privacy policy - in good spirit

This data protection declaration informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online service and its websites, functions and content associated with it, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as “online services”). With regard to the terms used, such as “processing” or “controller”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

1. Definition of Terminology

The data protection declaration of ingoodspirit.net is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure below please find an explanation of the terminology used.

In this data protection declaration, we use, inter alia, the following terms:

a. Personal Data

Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b. Data Subject

Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

c. Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d. Restriction of Processing

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

e. Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f. Pseudonymisation

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g. Controller or controller responsible for the processing

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h. Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i. Recipient

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

j. Third Party

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

k. Consent

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name & Address of the Controller

Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

Jennie Konrad
D-10559 Berlin

ingoodspirit@posteo.net
www.ingoodspirit.net/imprint

3. Types of Data Collected & Processed:

a. Types of Data collected

– Inventory data (e.g., names, addresses)
– Contact data (e.g., email, telephone numbers)
– Content data (e.g., text entries, photographs, videos)
 - Usage data (e.g., web pages visited, interest in content, access times)
– Meta/communication data (e.g., device information, IP addresses)

b.Purpose of Data processing

– Provision of the online service, its functions and contents
– Responding to contact requests and communicating with users
– Security measures
 - Reach measurement/marketing

4. Relevant legal basis

In accordance with Art. 13 GDPR, we inform you of the legal basis for our data processing. If the legal basis is not stated in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR, the legal basis for processing in order to fulfil our services and carry out contractual measures and respond to enquiries is Art. 6(1)(b) GDPR, the legal basis for processing in order to fulfil our legal obligations is Art. 6(1)(c) GDPR, and the legal basis for processing in order to protect our legitimate interests is Art. 6(1)(f) GDPR. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) GDPR serves as the legal basis.

5. Security measures

We ask you to regularly inform yourself about the content of our data protection declaration. We adapt the data protection declaration as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

6. Cooperation with Processors & Third Parties

Insofar as we disclose data to other persons and companies (order processors or third parties) in the course of our processing, transmit it to them or otherwise grant them access to the data, this is only done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 (1) lit. b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties with the processing of data on the basis of a so-called “order processing agreement”, this is done on the basis of Art. 28 GDPR.

7. Data Transfer to Third Countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or do so in the context of using third-party services or disclosing or transferring data to third parties, this will only be done if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or allow the processing of data in a third country if the special requirements of Art. 44 ff. GDPR are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).

8. Contact Form & E-Mail Contact

This website contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address).

If a data subject contacts the controller by e-mail, via a contact form or social media, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject pursuant to Art. 6 (1) lit. b) GDPR. The user’s details may be stored in a customer relationship management system (“CRM system”) or comparable system. There is no transfer of this personal data to third parties.

We delete the inquiries if they are no longer necessary. We review the necessity every two years. Furthermore, the legal archiving obligations apply.

9. Routine Erasure & Blocking of Personal Data

In accordance with Art. 17 and 18 of the GDPR, the data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to. If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.

10. Rights of the Data Subjects

a. Right of Confirmation

You have the right to request confirmation as to whether data in question is being processed and to be informed of this data and to receive further information and a copy of the data in accordance with Art. 15 of the GDPR. You have according to. Article 16 of the GDPR, you have the right to request that the data concerning you be completed or that the inaccurate data concerning you be corrected. In accordance with Art. 17 of the GDPR, you have the right to demand that the data in question be deleted without delay, or alternatively, in accordance with Art. 18 of the GDPR, to demand that the processing of the data be restricted. You have the right to request that the data concerning you that you have provided to us be received in accordance with Art. 20 of the GDPR and to request that it be transferred to other data controllers. You also have the right to lodge a complaint with the competent supervisory authority in accordance with Article 77 of the GDPR.

b. Right of Access

Each data subject shall have the right granted by the European legislator to obtain from the controller free information about his or her personal data stored at any time and a copy of this information. Furthermore, the European directives and regulations grant the data subject access to the following information:

- the purposes of the processing
- the categories of personal data concerned
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing
- the existence of the right to lodge a complaint with a supervisory authority
- where the personal data are not collected from the data subject, any available information as to their source
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

Furthermore, the data subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organisation. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer. If a data subject wishes to avail himself of this right of access, he or she may, at any time, contact any employee of the controller.

c. Right of Rectification

Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact any employee of the controller.

d. Right to Erasure (Right to be Forgotten)

Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed

the data subject withdraws consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing

the data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR

the personal data have been unlawfully processed

the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject

the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR

If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by ingoodspirit.net, he or she may, at any time, contact any employee of the controller. An employee of ingoodspirit.net shall promptly ensure that the erasure request is complied with immediately.

