Privacy Policy

    PRIVACY POLICY

    for Kosmo Stretching & Yoga House (sole proprietorship Polina Sergeevna Fomina)**

    1. Controller

    Polina Sergeevna Fomina
    Frauenstraße 114
    89073 Ulm
    Germany

    E-mail: kosmo.house.ulm@gmail.com
    Phone: +49 177 1804553
    Website: https://kosmo-ulm.com/en

    2. Types of data processed

    Personal data

    • First and last name
    • E-mail address
    • Telephone number
    • Information on health limitations (voluntary)
    • Fitness goals and class interests
    • Payment data (Stripe, PayPal, SEPA)

    Media

    • Photos of participants
    • Videos of participants
    • Group photos / videos

    (Only with prior consent in accordance with our photo and video consent form.)

    Online data

    • Cookies (technically necessary & analytics cookies)
    • IP address (shortened/anonymised)
    • Browser type, device information
    • Usage behaviour (via analytics & Meta Pixel)

    3. Purposes of data processing

    We process personal data exclusively for the following purposes:

    • Class booking & administration via our internal CRM
    • Communication (e-mail, telephone, WhatsApp, newsletter)
    • Carrying out classes including health questionnaires
    • Payment processing (Stripe, PayPal, SEPA, cash payments)
    • Improvement of our online offering (analytics)
    • Marketing & reach measurement (Meta Pixel)
    • Publication of photos/videos, where separate consent has been given

    4. Legal bases under the GDPR

    The processing is carried out on the basis of the following legal grounds:

    • Art. 6(1)(b) GDPR – performance of a contract (class bookings)
    • Art. 6(1)(a) GDPR – consent (newsletter, photos/videos)
    • Art. 6(1)(f) GDPR – legitimate interests
      (optimisation of our services, marketing, IT security)
    • Art. 6(1)(c) GDPR – legal obligations (tax law)

    5. Cookies & tracking technologies

    We use:

    • Technically necessary cookies
    • Analytics cookies
    • Meta Pixel (Facebook/Instagram)
    • Google Analytics
    • TikTok Pixel (if activated)

    Details are explained in the cookie banner.
    Users can deactivate tracking at any time.

    6. Use of third‑party providers

    a) Stripe (payment service provider)

    Stripe Payments Europe, Ltd.
    Data: payment, e-mail, technical information
    Legal basis: performance of a contract (Art. 6(1)(b) GDPR)

    b) PayPal

    PayPal (Europe) S.a.r.l. et Cie
    Data: name, e-mail, payment
    Legal basis: performance of a contract

    c) Internal CRM solution

    Our internal CRM stores:

    • Contact details
    • Bookings
    • Health information (voluntary)
    • Communication

    Data is not sold or passed on to third parties.

    d) Meta Platforms Ireland

    Marketing tracking via Meta Pixel.
    Legal basis: consent (Art. 6(1)(a) GDPR)

    7. Disclosure of data

    Data is only disclosed to:

    • Instructors of KOSMO Studio Ulm
      (only name, booked class, relevant notes)
    • Service providers such as
    • CRM system
    • Payment providers
    • Newsletter system
    • IT service providers, where necessary

    There is no disclosure of data to third parties for their own advertising purposes.

    8. Storage period

    • Customer account & booking data: until deletion / 10 years (tax law)
    • Payment data: 10 years
    • Newsletter data: until consent is withdrawn
    • Cookies: depending on settings, 1 day to 24 months
    • Photos/videos: until consent is withdrawn

    9. Photo and video recordings

    Photos/videos are only created and used with prior written consent.
    Consent can be revoked at any time.

    Link to the consent form: [the URL will be added here later]

    10. Your rights (data subject rights)

    You have the right at any time to:

    • receive information about the data stored about you,
    • have inaccurate data corrected,
    • request deletion of your data (“right to be forgotten”),
    • request restriction of processing,
    • data portability,
    • withdraw consent given,
    • object to data processing based on legitimate interests.

    Contact:
    kosmo.house.ulm@gmail.com

    11. Withdrawal of consent

    Consent given (e.g. newsletter, photos, marketing tracking) can be withdrawn at any time, for example by e-mail to:

    📩 kosmo.house.ulm@gmail.com

    12. Data security

    We use technical and organisational measures to protect data, including:

    • Encryption (SSL/HTTPS)
    • Access restrictions
    • Password protection
    • Regular security updates

    13. Changes to this Privacy Policy

    We reserve the right to amend this Privacy Policy.
    The current version can always be found on our website.