You can find our website at: https://soulhouse.me.
The following privacy policy informs you about the nature, scope, and purposes of the collection, use, and processing of personal data by Soulhouse GmbH.
1. Controller within the meaning of data protection regulations is:
Soulhouse GmbH, Schlüterstrasse 86, 20146 Hamburg (hereinafter also referred to as “we” or “Soulhouse”)
Register court: Hamburg Local Court, HRB 163902, Managing Director: Rozalla Tapper
Email: datenschutz@soulhouse.me
Data Protection Officer: datenschutz@soulhouse.me
If you have any questions regarding the processing of your personal data, you can contact us at any time at datenschutz@soulhouse.me.
2. Collection and storage of personal data, type and purpose of use
Soulhouse operates the online platform SOULHOUSE. Subject to technical availability, appointments for massage and wellness treatments can be arranged via the platform on mobile and desktop-based devices through a mobile app for the operating systems iOS and Google Android or via a web application. Soulhouse merely provides the mediation and handling of appointments between the customer and a service provider arranged by Soulhouse via the platform.
The use of SOULHOUSE is made possible via a program interface that communicates with the system over the Internet through a protected access. Web-based access takes place via a browser.
For the use of SOULHOUSE, the first and last name, password, email address, and organizational affiliation of each user are stored. Use of SOULHOUSE is not possible without this information. The purpose of processing the aforementioned data is to ensure the functional reliability and optimal use of SOULHOUSE as well as evaluation for administrative purposes.
When accessing SOULHOUSE, information is automatically sent by the browser used on your device to our server. This information is temporarily stored in a so-called log file and stored until automated deletion. This includes the IP address of the requesting computer with date and time of access, as well as the name and URL of the retrieved file, the URL of the website from which access is made, the browser used, the operating system of your device, and the name of your access provider.
The purpose of processing this data is to ensure a smooth connection to the website for optimal use of our internet offering as well as to evaluate system security and stability. The data also serve administrative purposes.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR, if this data processing is necessary for the execution of the contractual relationship and provided that you have not given your explicit consent. Otherwise, our legitimate interest in data collection follows from the above purposes within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR.
3. Use of cookies
We use cookies on our website to improve user-friendliness. Cookies are small files automatically created by the browser when visiting a website, which store information related to the visit on the respective device.
We use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our website. In addition, we use temporary cookies that are stored on your device for a defined period of time. If you visit our site again, it is automatically recognized that you have already been with us and which entries and settings you made, so that you do not have to enter them again and to use this information for contacting you.
We also use cookies for statistical recording and evaluation of the use of our website. These data also serve to optimize our offering and enable us to automatically recognize you upon a return visit. These cookies are automatically deleted after a defined period. The data processed by cookies are necessary for the purposes mentioned to safeguard our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.
You can configure your browser so that only certain cookies are stored on your device. Complete deactivation of cookies may result in not all functions of our website being available.
4. Disclosure of data
We only disclose your personal data to third parties
– if you have given your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR,
– if the disclosure is necessary pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR for the establishment, exercise, or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
– if there is a legal obligation for disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR,
– insofar as this is legally permissible and necessary pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR for the processing of contractual relationships with you.
Your personal data will not be transferred to third parties for purposes other than those listed above.
5. Tools for tracking and analysis
The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR as legitimate interests. These tracking measures serve to ensure a continuous optimization of SOULHOUSE and to statistically record and evaluate its use. The respective purposes of data processing and data categories can be found in the corresponding tracking tools.
Hotjar
We use Hotjar to better understand the needs of our users and to optimize the offer and experience on this website. Using Hotjar technology, we gain a better understanding of user experiences (e.g., how much time users spend on which pages, which links they click, what they like and dislike, etc.), which helps us align our offering with user feedback.
Hotjar uses cookies and other technologies to collect data about user behavior and their devices, in particular IP address (only collected and stored in anonymized form during website use), screen size, device type, browser information, location (country only), and preferred language. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.
Further information can be found in Hotjar’s privacy policy.
Customer.io
Customer.io is an automated messaging platform provided by Peaberry Software Inc. d/b/a Customer.io, based in Portland, Oregon, which we use to send newsletters, promotional emails, and push notifications. Data stored during registration are transmitted to Customer.io and stored there. These data are not transferred to other third parties.
Customer.io privacy policy: https://customer.io/legal/privacy-policy/
Customer.io involves a third-country transfer; therefore, data may be transferred outside the EU/EEA. We have concluded standard contractual clauses with the provider. Nevertheless, it cannot be ruled out that US authorities may process data for control and monitoring purposes without legal remedies being available.
Sentry.io
Sentry.io, provided by Functional Software, Inc. dba Sentry, based in San Francisco, California, is a tool for monitoring user crashes/errors so that developers can respond more quickly. No personal data is collected.
Sentry.io privacy policy available online.
Third-country transfer applies; same risks as above.
Google Analytics
We use Google Analytics, a web analytics service of Google Inc. (USA). The responsible provider in the EU is Google Ireland Limited, Dublin.
Pseudonymized usage profiles are created, and cookies are used. Information generated includes browser type/version, operating system, referrer URL, hostname (IP address), and time of request.
These are used to evaluate website usage, compile reports, and provide related services.
IP addresses are anonymized (IP masking). You can prevent cookies via browser settings or install a browser add-on.
Further information: https://support.google.com/analytics/answer/6004245?hl=en
Third-country transfer applies with standard contractual clauses; residual risks remain.
Google Adwords (Remarketing & Conversion Tracking)
We use Google AdWords for advertising and remarketing. Cookies allow interest-based ads. No personal identification occurs.
You can disable via: https://www.google.com/settings/ads/plugin
More info: http://www.google.com/privacy/ads/
Conversion tracking uses cookies valid for 90 days and does not store personal data.
Google Tag Manager
We use Google Tag Manager (Google Ireland Limited) to manage tracking tags. The tool itself does not collect personal data.
More information:
www.google.com/intl/de/tagmanager/use-policy.html
https://www.google.com/intl/de/tagmanager/faq.html
https://safety.google/privacy/privacy-controls/
Facebook Pixel / Custom Audience
With user consent, we use the Facebook Pixel. This allows tracking of user actions after interaction with ads to measure effectiveness.
Data are anonymized for us but processed by Facebook, which may link them to user accounts.
More info: https://www.facebook.com/about/privacy/
6. Payment processing via Stripe
For payments and invoicing, data are transferred to Stripe Payments Europe Limited. Legal basis: Art. 6 para. 1 sentence 1 lit. b GDPR.
Details: https://stripe.com/de/privacy-center/legal
7. Newsletter
Legal basis: consent (Art. 6 para. 1 lit. a GDPR) or legal permission (§ 7 UWG).
Double opt-in is used. Data are stored until withdrawal.
IP address, time of registration, and confirmation are stored for up to three years.
Withdrawal possible via unsubscribe@soulhouse.me or link in emails.
User behavior is analyzed to personalize newsletters.
8. Data subject rights
You have the right to:
- access (Art. 15 GDPR)
- rectification (Art. 16 GDPR)
- erasure (Art. 17 GDPR)
- restriction (Art. 18 GDPR)
- data portability (Art. 20 GDPR)
- withdraw consent (Art. 7 para. 3 GDPR)
- lodge a complaint (Art. 77 GDPR)
9. Right to object
You may object to processing under Art. 21 GDPR, especially for direct marketing.
Contact: datenschutz@soulhouse.me
10. Data security
We implement technical and organizational measures to protect your data.
However, data transmission over the Internet cannot be completely secure.
We are not liable for damages arising from security gaps.
For questions: datenschutz@soulhouse.me