Where the controller has made personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. We will arrange the necessary measures in individual cases.

e. Right of Restriction of Processing

Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:

the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead.
The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by ingoodspirit.net, he or she may at any time contact any employee of the controller. The employee of the ingoodspirit.net will arrange the restriction of the processing.

f. Right to Data Portability

Each data subject shall have the right granted by the European legislator, to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others. In order to assert the right to data portability, the data subject may at any time contact any employee of ingoodspirit.net.

g. Right to Object

Each data subject may object to the future processing of data relating to her or him in accordance with Art. 21 GDPR at any time. The objection can be made in particular against the processing for purposes of direct marketing.

h. Automated Individual Decision-Making, including Profiling

Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision (1) is not is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject’s explicit consent, ingoodspirit.net shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.

If the data subject wishes to exercise the rights concerning automated individual decision-making, he or she may, at any time, contact any employee of ingoodspirit.net.

i. Right to Withdraw Data Protection Consent

In accordance with Art. 7 para. 3 of the GDPR.Each data subject shall have the right granted by the European legislator to withdraw his or her consent to future processing of his or her personal data at any time. If the data subject wishes to exercise the right to withdraw their consent, he or she may, at any time, contact any employee of ingoodspirit.net.

11. Cookies & the Right to Object to Direct Advertising

The website ingoodspirit.net uses cookies. “Cookies” are small text files that are stored on a user’s computer system via an internet browser. Different information can be stored within the cookies. Primarily, a cookie is used to store information about a user (or the device on which the cookie is stored) during or after his or her visit to an online service.

Through the use of cookies, ingoodspirit.net can provide the users of this website with more user-friendly services and optimised content that would not be possible without the cookie setting.

a. Temporary cookies

“Temporary cookies”, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his or her browser. The content of a shopping basket in an online shop or a login jam, for example, can be stored in such a cookie.

b. Permanent Cookies

Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent”. For example, the login status can be stored if users revisit a website after several days. Likewise, the interests of users can be stored in such a cookie, which is used for range measurement or marketing purposes to help improve a service.

c. Third Party Cookies

“Third-party cookies” are cookies that are offered by providers other than the responsible party that operates the online service (as opposed to “first-party cookies” which are the cookies used by the responsible party that operates the online service).

We may use temporary and permanent cookies as explained in our privacy policy.

d. Opt out of Cookies

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US American site aboutads.info/choices/ or the EU site youronlinechoices.com. Furthermore, you can opt out of the storage of cookies by deactivating them in the browser settings. In that case, please note that not all functions of this website can be used.

12. Hosting

The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this online offering.

In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 para. 1 lit. f of the GDPR in conjunction with Art. 28 of the GDPR. Art. 28 of the GDPR (conclusion of order processing contract).

13. Collection of General Data & Logfiles

On the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. of the GDPR we, or rather our hosting provider, collects data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is required for evidentiary purposes is excluded from deletion until the final clarification of the respective incident.

14. Provision of Contractual Services

We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit b. of the GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.

In the context of the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as those of users in protection against abuse and other unauthorised use. In principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims or there is a legal obligation to do so pursuant to Art. 6 Para. 1 lit. c of the GDPR.

We process usage data (e.g., the web pages visited on our online offer, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile, e.g., to display product information to the user based on the services they have used to date.

The deletion of the data takes place after the expiry of legal warranty and comparable obligations, the necessity of keeping the data is reviewed every three years; in the case of legal archiving obligations, the deletion takes place after their expiry. Information in any customer account shall remain until it is deleted.

15. Administration, Accounting, Office & Contact Management

We process data in the context of administrative tasks and organisation of our operations, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the context of providing our contractual services. The processing bases are Art. 6 para. 1 lit. c. of the GDPR, Art. 6 para. 1 lit. f. of the GDPR.

Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office management, archiving of data, i.e. tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information mentioned in these processing activities.

In this context, we disclose or transmit data to the tax authorities, consultants such as tax advisors or auditors as well as other fee offices and payment service providers.

Furthermore, we store information on suppliers, organisers and other business partners on the basis of our business interests, e.g. for the purpose of contacting them at a later date. This data, most of which is company-related, is stored permanently.

Integration of Third-Party Services & Third-Party Content

Within our online service, we use content or service offers of third-party providers on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online service within the meaning of Art. 6 para. 1 lit. f. GDPR) to integrate content or services offered by third-party providers, such as videos or fonts or images (hereinafter uniformly referred to as “content”).

This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content. We strive to use only such content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online service, as well as being linked to such information from other sources.

