Data protection
DATA PROTECTION
SPACE 7, Michaela Maria Hirth (hereafter "I") respects the privacy of my customers (hereafter "your"). The protection of your personal data on this website and also in all rooms that are used for sessions is very important to me. That's why I deal with it responsibly and trustingly. With this data protection declaration I would like to create transparency by informing you which personal data is collected when you use my website and my external offers (e.g. appearance in social media). I will also explain to you how I handle this data and what your rights and choices are.
1. Contact details of the person responsible for data processing
The person responsible for the personal data processed when you visit my website is within the meaning of
Privacy Laws:
SPACE 7 - Michaela Maria Hirth
Osterstr. 166
20255 Hamburg
Germany
E-mail address: space-7@soulheimat.de
Website: http://www.space-7.de
Facebook page: SPACE 7
Instagram page: @_space_7_
2. Type of data stored
You can use my website without providing any personal data. The collection of personal data (e.g. name, address or e-mail address) is voluntary.
We would like to point out that data transmissions on the Internet can certainly have security gaps. You are therefore also welcome to send us data in other ways, such as by telephone or post.
Data that can be stored when you visit our website:
2.1 Contact Information
As soon as you contact me - be it personally in the studio, by telephone, via contact form, e-mail or via social media - I will process the data you provide in order to answer your request as best as possible. This information remains safe with me, but can nevertheless be stored electronically in a so-called CRM system (Customer Relationship Management System) or otherwise.
I will delete this data if you revoke your consent to the storage of the data, request us to delete the data or if the purpose of the storage no longer applies. This means that information on inquiries that have been finally answered and are therefore no longer required will be deleted. Such a requirement is reviewed at least every 2 years. Storage obligations and other legal provisions remain unaffected. Here I adhere to the legal archiving obligations.
2.2 Usage Data
Every time you visit my website, the hosting provider automatically collects and stores technical data from your end device on the associated server. These so-called activity history data (log files) include, for example, the date and time of the page view, IP address, reference (URL that was previously accessed), browser version, operating system and Internet browser. A joint storage with your personal data does not take place. A conclusion about your person based on the activity history data is therefore impossible. The data processing on the basis of an order data processing contract with my hosting provider (Art. 6 Para. 1 lit. f GDPR in conjunction with Art. 28 GDPR) only serves to ensure proper operation of our website (e.g. reliable connection establishment, transparent system security and stability, correct display of the content ) and improve administration. The data is statistically evaluated and then deleted again after a maximum of 7 days.
2.3. Data for financial accounting, organization and contact management
I use all data that you provide voluntarily to process your questions and concerns, to comply with legal obligations (e.g. archiving), to maintain my business activities (e.g. invoicing, fulfillment of contractual services) or to contact you.
The data processing takes place within the framework of legally required archiving tasks as well as administrative and organizational tasks and serves to maintain my business activities (administration, financial accounting, office organization, etc.).
In this context, certain data is transmitted to the tax authorities, tax consultants, payment service providers for the transmission of payments or the settlement of invoices or other fee offices. To ensure my business activities, there is also permanent storage of information on business partners, suppliers and hosting companies.
3. Cooperation with Processors and Third Parties
Information is only passed on to third parties on the basis of legal permission under the following conditions:
Requirement to transmit this data to payment service providers, for example, to fulfill the contract (Article 6 (1) (b) GDPR)
Express consent on your part
Specified legal obligation (e.g. in the context of COVID-19. Here it could be that I have to present your contact details to the responsible authorities within a period of 4 weeks after your visit.)
Underlying legitimate interest (e.g. transmission of information to hosters, e-mail service providers, agents, etc.)
Conclusion of an "order data processing contract" (Article 28 GDPR)
4. Data transfer to countries outside the EU
The use of services in countries outside the European Union (EU) such as Facebook etc. only takes place if you have given your consent so that (pre)contractual or legal obligations are fulfilled or this is based on our legitimate interests. The basis of the data processing is an officially recognized statement of a data protection directive corresponding to the EU (e.g. the "Privacy Shield of the USA").
5. Encryption Procedures
To ensure secure data transmission, we use the standard SSL encryption method (Secure Socket Layer) via HHTPS on our website. The lock symbol in the status bar of your browser shows this activated SSL encryption. We regularly check, revise and adapt our security measures in line with current technological developments.
6. Data protection declaration for my presence on social media
I am also present on social media and networks for information and communication purposes. For this purpose I have my own page on the platforms Instagram, Facebook and Youtube on which I save and share information. In this context, the terms and conditions and data processing guidelines of the respective operators apply:
Data from users who contact me on these platforms can be processed by me, provided they are based on voluntary information and this does not deviate from my data protection declaration. This includes, for example, comments published on social networks, posts or messages sent.
6.1 Use of Facebook
A plugin from the Facebook platform is installed on my website. When you click on the Facebook logo, your server will be connected directly to the Facebook server. This automatically generates information for Facebook that our Facebook page was accessed with your IP address.
