Data protection
Privacy policy
Personal data (hereinafter mostly referred to as "data") is processed by us only to the extent necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there.
According to Article 4, point 1 of Regulation (EU) 2016/679, the General Data Protection Regulation (hereinafter referred to as "GDPR"), "processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
With the following privacy policy, we inform you in particular about the type, scope, purpose, duration, and legal basis of the processing of personal data, insofar as we decide on the purposes and means of processing either alone or jointly with others. Furthermore, we inform you below about the third-party components we use for optimization purposes and to improve the user experience, insofar as these components process data under their own responsibility.
Our privacy policy is structured as follows:
I. Information about us as the data controller II. Rights of users and data subjects III. Information on data processing
IV. Other
I. Information about us as the responsible parties
The responsible provider of this website within the meaning of data protection law is:
Tara Thai Massage & Spa OHG, Schulgraben 13, 34593 Knüllwald, Germany
Phone: 05685 / 922 3862E-Mail: kontakt@tara-thai.de
The data protection officer at the provider is: Michael Penzler
II. Rights of users and affected parties
With regard to the data processing described in more detail below, users and data subjects have the right
- to confirmation as to whether data concerning them is being processed, to information about the processed data, to further information about the data processing and to copies of the data (see also Art. 15 GDPR);
- to rectification or completion of inaccurate or incomplete data (see also Art. 16 GDPR);
- to the immediate erasure of their personal data (see also Art. 17 GDPR), or, alternatively, insofar as further processing is necessary pursuant to Art. 17 para. 3 GDPR, to the restriction of processing in accordance with Art. 18 GDPR;
- to receive the data concerning them and provided by them and to transmit this data to other providers/controllers (see also Art. 20 GDPR);
- to lodge a complaint with the supervisory authority if they believe that the data concerning them is being processed by the provider in violation of data protection regulations (see also Art. 77 GDPR).
Furthermore, the provider is obligated to inform all recipients to whom data has been disclosed by the provider of any rectification or erasure of data or restriction of processing carried out pursuant to Articles 16, 17(1), and 18 of the GDPR. This obligation does not apply, however, if such notification proves impossible or involves a disproportionate effort. Notwithstanding this, the user has the right to information about these recipients.
Users and data subjects also have the right to object to the future processing of their data pursuant to Article 21 GDPR, provided that the data is processed by the provider in accordance with Article 6(1)(f) GDPR. In particular, an objection to data processing for direct marketing purposes is permissible.
III. Information on data processing
Your data processed when using our website will be deleted or blocked as soon as the purpose of storage no longer applies, there are no legal obligations to retain the data and no other information is provided below regarding individual processing procedures.
Cookies
a) Session cookies
We use cookies on our website. Cookies are small text files or other storage technologies that are placed and stored on your device by your internet browser. These cookies process certain information about you, such as your browser or location data, or your IP address, to varying degrees.
This processing makes our website more user-friendly, effective and secure, as it enables, for example, the display of our website in different languages or the provision of a shopping cart function.
The legal basis for this processing is Art. 6 para. 1 lit. b.) GDPR, insofar as these cookies process data for the initiation or execution of a contract.
If the processing is not for the purpose of initiating or fulfilling a contract, our legitimate interest lies in improving the functionality of our website. The legal basis for this is then Article 6(1)(f) GDPR.
These session cookies are deleted when you close your internet browser.
b) Third-party cookies
Our website may also use cookies from partner companies with whom we collaborate for advertising, analysis, or website functionality purposes.
For details regarding this, in particular the purposes and legal basis for processing such third-party cookies, please refer to the information below.
c) Elimination option
You can prevent or restrict the installation of cookies by adjusting your internet browser settings. You can also delete cookies that have already been saved at any time. However, the necessary steps and procedures depend on the specific internet browser you are using. If you have any questions, please use your browser's help function or documentation, or contact its manufacturer or support. Flash cookies, however, cannot be blocked via browser settings. Instead, you must change the settings of your Flash Player. The necessary steps and procedures for this also depend on the specific Flash Player you are using. If you have any questions, please use your Flash Player's help function or documentation, or contact its manufacturer or user support.
