Data protection statement
You can find our website at: http://soulhouse.me.
The following data protection statement explains the type, scope and purpose of the collection, use and processing of personal data by Soulhouse GmbH.
1. Responsible body within the meaning of the data protection regulations is:
Soulhouse GmbH, Schlüterstrasse 86, 20146 Hamburg (hereinafter also referred to as “we” or “SOULHOUSE”)
Register court: Hamburg District Court, HRB 163902, Managing Director: Rozalla Tapper
Data protection offer: email@example.com
You can send any questions regarding the processing of your personal data to us at firstname.lastname@example.org
2. Collection and storage of personal data, type and purpose of use
Soulhouse runs the online platform SOULHOUSE. Within the bounds of technical availability, the platform can be used to make appointments for ̈massage and wellness treatments on mobile and desktop devices ̈via a mobile app for the IOS and Google Android operating systems or a web application. In the process, Soulhouse merely offers to arrange and process appointments between the customer and a service provider provided by Soulhouse via the platform.
SOULHOUSE can be used via a program interface which communicates with the system via the internet through protected access. Web-based access can be obtained through a browser.
The name, username, password, email address and organisational affiliation of every user is stored to enable them to use SOULHOUSE. Without this information, it is not possible to use SOULHOUSE. The purpose of processing the aforementioned data is to guarantee functional reliability and optimal use of SOULHOUSE as well as to evaluate them for administrative purposes.
When you visit SOULHOUSE, the browser used on your device automatically sends information to our server. This information is saved in a temporary log file and stored until its automatic deletion. The data in question comprise the IP address of the requesting device with the date and time of access as well as the name and URL of the file called up and the URL of the website from which access is obtained. The browser used, the operating system on your device and the name of the relevant access provider are also identified.
The purpose of processing the aforementioned data is to guarantee a smooth connection with the website for optimal use of our web based offering as well as to evaluate the reliability and stability of the system. The data also serve administrative purposes.
The legal basis for processing these data is given by Art. 6 (1) Sentence 1 (b) GDPR if the data processing is required for handling the contractual relationship unless you have issued your explicit consent. Our legitimate interest in collecting the data also follows from the above-mentioned purposes in accordance with Art. 6 (1) Sentence 1 (f) GDPR.
We use so-called session cookies to detect that you have already visited individual pages of our website. They are automatically deleted when you leave our website. We also use temporary cookies which are stored on your device for a specific, defined period. If you revisit our site, the system automatically detects that you have visited before as well as the inputs and settings you used to save you the trouble of re-entering them and to use this information to make contact with you.
You can set up your browser to ensure that only certain cookies are stored on your device. If you deactivate cookies entirely, this may mean that not all the features of our website will be available.
4. Disclosure of data
We will only pass on your personal data to third parties if, – you have provided your explicit consent in this regard pursuant to Art. 6 (1) Sentence 1 (a) GDPR,
– this is necessary pursuant to Art. 6 (1) Sentence 1(f) GDPR for the establishment, exercise or defence of legal claims, and there is no reason to assume that you have an overriding interest in your data not being transferred,
– there is a legal obligation to transfer the data pursuant to Art. 6 (1) Sentence 1 (c) GDPR,
– it is legally permissible and necessary for the performance of a contract with you in accordance with Art. 6 (1) Sentence 1 (b) GDPR. Your personal data will not be transferred to third parties for purposes other than those mentioned above.
5. Tools for tracking, analysis
The tracking measures we employ as listed in the following are implemented on the basis of Art. 6 (1) Sentence 1 (f) GDPR as a legitimate interest. On the one hand, these tracking measures are aimed at continuously optimising the design of SOULHOUSE. On the other, the tracking measures serve to collect and analyse statistics on the use of SOULHOUSE. These data serve to optimise our offerings. The data processing purposes and data categories in each case can be taken from the respective tracking tools.
We use Hotjar to better understand the needs of our users and optimise the offerings and user experience on this website. With the aid of Hotjar’s technology, we obtain a better understanding of our users’ experience (e.g. how much time users spend on which pages, which links they click on, what they like and don’t like, etc.), and this helps us to align our offerings with the feedback received from our users.
Hotjar works with cookies and other technologies to collect data on our users’ behaviour and their devices, in particular the IP address of the device (recorded and stored only in anonymised form during your use of the website), the screen size, type of device (Unique Device Identifier), information on the browser used, location (country only) and the preferred language for displaying our website. Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually forbidden from selling the data collected on our behalf.
For more information on this, please see Hotjar’s Privacy Statement at hier.
