Privacy Policy

1. An overview of data protection

General information

The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit or use this website and the noverya platform. The term “personal data” comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Privacy Policy, which we have included beneath this copy.

Data recording on this website and platform

Who is the responsible party for the recording of data on this website and platform, i.e. the “controller”?

The data on this website and platform is processed by the operator of the website and platform, whose contact information is available under section “Information about the responsible party, referred to as the ‘controller’ in the GDPR” in this Privacy Policy.

How do we record your data?

We collect your data as a result of your sharing of your data with us. This may, for instance, be information you enter into our contact form, registration form, booking form or business profile.

Other data shall be recorded by our IT systems automatically or after you consent to its recording during your website visit or use of the platform. This data comprises primarily technical information, e.g. web browser, operating system, IP address or time the site was accessed. This information is recorded automatically when you access this website or platform.

What are the purposes we use your data for?

A portion of the information is generated to guarantee the error-free provision of the website and platform. Other data may be used to analyze your user patterns. If contracts can be concluded or initiated via the website or platform, or if bookings can be made, the transmitted data will also be processed for contract offers, bookings, orders, payment processing, customer communication or other order enquiries.

What rights do you have as far as your information is concerned?

You have the right to receive information about the source, recipients and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data are rectified or eradicated. If you have consented to data processing, you have the option to revoke this consent at any time, which shall affect all future data processing. Moreover, you have the right to demand that the processing of your data be restricted under certain circumstances. Furthermore, you have the right to log a complaint with the competent supervising agency.

Please do not hesitate to contact us at any time if you have questions about this or any other data protection related issues.

Analysis tools and tools provided by third parties

There is a possibility that your browsing and usage patterns will be statistically analyzed when you visit this website or use the platform. Such analyses are performed primarily with what we refer to as analysis programs.

For detailed information about these analysis programs, please consult the Privacy Policy below.

2. Hosting, infrastructure and Content Delivery Networks

We are hosting the content of our website and platform at the following providers:

External Hosting

This website and platform is hosted externally. Personal data collected on this website and platform are stored on the servers of the host and the technical service providers used by us. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, booking data, contact information, names, website access, log data and other data generated through a website or platform.

The external hosting serves the purpose of fulfilling the contract with our potential and existing customers, users and partner businesses (Art. 6(1)(b) GDPR) and in the interest of secure, fast and efficient provision of our online services and platform by professional providers (Art. 6(1)(f) GDPR). If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or the access to information in the user's end device, e.g. device fingerprinting, within the meaning of the TDDDG. This consent can be revoked at any time.

Our hosts and technical service providers will only process your data to the extent necessary to fulfil their performance obligations and to follow our instructions with respect to such data.

We are using the following hosts and technical infrastructure providers:

Vercel

Vercel Inc. 440 N. Barranca Ave, #4133 Covina, CA 91723 United States

We use Vercel for the provision, delivery and operation of our website and platform. In this context, technical access data, IP addresses, log data, device and browser information and other data required for the technical delivery and security of the platform may be processed.

The use of Vercel is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the secure, fast and reliable provision of our website and platform. Insofar as the use of Vercel is required for the fulfilment of a contract or for the implementation of pre-contractual measures, the processing is additionally based on Art. 6(1)(b) GDPR.

Cloudflare

We use the “Cloudflare” service provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA, hereinafter referred to as “Cloudflare”.

Cloudflare offers a content delivery network with DNS that is available worldwide. As a result, the information transfer that occurs between your browser and our website or platform is technically routed via Cloudflare’s network. This enables Cloudflare to analyze data transactions between your browser and our website or platform and to work as a filter between our servers and potentially malicious data traffic from the Internet. In this context, Cloudflare may also use cookies or other technologies deployed to recognize Internet users, which shall, however, only be used for the purpose described herein.

The use of Cloudflare is based on our legitimate interest in a provision of our website and platform offerings that is as error-free, fast and secure as possible (Art. 6(1)(f) GDPR).

Data transmission to the US is based on the Standard Contractual Clauses of the European Commission. Details and further information on security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/.

The company is certified in accordance with the EU-US Data Privacy Framework. The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US.

Cloudflare R2

We use Cloudflare R2 as object storage, in particular for the storage and provision of files, images, profile pictures, business images, logos or other media content that is uploaded or displayed within the platform.

