Privacy Policy

Introduction

The protection of your personal data is of the utmost importance. This privacy policy explains the nature, scope, and purpose of the processing of personal data (hereinafter referred to as "data") in connection with the online offer. This includes the associated website, functions, and content, as well as external online presences such as social media profiles (collectively referred to as "online offer"). Your personal data will be treated confidentially and in strict compliance with legal data protection regulations and the provisions of this privacy policy.

General Information

This privacy policy provides you with a comprehensive overview of what happens to your personal data when you visit this website. Personal data includes all information that can be used to identify you personally. Detailed information about data protection can be found in this complete privacy policy.

Responsible Entity

The data processing on this website is carried out by the website operator. You can find the contact details of the responsible entity in the "Responsible" section of this privacy policy.

Collection of Your Data

Personal data is collected either by you actively providing it, for example, by filling out a contact form, or automatically when visiting the website through the IT systems of the responsible entity. This includes technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter the website.

Use of Your Data

Some of the data is collected to ensure the proper functioning of the website. Other data may be used to analyze your user behavior in order to optimize the offer and tailor it to your needs.

Data Transmission to External Parties

In the course of the responsible entity’s business activities, it may be necessary to transmit personal data to external parties. This transmission will only occur under certain conditions: when the disclosure is necessary to fulfill a contract, when there is a legal obligation (e.g., to tax authorities), when there is a legitimate interest according to Art. 6(1)(f) GDPR, or when another legal basis permits the data transmission. When using external service providers for data processing, the transfer of personal data will only take place on the basis of a valid data processing agreement according to Art. 28 GDPR. If data is jointly processed with other entities, a joint processing agreement will be established according to Art. 26 GDPR.

Withdrawal of Consent for Data Processing

Certain data processing activities can only be carried out with your explicit consent. You can withdraw your consent at any time. The lawfulness of the data processing carried out until the withdrawal remains unaffected by the withdrawal.

Right to Object to Specific Data Processing and Marketing Activities (Art. 21 GDPR)

If your personal data is processed on the basis of Art. 6(1)(e) or (f) GDPR, you have the right to object to this processing at any time if you have reasons arising from your particular situation. This also applies to profiling based on these provisions. The specific legal basis for data processing can be found in this privacy policy. In the event of an objection, the responsible entity will no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims (objection according to Art. 21(1) GDPR).

If your personal data is used for direct marketing purposes, you have the right to object to this processing at any time. This also applies to profiling insofar as it is related to direct marketing. After your objection, the responsible entity will no longer process your personal data for these marketing purposes (objection according to Art. 21(2) GDPR).

Rights under the General Data Protection Regulation

You have the right to lodge a complaint with a competent supervisory authority in case of violations of the GDPR. This right can be exercised particularly in the member state of your habitual residence, place of work, or the place of the alleged violation. Other administrative or judicial remedies remain unaffected.

Personal data that is processed based on consent or to fulfill a contract can be requested in a structured, commonly used, and machine-readable format. Upon request, this data can also be transferred directly to another responsible entity, provided this is technically feasible.

Every data subject has the right to obtain free information about their stored personal data, its origin, recipients, and the purpose of the data processing. Furthermore, there is the right to correction or deletion of this data, as long as legal provisions allow. For any further questions or concerns about personal data, you can contact the responsible entity at any time.

There is also the right to request a restriction of data processing if the accuracy of the data is contested and verification is pending. If processing is unlawful, instead of deletion, restriction of data processing can be requested. Furthermore, restriction can be requested if the data is no longer needed but is required for the establishment, exercise, or defense of legal claims. If there is an objection to processing under Art. 21(1) GDPR, the right to restriction remains until it is determined whose interests outweigh others.

If the processing of personal data is restricted, this data may only be processed with the consent of the data subject, for the establishment, exercise, or defense of legal claims, to protect the rights of other individuals or legal entities, or for reasons of important public interest of the EU or a member state, except for storage.

