Privacy Policy

Last updated: June 2026

This Privacy Policy applies to the booking platform example.com.

1. Controller (Art. 4 No. 7 GDPR)

Your Studio
, , DE
E-mail: hello@example.com

2. Data We Collect and Why

2.1 Registration & User Account

When you register, we collect your email address, name (optional), and phone number (optional). This data is required to provide you with a user account for booking classes.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract) · Retention: until account deletion; financial data at least 10 years pursuant to § 147 AO.

2.2 Bookings & Payments

When booking a class or purchasing a credit package, we process the following data: booked class, date/time, credit type, payment status, and invoice number. Invoices are retained for ten years pursuant to § 147 AO.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract), Art. 6(1)(c) GDPR (legal obligations / tax law).

2.3 Email Notifications

We send transactional emails (booking confirmation, cancellation, invoices) via the service provider Resend (Resend, Inc., USA). The transfer is carried out on the basis of Standard Contractual Clauses (Art. 46(2)(c) GDPR).

Legal basis: Art. 6(1)(b) GDPR.

2.4 Server Logs & Security

Our hosting provider Hetzner Online GmbH (Germany) processes technical access data (IP address, timestamp, HTTP method) to ensure operational security. This data is automatically deleted after 7 days.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in IT security).

2.5 Cookies

This platform uses only technically necessary cookies (session cookie for login, CSRF protection). No tracking, analytics, or marketing cookies are set. Consent is therefore not required (§ 25(2)(2) TDDDG).

3. Disclosure to Third Parties

We share your data only to the extent necessary for the performance of the contract (e.g., Resend for email delivery) or where required by law. Your data is not sold.

4. Your Rights (Art. 15–22 GDPR)

  • Access (Art. 15)You may request information about the data we hold about you at any time.
  • Rectification (Art. 16)You can correct inaccurate data via your profile settings or by contacting us.
  • Erasure (Art. 17)You may request the deletion of your account. Booking and invoice data is subject to statutory retention periods (§ 147 AO, 10 years).
  • Restriction (Art. 18)You may request that the processing of your data be restricted.
  • Objection (Art. 21)You may object to processing based on legitimate interests.
  • Data portability (Art. 20)You may receive your data in a structured, machine-readable format.
  • Complaint (Art. 77)You have the right to lodge a complaint with a supervisory authority.

Please direct requests to: hello@example.com

5. Changes to This Policy

We reserve the right to update this Privacy Policy when the platform or the legal situation changes. The current version is always available at example.com/datenschutz.