Glow Club
STAY UPDATED
ON GLOWY NEWS
Enjoy a 10% discount on your first booking — sign up for our newsletter now and receive regular updates on our latest treatments, promotions and much more so you never miss out!
The issue of data protection is important to us. For this reason, we would like to use our privacy policy to inform you about how we handle your personal data. In particular, which data we collect, what we use the data for and for what purpose the data is collected. In particular, personal data is any information relating to an identified or identifiable natural person. We treat your personal data confidentially and in accordance with the requirements of legal data protection regulations and this privacy policy.
1. General data protection information
Responsible body
The body responsible for data processing carried out within the framework of this website is:
kalialab GmbH
Ballindamm 11
20095 Hamburg
Phone: +49 40 229 479 17
email: info@kalialab.de
We have appointed a data protection officer. You can contact him using the following contact details:
DeData GmbH & Co. KG
Habichtswalder Strasse 18
34119 Kassel
Phone: +49 561 316 85 89
email: buero@dedata.de
Storage period
Unless a specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you make a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted unless we have any other legally permissible reasons for storing your personal data (e.g. tax or commercial retention periods); in the latter case, the deletion will take place after these reasons cease to exist.
Note on data transfer to the USA and other third countries
Our website includes tools from companies based in the USA. As soon as these tools are active, your personal data will be transferred to the USA and processed there. We would like to point out that no level of data protection comparable with the EU can be guaranteed in the USA. For example, US companies are required to disclose personal data to security authorities without you, as the person concerned, being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.
We transfer your data to companies based in the USA or other third countries exclusively under the conditions of Articles 44 to 49 GDPR and therefore only with your express consent, a transfer required by contract or law, the contractual obligation through so-called standard contractual clauses of the EU Commission or if there are certifications or binding internal data protection regulations. As part of this privacy policy, we will inform you which of the tools used will transfer data to the USA or to another third country.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection when the browser's address line changes from “http://” to “https://” and by the lock icon in your browser line. If SSL or TLS encryption is activated, the data that you submit to us cannot be read by third parties.
Your rights in connection with data processing carried out by us
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request that this data be corrected or deleted. If you have given your consent to data processing, you can withdraw this consent at any time for the future. You also have the right to request that the processing of your personal data be restricted under certain circumstances. You also have the right to lodge a complaint with the competent supervisory authority. You can find more information about this and how to exercise your rights in the last section of this privacy policy.
2nd hosting
hosting
Our website is hosted by an external service provider (host). Personal data that we collect from you on our website is stored on this host's servers. This data primarily includes IP addresses, contact requests, meta and communication data, contract data, contact details, website access and other data generated via our website.
Data processing through the use of the host is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in providing you with our online services securely, quickly and efficiently with the help of a professional provider.
Our host will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data.
The provider is based in the EU/EEA. There is no transfer of personal data to third countries outside the European area.
We use the following host:
ALL-INKL.COM
Main road 68
D-02742 Friedersdorf
Phone: +49 35872 353-10
3. Data collection on this website
cookies
Our website uses cookies. These are small text files that are stored on your device. So-called session cookies are only stored temporarily and only for the duration of a session and are deleted after leaving our website. Permanent cookies, on the other hand, remain on your device until you delete them via your browser or they are automatically deleted by your web browser.
When it comes to cookies, a distinction must be made between technically necessary cookies and technically unnecessary cookies (e.g. for analysis purposes).
Technically necessary cookies are required to carry out the electronic communication process or to provide certain functions desired by you (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience). These cookies are stored on your device at the time you visit our website. Unfortunately, it is not possible to operate our website without these technically necessary cookies. We use these cookies on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in storing cookies for the technically error-free and optimized provision of our services.
You can set your browser so that you are informed when cookies are set and only allow cookies in individual cases, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when you close the browser. If cookies are deactivated, the functionality of this website may be limited.
Cookies from third-party companies (so-called third-party cookies)
Cookies from third-party companies (so-called third-party cookies) are stored on your device based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. You can give your consent to this via the cookie or consent banner, which is displayed directly to you when you visit our website. These cookies are only stored on your device after you have given us your consent to do so. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG); consent can be withdrawn at any time.
We will inform you separately about the use of these cookies as part of this privacy policy.