VIMEO

We may embed the videos of the platform “Vimeo” of the provider Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. Privacy policy: vimeo.com/privacy. We would like to point out that Vimeo may use Google Analytics and refer to the data protection declaration (google.com/policies/privacy) as well as opt-out options for Google Analytics (tools.google.com/dlpage/gaoptout?hl=de) or the Google settings for data use for marketing purposes (adssettings.google.com).

Google Fonts

We integrate the fonts (“Google Fonts”) of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: google.com/policies/privacy, Opt-Out: adssettings.google.com/authenticated.

Instagram

We may integrate functions and contents of the service Instagram, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, into our service. This may include, content such as images, videos or texts and buttons with which users can make known their liking of the content, the authors of the content or subscribe to our posts. If the users are members of the Instagram platform, Instagram can assign the call-up of the above-mentioned content and functions to the user’s profile there. Instagram privacy policy: instagram.com/about/legal/privacy.

We may integrate functions and contents of the service Pinterest, offered by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA, into our service. This may include, content such as images, videos or texts and buttons with which users can make known their liking of the content, the authors of the content or subscribe to our posts. If the users are members of the Pinterest platform, Pinterest can assign the call-up of the above-mentioned content and functions to the user’s profile there. Pinterest privacy policy: about.pinterest.com/de/privacy-policy.

Zoom

We integrate functions and contents of the video conference service ‘Zoom’ to share our online classes through Zoom Video Communications, Inc.,55 Almaden Blvd, San Jose, CA 95113, USA.

In the case of the use of Zoom, different data are processed. The scope of the processed data depends on the data you provide before or during participation in an online class. In the course of using Zoom, data of communication participants is processed and stored on Zoom servers. This data may include, in particular, your login data (name, email address, phone (optional) and password) and meeting data (topic, participant IP address, device information, description (optional)). In addition, visual and auditory contributions of participants, as well as voice input in chats, may be processed.

When processing personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 (1) lit. b GDPR serves as the legal basis. If you have given us your consent for the processing of your data, the processing is based on Art. 6 (1) a GDPR. Consent given can be revoked at any time with effect for the future.

The legal basis for data processing when conducting online meetings, videoconferences or webinars is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in the effective conduct of the online meeting, webinar or videoconference. For more information on Zoom’s use of data, please see Zoom’s privacy policy: zoomgov.com/privacy

Opt Out of Google Analytics

You can prevent the collection of your data through Google Analytics by clicking on the following link. An opt-out cookie will be set which will prevent the collection of your data on future visits to this website: Ban Google Analytics from tracking me. More information on how Google Analytics handles user data can be found in Google’s privacy policy: support.google.com/analytics/answer/6004245?hl=de

Data Processing for Order Processing

In order to process your order, we work together with the service provider(s) listed below, who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information. The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution within the framework of payment processing, insofar as this is necessary for payment processing. If payment service providers are used, we will inform you explicitly about this below. The legal basis for the transfer of data is Art. 6 (1) lit. b GDPR.

Momence

To book one of our online classes, we integrate functions and contents of the service Momence, offered by Momence, Inc. (Ribbon Technologies Inc.), 606 Broadway, Unit 403, Santa Monica, CA 90401, USA, into our service. In the case of the use of Momence, different data are processed. The scope of the processed data depends on the data you provide before or during booking of an online class. For more information on Momence’s use of data, please see Momences‘s privacy policy: momence.com/webflow/documents/Momence-Privacy-Policy.pdf

Stripe

We integrate functions of the service Stripe, offered by Stripe Inc., 354 Oyster Point Blvd., South San Francisco, CA 94080, USA, to process credit card payments.

In the case of the use of Stripe, different data are processed. Stripe acts as a controller for certain data processing activities and as a processor for other activities. This dual role is well illustrated by the processing of credit card transactions. In order to perform a transaction, Stripe must process personal data such as the cardholder’s name, credit card number, expiration date and CVC code. The cardholder data is submitted to Stripe by the Stripe user via the Stripe API (or via another integration method, for example Stripe Elements). Stripe then uses this data to complete the transaction within the credit card networks’ systems. In this capacity, Stripe therefore acts as a processor. However, Stripe also uses the data to fulfill its regulatory obligations, such as through procedures like know-your-customer (“KYC”) and in the area of anti-money laundering (“AML”). In this role, Stripe acts as a data controller.

The legal basis for data processing when processing credit card payments is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in the effective conduct of booking an online class. For more information on Stripe’s use of data, please see Stripes‘s privacy policy:stripe.com/en-de/privacy

You can object to this processing of your data at any time by sending a message to Stripe. However, Stripe may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.