2. Responsible Entity

The responsible entity for the data processing on this website, as defined by the General Data Protection Regulation (GDPR), is:

Company: Heart Soul Rebellion Represented by: Ms. Laura Kayser Address: 99c, Marine Sports Club, Sharm el Sheikh, Egypt Website: www.heartsoulrebellion.com Email: laura@heartsoulrebellion.com Phone: +49 176 60981861

3. Processors

We collaborate with various processors who process data on our behalf. These service providers are contractually obliged to treat the data confidentially and use it exclusively for the purpose of the respective service. There are also cases in which responsibility for data processing is shared with other entities. In such cases, the responsibilities are transparently regulated and documented to ensure compliance with data protection requirements.

4. Definitions

To ensure the transparency of this privacy policy and make it understandable for everyone, this policy primarily uses terms that are also defined in the General Data Protection Regulation (GDPR). The full legal definitions can be found in Art. 4 GDPR. Below are the key terms related to this privacy policy:

Personal Data: This includes all information relating to an identified or identifiable natural person (hereinafter "data subject"). A person is considered identifiable if they can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier (e.g., cookie), or one or more specific characteristics that reflect the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
Processing: This term covers any operation or set of operations performed on personal data, whether by automated means or not. This includes collecting, recording, organizing, structuring, storing, altering or changing, retrieving, querying, using, disclosing by transmission, distributing, or any other form of provision, comparison, or linking, restricting, deleting, or destroying data.
Controller: This refers to the natural or legal person, authority, agency, or other body that alone or jointly with others determines the purposes and means of processing personal data.
Processor: A natural or legal person, authority, agency, or other body that processes personal data on behalf of the controller.
Consent: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or clear affirmative action, signify agreement to the processing of personal data relating to them.
Website: Refers to the entire internet offering provided by the controller under a specific URL. This includes all content, information, functions, and services published by the controller and made accessible to the user via this URL. The website serves as a digital platform to provide information, services, and interaction between the controller and users.
End Device: An electronic device capable of accessing the internet and loading websites, such as computers, laptops, tablets, and smartphones.

These definitions help understand the privacy policy and the meanings of the terms used.

5. Hosting

This website is hosted on external servers to ensure reliable and secure use of this online offer.

Data processing by the hosting provider occurs in accordance with Art. 6(1)(f) GDPR, as the controller has a legitimate interest in providing a stable and secure website. If it is necessary to obtain the user’s consent (for example, for the use of certain cookies or tracking technologies), data processing is based on the user’s consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG. You can revoke your consent at any time with effect for the future.

The hosting provider is: Squarespace, Inc. - 225 Varick Street New York City, New York, United States

Details on data processing and privacy can be found in the privacy policy of the hosting provider.

To ensure that your data is processed in accordance with applicable data protection regulations, a data processing agreement (DPA) has been concluded with the hosting provider. This agreement obliges the hosting provider to process the personal data of website visitors solely according to the instructions of the controller and in compliance with the GDPR. The hosting provider guarantees comprehensive protection of your data through technical and organizational measures.

6. Legal Basis for Data Processing

The processing of your personal data is carried out based on the General Data Protection Regulation (GDPR) and other relevant legal provisions. Depending on the purpose of data processing, different legal bases apply.

If you have consented to the processing of your personal data, this processing occurs based on your consent according to Art. 6(1)(a) GDPR. This particularly applies to the processing of special categories of personal data under Art. 9(2)(a) GDPR and the transmission of personal data to third countries under Art. 49(1)(a) GDPR. You can withdraw your consent at any time.

The processing of your data may be necessary to fulfill a contract or to carry out pre-contractual measures, and in this case, it is based on Art. 6(1)(b) GDPR. Additionally, data processing may be required to comply with legal obligations, which is then done based on Art. 6(1)(c) GDPR.

In certain cases, processing is carried out to protect the legitimate interests of the controller or a third party, provided that your interests or fundamental rights and freedoms do not override these interests. This processing is based on Art. 6(1)(f) GDPR.

For certain types of processing, national regulations, such as § 25 TTDSG concerning the storage of cookies or access to information on your device, may also apply. The specific legal bases applicable will be explained in detail in the relevant sections of this privacy policy.