Cookie consent via consent banner
Our website uses a consent banner to obtain your consent to use certain technologies (tools and plugins) and/or to store cookies on your device and to document this in accordance with data protection regulations. We will inform you separately about the cookies and technologies that require consent as part of this privacy policy.
The selection in the cookie banner represents your consent under data protection law in accordance with Art. 6 para. 1 lit. a DSGVO or, in the case of transfers to third countries, in accordance with Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information on your device (e.g. via device fingerprinting), data processing is also carried out on the basis of Section 25 (1) TTDSG. The granting of your consent is voluntary; you can withdraw it at any time with effect for the future. You can withdraw your consent by changing your previous selection in our cookie banner or by deleting all cookies via your browser and reloading our website.
In order to save your selection via the consent banner, cookies are set in your browser by the consent banner. These are stored until you ask us to delete them or delete the cookies yourself or the purpose for storing the data no longer applies. Mandatory legal storage periods remain unaffected. The legal basis for the use of the consent banner is Art. 6 para. 1 lit. c GDPR.
Server log files
Technical data (so-called server log files) is collected when you visit our website. These are the browser type and version you use, the operating system, the referrer URL, the host name of the accessing computer, the time the page was accessed, your IP address and the type of transfer protocol, e.g. https. This data is collected on the basis of our legitimate interest in the technically error-free presentation and optimization of the website in accordance with Art. 6 para. 1 lit. f DSGVO. For this purpose, server log files must be collected. This data is not combined with other data sources.
contact form
Our website uses a contact form. The information you provide there and the contact details stored there will be stored by us for the purpose of processing your request and in case of subsequent questions. The data you enter will be processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a DSGVO. The data entered will remain with us until you withdraw your consent or the purpose for storage (in particular the processing of your request) no longer applies. Statutory storage periods remain unaffected by this.
Contact via e-mail, telephone or fax
If you contact us by email, telephone or fax, we will store your contact details, inquiries and related information.
If your contact is related to the fulfilment of a contract or to pre-contractual measures with us, your data will be processed on the basis of Art. 6 para. 1 lit. b DSGVO for the purpose of fulfilling the contract. If this is not the case, the processing of your data is based on our legitimate interest in accordance with Article 6 (1) (f) GDPR in the rapid and effective processing of inquiries addressed to us. The inquiries you send us and related information will remain with us until the purpose of storage (in particular processing of the request) ceases to apply or you ask us to delete them. Statutory storage periods remain unaffected by this.
4. Processing of personal (health) data when consulting, examining or otherwise contacting kalialab
Processing purposes
If you provide us with personal (health) data about yourself as part of an investigation, e.g. telephone number or email, this will be stored on our server, and the personal data collected as part of the appointment will be stored on the servers of
Claysen GmbH
Scheibenstraße 121
48153 Munster
as well as data and health data collected as part of patient admission by
Nelly Solutions GmbH
River Spree 3
10178 Berlin
collected are stored and processed personally for the following purposes:
The data you provide may include, for example, your name, email address, telephone number and/or other health-related information that is necessary for the examination you have requested and is therefore requested in advance. We would like to point out that this regularly involves particularly sensitive health data, which may allow conclusions to be drawn about your or your health status.
If it is possible to enter personal data on our website, we would like to draw your attention to the fact that only the specially marked mandatory fields are required to process inquiries and process contracts. All other data provided is voluntary and is processed by us to optimize our offer and, if applicable, for the purposes mentioned above. Your personal data will not be made available to third parties in any form by us or persons commissioned by us, unless this is done as part of the execution of the contract or you have given your consent or an official order has been issued.
Processing and transfer of personal data
Claysen
We will only process the personal (health) data you provide to us for the purposes mentioned above. Your personal data will be passed on to Claysen GmbH to book an appointment. Billing is carried out via [...]. Only your personal data, without your personal health data, is shared for contact and billing purposes. There are various payment methods available to bill for your treatment.
