Data protection declaration for the use of the website

The following data protection declaration applies to the use of our online offer [www.Metropol-Sauna.de] (hereinafter "website").

We attach great importance to data protection. The collection and processing of your personal data takes place in compliance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR).

1. Responsible

Metropol-Sauna GmbH & Co. KG, Konrad-Adenauer-Straße 15, 60313 Frankfurt am Mainm 069-17509115, info @ Metropol- Sauna.de

If you want to object to the collection, processing or use of your data by us in accordance with these data protection provisions as a whole or for individual measures, you can address your objection to the person responsible.

You can save and print out this data protection declaration at any time.

2. General purposes of processing

We use personal data for the purpose of operating the website.

3. What data we use and why

3.1. Hosting

The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating the website.

We or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data from customers, interested parties and visitors to this website on the basis of our legitimate interests in an efficient and secure provision of our website in accordance with Art. 6 Para. 1 p. 1 f) GDPR in conjunction with Art. 28 GDPR.

3.2. Access data

We collect information about you when you use this website. We automatically collect information about your usage behavior and your interaction with us and register data about your computer or mobile device. We collect, save and use data every time our website is accessed (so-called server log files). The access data include:

  • Name and URL of the file called up

  • Date and time of the call

  • amount of data transferred

  • Notification of successful retrieval (HTTP response code)

  • Browser type and browser version

  • operating system

  • Referer URL (i.e. the previously visited page)

  • Websites that are accessed by the user's system via our website

  • Internet service provider of the user

  • IP address and the requesting provider

We use this log data without assignment to your person or other profiling for statistical evaluations for the purpose of operation, security and optimization of our website, but also for anonymous recording of the number of visitors to our website (traffic) as well as the scope and type of Use of our website and services, also for billing purposes, to measure the number of clicks received from cooperation partners. Based on this information, we can provide personalized and location-based content and analyze data traffic, search for and correct errors and improve our services.

This is also where our legitimate interest lies in accordance with Art. 6 Para. 1 S. 1 f) GDPR.

We reserve the right to check the log data retrospectively if, based on specific indications, there is a legitimate suspicion of illegal use. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes or for the provision of services or the billing of a service, e.g. B. if you use one of our offers. After canceling the order process or after receipt of payment, we delete the IP address if it is no longer required for security purposes. We also save IP addresses if we have a specific suspicion of a criminal offense in connection with the use of our website. We also save the date of your last visit as part of your account (e.g. when registering, logging in, clicking links, etc.).

3.3. Cookies

We use so-called session cookies to optimize our website. A session cookie is a small text file that is sent by the respective server when you visit a website and is temporarily stored on your hard drive. This file as such contains a so-called session ID, with which various requests from your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. These cookies are deleted after you close your browser. They serve z. B. to the fact that you can use the shopping cart function across several pages.

To a lesser extent, we also use persistent cookies (also small text files that are stored on your device) that remain on your device and enable us to recognize your browser the next time you visit. These cookies are stored on your hard drive and delete themselves after the specified time. Their lifespan is 1 month to 10 years. In this way, we can present our offer to you in a more user-friendly, effective and secure manner and, for example, show you information on the page that is specifically tailored to your interests.

Our legitimate interest in the use of cookies in accordance with Art. 6 Para. 1 S. 1 f) GDPR lies in making our website more user-friendly, more effective and safer.

The following data and information are stored in the cookies:

  • Log-in information

  • language settings

  • entered search terms

  • Information about the number of visits to our website and the use of individual functions of our website.

When the cookie is activated, an identification number is assigned to it and your personal data is not assigned to this identification number. Your name, your IP address or similar data that would enable the cookie to be assigned to you are not stored in the cookie. Based on cookie technology, we only receive pseudonymised information, for example about which pages of our shop were visited, which products were viewed, etc.

You can set your browser so that you are informed in advance about the setting of cookies and can decide in individual cases whether you want to exclude the acceptance of cookies for certain cases or in general, or that cookies are completely prevented. This can restrict the functionality of the website.

3.4. Data to fulfill our contractual obligations

We process personal data that we need to fulfill our contractual obligations, such as name, address, email address, ordered products, billing and payment data. The collection of this data is necessary for the conclusion of the contract.

The data will be deleted after the warranty periods and statutory retention periods have expired. Data that are linked to a user account (see below) will in any case be retained for the duration of this account.

The legal basis for the processing of this data is Art. 6 Para. 1 S. 1 b) GDPR, because this data is required so that we can fulfill our contractual obligations towards you.

3.5. User account

You can create a user account on our website. If you want this, we need the personal data requested when you log in. When you log in later, only your email or user name and the password you have chosen are required.

For the new registration, we collect master data (e.g. name, address), communication data (e.g. e-mail address) and payment data (bank details) as well as access data (user name and password).

In order to ensure your proper registration and to prevent unauthorized registrations by third parties, you will receive an activation link by email after your registration to activate your account. Only after you have registered will we permanently save the data you have transmitted in our system.

Once you have created a user account, you can have us delete it at any time without incurring any costs other than the transmission costs according to the basic tariffs. A message in text form to the contact details mentioned under item 1 (e.g. email, fax, letter) is sufficient for this. We will then delete your stored personal data, unless we still have to store them to process orders or due to statutory retention requirements.

The legal basis for the processing of this data is your consent in accordance with Art. 6 Para. 1 S. 1 a) GDPR.

3.6. Newsletter

To register for the newsletter, the data requested in the registration process are required. The registration for the newsletter is logged. After registering, you will receive a message to the email address provided, asking you to confirm your registration ("double opt-in"). This is necessary so that third parties cannot register with your email address.

You can revoke your consent to receive the newsletter at any time and thus unsubscribe from the newsletter.

We save the registration data as long as it is required for sending the newsletter. We store the log of the registration and the shipping address as long as there was an interest in proof of the originally given consent, usually the limitation periods for claims under civil law, i.e. a maximum of three years.

