Privacy Policy

1. Controller

Studio Sun & Sea
Owner: Milos Borojevic
Pfarrtannen 7, 49808 Lingen, Germany
Email: privacy@studiosunandsea.com

2. General Information

We process personal data only to the extent necessary to provide a functional website and our services. Personal data is processed based on consent or legal permissions under the GDPR.

3. Hosting and Log Files

a) Description and scope of data processing

When accessing our website, our hosting provider (Cloudflare) automatically collects technical data from your device. This includes:

These data are stored in log files. They are not merged with other data sources.

b) Legal basis

The legal basis for temporary storage of data and log files is Art. 6(1)(f) GDPR (legitimate interest).

c) Purpose of processing

Temporary storage of the IP address is necessary to deliver the website to your device. Log files ensure functionality, security, and optimization of the website.

d) Recipient

Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. A Data Processing Addendum (DPA) is in place.

4. Cookies

Our website does not use cookies except those technically required by embedded services (e.g., Mindbody). We do not use tracking or marketing cookies.

5. Contact by Email or Form

a) Description and scope

When contacting us via email or a contact form, the data you provide (e.g., name, email address, message content) is processed to handle your request.

b) Legal basis

Art. 6(1)(b) GDPR (contract or pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest).

c) Purpose

Processing your request and communicating with you.

d) Storage duration

Data are deleted when no longer required for the purpose unless legal retention obligations apply.

6. Mindbody Integration (Schedule & Booking)

a) Description and scope

Our website integrates services from Mindbody, Inc. (class schedule, booking, payments). When accessing these features, your browser connects directly to Mindbody’s servers. Data processed may include:

b) Legal basis

Art. 6(1)(b) GDPR (contract) and Art. 6(1)(f) GDPR (legitimate interest).

c) Purpose

Providing our class schedule, enabling bookings, and managing appointments.

d) Recipient

Mindbody, Inc., 651 Tank Farm Road, San Luis Obispo, CA 93401, USA.

e) Further information

See Mindbody’s privacy policy for details.

7. Hosting via Cloudflare Pages

Our website is hosted on Cloudflare Pages. Cloudflare processes technical data (see section 3) to provide, secure, and optimize the website.

8. External Links

Our website contains links to external websites. We are not responsible for their content or privacy practices. Their respective privacy policies apply.

9. Exali Liability Seal

a) Description and scope

Our website includes the liability seal provided by Exali AG. The graphic is loaded from Exali’s servers, which requires processing your IP address. Clicking the seal redirects you to Exali’s website.

More information:
Exali Privacy Policy

b) Legal basis

Art. 6(1)(f) GDPR (legitimate interest).

c) Purpose

Providing legally required professional liability information in a visually appropriate manner.

d) Legitimate interest

Offering an appealing online presence and fulfilling legal information obligations.

10. Rights of Data Subjects

You have the following rights under the GDPR:

11. Right to Object (Art. 21 GDPR)

You may object at any time to the processing of your personal data based on Art. 6(1)(f) GDPR for reasons arising from your particular situation.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect legal or technical changes.