However, if you prevent or restrict the installation of cookies, this may result in not all functions of our website being fully usable.
Contract processing
The data you provide when using our goods and/or services will be processed by us for the purpose of contract fulfillment and is necessary for this purpose. A contract cannot be concluded or fulfilled without providing your data.
The legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.
We delete the data upon complete contract fulfillment, but must observe the statutory retention periods under tax and commercial law.
As part of the contract processing, we will pass on your data to the transport company commissioned with the delivery of the goods or to the financial service provider, insofar as the transfer is necessary for the delivery of the goods or for payment purposes.
The legal basis for the transfer of the data is then Art. 6 para. 1 lit. b) GDPR.
Customer account / registration function
If you create a customer account with us via our website, we will collect and store the data you enter during registration (e.g., your name, address, or email address) exclusively for pre-contractual services, contract fulfillment, or customer service purposes (e.g., to provide you with an overview of your previous orders or to offer you the "wish list" function). We will also store your IP address and the date and time of your registration. This data will, of course, not be shared with third parties.
As part of the further registration process, your consent to this data processing will be obtained and you will be referred to this privacy policy. The data we collect will be used exclusively for providing the customer account.
Insofar as you consent to this processing, Article 6(1)(a) GDPR is the legal basis for the processing.
If the opening of the customer account also serves pre-contractual measures or the fulfillment of the contract, then the legal basis for this processing is also Art. 6 para. 1 lit. b) GDPR.
You can withdraw your consent to the opening and maintenance of your customer account at any time with effect for the future, in accordance with Article 7 Paragraph 3 of the GDPR. To do so, simply inform us of your withdrawal.
The data collected in this context will be deleted as soon as its processing is no longer necessary. However, we must observe statutory retention periods under tax and commercial law.
We maintain a company presence on the Facebook platform to promote our products and services and to communicate with potential customers or clients.
We are jointly responsible for this social media platform with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Facebook's data protection officer can be contacted via a contact form:
https://www.facebook.com/help/contact/540977946302970
We have regulated our joint responsibility in an agreement regarding our respective obligations under the GDPR. This agreement, which outlines our mutual obligations, can be accessed via the following link:
https://www.facebook.com/legal/terms/page_controller_addendum
The legal basis for the processing of personal data described below is Article 6(1)(f) GDPR. Our legitimate interest lies in the analysis, communication, sale, and promotion of our products and services.
The legal basis can also be the user's consent pursuant to Art. 6 para. 1 lit. a GDPR given to the platform operator. The user can withdraw this consent at any time for the future by notifying the platform operator, pursuant to Art. 7 para. 3 GDPR.
When you access our online presence on the Facebook platform, Facebook Ireland Ltd., as the operator of the platform in the EU, processes user data (e.g. personal information, IP address, etc.).
This user data is used to generate statistical information about the use of our company's Facebook page. Facebook Ireland Ltd. uses this data for market research and advertising purposes, as well as for creating user profiles. Based on these profiles, Facebook Ireland Ltd. can, for example, target users with interest-based advertising both on and off Facebook. If the user is logged into their Facebook account when accessing our page, Facebook Ireland Ltd. can also link the data to that user account.
If a user contacts us via Facebook, the personal data they provide will be used to process their request. We will delete the user's data once their request has been fully processed and there are no legal retention obligations, such as those arising from subsequent contract processing.
Facebook Ireland Ltd. may also use cookies to process the data.
If the user does not agree to this processing, they can prevent the installation of cookies by adjusting their browser settings accordingly. Cookies that have already been saved can also be deleted at any time. The settings for this depend on the specific browser. Flash cookies cannot be prevented via browser settings, but rather by adjusting the settings of the Flash Player. If the user prevents or restricts the installation of cookies, this may result in some Facebook features not being fully functional.
Further details regarding the processing activities, their prevention, and the deletion of data processed by Facebook can be found in Facebook's data policy:
https://www.facebook.com/privacy/explanation
It is possible that the processing by Facebook Ireland Ltd. also takes place via Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.