The legal basis for sending the newsletter is your consent in accordance with Article 6 Paragraph 1 Sentence 1 a) in conjunction with Article 7 GDPR in conjunction with Section 7 Paragraph 2 No. 3 UWG. The legal basis for logging the registration is our legitimate interest in proving that the dispatch was carried out with your consent.

You can cancel your registration at any time without incurring any costs other than the transmission costs according to the basic tariffs. A message in text form to the contact details mentioned under item 1 (e.g. e-mail, fax, letter) is sufficient for this. Of course you will also find an unsubscribe link in every newsletter.

3.7. Product recommendations

Independently of the newsletter, we will regularly send you product recommendations by email. In this way, we send you information about products from our range in which you may be interested on the basis of your last purchases of goods or services from us. In doing so, we strictly adhere to the legal requirements. You can object to this at any time without incurring any costs other than the transmission costs according to the basic tariffs. A message in text form to the contact details mentioned under item 1 (e.g. email, fax, letter) is sufficient for this. Of course, you will also find an unsubscribe link in every email.

The legal basis for this is the legal permission according to Art. 6 Paragraph 1 Sentence 1 f) GDPR in conjunction with Section 7 Paragraph 3 UWG.

3.8. e-mail contact

If you contact us (e.g. using the contact form or email), we will process your details to process the request and in the event that follow-up questions arise.

If the data processing takes place in order to carry out pre-contractual measures, which take place at your request, or, if you are already our customer, in order to carry out the contract, the legal basis for this data processing is Art. 6 Para. 1 S. 1 b) GDPR.

We only process further personal data if you consent to this (Art. 6 Para. 1 S. 1 a) GDPR) or we have a legitimate interest in processing your data (Art. 6 Para. 1 S. 1 f) GDPR) . A legitimate interest is e.g. B. replying to your email.

4. Google Analytics

We use Google Analytics, a web analysis service from Google Inc. (“Google”). Google Analytics uses so-called "cookies", text files that are stored on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about the use of this website by the site visitors is usually transmitted to a Google server in the USA and stored there.

This is also where our legitimate interest lies in accordance with Art. 6 Para. 1 S. 1 f) GDPR.

Google has submitted to the Privacy Shield Agreement between the European Union and the USA and is certified. As a result, Google undertakes to comply with the standards and regulations of European data protection law. You can find more information in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active .

We have activated IP anonymization on this website (anonymizeIp). As a result, however, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address will only be transmitted to a Google server in the USA and shortened there in exceptional cases. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out, however, that in this case you may not be able to use all functions of this website to their full extent.

You can also prevent the data generated by the cookie and relating to your use of the website (including your IP address) from being transmitted to and processed by Google by downloading the browser plug-in available under the following link and install: http://tools.google.com/dlpage/gaoptout?hl=de .

As an alternative to the browser plug-in or within browsers on mobile devices, you can click on the following link to set an opt-out cookie that will prevent Google Analytics from collecting data on this website in the future (this opt-out cookie only works in this browser and only for this domain. If you delete the cookies in your browser, you have to click this link again): [Deactivate Google Analytics]

Note for the person responsible (does not belong in the data protection declaration!):

The browser plug-in offered by Google for deactivating cookies does not work on mobile devices. But there, too, the person concerned must have the option of preventing their IP address from being recorded. Therefore a special Javascript has to be integrated with the following code (whereby the "xxxxxxx" stand for the Analytics ID):

<script>

var gaProperty = 'UA-xxxxxxx-1';

var disableStr = 'ga-disable-' + gaProperty;

if (document.cookie.indexOf (disableStr + '= true')> -1) {window [disableStr] = true;

}

function gaOptout () {

document.cookie = disableStr + '= true; expires = Thu, Dec 31, 2099 23:59:59 UTC; path = / ';

window [disableStr] = true; }

</script>

The link is then included in the data protection declaration in the yellow marked position as follows (the link text between the ">" and "<" can be freely selected:

<a href=ojavascript:gaOptout()"> Deactivate Google Analytics </a>

The anonymizeIP function is added to the line

ga ('set', 'anonymizeIp', true);

added something like this:

<script>

(function (i, s, o, g, r, a, m) {i ['GoogleAnalyticsObject'] = r; i [r] = i [r] || function () {

(i [r] .q = i [r] .q || []). push (arguments)}, i [r] .l = 1 * new Date (); a = s.createElement (o),

m = s.getElementsByTagName (o) [0]; a.async = 1; a.src = g; m.parentNode.insertBefore (a, m)

}) (window, document, 'script', 'https: //www.google-analytics.com/analytics.js','ga');

ga ('create', 'UA-XXXXXXXX-X', 'auto');

ga ('require', 'displayfeatures');

ga ('require', 'linkid', 'linkid.js');

ga ('set', 'anonymizeIp', true);

ga ('send', 'pageview');

</script>

5. Storage period

Unless specifically stated, we only store personal data for as long as is necessary to fulfill the purposes pursued.

In some cases, the legislature provides for the storage of personal data, for example in tax or commercial law. In these cases, the data will only be stored by us for these legal purposes, but will not be processed in any other way and will be deleted after the legal retention period has expired.

6. Your rights as a data subject

According to the applicable laws, you have various rights with regard to your personal data. If you would like to assert these rights, please send your request by email or post, clearly identifying yourself to the address given in section 1.

Below you will find an overview of your rights.

6.1. Right to confirmation and information

You have the right to clear information about the processing of your personal data.

