Privacy Policy

We, the team at Fire & Ice Sauna Group, are delighted by your visit to our website and your interest in our company, its associated services and products, and the related data protection measures, which comply with the EU GDPR and the German Federal Data Protection Act (BDSG). Protecting your data is very important to us. In principle, you can use our website without providing any personal data. However, if you wish to use one of our services, processing personal data is necessary. Therefore, to protect your data, we have a detailed privacy policy and have implemented corresponding measures, which we would like to inform and explain in detail here.

In general, all business processes are adapted through technical and organizational measures to ensure they always comply with the current state of the art, guaranteeing the protection of personal data at all times. To this end, new technologies are regularly implemented, tested, and/or expanded, and adapted to technological advancements. Below, we inform you about the purposes for which your data is collected and processed, and how you can exercise your rights. 

This privacy policy is based on the terminology used by the European legislator when enacting the General Data Protection Regulation (GDPR), as well as the German Federal Data Protection Act (BDSG). The full privacy policy follows.

If you wish to print the privacy policy, please download it as a PDF using the button below, labeled "Privacy Policy.pdf". You may need Adobe Acrobat Reader or other software capable of securely opening PDF documents to view it.

FIRE & ICE Wellness Spa Group GmbH,
Treidlkofen 9, 84155 Bodenkirchen,
Managing Director: Georg Zelger

Tel.: +49 (0) 87 41 / 92 66 30
Fax: +49 (0) 87 41 / 92 66 35
Mail: This email address is protected against spambots! JavaScript must be enabled to view it.

FIRE & ICE Wellness Spa Group GmbH
Georg Zelger - Treidlkofen 9
84155 in Bodenkirchen

Tel.: +49 (0) 87 41 / 92 66 36
Fax: +49 (0) 87 41 / 92 66 35
Mail: This email address is protected against spambots! JavaScript must be enabled to view it.

The privacy policy is based on the terms used by the European legislators for the adoption of the General Data Protection Regulation (EU GDPR) and the German Federal Data Protection Act (BDSG).

Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"), including, but not limited to, name, address, email address, or telephone number. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person.

The controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.

A data processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not considered recipients.

A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons who, under the direct authority of the controller (e.g. WSMU) or the processor, are authorized to process personal data.

Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her, in any form and scope.

You can generally visit our website without providing any personally identifiable information. Our website uses SSL/TLS encryption to protect your data and the associated transmission. You can recognize the encrypted connection by the "https://" prefix and the padlock icon in your browser's address bar.

Data collection when visiting our website:
When you access our website, we may collect data from you, which is stored in server log files. When you visit our website, we collect the following data, which is technically necessary for us to display the website to you and is stored in a log file by the web host:

(1) The visited website/subpage
(2) Date and time of access to files and subpages
(3) Amount of data sent in bytes
(4) Source/referrer from which you accessed the page
(5) The browser used
(6) The operating system used
(7) The IP address used at the time in anonymized form.

This processing is carried out in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website, as well as for checking technical processes. The data is not used for any other purpose. However, we reserve the right to subsequently review the server log files should there be concrete indications of unlawful use.

Detailed information regarding the privacy policy follows, covering each individual area or function. Should you have any difficulty understanding any of the sections, please contact the data protection officer.

The duration for which your personal data is stored depends on the respective legal basis, the purpose of processing, and, where applicable, the respective statutory retention period (e.g., for commercial, service, or tax purposes). Generally, the processing of personal data is based on explicit consent pursuant to Art. 6 para. 1 lit. a GDPR; this data will be stored until the data subject withdraws their consent.

If statutory retention periods exist for the stored and processed data, this is done in accordance with Art. 6 para. 1 lit. b GDPR; if the data is not subject to any further retention periods, it will be routinely deleted after, for example, contract fulfillment.

When processing data pursuant to Article 6(1)(f) GDPR, this data will only be stored until the data subject exercises their right to object pursuant to Article 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the purpose of establishing, exercising or defending legal claims and/or contracts arising therefrom. In the context of direct marketing, we adhere to Article 6(1)(f) GDPR. The data will only be stored until the data subject exercises their right to object pursuant to Article 21(2) GDPR.

Due to data minimization, we regularly delete data that is no longer needed and that this is permitted, provided that it is not subject to other retention periods.

When you contact us (e.g., via contact form, email, telephone, fax, or even postal mail), the data you provide will be collected and processed. The specific data collected depends on the situation, the information provided by the visitor/customer, and/or the contact form. This data is processed and used solely for the purpose of responding to your inquiry, contacting you, or fulfilling orders. The legal basis for this processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after your inquiry has been fully processed, unless it is subject to a different retention period or the public interest (e.g., law enforcement) outweighs the visitor's/customer's interest.

We send newsletters, emails, and other electronic notifications, provided the visitor/customer/prospective customer has explicitly consented to this through a "double opt-in" process, insofar as this is permitted by the GDPR and the legal framework. The newsletters or emails contain information about our services, new developments, and other interesting facts about us. To subscribe to the newsletter, you generally only need to provide your email address. As a rule, and for the purpose of addressing you directly, we also request and process additional data such as your name or other information, if required for the purposes of the newsletter.

Double Opt-in Procedure:
Newsletter registration is always carried out using a double opt-in procedure. After registering, you will receive an email asking you to confirm your subscription. This confirmation is absolutely necessary to prevent anyone from subscribing using someone else's email address. Newsletter subscriptions are logged accordingly. This includes storing the IP address, email address, and date.