There are other plugins on my Facebook page, such as the “Like” button. As soon as you are logged in to your user account and click on this plugin, you have the option of sharing or linking content from my Facebook page on your profile. This creates an association between our site and your Facebook account. Please log out of your profile if you do not want this. As the provider of the Facebook page, I do not receive any information about what the transmitted data contains and how it is used by Facebook. In the Facebook Privacy Policy you can find more information about it.
6.2 Use of Instagram
A plugin from the Instagram platform is placed on my website. If you are currently logged into your Instagram user account and click on the Instagram logo on our homepage, you have the option of linking content from our Instagram page to your profile. This creates an association between our site and your Instagram account. As the provider of the Instagram page, I do not receive any information about what the transmitted data contains and how it is used by Instagram. In the Instagram Privacy Policy you can find more information about it.
7. Web hosting at Wix and united domains
For this website I use the services of Wix and united domains for web hosting and have concluded a contract for order processing in accordance with Art. 28 DSGVO with wie and united domains. The legal basis is our legitimate interest in the operation and maintenance of the operational security of this website in accordance with Article 6 Paragraph 1 Sentence 1 lit. f GDPR. You can find more information on this in the Wix and united domains data protection declarations.
8. Use of the newsletter by email
Registration for the newsletter is only possible with your express consent, in which you enter your e-mail address. In this case I will use your e-mail address for my own advertising purposes. You can revoke your consent or unsubscribe from the newsletter at any time using the unsubscribe link in the newsletter e-mail. In both cases, the sending of the info-mail is terminated again. You can register via the homepage or in person.
9. Online Broadcasting of Sessions
I use the streaming provider Zoom to broadcast my specially marked sessions online. To participate in these courses, you need to download the necessary software or app onto your laptop, tablet or smartphone.
In this context, the terms and conditions and the data processing guidelines of Zoom apply, with which you agree:
All participants can see the video transmission of other participants. If you do not want to show yourself or the personal environment/the environment in which you are participating in the online class, you can disable the camera function or cover the camera. The name you give when entering the online meeting room will be shown to other participants. However, you are welcome to change your name at any time (e.g. only enter your initials).
10. Additional information on data security
My website or blog contains links to other websites. In this context, I accept no liability for the content of external links and no responsibility for the data protection regulations and/or procedures of the other websites. Responsibility for the content of the pages linked by me lies solely with the operators of these pages. If you click the link to another website, you are solely responsible for informing yourself about the privacy policy of that other website. I limit my privacy policy only to data that is used or stored by me.
11. Information / blocking / deletion of the processed data
You can get free information from me about your stored personal data, its origin and recipient and the purpose of the data processing at any time and, if necessary, have this data corrected, blocked or deleted. You are welcome to contact the data protection officer specified below at any time with regard to these and other concerns relating to your personal data.
Otherwise, the data processed by me will be deleted as soon as the data is no longer required for its intended purpose and this does not violate separate, statutory storage obligations. If the information is required for another legally permissible use, this will lead to restricted processing of the data. As a consequence, the data is blocked. Their processing only takes place for the legally intended purpose. This applies, for example, to data that is stored for tax reasons. For example, there is a retention period of 10 years for opening balance sheets and annual financial statements (§ 257 Para. 1 HGB) and 10 years for accounting vouchers and tax-relevant documents (§ 147 Para. 1 AO).
12. Revocation of your consent to data processing
Most of the data processing operations require your express consent. The revocation of a consent that you have already given me is possible at any time. You could do this informally by e-mail, for example. The data processing that took place up until the revocation remains unaffected by the revocation and is therefore lawful.
13. Right of appeal to the competent supervisory authority
If you assume that data protection violations have taken place during the processing of your data or your data protection rights have been violated in any way, please contact me directly at any time. If I cannot answer your request satisfactorily, you have the right to contact the responsible supervisory authority at any time. The right contact person for data protection issues is the state data protection officer of the federal state of Hamburg. You can find the contact details of Hamburg’s data protection officer under the following link: https://www.bfdi.bund.de/SharedDocs/Addresses/LfD/Hamburg.html;jsessionid=A6A6D290BE84031DCEDBC7DEEF6240A7.2_cid354?nn=5217144
14. Your rights under data protection
Completion: You have the right to request the completion of the data concerning you or the correction of incorrect data concerning you (Article 16 GDPR).
Deletion: You have the right to demand that data concerning you be deleted immediately (Art. 17 GDPR), or alternatively to demand a restriction of processing of your data (Art. 18 GDPR), if this data is required for other legally permissible purposes.
Transmission: You have the right to request that you receive data that you have provided to us or to request that it be transmitted to other responsible parties.
Complaint: You have the right to lodge a complaint with the competent supervisory authority (Article 77 GDPR).
Right of withdrawal: You have the right to withdraw your consent. This is done with effect for the future (Art. 7 Para. 3 GDPR).
Right of objection: You have the right to object to future processing of data concerning you (Art. 21 GDPR). This objection can be directed in particular against direct advertising that processes this data for your purposes.
15. Inquiries to the Data Protection Officer
If you have any questions, please send me an email to:
Michaela Maria Hirth