The provider is also:

Cloudflare Inc. 101 Townsend St. San Francisco, CA 94107 USA

Where possible, we use Cloudflare R2 with storage within the European Union or with a corresponding EU data region. When using Cloudflare R2, the following data in particular may be processed:

The processing is carried out for the provision of the upload, profile, media and administration functions of the platform on the basis of Art. 6(1)(b) GDPR, insofar as it is required for the use of the platform or the performance of a contract. Furthermore, the processing is based on our legitimate interest in the secure, scalable and efficient storage and delivery of media content (Art. 6(1)(f) GDPR).

Insofar as personal data are transferred to third countries, this is done on the basis of appropriate safeguards, in particular the Standard Contractual Clauses of the European Commission and/or an adequacy mechanism such as the EU-US Data Privacy Framework, where applicable.

Neon PostgreSQL / database hosting

We use a cloud-based PostgreSQL database provided by Neon for the storage of platform, user, business, booking and contract data.

Provider:

Neon, Inc. 548 Market St. PMB 77953 San Francisco, CA 94104-5401 USA

Where possible, we operate our database in a region within the European Union. In the database, the following data in particular may be stored:

The processing is carried out for the provision of the platform, the management of user accounts, the mediation and management of bookings as well as the performance of contractual and pre-contractual measures on the basis of Art. 6(1)(b) GDPR. Insofar as the processing is required for technical security, troubleshooting, prevention of misuse or further development of the platform, it is additionally based on Art. 6(1)(f) GDPR.

We ensure that personal data are stored only to the extent necessary for the respective purpose. Access to database content is restricted by technical and organizational measures.

Data processing

We have concluded data processing agreements within the meaning of Art. 28 GDPR with the processors used by us, where required. These are contracts mandated by data privacy laws that are intended to ensure that the service providers process personal data only based on our instructions and in compliance with the GDPR.

3. General information and mandatory information

Data protection

The operators of this website and platform take the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Privacy Policy.

Whenever you use this website or platform, a variety of personal information will be collected. Personal data comprises data that can be used to personally identify you. This Privacy Policy explains which data we collect, the purposes we use this data for, and how and for which purpose the information is collected.

We hereby advise you that the transmission of data via the Internet, i.e. through e-mail communications, may be prone to security gaps. It is not possible to completely protect data against third-party access.

Information about the responsible party, referred to as the “controller” in the GDPR

The data processing controller on this website and platform is:

Virtulen - Inhaber Erik Lenhardt Am Einfang 2 85640 Putzbrunn Germany

Phone: 01739097955 E-mail: legal@mail.noverya.app

The controller is the natural person or legal entity that single-handedly or jointly with others makes decisions as to the purposes of and resources for the processing of personal data, e.g. names, e-mail addresses, etc.

Storage duration

Unless a more specific storage period has been specified in this Privacy Policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data, e.g. tax or commercial law retention periods. In the latter case, the deletion will take place after these reasons cease to apply.

Booking and contract data will generally be stored for as long as this is required for the performance of the booking, the management of the user or business account, billing, the handling of enquiries or the fulfilment of statutory retention obligations.

General information on the legal basis for the data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data are processed according to Art. 9(1) GDPR. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or to the access to information in your end device, e.g. via device fingerprinting, the data processing is additionally based on § 25(1) TDDDG. The consent can be revoked at any time.

If your data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, if your data is required for the fulfilment of a legal obligation, we process it on the basis of Art. 6(1)(c) GDPR. Furthermore, the data processing may be carried out on the basis of our legitimate interest according to Art. 6(1)(f) GDPR.

Information on the relevant legal basis in each individual case is provided in the following paragraphs of this Privacy Policy.

Recipients of personal data

In the scope of our business activities, we cooperate with various external parties. In some cases, this also requires the transfer of personal data to these external parties.

We only disclose personal data to external parties if this is required as part of the fulfilment of a contract, if we are legally obligated to do so, e.g. disclosure of data to tax authorities, if we have a legitimate interest in the disclosure pursuant to Art. 6(1)(f) GDPR, or if another legal basis permits the disclosure of this data.