Facebook (Meta Platforms Inc.) has submitted to the “EU-US DATA PRIVACY FRAMEWORK (DPF)” and thereby declares compliance with EU data protection regulations when processing data in the USA in accordance with the European Commission's adequacy decision of 10 July 2023.
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
Linking to social media via graphic or text link / Use of tools
We also promote our presence on the social networks listed below on our website. This is done by embedding a linked graphic of the respective network. Using this linked graphic prevents an automatic connection to the respective social network's server when a website containing a social media promotion is accessed, which would otherwise occur to display the network's graphic. Only when the user clicks on the corresponding graphic are they redirected to the respective social network's service.
After the user is redirected, the respective network collects information about the user. It cannot be ruled out that the processing of this data takes place in the USA.
This initially includes data such as IP address, date, time, and the page visited. If the user is logged into their account on the respective network during this time, the network operator may be able to associate the collected information about the user's specific visit with their personal account. If the user interacts via a "Share" button on the respective network, this information can be stored in the user's personal account and potentially published. If the user wants to prevent the collected information from being directly associated with their account, they must log out before clicking the graphic. It is also possible to configure the respective user account accordingly.
The following social networks are integrated into our site via links:
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.
Privacy Policy: https://www.facebook.com/policy.php
EU-US Data Protection Certification “EU-US DATA PRIVACY FRAMEWORK (DPF)” https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
„Facebook“-Social-Plug-in
Our website uses a plugin from the social network Facebook. Facebook is an internet service provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. Within the EU, this service is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; both are referred to below simply as "Facebook".
Through certification according to the EU-US Data Privacy Framework (DPF).
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
Facebook guarantees that EU data protection regulations are also complied with when processing data in the USA.
The legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in improving the quality of our website.
Further information about the available plugins and their respective functions can be found at Facebook.
https://developers.facebook.com/docs/plugins/
ready for you.
If the plug-in is embedded on one of the pages you visit on our website, your internet browser downloads a representation of the plug-in from Facebook's servers in the USA. For technical reasons, it is necessary for Facebook to process your IP address. In addition, the date and time of your visit to our website are also recorded.
If you are logged into Facebook while visiting one of our websites that uses the plugin, Facebook will recognize the information collected by the plugin about your specific visit. Facebook may then associate this information with your personal Facebook user account. For example, if you use the Facebook "Like" button, this information will be stored in your Facebook user account and may be published via the Facebook platform. If you wish to prevent this, you must either log out of Facebook before visiting our website or use a browser add-on to block the loading of the Facebook plugin.
Further information about the collection and use of data, as well as your related rights and protection options, can be found in Facebook's privacy policy, which is located at [link to Facebook privacy policy].
https://www.facebook.com/policy.php
available in the privacy policy.
IONOS WebAnalytics
We may use WebAnalytics on our website. This is an analytics service provided by 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany, hereinafter referred to as "WebAnalytics", which allows us to analyze the use of our website.
For analysis purposes, data about the type and version of your internet browser, your operating system, the type of your device, the website from which you accessed our website (referrer URL), the website(s) of our website that you visit or the files that you request, the date and time of each access, and the anonymized IP address of the internet connection from which our website is used are collected on our behalf using a pixel or via the log files.
The legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in the analysis, optimization, improvement, and economic operation of our website.
mywebsite-editor.com - 1&1 IONOS SE
For the functionality of our website, we use the service mywebsite-editor.com. This is a service provided by 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany, hereinafter referred to as "mywebsite-editor".
Due to the integration of mywebsite-editor, your internet browser loads essential JavaScript code from the mywebsite-editor server to display the content of our website. This allows mywebsite-editor to know that our website has been accessed via your IP address. At the same time, a session cookie is stored on your device via your internet browser.
The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest lies in presenting a uniform and appealing online presence.
To prevent the execution of mywebsite-editor's JavaScript code and thus the collection and processing of your data, you can install a JavaScript blocker such as noscript.net or ghostery.com. Alternatively, you can disable JavaScript execution in your internet browser settings.