In detail:

You have the right at any time to receive confirmation from us as to whether personal data relating to you is being processed. If this is the case, you have the right to request free information from us about the personal data stored about you, along with a copy of this data. Furthermore, there is a right to the following information:

  1. the purposes of the processing;

  2. the categories of personal data that are processed;

  3. the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular in the case of recipients in third countries or international organizations;

  4. if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;

  5. the existence of a right to correction or deletion of your personal data or to restriction of processing by the person responsible or a right to object to this processing;

  6. the existence of a right to lodge a complaint with a supervisory authority;

  7. if the personal data are not collected from you, all available information about the origin of the data;

  8. the existence of automated decision-making including profiling in accordance with Art. 22 Para. 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for you.

If personal data are transmitted to a third country or to an international organization, you have the right to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.

6.2. Right to rectification

You have the right to request that we correct and, if necessary, complete your personal data.

In detail:

You have the right to request us to correct any incorrect personal data concerning you without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - including by means of a supplementary declaration.

6.3. Right to deletion ("right to be forgotten")

In a number of cases we are obliged to delete personal data relating to you.

In detail:

In accordance with Art. 17 (1) GDPR, you have the right to demand that we delete personal data relating to you immediately, and we are obliged to delete personal data immediately if one of the following reasons applies:

  1. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

  2. You revoke your consent on which the processing was based in accordance with Art. 6 Para. 1 S. 1 a) GDPR or Art. 9 Para. 2 a) GDPR, and there is no other legal basis for the processing.

  3. You object to the processing in accordance with Art. 21 Paragraph 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 Paragraph 2 GDPR.

  4. The personal data was processed unlawfully.

  5. The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which we are subject.

  6. The personal data was collected in relation to the information society services offered in accordance with Art. 8 Para. 1 GDPR.

If we have made the personal data public and we are obliged to delete it in accordance with Art. 17 Para. 1 GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, in order to be responsible for the data processing Process data, to inform you that you have requested the deletion of all links to this personal data or of copies or replications of this personal data.

6.4. Right to restriction of processing

In a number of cases you are entitled to request that we restrict the processing of your personal data.

In detail:

You have the right to demand that we restrict processing if one of the following conditions is met:

  1. You dispute the correctness of the personal data for a period that enables us to check the correctness of the personal data,

  2. the processing is unlawful and you refused to delete the personal data and instead requested that the use of the personal data be restricted;

  3. we no longer need the personal data for the purposes of processing, but you need the data to assert, exercise or defend legal claims, or

  4. You have lodged an objection to the processing in accordance with Art. 21 Paragraph 1 GDPR, as long as it has not yet been determined whether the legitimate reasons of our company outweigh yours.

6.5. Right to data portability

You have the right to receive machine-readable personal data relating to you, to transmit it, or to have it transmitted by us.

In detail:

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format, and you have the right to transmit this data to another person responsible without hindrance from us, provided that

  1. the processing is based on consent in accordance with Art. 6 Paragraph 1 Sentence 1 a) GDPR or Art. 9 Paragraph 2 a) GDPR or on a contract in accordance with Art. 6 Paragraph 1 Sentence 1 b) GDPR and

  2. the processing is carried out using automated procedures.

When exercising your right to data portability in accordance with paragraph 1, you have the right to have the personal data transmitted directly from us to another person responsible, insofar as this is technically feasible.

6.6. Right to object

You have the right to object to the lawful processing of your personal data by us if this is justified by your particular situation and our interests in the processing do not outweigh our interests.

In detail:

You have the right, for reasons that arise from your particular situation, to object at any time to the processing of personal data relating to you, which is based on Art. 6 Para. 1 S. 1 e) or f) GDPR; this also applies to profiling based on these provisions. We no longer process the personal data unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If we process personal data in order to operate direct mail, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

You have the right, for reasons that arise from your particular situation, to object to the processing of personal data concerning you that is carried out for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR unless the processing is necessary to fulfill a task in the public interest.

6.7. Automated decisions including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which has legal effects on you or which significantly affects you in a similar manner.

There is no automated decision-making based on the personal data collected.

6.8. Right to withdraw consent under data protection law

You have the right to withdraw your consent to the processing of personal data at any time.

6.9. Right to complain to a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your personal data is unlawful.

7. Data security

We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.

Your personal data will be transmitted encrypted with us. This applies to your orders and also to the customer login. We use the SSL (Secure Socket Layer) coding system, but would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.

To secure your data, we maintain technical and organizational security measures in accordance with Art. 32 GDPR, which we continually adapt to the state of the art.

We also do not guarantee that our offer will be available at certain times; Faults, interruptions or failures cannot be ruled out. The servers we use are carefully backed up on a regular basis.

8. Transfer of data to third parties, no data transfer to non-EU countries

In principle, we only use your personal data within our company.

If and to the extent that we involve third parties in the performance of contracts (such as logistics service providers), they will only receive personal data to the extent that the transmission is necessary for the corresponding service.

In the event that we outsource certain parts of the data processing ("order processing"), we contractually oblige the processors to use personal data only in accordance with the requirements of the data protection laws and to guarantee the protection of the rights of the data subject.

A data transfer to bodies or persons outside the EU outside of the case mentioned in this declaration in section 4 does not take place and is not planned.

9th data protection officer

If you have any questions or concerns about data protection, please contact our data protection officer: Andreas Laeuen.

Metropol-Sauna data protection declaration for the use of the Metropol-Sauna app

This application collects personal data from its users.

Provider and person responsible

Metropol-Sauna GmbH & Co. KG - Konrad-Adenauer-Straße 15, access via Schwedenkronenplatz, 60313 Frankfurt am Main - Germany

Provider's email address: andreas@metropol-sauna.de

Data protection officer:

Andreas Laeuen

Konrad-Adenauer-Strasse 15

Email: Andreas@Metropol-Sauna.de

Tel .: 069-17509115

Types of data collected

Among the personal data that this application collects, by itself or through third parties, there are: cookies; Usage data; different types of data; Unique device identifier for advertising (Google Advertising ID or IDFA, for example); Storage authorization; Geographical position.