When using processors, we only disclose personal data on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

Recipients of personal data may include in particular:

Transfer of booking data to partner businesses

If you book an appointment with a partner business via noverya, the personal data required to perform the booking will be transmitted to the respective partner business. This may include in particular:

The transfer is carried out so that the partner business can manage, prepare and perform the appointment. The legal basis is Art. 6(1)(b) GDPR, insofar as the processing is required for the implementation of pre-contractual measures or the fulfilment of a contract. Insofar as the processing is required for the organization, security and traceability of the booking, it is additionally based on Art. 6(1)(f) GDPR.

The respective partner business is generally independently responsible for the further processing of the data received in connection with the provision of the booked service. Please therefore also consult the privacy information of the respective partner business.

We recommend that users do not enter sensitive information, in particular health data, allergies, diagnoses or other special categories of personal data, in free-text fields unless this is strictly necessary for the booking.

Revocation of your consent to the processing of data

A wide range of data processing transactions are possible only subject to your express consent. You can revoke at any time any consent you have already given us. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.

Right to object to the collection of data in special cases; right to object to direct advertising

IN THE EVENT THAT DATA ARE PROCESSED ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS.

TO DETERMINE THE LEGAL BASIS ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS PRIVACY POLICY. IF YOU LOG AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING PROTECTION-WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PURPOSE OF THE PROCESSING IS THE CLAIMING, EXERCISING OR DEFENCE OF LEGAL ENTITLEMENTS.

IF YOUR PERSONAL DATA IS BEING PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME.

Right to log a complaint with the competent supervisory agency

In the event of violations of the GDPR, data subjects are entitled to log a complaint with a supervisory agency, in particular in the member state where they usually maintain their domicile, place of work or at the place where the alleged violation occurred.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format.

Information about, rectification and eradication of data

Within the scope of the applicable statutory provisions, you have the right to demand information about your archived personal data, their source and recipients as well as the purpose of the processing of your data at any time. You may also have a right to have your data rectified or eradicated.

Right to demand processing restrictions

You have the right to demand the imposition of restrictions as far as the processing of your personal data is concerned. To do so, you may contact us at any time.

The right to demand restriction of processing applies in particular in the following cases:

SSL and/or TLS encryption

For security reasons and to protect the transmission of confidential content, such as bookings, registrations, purchase orders or inquiries you submit to us, this website and platform uses either an SSL or a TLS encryption program.

You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.

Encrypted payment transactions on this website

If you are under an obligation to share your payment information with us after you have entered into a fee-based contract with us, this information is required to process payments.

Payment transactions using common modes of payment are processed exclusively via encrypted SSL or TLS connections and via the payment service provider used in each case.

Rejection of unsolicited e-mails

We hereby object to the use of contact information published in conjunction with the mandatory information to be provided in our Site Notice to send us promotional and information material that we have not expressly requested.

4. Recording of data on this website and platform

Cookies

Our websites and pages use what the industry refers to as “cookies.” Cookies are small data packages that do not cause any damage to your device. They are either stored temporarily for the duration of a session or they are permanently archived on your device.

Cookies can be issued by us or by third-party companies. Third-party cookies enable the integration of certain services of third-party companies into websites, e.g. cookies for handling payment services.

Cookies have a variety of functions. Many cookies are technically essential since certain website or platform functions would not work in the absence of these cookies, e.g. login, session management, security functions, booking processes or payment processing. Other cookies may be used to analyze user behavior or for analytics purposes.

Cookies that are required for the performance of electronic communication transactions, for the provision of certain functions you want to use or for the technically required provision of the platform shall be stored on the basis of Art. 6(1)(f) GDPR, unless a different legal basis is cited.

If your consent to the storage of cookies and similar recognition technologies has been requested, the processing occurs exclusively on the basis of the consent obtained (Art. 6(1)(a) GDPR and § 25(1) TDDDG). This consent may be revoked at any time.

You have the option to set up your browser in such a manner that you will be notified any time cookies are placed, to permit the acceptance of cookies only in specific cases, to exclude the acceptance of cookies in certain cases or in general, or to activate the delete function for the automatic eradication of cookies when the browser closes.

If cookies are deactivated, the functions of this website and platform may be limited.

Cookie Consent Tool

We use a cookie consent tool to obtain and document your consent to the storage of certain cookies or to the use of certain technologies in a privacy-compliant manner.