If your data is required for the performance of a contract or pre-contractual measures, the processing of your data will be based on Art. 6(1)(b) GDPR. For compliance with a legal obligation, data processing is based on Art. 6(1)(c) GDPR. Additionally, data processing may occur based on legitimate interests in accordance with Art. 6(1)(f) GDPR. The specific legal bases in each case will be explained in the following sections of this privacy policy.

7. Data Transfer to Unsafe Third Countries and Non-DPF-Certified US Companies

If this website uses tools from companies based in data protection unsafe third countries, or US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF), your personal data may be transferred to and processed in these countries. It is important to note that in data protection unsafe third countries, no level of data protection equivalent to that of the EU can be guaranteed. For the USA as an unsafe third country, a data protection level comparable to the EU’s is generally not ensured. A data transfer to the USA is therefore only permitted if the recipient is either certified under the "EU-US Data Privacy Framework" (DPF) or has appropriate additional guarantees. Detailed information on possible transfers to third countries, including data recipients, can be found in this privacy policy.

8. Data Retention

Unless a more specific retention period is mentioned in this privacy policy, personal data will remain with the controller until the purpose for data processing ceases. If a legitimate deletion request is made or consent for data processing is withdrawn, the relevant data will be deleted unless there are other legally permissible reasons for retaining the personal data (e.g., tax or commercial retention periods). In these cases, deletion will occur once these reasons no longer apply.

The controller only stores personal data as long as it is necessary to fulfill the respective purposes for which the data was collected. This includes fulfilling contractual obligations, complying with legal retention periods, and protecting the legitimate interests of the controller, such as IT security and protection against misuse. If the processing of personal data is based on consent, the data will be stored until the consent is withdrawn by the data subject. Such withdrawal is always possible with future effect. Afterward, the data will be promptly deleted unless there are legal retention obligations or other overriding legal reasons that require further storage.

In summary, personal data will be deleted after the purpose has been fulfilled or the legal basis for storage has ceased, unless there are still legal obligations or legitimate interests that justify further storage.

9. Security Measures and Data Minimization

Comprehensive technical and organizational measures are taken to effectively protect your personal data against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access. Only the data that is absolutely necessary for the respective purpose will be collected and processed. This data minimization strategy helps to significantly reduce the risk of misuse and unauthorized access. Security measures are continuously updated to adapt to the state of the art and to ensure a high level of protection for your data.

10. SSL/TLS Encryption

To protect the security of your data during transmission, encryption methods that meet the current standards of technology (e.g., SSL or TLS) are used via HTTPS. SSL (Secure Socket Layer) or TLS (Transport Layer Security) are protocols used for encrypting data transmissions over the internet. This ensures that the data exchanged between your browser and the server is protected from unauthorized access. You can recognize an encrypted connection by the fact that the address bar of the browser changes from "http://" to "https://" and by the lock symbol in your browser bar.

11. Encrypted Payment Transactions via the Website

If, after concluding a paid contract, you are required to transmit payment data (e.g., bank account number for direct debit), the data transmission is encrypted. This encryption technology provides a high level of protection for payment data and prevents access by third parties. The encrypted transmission path can be recognized by the fact that the address bar of the browser changes from "http://" to "https://" and the lock symbol appears in the browser bar. The use of SSL or TLS ensures that payment data is handled securely and confidentially.

12. Storing User Information in Log Files

When accessing the website, general information is automatically collected and transmitted by your browser to the server. This information is stored in so-called log files and typically includes:

a) IP address of the requesting computer b) Date and time of access c) Name and URL of the retrieved file d) Website from which the access originated (referrer URL) e) Browser and user agent string f) Operating system g) Name of your access provider h) HTTP status code

These data are stored for security reasons, to ensure smooth connection setup of the website, to facilitate comfortable use of the website, to evaluate system security and stability, and for other administrative purposes.

The legal basis for data processing is Art. 6(1)(f) GDPR. The legitimate interest arises from the aforementioned purposes for data collection. In no case will the collected data be used to draw conclusions about your person. The stored data will be anonymized or deleted unless there are legal retention obligations.

13. Cookies

This website uses cookies. These are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit the page. Cookies do not cause any damage to your device and do not contain viruses, trojans, or other harmful software.

Cookies store information that is specific to the device being used. However, this does not mean that the controller directly obtains knowledge of your identity.