If you do not agree to the processing of cookies, you can also prevent cookies from being stored by adjusting your internet browser settings. Further information on this can be found above under "Cookies".
Google reCAPTCHA
We may use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites.
The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
reCAPTCHA is used to verify whether data entry on our websites (e.g., in a contact form) is done by a human or an automated program. To do this, reCAPTCHA analyzes the website visitor's behavior based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various pieces of information (e.g., IP address, the website visitor's time spent on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analysis runs entirely in the background. Website visitors are not notified that an analysis is taking place.
Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web services from abusive automated data scraping and spam.
Further information about Google reCAPTCHA and Google's privacy policy can be found at the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.
IV. Other
Data collection by third parties
This policy only covers the use and disclosure of data we collect from you. If you post data on other websites or disclose it to third parties online, other terms and conditions may apply. Therefore, always read the terms and conditions and privacy policies carefully before disclosing any data.
This privacy policy does not apply to the business practices of companies that we do not own or control, or to individuals other than our employees and staff, including third parties to whom we disclose this data as described in this privacy policy.
How do we protect your data?
We implement security measures on our website with great care and protect your data. We use industry-standard procedures and guidelines to ensure the protection of the data we collect and store, and to prevent the unauthorized use of such data. We also require third parties to adhere to similar security requirements in accordance with this privacy policy. Although we take reasonable steps to protect data, we cannot be held responsible for the actions of those who gain unauthorized access to or misuse our website, and we make no express or implied warranty that we can prevent such access.
Transfer of data outside the European Economic Area
As explained in this privacy policy, we use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e., in countries whose level of data protection does not correspond to that of the European Union. Where this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have verified that the service provider has taken appropriate measures to ensure an adequate level of data protection for any data transfers. These include, among other things, the European Union's standard contractual clauses or binding data protection regulations.
If a transfer to a third country is planned and there is no adequacy decision or suitable safeguards, there is a possibility and a risk that authorities of the respective third country (e.g. intelligence services) will gain access to the transferred data in order to collect and analyze it, and that the enforceability of your rights as a data subject is not guaranteed.
The transfer of data to the USA is subject to the “EU-US DATA PRIVACY FRAMEWORK (DPF)” and thereby ensures compliance with EU data protection regulations when processing data in the USA in accordance with the European Commission's adequacy decision of 10 July 2023.
Advertising
When you access our website, we may display advertisements using third-party ad technology. This technology uses your service usage data for ad targeting (e.g., by placing third-party cookies in your web browser).
You can opt out of numerous third-party ad networks, including those operated by members of the Network Advertising Initiative (“NAI”) and the Digital Advertising Alliance (“DAA”). Information about the practices of NAI and DAA members, your options regarding their use of your data, and how to opt out of third-party ad networks operated by NAI and DAA members can be found on their respective websites: http://optout.networkadvertising.org/#!/ and http://optout.aboutads.info/#!/ .
Marketing
We may use your personal data, such as your name, email address, phone number, etc., ourselves or pass it on to an external subcontractor to provide you with promotional materials regarding our services that may be of interest to you.
We respect your right to privacy. Therefore, these marketing materials always include the option to unsubscribe from further communications. If you unsubscribe, your email address or phone number will be removed from our marketing distribution lists.
Please note that even after unsubscribing from our marketing emails, we will continue to send you emails containing important information that do not include an unsubscribe option. These include maintenance notifications and administrative messages.
corporate transaction
We may share data in the event of a corporate transaction (e.g., the sale of significant business units, a merger, consolidation, or asset sale). If such an event occurs, the acquiring company or entity will assume the rights and obligations set forth in this Privacy Policy.
Updates or changes to this privacy policy
We reserve the right to amend or review this Privacy Policy from time to time. You can find the date of the current version under "Last modified on". Your continued use of the platform after the publication of such changes on our website constitutes your acceptance of such changes to the Privacy Policy and is considered your agreement to be bound by the amended terms.
How to reach us
For general questions about the website, the data we collect about you, or the use of this data, please contact us at kontakt@tara-thai.de.
Created with Generator-Datenschutzerklärung.de from the law firm Weiß & Partner