Nelly
As part of patient admission, the health data you provide is transmitted to Nelly Solutions GmbH (“Nelly”) and stored on an AWS cloud server in Frankfurt am Main. Nelly acts as a service provider for digital signatures, data management and archiving systems. We have concluded a contract with Nelly in accordance with Article 28 of the General Data Protection Regulation (GDPR), which ensures that Nelly only processes the data in accordance with our instructions. To fulfill the processing orders placed with us, Nelly in turn uses sub-processors in the USA. If you have any questions about this, you can always contact info@nelly-solutions.com. For more information about data processing by Nelly, please visit https://www.nelly-solutions.de/datenschutzerklaerung
Your health data will not be passed on to other third parties
5. Plug-ins and tools
youtube
Videos from the YouTube video portal are integrated on our website so that you can present interesting video content directly on our website. The provider of the video portal is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube is a subsidiary of Google. The company responsible for data processing is therefore Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you enter our website, a connection is made to the YouTube servers to load relevant video content. Please refer to the section “Note on data transfer to the USA and other third countries”. Your IP address, browser type, operating system, information about the pages you have accessed and running in parallel, location and, if applicable, your mobile phone provider and the search terms you use are then transmitted to YouTube and stored. If you have a YouTube account and are logged into it, YouTube can assign your surfing behavior directly to your YouTube account. If you do not want this, you must log out of your YouTube account before clicking on the video. Using YouTube also creates a connection with the Google DoubleClick/Google Ads network. Unfortunately, we have no influence on the data processing resulting from Google DoubleClick and/or Google Ads.
YouTube uses cookies or other recognition technologies (e.g. device fingerprinting) for the purpose of recognition after a video has been started. This allows YouTube to collect further data and information about visitors to this website. These are used by YouTube, among other things, to collect video statistics, prevent fraud attempts and further improve usability. After the start of a YouTube video, further data processing processes may be triggered over which we have no influence.
YouTube is used on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in presenting our online offers in an appealing way.
As a basis for data processing for recipients based in third countries (outside the EU and the EEA), in particular in the USA or for data transfer, Google also uses standard contractual clauses approved by the EU Commission (Art. 46 (2) and (3) GDPR). These clauses oblige Google to comply with the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision by the EU Commission. The resolution and clauses can be found here, among others: https://policies.google.com/privacy/frameworks?hl=de.
For more information on YouTube's handling of user data, please see Google's privacy policy at: https://policies.google.com/privacy?hl=de.
Google Web Fonts
Our website uses the Google WebFonts service to uniformly display fonts. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
In order to display texts and fonts correctly, your browser loads the required fonts into your browser cache when you visit our website. To do this, your browser automatically connects to Google servers in the USA. Please refer to the section “Note on data transfer to the USA and other third countries”.
The integration of Google WebFonts on our website enables Google to collect data about our website visitors. This data includes your IP address, information about the browser used, the device used and language settings. Among other things, this data is also transmitted to Google's servers in the USA and stored.
The use of Google WebFonts is based on our legitimate interests in accordance with Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the uniform display of fonts on our website in order to present our content clearly and reader-friendly and thus to facilitate the transfer of information and knowledge.
As a basis for data processing for recipients based in third countries (outside the EU and the EEA), in particular in the USA or for data transfer, Google also uses standard contractual clauses approved by the EU Commission (Art. 46 (2) and (3) GDPR). These clauses oblige Google to comply with the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision by the EU Commission. The resolution and clauses can be found here, among others: https://policies.google.com/privacy/frameworks?hl=de.
For more information about Google Web Fonts, please visit https://developers.google.com/fonts/faq and Google's privacy policy: https://policies.google.com/privacy?hl=de.
Zendesk
We use the Zendesk CRM system to process user inquiries. The provider is Zendesk, Inc., 1019 Market Street in San Francisco, CA 94103 USA. We use Zendesk to process your inquiries quickly and efficiently. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. You can only send inquiries by providing your email address and without providing your name. The messages sent to us will remain with us until you request us to delete them or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions — in particular retention periods — remain unaffected. Zendesk has Binding Corporate Rules (BCR), which have been approved by the Irish Data Protection Authority. These are binding internal company regulations that legitimize intra-company data transfer to third countries outside the EU and the EEA. Details can be found here:
https://www.zendesk.de/blog/update-privacy-shield-invalidation-european-court-justice/
If you do not agree to us processing your request via Zendesk, you can alternatively communicate with us via email, telephone or fax. For more information, see Zendesk's privacy policy: https://www.zendesk.de/company/customers-partners/privacy-policy/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TOjeAAG&status=Active
Zendesk chat features
Our website offers you the option to send us messages via a chat window. The chat features are provided by Zendesk. If you use this chat window, we save your IP address in addition to your chat messages. It is not necessary to provide your name for the chat.