The consent tool stores which services and categories you have accepted or rejected. In this context, the following information in particular may be processed:

The use of the consent tool serves to obtain and prove the legally required consents. The legal basis is Art. 6(1)(c) GDPR, insofar as the processing is required to fulfil legal obligations. Furthermore, we have a legitimate interest in the legally secure documentation of consents (Art. 6(1)(f) GDPR).

Server log files

The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises in particular:

This data is not merged with other data sources unless this is required for security reasons, error analysis or prevention of misuse.

This data is recorded on the basis of Art. 6(1)(f) GDPR. The operator of the website and platform has a legitimate interest in the technically error-free depiction, optimization and security of the operator’s website and platform.

Contact form

If you submit inquiries to us via our contact form, the information provided in the contact form as well as any contact information provided therein will be stored by us in order to handle your inquiry and in the event that we have further questions.

The processing of these data is based on Art. 6(1)(b) GDPR if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures.

In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6(1)(f) GDPR) or on your agreement (Art. 6(1)(a) GDPR), if this has been requested.

The information you have entered into the contact form shall remain with us until you ask us to eradicate the data, revoke your consent to the archiving of data or the purpose for which the information is being archived no longer exists.

Registration on this website and platform

You have the option to register on this website and platform to be able to use additional functions. We shall use the data you enter only for the purpose of using the respective offer or service you have registered for.

The required information we request at the time of registration must be entered in full. Otherwise, we may reject the registration.

To notify you of any important changes to the scope of our portfolio or in the event of technical modifications, we shall use the e-mail address provided during the registration process.

The data entered during registration is processed for the purpose of implementing the user relationship established by the registration and, if necessary, for the initiation or performance of further contracts (Art. 6(1)(b) GDPR).

The data recorded during the registration process shall be stored by us as long as you are registered on this website or platform and shall subsequently be deleted, unless statutory retention obligations or other legal reasons prevent deletion.

Clerk

We use the authentication and user management service Clerk for registration, login and management of user accounts.

Provider:

Clerk, Inc. 660 King Street Unit 345 San Francisco, CA 94107 United States

When using Clerk, the following data in particular may be processed:

Clerk processes these data to provide registration, login, session management, password management, two-factor authentication, security functions and user management.

The processing is carried out for the provision and security of the user account as well as the implementation of the user relationship on the basis of Art. 6(1)(b) GDPR. Insofar as the processing serves security, prevention of misuse and technical stability, it is additionally based on Art. 6(1)(f) GDPR.

Insofar as personal data are transferred to the USA or other third countries, this is done on the basis of appropriate safeguards, in particular the Standard Contractual Clauses of the European Commission and/or other legally provided protection mechanisms.

Registration with Google

Instead of registering directly on this website, you can register or sign in with Google. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

To register or sign in with Google, you must authenticate yourself with Google. Google will confirm your identity and transmit certain information to our website or platform that is required for the login.

When you sign in with Google, we may be able to use certain information from your Google account to complete your profile with us. You decide whether you want this information to be used and, if so, which information it is, within the framework of your Google security settings.

The data processing associated with Google registration is based on our legitimate interest in making the registration process as simple as possible for our users (Art. 6(1)(f) GDPR), as well as on Art. 6(1)(b) GDPR insofar as the login is required for the use of the platform.

Bookings and appointment management

If you book an appointment via noverya, we process the personal data required for this purpose. This may include in particular:

These data are processed in order to technically enable the booking, transmit it to the selected partner business, send confirmations, display bookings in the user and business dashboard and provide the platform functions.

The legal basis is Art. 6(1)(b) GDPR, insofar as the processing is required for the implementation of pre-contractual measures or the fulfilment of a contract. In addition, the processing is based on Art. 6(1)(f) GDPR, insofar as it is required for the secure, traceable and efficient provision of the platform.

Please do not provide any sensitive information as part of the booking unless this is required for the booking. This includes in particular health data, information on illnesses, diagnoses, allergies or other special categories of personal data within the meaning of Art. 9 GDPR.

Business profiles and data of partner businesses

Partner businesses can create and manage a business profile on noverya. In this context, the following data in particular may be processed:

The processing is carried out for the creation and management of the business profile, for display to customers, to enable bookings and to perform the contract with the partner business on the basis of Art. 6(1)(b) GDPR.