The use of cookies is intended to make your experience with the website more enjoyable. For example, the controller uses session cookies to recognize that you have already visited individual pages of the website. These are automatically deleted once you leave the page.

Additionally, the controller uses temporary cookies to optimize user-friendliness, which are stored on your device for a specific period. When you return to the site to use the services, it will be automatically recognized that you have already visited and which entries and settings you made, so you don’t have to enter them again.

Furthermore, the controller uses cookies to statistically record the use of the website and evaluate it for optimization purposes. These cookies allow the controller to recognize that you have already visited the site when you visit again. These cookies are automatically deleted after a specified period.

The data processed through cookies is required for the legitimate interests of the controller and third parties under Art. 6(1)(f) GDPR.

Most browsers accept cookies automatically. However, you can configure your browser to prevent cookies from being stored on your computer or to always display a warning before a new cookie is created. Disabling cookies entirely may, however, result in you being unable to use all functions of the website.

14. Cookie Consent Banner

This website uses a cookie consent banner to manage your consent for the use of cookies. The provider of this service is:

TO BE ADDED COOKIE BANNER PROVIDER

How it Works and Purpose The cookie consent banner sets a technically necessary cookie to store your cookie consents. This cookie does not process personal data. It only stores your settings that you make upon entering the website, including:

a) Consent or rejection of certain cookies b) Time of consent c) Duration of the storage of settings d) Legal basis for data processing

The data processing by the cookie consent banner takes place according to Art. 6(1)(f) GDPR. The legitimate interest of the controller is to ensure the lawful consent for the use of cookies. If consent has been requested, the processing is based on Art. 6(1)(a) GDPR.

Storage Duration and Deletion The stored data will remain stored until you delete the cookies in your browser or withdraw your consent. You can change your settings at any time in the cookie settings of this website.

15. Use of the Contact Form

If you have any questions, you can contact the controller via a contact form provided on this website. To know who the inquiry comes from and to respond to it, the following data is required: first name, last name, email.

The data processing for the purpose of contacting the controller is carried out based on your voluntarily given consent according to Art. 6(1)(a) GDPR.

The personal data collected for using the contact form will generally be deleted after the inquiry has been resolved.

16. Inquiries by Email or Phone

You have the option to send inquiries by email or phone to the controller. The personal data transmitted (e.g., name, email address, phone number, and the inquiry itself) will be processed and stored by the controller exclusively for the purpose of handling the inquiry and any follow-up questions.

The legal basis for this data processing is Art. 6(1)(b) GDPR, as the processing is necessary for the performance of a contract or for the performance of pre-contractual measures. If the processing is not related to a contract, it is based on Art. 6(1)(f) GDPR, as the controller has a legitimate interest in processing and responding to inquiries.

17. Inquiries via WhatsApp

You have the option to send inquiries via WhatsApp to the controller. Please note that WhatsApp stores the transmitted data on servers in the USA. Therefore, no sensitive information should be transmitted via this channel. The personal data you transmit (e.g., name, phone number, and the inquiry itself) will be processed and stored by the controller exclusively for the purpose of handling your inquiry and any follow-up questions.

Additional information about the processing of your personal data by WhatsApp can be found in their privacy policy at: https://www.whatsapp.com/legal/.

18. Prohibition of Sending Advertising Emails

The use of the contact details published in the imprint for the purpose of sending unsolicited advertisements and informational materials is hereby prohibited. Any unauthorized use of contact data for advertising purposes constitutes a violation of the rights of the operator of this website and will not be tolerated. The operator of this website expressly reserves the right to take legal action if violations occur, especially in the case of unsolicited advertising, such as spam emails.

19. Newsletter

If you wish to subscribe to the newsletter offered on the website, the controller requires a valid email address and information that allows verification that you are the owner of the provided email address and consent to receiving the newsletter (double opt-in process). No other data will be collected. This data will only be used for sending the requested information and will not be shared with third parties.

The processing of the data entered in the newsletter registration form is based exclusively on your consent in accordance with Art. 6(1)(a) GDPR. You can withdraw your consent for the storage of the data, the email address, and its use for sending the newsletter at any time, e.g., via the "unsubscribe" link in the newsletter or by sending a corresponding message to the controller. The legality of the data processing carried out up to the point of withdrawal remains unaffected.