Order processing
We have concluded an order processing contract (AVV) for the use of the above service. This is a contract required by data protection law, which ensures that it only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
6. Social media presence
We maintain publicly available profiles on social networks. The individual networks we use can be found below. These networks can usually comprehensively analyze your user behavior. Visiting our social media sites therefore triggers numerous data protection-relevant processing processes:
If you are logged in with your social media account and visit our social media presence, the operator of the social media portal can associate this visit with your user account. Your personal data may be collected even if you are not logged in or do not have an account with the respective social network. In this case, data collection takes place, for example, via cookies that are stored on your device or by recording your IP address. With the help of the collected data, social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be shown to you within and outside the respective social network. If you have an account with the respective social network, interest-based advertising can also be displayed on all your devices on which you are logged in or were logged in. With the help of our social media accounts, we want to ensure the broadest possible presence on the Internet and, if necessary, promote our company. This represents a legitimate interest in accordance with Article 6 (1) (f) GDPR.
We also collect your personal data when you contact us via one of our social media accounts. Which data is collected depends in detail on which data you provide to us in your message. In any case, we collect the content of your messages, your user name, date and time of contact, and information about which social network you used to contact us. We process this data for the purpose of processing your request. The legal basis for this processing is our legitimate interest in accordance with Article 6 (1) (f) GDPR in the rapid and effective processing of all inquiries addressed to us.
If you contact us via a social network and this contact is aimed at concluding a contract for the delivery of goods or the provision of services, we process your data to fulfill the contract or to carry out pre-contractual measures or to provide the desired services. In this case, the legal basis for processing your data is Art. 6 para. 1 lit. b GDPR.
Data that we collect ourselves is deleted from our systems when it is no longer required for the purposes specified when it was collected or when you have made use of your right of withdrawal or objection. Statutory storage periods remain unaffected by this.
In turn, processing operations originating from social networks may be based on other legal bases. These must be provided by the operators of the social networks. We have no influence on the storage period of data that social networks process for their own purposes. For details, please contact the respective social networks.
We have a Facebook profile. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the data collected via the profile is also transferred to the USA and other third countries.
We are jointly responsible with Facebook for data processing carried out using our profile. We have therefore concluded a joint processing agreement (Controller Addendum) with Facebook. This agreement defines which data processing processes we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
If, as a visitor to our Facebook page, you wish to assert your rights under the GDPR (information, correction, deletion, etc.), you can assert these rights both against us and against Facebook.
You can adjust your advertising settings yourself in your Facebook account. To do this, click on the following link and log in with your user data: https://www.facebook.com/settings?tab=ads.
Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
For more details, please see Facebook's privacy policy: https://www.facebook.com/about/privacy/.
We have an Instagram profile, an online service for sharing photos and videos. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland The data collected via our profile is also transferred to the USA by Instagram.
Instagram is responsible for processing your personal data through our Instagram account. If you would like to exercise your data subject rights in connection with this processing (information, correction, deletion, etc.), please contact Instagram directly.
Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
For more details on data processing by Instagram, please see Instagram's privacy policy: https://help.instagram.com/.
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. The data collected via our profile can also be transferred to the USA by LinkedIn. LinkedIn uses advertising cookies.
If you would like to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
LinkedIn is responsible for processing your personal data through our LinkedIn account. If you would like to exercise your data subject rights in connection with this processing (information, correction, deletion, etc.), please contact LinkedIn directly.
Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
For more details on data processing by LinkedIn, please see LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
youtube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The data collected via our profile can also be transferred to the USA by YouTube and Google.
Google is responsible for processing your personal data through our YouTube account. If you would like to exercise your data subject rights in connection with this processing (information, correction, deletion, etc.), please contact Google directly.
For more details on data processing by YouTube, see Google's privacy policy: https://policies.google.com/privacy?hl=de.
We have a profile on Pinterest. The operator is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. The data collected via our profile can also be transferred from Pinterest to the USA.
Pinterest is responsible for processing your personal data through our Pinterest account. If you would like to exercise your data subject rights in connection with this processing (information, correction, deletion, etc.), you should assert them most effectively with Pinterest.
For more details on data processing by Pinterest, please see Pinterest's privacy policy: https://policy.pinterest.com/de/privacy-policy.
TikTok
We have a profile on TikTok. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. The data collected via our profile is also transferred to the USA by TikTok.