Insofar as data are processed for the improvement, security or economic analysis of the platform, this is done on the basis of Art. 6(1)(f) GDPR.

The comment or review function on this website

When you use the comment or review function on this website, information on the time the comment or review was generated and your e-mail address and, if you are not posting anonymously, the username you have selected will be archived in addition to your comments or reviews.

Storage of the IP address

Our comment or review function may store the IP addresses of users who enter comments or reviews. This data may be required in order to take action against the author in the event of rights violations, such as defamation, false statements of fact or spam.

Storage period for comments and reviews

Comments, reviews and any affiliated information shall be stored by us and remain on this website or platform until the content the comment or review pertained to has been deleted in its entirety, the user account is deleted or if the comments or reviews have to be deleted for legal reasons.

Legal basis

Comments or reviews are stored on the basis of your consent (Art. 6(1)(a) GDPR), where such consent has been requested. Insofar as reviews are required for the use of the platform function or are based on our legitimate interest in a transparent presentation of experiences, the processing may additionally be based on Art. 6(1)(f) GDPR.

5. E-mail delivery and newsletter

Resend

We use the e-mail service Resend for sending transactional e-mails and, where applicable, newsletters. This includes in particular:

Provider:

Resend Plus Five Five, Inc. 2261 Market Street #5039 San Francisco, CA 94114 USA Contact: Resend Security – privacy@resend.com

When sending e-mails, the following data in particular may be processed:

The sending of transactional e-mails is carried out for the implementation of the user relationship, contract processing, the performance of bookings or the handling of your inquiry on the basis of Art. 6(1)(b) GDPR. Insofar as the sending is required for security, traceability or technical communication, the processing is based on Art. 6(1)(f) GDPR.

We send newsletters or promotional e-mails only on the basis of your consent (Art. 6(1)(a) GDPR), unless another legal basis applies.

Insofar as personal data are transferred to the USA or other third countries, this is done on the basis of appropriate safeguards, in particular the Standard Contractual Clauses of the European Commission and/or other legally provided protection mechanisms.

Newsletter data

If you would like to subscribe to the newsletter offered on this website, we will need from you an e-mail address as well as information that allows us to verify that you are the owner of the e-mail address provided and consent to the receipt of the newsletter.

No further data shall be collected or shall be collected only on a voluntary basis. We shall use such data only for the sending of the requested information.

The processing of the information entered into the newsletter subscription form shall generally occur on the basis of your consent (Art. 6(1)(a) GDPR).

You may revoke the consent you have given to the archiving of data, the e-mail address and the use of this information for the sending of the newsletter at any time, for instance by clicking on an unsubscribe link in the newsletter or by notifying us.

The data deposited with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to apply.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a suppression list if such action is necessary to prevent future mailings. This storage is based on our legitimate interest in complying with the legal requirements when sending newsletters (Art. 6(1)(f) GDPR).

6. Analysis, evaluation and product improvement

PostHog

We use PostHog to analyze the use of our website and platform and to improve our offering. Provider:

PostHog Inc. 2261 Market Street #4008 San Francisco, CA 94114 USA

Where possible, we use PostHog with server location or project region within the European Union.

PostHog allows us to understand how users use our website and platform. In this context, the following information in particular may be processed:

We use PostHog generally for product analysis, error detection, improvement of user guidance and further development of the platform. Where possible, we ensure that personal data are minimized, IP collection is disabled or restricted and no sensitive content such as booking notes, payment data or message content is transferred to PostHog.

The use of PostHog takes place only if consent has been requested and granted, on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG. This consent can be revoked at any time.

Insofar as PostHog is used for technically necessary security, error analysis or stability purposes without access to end-device information and without tracking technologies requiring consent, the processing may be based on our legitimate interest in a secure and functional platform (Art. 6(1)(f) GDPR).

Insofar as personal data are transferred to the USA or other third countries, this is done on the basis of appropriate safeguards, in particular the Standard Contractual Clauses of the European Commission and/or other legally provided protection mechanisms.

7. Plug-ins and Tools

OpenStreetMap

We are using the mapping service provided by OpenStreetMap (OSM).