Complete details on each type of processed personal data are provided in the sections of this data protection declaration provided for this purpose or in specific explanatory texts that are displayed before the data is collected.
Personal data can be provided voluntarily by the user or, in the case of usage data, collected automatically when this application is used.
Unless otherwise specified, it is mandatory to provide all data requested by this application. If the user refuses to provide the data, this may mean that this application cannot provide its services to the user. In cases where this application expressly states that the provision of personal data is voluntary, users may choose not to provide this data without any consequences for the availability or functionality of the service.
Users who are unsure which personal data are mandatory can contact the provider.
Any use of cookies - or other tracking tools - by this application or third-party service providers used by this application serves the purpose of providing the service requested by the user and all other purposes outlined in this document and, if available, are described in the cookie policy.

Users are responsible for all personal data of third parties that are obtained, published or passed on through this application and confirm that they have obtained consent to the transmission of personal data from any third parties to this application.

Type and place of data processing

Processing methods

The provider processes the user data in a proper manner and takes appropriate security measures to avoid unauthorized access and the unauthorized forwarding, modification or destruction of data.
The data processing is carried out by means of computers or IT-based systems according to organizational procedures and procedures that are specifically geared towards the stated purposes. In addition to the person responsible, other persons could also be internal (personnel management, sales, marketing, legal department, system administrators) or external - and, if necessary, named by the person responsible as processors (such as technical service providers, delivery companies, hosting providers, IT companies or Communication agencies) - operate this application and thus have access to the data. A current list of these participants can be requested from the provider at any time.

Legal basis for processing

The provider may only process personal data of users if one of the following points applies:

  • The users have given their consent for one or more specific purposes. Note: In some legislations, the provider may be allowed to process personal data until the user objects to such processing ("opt-out") without having to rely on consent or any of the following legal bases. However, this does not apply if the processing of personal data is subject to European data protection law;

  • the data collection is necessary for the fulfillment of a contract with the user and / or for pre-contractual measures resulting therefrom;

  • the processing is necessary for the fulfillment of a legal obligation to which the provider is subject;

  • the processing is in connection with a task that is carried out in the public interest or in the exercise of official powers that have been assigned to the provider;

  • The processing is necessary to safeguard the legitimate interests of the provider or a third party.

In any case, the provider will be happy to provide information about the specific legal basis on which the processing is based, in particular whether the disclosure of personal data is a legal or contractual obligation or a prerequisite for the conclusion of a contract.

place

The data is processed in the provider's branch and in all other locations where the bodies involved in data processing are located.

Depending on the location of the user, data transfers can include the transfer of the user's data to a country other than your own. To find out more about the place of processing of the transmitted data, users can consult the section with the detailed information on the processing of personal data.

Users also have the right to inquire about the legal basis for data transfer to a country outside the European Union or to an international organization that is subject to international law or that was founded by two or more countries, such as the UN, as well as about the provider to clarify the security measures taken to protect their data.

If such a transfer takes place, the user can find out more by checking the relevant sections of this document or by contacting the provider using the information provided in the contact section.

Storage period

Personal data are processed and stored for as long as required by the purpose for which they were collected.

Therefore:

  • Personal data that are collected for the purpose of fulfilling a contract concluded between the provider and the user will be stored until this contract has been completely fulfilled.

  • Personal data that are collected to safeguard the legitimate interests of the provider will be stored for as long as is necessary to fulfill these purposes. Users can obtain more information about the legitimate interests of the provider in the relevant sections of this document or by contacting the provider.

In addition, the provider is permitted to store personal data for a longer period of time if the user has consented to such processing, as long as the consent is not revoked. In addition, the provider may be obliged to store personal data for a longer period of time if this is necessary to fulfill a legal obligation or by order of an authority.

After the retention period has expired, personal data will be deleted. Therefore, the right to information, the right to erasure, the right to correction and the right to data portability cannot be asserted after the retention period has expired.

Purposes of processing

Personal data about the user is collected so that the provider can provide the services. In addition, data is collected for the following purposes: access to third-party profiles, analytics, contacting the user, handling payments, interaction with external social networks and platforms, hosting and backend infrastructure, data transfer outside the EU, device authorizations for access to personal Data, viewing the content of external platforms, monitoring the infrastructure, logging in and authentication, location-based interactions and managing contacts and sending messages.

Users can find further detailed information on these processing purposes and on the personal data used for the respective purpose in the corresponding sections of this document.

Facebook permissions required for this application

This application may require certain Facebook permissions in order to carry out actions with the user's Facebook account and to obtain information therefrom, including personal data. This application connects to the user profile on the social network Facebook, provided by Facebook Inc.

For more information about the following permissions, please refer to the documentation on Facebook permissions and the Facebook privacy policy .

The following permits are required: General information and email.

Device permissions for access to personal data

Depending on the device used by the user, this application can request certain authorizations that allow access to the device data of the user as described below.

By default, these access authorizations must be granted by the user before the corresponding information can be accessed. Once consent has been given, it can be revoked by the user at any time. To revoke these consents, users can check the device settings or contact the owner's support using the contact details given in this document.
The exact procedure for checking app permissions can depend on the device and the software of the user.

It should be noted that the revocation of such authorizations could impair the proper functioning of this application.

If the user grants one of the authorizations listed below, the respective personal data could be processed by this application (ie it can be accessed, changed or removed).

Storage authorization

Used to access shared external storage, including reading and adding objects.

Detailed information on the processing of personal data

Personal data is collected for the following purposes using the following services:

Analytics

With the services listed in this section, the provider can monitor and analyze data traffic and track the behavior of users.

Google Analytics (Google Inc.)

Google Analytics is a web analysis service from Google Inc. (“Google”). Google uses the collected data to track and examine how this application is used, to compile reports on its activities and to share these with other Google services.
Google can use the collected data to contextualize and personalize the advertisements of its own advertising network.

