Privacy Policy

<!-- NOTE: These texts are based on general German legal requirements and industry templates. An individual legal review before publication is recommended. -->

Privacy Policy

1. Controller

Naveen Reddy Ponakaladinne

[Address to be added before publication]

Email: Navinreddy410@gmail.com

Phone: +49 178 4011665

2. Overview of data processing

The following overview summarises the types of data processed and the purposes of their processing, and refers to the persons concerned.

3. Collection and storage of personal data

We collect personal data only to the extent necessary to provide our website and services. Collection is based on the following legal grounds:

• Consent (Art. 6(1)(a) GDPR)

• Performance of a contract (Art. 6(1)(b) GDPR)

• Legitimate interests (Art. 6(1)(f) GDPR)

4. Booking form

When you request a session via our booking form, we collect the following data: name, email address, phone number, preferred appointment date and desired service. The legal basis is Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures). The data is used exclusively for scheduling and performing the booked session and is stored after completion of the service for the duration of the statutory retention periods.

5. Health-related information (intake form)

As part of the intake form, we collect health-related data (e.g. allergies, pre-existing conditions, pregnancy). This data constitutes special categories of personal data pursuant to Art. 9 GDPR. Processing is carried out exclusively on the basis of your explicit consent (Art. 9(2)(a) GDPR). You may withdraw your consent at any time with effect for the future. The data is required for the safe provision of the wellness session and will be deleted upon withdrawal of consent or at the latest upon expiry of the statutory retention periods.

6. Server log files

The hosting provider automatically collects and stores information in server log files that your browser transmits automatically. These include: browser type and version, operating system, referrer URL, hostname of the accessing computer, time of the server request, and IP address. This data is not combined with other data sources. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in ensuring error-free operation of the website).

7. Cookies

This website uses only technically necessary cookies required for the operation of the website (e.g. session cookies, language settings). Consent is not required for these pursuant to § 25(2) TDDDG (German Telecommunications-Digital Services Data Protection Act), as these cookies are strictly necessary for the provider to deliver the service explicitly requested by the user. No tracking or marketing cookies are used.

8. Hosting

This website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Vercel processes personal data on our behalf (data processing agreement). The data transfer to the USA is based on EU Standard Contractual Clauses (Art. 46(2)(c) GDPR). More information: https://vercel.com/legal/privacy-policy

9. Content management system (Sanity)

We use Sanity (Sanity AS, Grünerløkka, Oslo, Norway) as our content management system. Sanity stores editorial content in the EU/EEA. Personal data of website visitors is not transferred to Sanity.

10. Database (Supabase)

For storing booking and intake data, we use Supabase (Supabase Inc., USA), with the database hosted in Frankfurt am Main (EU). Data does not leave the EU. EU Standard Contractual Clauses apply to the agreement with Supabase.

11. Email delivery (Resend)

For sending confirmation emails, we use the service Resend (Resend Inc., USA). The transfer is based on EU Standard Contractual Clauses (Art. 46(2)(c) GDPR). More information: https://resend.com/legal/privacy-policy

12. Data subject rights

You have the following rights with regard to the personal data concerning you:

• Right of access (Art. 15 GDPR)

• Right to rectification (Art. 16 GDPR)

• Right to erasure (Art. 17 GDPR)

• Right to restriction of processing (Art. 18 GDPR)

• Right to data portability (Art. 20 GDPR)

• Right to object to processing (Art. 21 GDPR)

To exercise your rights, please contact: Navinreddy410@gmail.com

13. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority. The competent supervisory authority for us is:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW), Postfach 20 04 44, 40102 Düsseldorf, https://www.ldi.nrw.de

14. No automated individual decision-making

We do not use automated decision-making including profiling pursuant to Art. 22 GDPR.

15. Currency and changes to this privacy policy

This privacy policy is currently valid. Due to the further development of our website or changes in legal or regulatory requirements, it may become necessary to amend this privacy policy.