We embed the map data from OpenStreetMap on the server of the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The United Kingdom is considered a secure third country under data protection law. This means that the United Kingdom has a level of data protection that is equivalent to the level of data protection in the European Union.

When using the OpenStreetMap maps, a connection is established to the servers of the OpenStreetMap Foundation. In the process and among other things, your IP address and other information about your behavior on this website may be forwarded to the OSMF. OpenStreetMap may store cookies in your browser or use similar recognition technologies for this purpose.

We use OpenStreetMap with the objective of ensuring the attractive presentation of our online offers and to make it easy for visitors to find businesses, locations or addresses on the platform. This establishes legitimate grounds as defined in Art. 6(1)(f) GDPR.

If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG.

8. eCommerce, subscriptions and payment service providers

Processing of customer and contract data

We collect, process and use personal customer, user, booking and contract data for the establishment, content arrangement and modification of our contractual relationships as well as for the provision of the platform.

Data with personal references to the use of this website and platform will be collected, processed and used only if this is necessary to enable the user to use our services, perform bookings, manage user accounts or bill fee-based services.

The legal basis for these processes is Art. 6(1)(b) GDPR.

The collected customer, booking and contract data shall be deleted upon completion of the order, termination of the business relationship, deletion of the user account and upon expiration of any existing statutory archiving periods. This shall be without prejudice to any statutory archiving periods.

Data transfer upon closing of contracts for services and digital content

We share personal data with third parties only if this is necessary in conjunction with the handling of the contract, booking performance or payment processing.

For bookings, the required booking data are transmitted to the respective partner business so that it can prepare, manage and perform the appointment.

Any further transfer of data shall not occur or shall only occur if you have expressly consented to the transfer, if there is a legal obligation or if another legal basis permits the transfer.

The basis for the processing of data is Art. 6(1)(b) GDPR, which permits the processing of data for the fulfilment of a contract or for pre-contractual actions.

Payment services

We integrate payment services of third-party companies on our website and platform. When you enter into a fee-based contract with us, your payment data, e.g. name, payment amount, bank account details or credit card data, are processed by the payment service provider for the purpose of payment processing.

At present, payments via noverya are primarily relevant for partner businesses that book fee-based subscriptions or other fee-based services of the platform operator. Payments for beauty, cosmetics, hairdressing, wellness or other services offered by partner businesses are generally made directly between the customer and the partner business, unless expressly stated otherwise.

For payment transactions, the respective contractual and data protection provisions of the payment service provider apply.

The use of payment service providers is based on Art. 6(1)(b) GDPR for contract processing and in the interest of a smooth, convenient and secure payment transaction on the basis of Art. 6(1)(f) GDPR.

Insofar as your consent is requested for certain actions, Art. 6(1)(a) GDPR is the legal basis for data processing. Consent may be revoked at any time for the future.

Stripe

The provider for customers within the EU is:

Stripe Payments Europe, Ltd. 1 Grand Canal Street Lower Grand Canal Dock Dublin Ireland

We use Stripe to process payments, subscriptions, invoices and payment management for fee-based services provided to partner businesses.

When using Stripe, the following data in particular may be processed:

Stripe may also transfer data to the USA and other third countries. The data transmission is based on appropriate safeguards, in particular the Standard Contractual Clauses of the European Commission.

Details can be found in Stripe’s Privacy Policy at the following link: https://stripe.com/de/privacy.

9. Security of processing

We take appropriate technical and organizational measures to protect personal data against loss, misuse, unauthorized access, alteration or disclosure.

These measures may include in particular:

Despite all security measures, data transmission on the Internet can never be guaranteed to be completely risk-free.

10. Special categories of personal data

Our platform is generally not designed to process special categories of personal data within the meaning of Art. 9 GDPR, in particular health data, information about illnesses, diagnoses, allergies, religious beliefs or other particularly sensitive information.

Users are asked not to enter such data in free-text fields, booking notes, contact forms or other input fields unless this is strictly necessary for the respective booking.

If such data should exceptionally be required, the processing will only take place insofar as there is an appropriate legal basis, in particular explicit consent pursuant to Art. 9(2)(a) GDPR or another statutory permission.

11. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy if the legal situation, our services, the providers we use or our data processing operations change.

The version currently published on our website shall apply.