Personal data collected: cookie; Usage data.

Place of processing: United States - Privacy Policy - Opt Out . Privacy Shield member.

Google Analytics for Firebase (Google LLC)

Google Analytics for Firebase or Firebase Analytics is an analysis service from Google LLC.
Further information on the use of data by Google can be found in the Google partner policy .

Firebase Analytics can share data with other tools provided by Firebase such as Crash Reporting, Authentication, Remote Config or Notifications. The user can review this privacy policy for a detailed explanation of the other tools used by the owner.

This application uses mobile device identifiers and cookie-like technologies to run the Google Analytics for Firebase service.

Users can opt out of certain Firebase features through the appropriate device settings on their mobile devices, such as through the advertising settings for mobile devices, or by following the instructions in other sections of this Privacy Policy regarding Firebase, if applicable.

Personal data collected: cookie; Unique device identifier for advertising (Google Advertising ID or IDFA, for example); Usage data.

Place of processing: United States - Privacy Policy . Privacy Shield member.

Registration and authentication

With registration or authentication, users authorize this application to identify them and grant them access to specific services.
Depending on what is specified below, third-party providers may provide login and authentication services. In this case, this application can access some of the data stored by these third parties for login or identification purposes.

Facebook Authentication (Facebook, Inc.)

Facebook Authentication is a login and authentication service provided by Facebook, Inc. that is connected to the Facebook social network.

Personal data collected: various types of data as described in the privacy policy of the service.

Place of processing: United States - Privacy Policy . Privacy Shield member.

Google OAuth (Google Inc.)

Google OAuth is a login and authentication service provided by Google Inc. that is connected to the Google network.

Personal data collected: various types of data as described in the privacy policy of the service.

Place of processing: United States - Privacy Policy . Privacy Shield member.

View content from external platforms

With this type of service, users can view content hosted on external platforms directly through this application and interact with them.
If such a service is installed, it can possibly collect data from the data traffic for the pages on which it is installed even when users are not using it.

Google Maps Widget (Google Inc.)

Google Maps is a service provided by Google Inc. for the visualization of maps with which this application can incorporate content of this kind on its pages.

Personal data collected: cookie; Usage data.

Place of processing: United States - Privacy Policy . Privacy Shield member.

YouTube video widget (Google Inc.)

YouTube is a video content visualization service provided by Google Inc. with which this application can incorporate content of this kind on its pages.

Personal data collected: cookie; Usage data.

Place of processing: United States - Privacy Policy . Privacy Shield member.

Google Calendar Widget (Google LLC)

Google Calendar-Widget is a service provided by Google LLC for the provision of calendar data, with which this application can integrate corresponding content on its pages.

Personal data collected: cookie; Usage data.

Place of processing: United States - Privacy Policy . Privacy Shield member.

Vimeo Video (Vimeo, LLC)

Vimeo is a video content visualization service provided by Vimeo, LLC that enables this Application to incorporate content of this kind on its pages.

Personal data collected: cookie; Usage data.

Place of processing: United States - Privacy Policy .

Data transfer outside the EU

The provider may only transfer personal data that is collected within the EU to third countries (ie to countries that do not belong to the EU) in accordance with a certain legal basis. Such data transfer is based on one of the legal bases described below. The user can inquire with the provider about which legal basis applies to which service.

Data transfer from the EU and / or Switzerland to the USA in accordance with the Privacy Shield (this application)

If this is the legal basis, the transfer of personal data from the EU or Switzerland to the USA takes place in accordance with the EU - USA or Switzerland - USA Privacy Shield (also known as the data protection shield).
In particular, personal data is transmitted to recipients who certify themselves within the framework of the Privacy Shield framework and thus guarantee an appropriate level of protection for this transmitted data. Such third party services are listed in the appropriate sections of this document. Those services that have joined the Privacy Shield can be filtered out by checking the respective data protection guidelines and possibly also the official Privacy Shield list.
Privacy Shield also guarantees users certain rights, as outlined in their most up-to-date form on the US Department of Commerce website.
Personal data can only be transmitted from the EU or Switzerland to the USA to recipients who are not or are no longer part of the Privacy Shield if there is a valid legal basis for this. To find out more about such a legal basis, the user can contact the provider.

Personal data collected: various types of data.

Data transfer to countries that guarantee European standards (this application)

If this is the legal basis, the transfer of personal data from the EU to third countries takes place on the basis of an adequacy decision by the European Commission.
The European Commission adopts adequacy decisions for certain countries if it is of the opinion that they guarantee data protection standards that are comparable to those laid down by EU data protection rules. The user can view an updated list of all adequacy decisions on the website of the European Commission.

Personal data collected: various types of data.

Device permissions for access to personal data

This application requests certain consents from users that allow access to the user's device data as described below.

Device Permissions to Access Personal Data (This Application)

This application requests certain consents from users that allow access to the user's device data as described in this document.

Personal data collected: storage authorization.

Hosting and backend infrastructure

The purpose of these types of services is to host data and files so that this application can be managed and used. Furthermore, these offers can provide a prefabricated infrastructure that handles specific functions or entire components for this application.
Some of these services work with geographically dispersed servers, making it difficult to determine where the personal data is stored.

Firebase Cloud Functions (Google LLC)

Firebase Cloud Functions is a web hosting and backend service provided by Google LLC.

Personal data collected: usage data; various types of data as described in the privacy policy of the service.

Place of processing: United States - Privacy Policy . Privacy Shield member.

Firebase Cloud Firestore (Google LLC)

Firebase Cloud Firestore is a web hosting and backend service provided by Google LLC.

Personal data collected: usage data; various types of data as described in the privacy policy of the service.

Place of processing: United States - Privacy Policy . Privacy Shield member.

Firebase Realtime Database (Google LLC)

Firebase Realtime Database is a web hosting and backend service provided by Google LLC.