Customer.io is an automated messaging platform and an offering of Peaberry Software Inc. d/b/a Customer.io, with its head office in Portland, Oregon, which we use to despatch our newsletter and promo emails and/or for push notifications. This tool can be used for the targeted, automated despatch of emails, push notifications and SMS messages. The data saved on registration are transmitted to Customer.io and stored there. The data entered on registration are not passed to other third parties. You can find Customer.io’s data protection rules here: https://customer.io/legal/privacy-policy/
Customer.io has connections with a third country with the result that the data collected may be transferred to a different country outside the European Union and the European Economic Area. We have concluded standard contractual clauses with the provider to ensure that data protection is maintained as defined by the GDPR. However, it cannot be ruled out that data may be processed by US authorities for monitoring and surveillance purposes if they are transferred to the USA and you may have no right of redress.
Sentry.io from Functional Software, Inc. dba Sentry with its head office in San Francisco, California, is a tool for monitoring user crashes/errors to enable our developers to respond faster in the event of program bugs. However, no personal data will be collected in the process. You can find Sentry.io’s data protection rules here: https://sentry.io/privacy/
Sentry.io has connections with a third country with the result that the data collected may be transferred to a different country outside the European Union and the European Economic Area. We have concluded standard contractual clauses with the provider to ensure that data protection is maintained as defined by the GDPR. However, it cannot be ruled out that data may be processed by US authorities for monitoring and surveillance purposes if they are transferred to the USA and you may have no right of redress.
We use Google Analytics, a web analysis service of Google Inc. Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereafter “Google”) for the purpose of achieving an appropriate design and ongoing optimisation of our web pages. The responsible service provider in the EU is Google Ireland Limited , Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
On no account will your IP address be associated with other Google data. The IP addresses are anonymised with the result that no attribution is possible (IP masking). You can prevent the installation of cookies by means of a setting in your browser software; however, we must advise you that in this case you may not be able to use all functions of this website to the full. In addition, you may prevent the data generated by the cookie in relation to your use of this website (including your IP address) from being recorded or processed by Google by downloading and installing a browser add-on, additional info to be found via hier.
As an alternative to the browser add-on, particularly for browsers on mobile devices, you can also prevent data from being recorded by Google Analytics by clicking on this link. An opt-out cookie will be placed on your computer which prevents your data from being registered on future visits to this website. The opt-out cookie is only valid on this browser and only for our website and it is stored on your device. If you delete all the cookies in your browser, you will need to reinstall the opt-out cookie. You can find further information on data protection in connection with Google Analytics, for example, in Google Analytics’ Help section: https://support.google.com/analytics/answer/6004245?hl=de.
The tool has connections with a third country with the result that the data collected may be transferred to a different country outside the European Union and the European Economic Area. We have concluded standard contractual clauses with the provider to ensure that data protection is maintained as defined by the GDPR. However, it cannot be ruled out that data may be processed by US authorities for monitoring and surveillance purposes if they are transferred to the USA and you may have no right of redress.
Google Adwords (Remarketing & Conversion Tracking)
We also use conversion tracking as part of our use of the Google AdWords service. A conversion tracking cookie is placed on your device when you click on an ad paid for by Google. These cookies expire after 90 days, contain no personal data and are thus not used for personal identification. The information collected by the conversion cookie is used to compile conversion statistics for AdWords clients who have opted for conversion tracking.
You can prevent the storage of cookies by selecting the appropriate settings in your browser. However, we would like to point out that in this case you might not be able to use all the functions of this website to the full. In addition, you can use your browser to disable ads on Google and Google ads on the internet (within the Google display network) which are based on your interests by activating the “Off” button at http://www.google.de/settings/ads or by disabling them at http://www.aboutads.info/choices/
You can find further information on your setting options in this regard and Google’s data protection policy at https://www.google.de/intl/de/policies/privacy/?fg=1.
Google Tag Manager
The tool itself does not record any personal data but merely serves to measure data traffic and visitor behaviour and register the effect of online advertising and social media on the basis of certain parameters as well as to set up remarketing and alignment with target markets and test and optimise websites. For detailed information on Google Tag Manager, please go to: www.google.com/intl/de/tagmanager/use-policy.html
Conversion measurement using the Facebook pixel / Custom Audience
With the user’s consent, we use the “Facebook pixel” on our website from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (‘Facebook’). We can use it to track certain actions performed by users once they have seen or clicked on a Facebook ad. Doing so allows us to evaluate the efficacy of Facebook ads for statistical purposes and market research. The data collected from using the pixel are anonymous for us. We cannot see the personal data of individual users. However, these data are stored and processed by Facebook. Facebook can link these data to your Facebook account and can also use them for its own advertising purposes as set out in Facebook’s data usage provisions https://www.facebook.com/about/privacy/.
