschwenke.de/mailchimp-newsletter-datenschutz-muster-checkliste
English version by Translation Fritz