Personal data collected: usage data; various types of data as described in the privacy policy of the service.

Place of processing: United States - Privacy Policy . Privacy Shield member.

Firebase Cloud Storage (Google LLC)

Firebase Cloud Storage is a web hosting service provided by Google LLC.

Personal data collected: usage data; various types of data as described in the privacy policy of the service.

Place of processing: United States - Privacy Policy . Privacy Shield member.

Interoute (Interoute Communications Limited.)

Interoute is a web hosting service provided by Interoute Communications Limited.

Personal data collected: various types of data as described in the privacy policy of the service.

Place of processing: United Kingdom - Privacy Policy .

Interaction with external social networks and platforms

This type of service enables interaction with social networks or other external platforms directly through this application.
The interaction and the information collected via this application are always subject to the privacy settings made by the users for the respective social network.
This type of service can continue to collect web traffic data for the pages on which the service is installed even when users are not using it.
It is recommended to log out of the respective services in order to ensure that the processed data via this application is not connected to the profile of the user again.

Button and widgets for PayPal (Paypal)

The PayPal button and widgets are services for interacting with the PayPal network provided by PayPal Inc.

Personal data collected: cookie; Usage data.

Place of processing: See the PayPal data protection declaration - data protection declaration .

Contact the user

Contact form (this application)

By filling out the contact form with their data, users authorize this application to use their details to respond to requests for information, offers or other inquiries that are specified in the header of the form.

Personal data collected: various types of data.

Location-based interactions

Discontinuous geolocation (this application)

This application can collect, use and share position data of the user in order to provide location-based services.
Most browsers and devices are set by default to disable this feature. This application can access the user's position data if explicit permission has been given.
The geographic location of the user is determined in a discontinuous manner, either at the express request of the user or if the user does not enter the current location in the appropriate field and allows the application to determine the location automatically.

Personal data collected: Geographical position.

Handling payments

With payment services, this application can process payments by credit card, bank transfer, or other methods. In order to ensure a particularly high level of security, this application only forwards the information that is necessary for the execution of the transaction with the financial intermediaries processing the transaction.
Some of these services can also provide for the sending of timed messages to the user, such as e-mails with invoices or notifications regarding payment.

PayPal (Paypal)

PayPal is a payment service from PayPal Inc. that enables users to make online payments.

Personal data collected: various types of data as described in the privacy policy of the service.

Place of processing: See the PayPal data protection declaration - data protection declaration .

Manage contacts and send messages

This type of service enables the management of a database with e-mail contacts, phone numbers or any other contact information in order to communicate with the user.
The services can also collect data on what date and time the message was read by the user, as well as when the user interacts with incoming messages, for example by clicking on links contained therein.

Firebase Cloud Messaging (Google Inc.)

Firebase Cloud Messaging is a messaging service provided by Google Inc. Firebase Cloud Messaging enables the owner to send messages and notifications to users through platforms such as Android, iOS and the web. Messages can be sent to individual devices, device groups, on specific topics or to specific user segments.

Personal data collected: various types of data as described in the privacy policy of the service.

Place of processing: United States - Privacy Policy . Privacy Shield member.

Access to third party profiles

Using this type of service, this application reads profile information from your profiles at third-party providers and converts them into actions.
These services are not activated automatically, but require the explicit consent of the user.

Access to the Facebook profile (this application)

This application connects to the user profile on the social network Facebook, provided by Facebook, Inc.

Requested permits: email.

Place of processing: United States - Privacy Policy . Privacy Shield member.

Monitoring the infrastructure

With this type of service, this application can monitor the usage and behavior of its individual components to improve performance, operation, maintenance, and troubleshooting.
Which personal data is processed depends on the properties and the type of execution of the services, the function of which is to filter the activities taking place via this application.

Sentry (Functional Software, Inc.)

Sentry is an application monitoring service provided by Functional Software, Inc.

Personal data collected: various types of data as described in the privacy policy of the service.

Place of processing: United States - Privacy Policy .

More information about personal data

Push notifications

This application can send push notifications to users.

Unique device identification

This application can track users by storing a unique identifier on their device for analytical purposes or to store the user's settings.

On-line sales of goods and services

The personal data collected are used to provide users with services or to sell goods; this includes payments and possibly deliveries.
The personal data that is collected to carry out the payment can be details of the credit card, the bank account used for the transfer or other payment methods provided. The type of data this application collects depends on the payment system used.

User rights

Users can exercise certain rights in relation to their data processed by the provider.

In particular, users have the right to do the following:

  • Revoke your consent at any time. If the user has previously consented to the processing of personal data, he can revoke his own consent at any time.

  • Object to the processing of your data. The user has the right to object to the processing of his data if the processing takes place on a legal basis other than consent. More information on this is given below.

  • Receive information about your data. The user has the right to find out whether the data is being processed by the provider, to receive information about individual aspects of the processing and to receive a copy of the data.

  • Check and have it corrected. The user has the right to check the accuracy of his data and to request that it be updated or corrected.

  • Request restriction of the processing of your data. Users have the right to restrict the processing of their data under certain circumstances. In this case, the provider will not process the data for any other purpose than storage.

  • Request deletion or other removal of personal data. Under certain circumstances, users have the right to request the provider to delete their data.

  • Receive your data and have it transferred to another person in charge. The user has the right to receive his data in a structured, common and machine-readable format and, if technically possible, to have it transmitted to another person responsible without hindrance. This provision applies if the data is processed automatically and the processing is based on the consent of the user, on a contract to which the user is a party, or on pre-contractual obligations.

  • Give a complaint. Users have the right to lodge a complaint with the competent supervisory authority.

Details on the right to object to processing

If personal data are processed in the public interest, in the exercise of a sovereign authority transferred to the provider or to safeguard the legitimate interests of the provider, the user can object to this processing by providing a reason for justification that relates to his particular situation.