You can enable Facebook and its partners to place advertisements on Facebook and elsewhere. A cookie may also be placed on your device for these purposes. This consent is only effective if the user is at least 16 years old when submitting the statement. If you do not want Custom Audience to record your data, you can disable Custom Audience here.
6. Processing payment via Stripe
In order to process payments of fees and invoices to customers, SOULHOUSE passes on data to an external payment service provider Stripe Payments Europe Limited with its head office in San Francisco, California. The legal basis for processing these data is given by Art. 6 (1) Sentence 1 (b) GDPR as this data processing is required for handling the contractual relationship. You will find details of how your data are protected at https://stripe.com/de/privacy-center/legal
The legal basis for the mailing of newsletters is consent in accordance with Art. 6 (1) (a) GDPR in conjunction with Sec. 7 (2) No. 3 UWG (Unfair Competition Act) or statutory permission pursuant to Sec. 7 (3) UWG.
You can use the so-called opt-in procedure to confirm when registering for the newsletter that you wish to be part of the newsletter mailing.
Your email address will be used for the purpose of delivering the newsletter until further notice.
After you have successfully registered, we will store your current IP address, the time of registration and the confirmation for up to three years from registration to enable us to provide evidence of the registration in the event of doubt and investigate any possible abuse of your personal data. The legal basis for logging the registration is our legitimate interest under Art. 6 (1) (f) GDPR in proving that consent was given.
Consent to receiving the newsletter can be revoked at any time with a simple notification in writing to email@example.com or by clicking the link provided in every newsletter email.
The data collected by us to enable us to mail the newsletter will be erased on receipt of your revocation
As part of the process of mailing the newsletter, we evaluate users’ behaviour. By evaluating the opening rates, we create user profiles in order to adapt the newsletter to individual interests. The legal basis for this data processing is the consent obtained with the double opt-in; Art. 6 (1) (a) GDPR. The data resulting from the tracking process are stored until the newsletter mailing finishes or is cancelled. After termination, the data are anonymised and only used for purely statistical purposes.
8. Rights of data subjects
If you are affected by the data processing as part of our internet offering, you have the right: – to request information about the personal data of yours that we process in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to rectification, erasure, restriction of the processing or right of objection, as well as the right to lodge a complaint, to know where the data was collected if not by us, and the existence of any automated decision-making including profiling and, if applicable, meaningful information regarding the details;
– to request immediate rectification of inaccurate data or completion of the personal data stored with us in accordance with Art. 16 GDPR;
– to request erasure of the personal data stored with us, except where they are required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims in accordance with Art. 17 GDPR;
- – to request that the processing of your personal data be restricted in accordance with Art. 18 GDPR if you dispute the accuracy of the data, the processing is unlawful but you oppose the erasure of the personal data and we no longer need them, but they are required by you for the assertion, exercise or defence of legal claims; or you have objected to the processing pursuant to Art. 21 GDPR.
- – to receive the personal data that you have submitted to us, in a structured, commonly used and machine-readable format or to request their transfer to another controller in accordance with Art. 20 GDPR
- – to revoke your consent that you have given to us at any time in accordance with Art. 7 (3) GDPR. The consequence will be that we no longer have permission in the future to continue processing the data to which your consent referred and
- – to lodge a complaint with a regulatory authority in accordance with Art. 77 GDPR. In general, you can contact the regulatory authority of your usual place of residence, place of work or our company headquarters in order to do so.
9. Right of objection
Insofar as your data are processed on the basis of legitimate interests in accordance with Art. 6 (1) Sentence 1 (f) GDPR, you are entitled pursuant to Art. 21 GDPR to object to the processing of your personal data provided there are grounds for doing so relating to your particular situation or the objection relates to direct marketing. You are always entitled to object in the latter case. We will comply with this objection without requiring that you specify particular circumstances.
To exercise your right of revocation or objection, please send an e-mail to firstname.lastname@example.org
10. Data security
Our security measures are revised continuously to keep pace with technological development. We use suitable technical and organisational security measures to protect your data from accidental or deliberate manipulation, partial or complete loss, destruction, and from unauthorised access by third parties.
Finally, we would like to point out that the protection of data from third-party access cannot be guaranteed with certainty when they are transmitted over the internet. We will not accept liability for any damages or claims for injunctive relief arising from such security loopholes.
If you have any questions about data protection, please contact:
As of September 2021