TikTok is responsible for processing your personal data through our TikTok account. If you would like to exercise your data subject rights in connection with this processing (information, correction, deletion, etc.), you should assert them most effectively with TikTok.
Data transmission to non-secure third countries is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.tiktok.com/legal/privacy-policy?lang=de.
For more details on data processing by TikTok, please see TikTok's privacy policy: https://www.tiktok.com/legal/privacy-policy?lang=de.
Hootsuite
We use Hootsuite to manage our social media channels. The provider of this service is Hootsuite Media, 37 Dunlevy Ave., Vancouver, BC, Canada V6A 3A3. With Hootsuite, we can manage multiple social media accounts to schedule, publish, and analyze posts.
Hootsuite processes the data you enter on our social media channels, such as comments, likes, images, videos, shares, etc. are published by the respective social media platforms and are not processed by us for any other purposes.
7th newsletter
On our website, you have the option to subscribe to our newsletter. To do this, we need your email address and name. We use this data exclusively to send the newsletter, but it is not passed on to third parties.
This data is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent to store your data and to use it to send the newsletter at any time, for example via the “unsubscribe” link in the newsletter.
The legality of the data processing operations that have already taken place remains unaffected by the revocation.
If you provide us with data for the purpose of subscribing to the newsletter, it will be stored by our newsletter service provider until you unsubscribe from the newsletter and then deleted from the newsletter distribution list. After you have unsubscribed from the newsletter distribution list, your e-mail address will continue to be stored in a blacklist with our newsletter service provider to avoid future mailings. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Article 6 (1) (f) GDPR). Storage in the blacklist is indefinite. You can object to it provided that your interests outweigh our legitimate interest
Our newsletters are sent by Claysen GmbH.
8. Your rights in connection with data processing
If we process personal data relating to you, you as a data subject have a number of different rights. You can claim this by sending us an e-mail to the email address given in the legal notice, specifying the claimed right. We may contact you with questions to identify you so that we can unequivocally rule out fraud.
Rights to information, correction and deletion
In accordance with Article 15 GDPR, you have a comprehensive right to information about the processing of personal data concerning you at any time. Under certain conditions, you also have the right to correct your data in accordance with Article 16 GDPR and to delete your data in accordance with Article 17 GDPR.
Right to object to data collection in special cases and to direct marketing
In accordance with Article 21 (1) GDPR, you have the right to object at any time to data processing that we carry out on the basis of our legitimate interests in accordance with Article 6 (1) (f) GDPR. If you object to such processing, we will suspend data processing unless there are compelling legitimate reasons for continuing processing that outweigh your interests or the processing serves to exercise, defend or assert legal claims.
Gem. In accordance with Article 21 (2) GDPR, you also have the right to object at any time to the processing of your personal data for direct marketing purposes. In this case, we will stop processing this data for direct marketing purposes with immediate effect.
Right to restrict processing
Gem. Art. 18 GDPR, you can request that we restrict the processing of your personal data provided that one of the following conditions is met:
If processing has been restricted, apart from mere storage, we may only process your data with your express consent, to defend, assert or exercise legal claims, to protect natural or legal persons or for reasons of important public interest.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to yourself or to a third party in a common, machine-readable format. If you request the direct transfer of data to another person responsible, this will only be done insofar as it is technically feasible.
Withdrawal of consent
Some of the data processing carried out by us is only permitted with your express consent. The granting of consent is always voluntary. You can withdraw any consent you have already given us at any time in whole or in part with effect for the future. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation. How you can exercise your withdrawal is described in more detail in this privacy policy in the privacy policy for the respective service.
Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority at any time if you believe that we are in breach of legal provisions when processing your personal data.
Which data protection supervisory authority is competent is based on the place of your habitual residence, place of work, the place of the alleged infringement or the registered office of the person responsible. The supervisory authority responsible at our headquarters is:
The Hamburg Commissioner for Data Protection and Freedom of Information
Thomas Fuchs
Ludwig-Erhard-Str. 22, 7th floor
20459 Hamburg
Telephone: 040/428 54-40 40
email: mailbox@datenschutz.hamburg.de
A list of all supervisory authorities and their contact details can be found at the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Enjoy a 10% discount on your first booking — sign up for our newsletter now and receive regular updates on our latest treatments, promotions and much more so you never miss out!