Users are informed that they can object to the processing of personal data for direct mail at any time without giving reasons. Users can find out whether the provider processes personal data for direct marketing purposes in the relevant sections of this document.

How the rights can be exercised

All inquiries to exercise user rights can be directed to the provider using the contact details given in this document. Applications can be exercised free of charge and will be processed by the provider as early as possible, at the latest within one month.

This application uses cookies. To find out more and to get a better understanding of cookies, the user can read the specific document here: Cookie Policy .

More information about the collection and processing of data

Legal action

The personal data of the user can be processed by the provider for the purposes of legal enforcement within or in preparation of legal proceedings that result from the fact that this application or the associated services have not been used properly.
The user declares that he is aware that the provider could be obliged by the authorities to disclose personal data.

More information about the user's personal data

In addition to the information listed in this data protection declaration, this application can, on request, provide the user with further context-related information relating to certain services or the collection and processing of personal data.

System logs and maintenance

This application and the services of third-party providers may collect files for operational and maintenance purposes that record the interaction taking place via this application (system logs) or use other personal data (e.g. IP address) for this purpose.

Information not contained in this data protection declaration

Further information about the collection or processing of personal data can be requested from the provider at any time using the contact details listed.

How do not track requests are handled

This application does not support "Do Not Track" requests from web browsers.
Users can find out whether integrated third-party services support the non-tracking protocol from the data protection declaration of the respective service.

Changes to this data protection declaration

The provider reserves the right to make changes to this data protection declaration at any time by making its users available to the provider on this page and, if necessary, via this application and / or - if technically and legally possible - by sending a message to the user via one of the providers available contact information. Users are therefore advised to visit this page regularly and to check the date of the last change given at the bottom of the page.

Insofar as changes affect data usage based on the consent of the user, the provider will - if necessary - obtain new consent.

Definitions and legal notices

Personal data (or data)

All information by which the identity of a natural person is or can be determined directly or in connection with other information.

Usage data

Information that this application (or third party services that this application uses) collects automatically, e.g. For example: the IP addresses or domain names of the computers of users who use this application, the URI addresses (Uniform Resource Identifier), the time of the request, the method used to send the request to the server , the size of the received response file, the numerical code that shows the status of the server response (successful result, error, etc.), the country of origin, the functions of the browser and operating system used by the user, the various time information per call (e.g. B. how much time was spent on each page of the application) and information about the path that was followed within an application, in particular the order of the pages visited, as well as other information about the operating system of the device and / or the IT environment of the user .

Users

The individual using this application who, unless otherwise specified, coincides with the Data Subject.

Affected

The natural person to whom the personal data relates.

Processor (or data processor)

Natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible, as described in this data protection declaration.

Responsible (or provider, sometimes also owner)

The natural or legal person, public authority, agency or other body that, alone or jointly with others, decides on the purposes and means of processing personal data and the means used for this purpose, including the security measures relating to the operation and use of this application. Unless otherwise stated, the person responsible is the natural or legal person through whom this application is offered.

This application

The hardware or software tool with which the personal data of the user is collected and processed.

service

The service provided by this application as described in the relative terms (if available) and on this site / application.

European Union (or EU)

Unless otherwise stated, all references in this document to the European Union refer to all current member states of the European Union and the European Economic Area (EEA).

Cookie

Small file that the application saves on the user's device.

Legal notice

This data protection declaration was drawn up on the basis of provisions of various legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).

This privacy policy relates solely to this application, if not stated otherwise within this document.

Last update: May 17, 2018

Metropol-Sauna cookie policy

Cookies consist of pieces of code that are installed in the browser and help the provider to provide the services for the stated purposes. Some of the purposes for which cookies are installed may also require user consent.

If the installation of cookies is based on consent, this can be revoked at any time following the instructions in this document.

Technical cookies and cookies that serve aggregated statistical purposes

  • Activities essential for the functionality of the service

    This application uses cookies to save user sessions and to carry out other activities that are essential for the operation of this application, for example in connection with the distribution of data traffic.

  • Activities relating to the storage of settings, optimization and statistics

    This application uses cookies to save browser settings and to optimize the user's surfing experience. These cookies include, for example, those used to set the language and currency or those used to manage first-party statistics that are operated directly by the provider of the site.

Other types of cookies or third parties that install cookies

Some of the services listed below manage statistics in an aggregated and anonymous form and do not necessarily require the consent of the user or can be operated directly by the provider - depending on their description - without the help of third-party providers.

If services provided by third-party providers appear in the tools below, these can be used to understand the surfing habits of the user - in addition to the information specified here and without the knowledge of the provider. For more detailed information, please refer to the data protection declarations of the services listed.

  • Analytics

    With the services listed in this section, the provider can monitor and analyze data traffic and track the behavior of users.

    Google Analytics (Google Inc.)

    Google Analytics is a web analysis service from Google Inc. (“Google”). Google uses the collected data to track and examine how this application is used, to compile reports on its activities and to share these with other Google services.
    Google can use the collected data to contextualize and personalize the advertisements of its own advertising network.

    Personal data collected: cookies and usage data.

    Place of processing: United States - Privacy Policy - Opt Out . Privacy Shield member.

    Google Analytics for Firebase (Google LLC)

    Google Analytics for Firebase or Firebase Analytics is an analysis service from Google LLC.
    Further information on the use of data by Google can be found in the Google partner policy .

    Firebase Analytics can share data with other tools provided by Firebase such as Crash Reporting, Authentication, Remote Config or Notifications. The user can review this privacy policy for a detailed explanation of the other tools used by the owner.

    This application uses mobile device identifiers and cookie-like technologies to run the Google Analytics for Firebase service.

    Users can opt out of certain Firebase features through the appropriate device settings on their mobile devices, such as through the advertising settings for mobile devices, or by following the instructions in other sections of this Privacy Policy regarding Firebase, if applicable.

