Effective Date: 01. January 2025
At Heide & Krug, we are committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, store, and safeguard your personal information when you visit our website, book a retreat, or use our facilities for events or functions. We comply with all applicable laws, including the European Union’s General Data Protection Regulation (GDPR), to ensure that your personal data is handled with care and transparency.
Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it.
1. Information We Collect
We collect several types of information in order to provide and improve our services to you. These include:
1.1 Personal Information
- Name
- Contact details (email address, phone number, postal address)
- Payment information (credit card details, billing address)
- Event details (specific requests for retreats, weddings, conferences, etc.)
- Communication preferences
1.2 Usage Data
We may collect information about how you access and interact with our website, including:
- IP address
- Browser type and version
- Pages visited
- Duration of visit
- Time and date of access
- Device information (e.g., mobile or desktop)
1.3 Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your user experience and gather information about how you interact with our site. This may include tracking the pages you visit, how often you visit, and how you arrived at our site. You can control cookie preferences in your browser settings.
2. How We Use Your Information
2.1 To Provide Services and Respond to Inquiries
We use your personal data to:
- Process bookings and reservations for retreats, events, and functions
- Communicate with you regarding event details, updates, and customer service inquiries
- Respond to your inquiries and provide the information you’ve requested
2.2 To Improve Our Services
We may use your personal information to:
- Analyze user trends and improve the functionality of our website and services
- Conduct market research to better understand your needs and preferences
2.3 To Process Payments
If you make a payment for a retreat or event, we use your payment details to complete the transaction securely. All payment processing is conducted through secure third-party providers, and we do not store your payment information.
2.4 To Send Promotional Materials (with your consent)
If you opt-in to receive newsletters, promotional emails, or special offers, we will use your contact details to send you updates. You may unsubscribe from these communications at any time by clicking the unsubscribe link in our emails or contacting us directly.
3. Legal Basis for Processing Your Data (GDPR)
We process your personal data based on the following legal grounds:
3.1 Contractual Necessity
Processing your personal data is necessary for the performance of a contract, such as booking a retreat or event, and to provide the services requested.
3.2 Consent
For certain communications (e.g., marketing), we rely on your explicit consent. You can withdraw your consent at any time by contacting us or using the unsubscribe option in our emails.
3.3 Legitimate Interests
We may process your personal data for purposes such as improving our services or responding to inquiries, where it aligns with our legitimate business interests, provided that your rights and freedoms are not overridden.
4. Data Sharing and Disclosure
We do not sell, trade, or rent your personal data to third parties. However, we may share your personal information in the following circumstances:
4.1 Service Providers
We may share your data with trusted third-party service providers who help us with:
- Event planning and execution
- Payment processing
- Marketing and communication
- Website hosting and maintenance These providers are bound by contractual obligations to handle your data securely and only use it for the specific services they provide to us.
4.2 Legal Obligations
We may disclose your personal information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
5. International Data Transfers
As a business based in the European Union, we process your data primarily within the EU. However, we may transfer your personal data to third-party service providers located outside the European Economic Area (EEA) for specific purposes, such as payment processing. In such cases, we ensure that appropriate safeguards are in place to protect your data, including standard contractual clauses or other legally acceptable mechanisms.
6. Data Security
We take the security of your personal data seriously. We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, alteration, or disclosure. This includes using encryption, firewalls, and secure access protocols.
However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security.
7. Your Rights Under GDPR
As a user under the European Union’s General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:
7.1 Right of Access
You have the right to request access to the personal data we hold about you and to obtain information about how it is being processed.
7.2 Right to Rectification
If your personal data is inaccurate or incomplete, you can request that we correct or update it.
7.3 Right to Erasure
You have the right to request the deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
7.4 Right to Restrict Processing
You can request that we limit the processing of your personal data if you believe it is inaccurate, unlawfully processed, or no longer necessary.
7.5 Right to Data Portability
You can request a copy of your personal data in a structured, commonly used, and machine-readable format, and transfer it to another data controller if desired.
7.6 Right to Object
You can object to the processing of your personal data, particularly for direct marketing purposes.
To exercise any of these rights, please contact us at [insert email address]. We will respond to your request within the timeframe required by law.
8. Retention of Personal Data
We will retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. When your data is no longer needed, we will securely delete or anonymize it.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we update the policy, we will post the new version on this page and update the “Effective Date” at the top. We encourage you to review this policy periodically for any changes.
10. Contact Us
If you have any questions about this Privacy Policy or our data protection practices, please feel free to contact us:
Heide & Krug
Heidekrug 1, 15374 Müncheberg
info@heide-krug.com
+4917678301481