The data you provide for receiving the newsletter will be stored until you unsubscribe from the newsletter and deleted after unsubscribing. Data stored for other purposes with the controller (e.g., email addresses for the member area) will remain unaffected.

MailerLite

The newsletter is sent via the service provider MailerLite. MailerLite is a service of MailerLite Limited, 38 Mount Street Upper, Dublin 2, D02 PR89, Ireland. The email addresses of the newsletter recipients, as well as other data described in these instructions, are stored on MailerLite servers in the European Union. MailerLite uses this information to send and evaluate newsletters on behalf of the controller. In addition, MailerLite may use this data to optimize or improve its services, such as for the technical optimization of sending and displaying the newsletters or for business purposes, to determine the countries the recipients are from. However, MailerLite does not use the data of the newsletter recipients to send them emails or share it with third parties.

Further information on data protection with MailerLite can be found at: https://www.mailerlite.com/legal/privacy-policy.

Additionally, technical and organizational security measures are employed to protect your personal data from manipulation, loss, destruction, or unauthorized access. These security measures are continually improved in line with technological developments.

20. Use of Analysis and Tracking Tools

Analysis and tracking tools are used to ensure the demand-oriented design and continuous optimization of this website. These measures help to statistically record the use of this website and optimize the offerings for you. The storage and analysis of the data is based on Art. 6(1)(f) GDPR, as the provider has a legitimate interest in providing an appealing and functional website.

If consent has been obtained, the processing is also based on Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent involves the storage of cookies or access to information on the user’s device (e.g., device fingerprinting). This consent can be withdrawn at any time.

Google Ads Tracking

Google Ads tracking is used, a web analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Ads tracking uses cookies to measure the effectiveness of advertising campaigns and analyze your use of this website. The information provided by the cookie about your use of this website is typically transferred to Google servers in the USA and stored there.

Google is certified under the EU-US Data Privacy Framework (DPF), which ensures adequate protection for the transfer of personal data from the EU to the USA. Any company certified under the DPF commits to adhering to these strict privacy standards. For more information on the EU-US DPF, visit: https://www.dataprivacyframework.gov/.

Further information on data protection with Google Ads tracking can be found at: https://policies.google.com/privacy.

Google Analytics

Google Analytics is used, a web analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies to enable an analysis of your use of the website. The information provided by the cookie about your use of this website is typically transferred to Google servers in the USA and stored there. However, by activating IP anonymization on this website, your IP address will be truncated by Google within EU member states or other contracting states of the Agreement on the European Economic Area.

Further information on data protection with Google Analytics can be found at: https://policies.google.com/privacy.

21. Social Media Plugins

This section informs you about the integration and use of social media on this website. This includes details about data processing and your rights in connection with the use of social media plugins and their features.

Instagram

This website integrates features of the Instagram service, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The Instagram plugins allow you to share and spread content from this website on your Instagram profile. You can recognize these plugins by the Instagram logo integrated into this website.

When you visit a page on this website that contains an Instagram plugin, your browser establishes a direct connection to Instagram’s servers. The content of the plugin is sent directly from Instagram to your browser and embedded into the website. Through this embedding, Instagram receives the information that your browser has accessed the corresponding page of this website, even if you do not have an Instagram account or are not logged into Instagram. This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there.

If you are logged into Instagram, Instagram can directly associate the visit to this website with your Instagram account. If you interact with the plugins, such as pressing the “Like” button or leaving a comment, the corresponding information is also directly transmitted to an Instagram server and stored there. The information will also be published on your Instagram profile and displayed to your Instagram followers.

The use of Instagram plugins is based on your consent according to Art. 6(1)(a) GDPR and § 25(1) TTDSG, as consent is required for the use of cookies and other tracking technologies. Consent can be withdrawn at any time with effect for the future. To prevent Instagram from associating the data collected via this website with your Instagram account, you must log out of Instagram before visiting this website.

The transfer of personal data to the USA is based on the EU Commission’s standard contractual clauses. For more information, please visit: https://www.facebook.com/legal/EU_data_transfer_addendum.