    Personal data collected: cookie, unique device identifier for advertising (Google advertising ID or IDFA, for example) and usage data.

    Place of processing: United States - Privacy Policy . Privacy Shield member.

  • View content from external platforms

    With this type of service, users can view content hosted on external platforms directly through this application and interact with them.
    If such a service is installed, it can possibly collect data from the data traffic for the pages on which it is installed even when users are not using it.

    Google Maps Widget (Google Inc.)

    Google Maps is a service provided by Google Inc. for the visualization of maps with which this application can incorporate content of this kind on its pages.

    Personal data collected: cookies and usage data.

    Place of processing: United States - Privacy Policy . Privacy Shield member.

    YouTube video widget (Google Inc.)

    YouTube is a video content visualization service provided by Google Inc. with which this application can incorporate content of this kind on its pages.

    Personal data collected: cookies and usage data.

    Place of processing: United States - Privacy Policy . Privacy Shield member.

    Google Calendar Widget (Google LLC)

    Google Calendar-Widget is a service provided by Google LLC for the provision of calendar data, with which this application can integrate corresponding content on its pages.

    Personal data collected: cookies and usage data.

    Place of processing: United States - Privacy Policy . Privacy Shield member.

    Vimeo Video (Vimeo, LLC)

    Vimeo is a video content visualization service provided by Vimeo, LLC that enables this Application to incorporate content of this kind on its pages.

    Personal data collected: cookies and usage data.

    Place of processing: United States - Privacy Policy .

  • Interaction with external social networks and platforms

    This type of service enables interaction with social networks or other external platforms directly through this application.
    The interaction and the information collected via this application are always subject to the privacy settings made by the users for the respective social network.
    This type of service can continue to collect web traffic data for the pages on which the service is installed even when users are not using it.
    It is recommended to log out of the respective services in order to ensure that the processed data via this application is not connected to the profile of the user again.

    Button and widgets for PayPal (Paypal)

    The PayPal button and widgets are services for interacting with the PayPal network provided by PayPal Inc.

    Personal data collected: cookies and usage data.

    Place of processing: See the PayPal data protection declaration - data protection declaration .

How can I give or withdraw my consent to the installation of cookies?

In addition to what is described in this document, the user can manage settings for cookies directly in his own browser and thus prevent third-party providers from installing cookies. Through the browser settings it is also possible to delete cookies installed in the past, including those cookies that may have saved the consent for the installation of cookies by this website. The user can, for example, information about the administration of cookies in the most popular browsers at the following addresses: Google Chrome , Mozilla Firefox , Apple Safari and Microsoft Internet Explorer .

With regard to cookies installed by third parties, users can manage their preferences and the withdrawal of their consent by clicking on the relevant opt-out link (if any), using the means provided for in the third party's privacy policy, or by contacting the third party.

Notwithstanding the above, the provider informs that users can follow the instructions on EDAA (EU), Network Advertising Initiative (US) and Digital Advertising Alliance (US), DAAC (Canada), DDAI (Japan) or similar services and benefit from them . Such services enable the user to define his tracking settings for almost all advertising tools. The provider therefore recommends that users make use of this tool in addition to the information provided in this document.

Provider and person responsible

Metropol-Sauna GmbH & Co. KG - Konrad-Adenauer-Straße 15, access via Schwedenkronenplatz, 60313 Frankfurt am Main - Germany

Provider's email address: andreas@metropol-sauna.de

Data protection officer:

Andreas Laeuen

Konrad-Adenauer-Strasse 15

Email: Andreas@Metropol-Sauna.de

Tel .: 069-17509115

Since this application uses third-party services that result in the installation of cookies and other such tracking systems that cannot be technically controlled by the provider, any specific reference to cookies and tracking systems installed by third-party providers must be viewed as indicative . Complete information can be found in the data protection declarations of the respective third-party providers specified in this document.

Given the objective complexity associated with the identification of cookies-based technologies, users are invited to contact the provider if they would like more information about the use of cookies by this application.

Definitions and legal notices

Personal data (or data)

All information by which the identity of a natural person is or can be determined directly or in connection with other information.

Usage data

Information that this application (or third party services that this application uses) collects automatically, e.g. For example: the IP addresses or domain names of the computers of users who use this application, the URI addresses (Uniform Resource Identifier), the time of the request, the method used to send the request to the server , the size of the received response file, the numerical code that shows the status of the server response (successful result, error, etc.), the country of origin, the functions of the browser and operating system used by the user, the various time information per call (e.g. B. how much time was spent on each page of the application) and information about the path that was followed within an application, in particular the order of the pages visited, as well as other information about the operating system of the device and / or the IT environment of the user .

Users

The individual using this application who, unless otherwise specified, coincides with the Data Subject.

Affected

The natural person to whom the personal data relates.

Processor (or data processor)

Natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible, as described in this data protection declaration.

Responsible (or provider, sometimes also owner)

The natural or legal person, public authority, agency or other body that, alone or jointly with others, decides on the purposes and means of processing personal data and the means used for this purpose, including the security measures relating to the operation and use of this application. Unless otherwise stated, the person responsible is the natural or legal person through whom this application is offered.

This application

The hardware or software tool with which the personal data of the user is collected and processed.

service

The service provided by this application as described in the relative terms (if available) and on this site / application.

European Union (or EU)

Unless otherwise stated, all references in this document to the European Union refer to all current member states of the European Union and the European Economic Area (EEA).

Cookie

Small file that the application saves on the user's device.

Legal notice

Note for European users: This data protection declaration was created in compliance with the requirements of Art. 10 of EC Directive No. 95/46 / EC and in accordance with the provisions of Directive 2002/58 / EC, revised by Directive 2009/136 / EC Cookies written.

This data protection declaration is exclusively about this application.

Last update: May 17, 2018