Meta Platforms Ireland Limited is certified under the EU-US Data Privacy Framework (DPF), which ensures adequate protection for the transfer of personal data from the EU to the USA. Any company certified under the DPF is committed to adhering to these strict data protection standards. For more information on the EU-US DPF, please visit: https://www.dataprivacyframework.gov/.

For more information about data processing and data usage by Instagram, as well as your related rights and privacy settings, please visit Instagram's privacy policy: https://help.instagram.com/155833707900388.

Pinterest

This website integrates features of the Pinterest service, operated by Pinterest Inc., 505 Brannan St, San Francisco, CA 94107, USA. The Pinterest plugins allow you to share and spread content from this website on your Pinterest profile. You can recognize these plugins by the Pinterest logo integrated into this website.

When you visit a page on this website that contains a Pinterest plugin, your browser establishes a direct connection to Pinterest’s servers. The content of the plugin is sent directly from Pinterest to your browser and embedded into the website. Through this embedding, Pinterest receives the information that your browser has accessed the corresponding page of this website, even if you do not have a Pinterest account or are not logged into Pinterest. This information (including your IP address) is transmitted directly from your browser to a Pinterest server in the USA and stored there.

If you are logged into Pinterest, Pinterest can directly associate the visit to this website with your Pinterest account. If you interact with the plugins, such as pressing the “Pin it” button or leaving a comment, the corresponding information is also directly transmitted to a Pinterest server and stored there. The information will also be published on your Pinterest profile and displayed to your Pinterest followers.

The use of Pinterest plugins is based on your consent according to Art. 6(1)(a) GDPR and § 25(1) TTDSG, as consent is required for the use of cookies and other tracking technologies. Consent can be withdrawn at any time with effect for the future. To prevent Pinterest from associating the data collected via this website with your Pinterest account, you must log out of Pinterest before visiting this website.

The transfer of personal data to the USA is based on the EU Commission’s standard contractual clauses. For more information, please visit: https://policy.pinterest.com/en/privacy-policy.

Pinterest Inc. is certified under the EU-US Data Privacy Framework (DPF), which ensures adequate protection for the transfer of personal data from the EU to the USA. Any company certified under the DPF is committed to adhering to these strict data protection standards. For more information on the EU-US DPF, please visit: https://www.dataprivacyframework.gov/.

For more information about data processing and data usage by Pinterest, as well as your related rights and privacy settings, please visit Pinterest's privacy policy: https://policy.pinterest.com/en/privacy-policy.

22. Appointment Booking or Calendar Tool

This website uses an appointment booking or calendar tool to help you plan and book appointments. This tool allows for the management of appointments and efficient processing of your booking requests.

The use of this appointment booking or calendar tool is based on your consent according to Art. 6(1)(a) GDPR and § 25(1) TTDSG, as consent is required for the use of cookies and other tracking technologies. Your consent is used to efficiently manage and confirm your appointment bookings. Consent can be withdrawn at any time with effect for the future.

Here are detailed information about the appointment booking or calendar tool:

Acuity Scheduling

Acuity Scheduling is used for online appointment booking. Acuity Scheduling is a service provided by Squarespace, Inc., 225 Varick Street, 12th Floor, New York, NY 10014, USA. This service allows you to book appointments online. When an appointment is booked through Acuity Scheduling, the data you enter (e.g., name, email address, phone number, date, and time of the appointment) is transmitted to Acuity Scheduling and stored there.

Acuity Scheduling uses this data to manage and confirm the appointment booking. Your data may be transferred and stored in the USA. Acuity Scheduling may also share this information with third parties if required by law or if third parties process this data on behalf of Acuity Scheduling.

Squarespace, Inc. is certified under the EU-US Data Privacy Framework (DPF). This ensures adequate protection for the transfer of personal data from the EU to the USA. Any company certified under the DPF is committed to adhering to strict data protection standards. For more information on the EU-US DPF, please visit: https://www.dataprivacyframework.gov/.

For more information on data processing by Acuity Scheduling, please visit Acuity Scheduling’s privacy policy at: https://de.squarespace.com/datenschutz.

[updated: 14.05.2025]