Erasure and Restriction of Processing:
If you request the erasure of your email addresses, we may store them for up to three years based on our legitimate interests before deleting them, in order to be able to prove previously given consent. Individual erasure is possible at any time, provided that the prior existence of consent is confirmed. In the case of overriding legal obligations and objections, we reserve the right to store the email address, e.g., on a blocklist (so-called "blacklist") or in the case of legal violations, initially for an indefinite period.

Right to object (opt-out):
You can unsubscribe from our newsletter and emails at any time and revoke your consent, or object to receiving further communications. You will find a link to unsubscribe at the end of each newsletter, or you can inform us of your objection using the contact details provided above.

Logging:
The registration process is logged based on legitimate interest for the purpose of proving a proper procedure.

Legal basis information:
Newsletters/emails are always sent based on your consent, which you have given us. If consent is not required, the sending takes place within the framework of the legitimate interest in direct marketing, provided and to the extent that this is legally permitted, e.g. in the case of advertising to existing customers.

Types of data processed:
Inventory data (e.g. names, addresses), contact data (e.g. email, telephone numbers), meta/communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times), communication partners, users / customers (e.g. website visitors, users of online services).

Purposes of processing & legal bases:
Direct marketing (e.g., by email or post), provision of contractual services and customer service. Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Cookies are text files containing data from visited websites, stored by a browser on the user's computer. A cookie primarily serves to store information about a user during or after their visit to an online service. This stored information can include, for example, language settings on a website, login status, items in a shopping cart, or the point at which a video was paused. We also include other technologies that perform the same functions as cookies in the term "cookies" (e.g., when user data is stored using pseudonymous online identifiers, also known as "user IDs").

Temporary cookies
(also known as session cookies) are deleted at the latest after a user leaves an online service and closes their browser.

Persistent cookies
remain stored even after the browser is closed. This allows, for example, login status to be saved or preferred content to be displayed directly when the user revisits a website. Similarly, user interests, which are used for audience measurement or marketing purposes, can be stored in such a cookie.

Necessary cookies
Essential or strictly necessary cookies may be absolutely necessary for the operation of a website (e.g. to save logins or other user input, or for security reasons).

Third-party cookies
are mainly used by advertisers (so-called third parties) to process user information, e.g., analytics tools.

Statistics, marketing, and personalization cookies:
Cookies are also typically used for audience measurement and when a user's interests or behavior (e.g., viewing specific content, using certain functions, etc.) on individual websites are stored in a user profile. Such profiles serve to show users content that matches their potential interests. This process is also known as "tracking," i.e., monitoring users' potential interests. If we use cookies or tracking technologies, we will inform you separately in our privacy policy or when obtaining your consent.

Information on the legal basis:
The legal basis for processing your personal data using cookies depends on whether we ask for your consent. If so, and you consent to the use of cookies, the legal basis for processing your data is your explicit consent (Art. 6 para. 1 sentence 1 lit. a GDPR). Otherwise, the data processed using cookies is processed on the basis of our legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) (e.g., in the efficient operation and improvement of our online services) or, if the use of cookies is necessary to fulfill our contractual obligations (Art. 6 para. 1 lit. b GDPR), as well as for the protection of the website (Art. 6 para. 1 lit. e GDPR).

Storage period
Unless we provide you with explicit information on the storage period of persistent cookies (e.g. as part of a so-called cookie opt-in), please assume that the storage period can be up to 365 days.

General information on revocation and objection (opt-out):
Depending on whether processing is based on consent (Art. 6 para. 1 sentence 1 lit. a. GDPR) or legal permission, you have the right to revoke your consent or object to the processing of your data by cookie technologies at any time (collectively referred to as "opt-out"). You can initially declare your objection via your browser settings, e.g., by disabling the use of cookies (although this may also restrict the functionality of our online services). Alternatively, you can use our cookie manager to adjust your settings at any time. An objection to the use of cookies for online marketing purposes can also be declared via a variety of services, especially in the case of tracking, through the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. Further information on how to object can be found in the details regarding the service providers and cookies used.

Processing of Cookie Data Based on Consent:
We use a cookie consent management procedure to obtain user consent (Art. 6 para. 1 sentence 1 lit. a. GDPR) for the use of cookies and the processing activities and providers mentioned within the cookie consent management procedure. This consent can be managed and withdrawn by the users. The consent declaration is stored to avoid having to request it again and to be able to demonstrate consent in accordance with legal requirements. Storage can take place server-side and/or in a cookie (so-called opt-in cookie, or using comparable technologies) to assign the consent to a user or their device.

Types of data processed & persons:
Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), users (e.g. website visitors, users of online services).

Settings for the respective browsers
: Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: http://help.opera.com/Windows/10.20/de/cookies.html

Our website uses a "cookie manager" to obtain user consent for cookies and their applications that require consent. The cookie manager provides all website visitors with an interactive interface upon their first visit, allowing them to grant or deny consent for specific cookies and/or applications. Using this tool, all cookies/services requiring consent are only loaded if the user has granted the corresponding consent. This ensures that such cookies are only loaded if consent has been given. Subsequent changes can be made at any time on any subpage via the cookie manager.

Technically necessary cookies cannot be saved or changed by the user in the cookie manager; this is for website security and applies exclusively to essential technical cookies. Setting the preferences in the cookie manager sets a cookie to save these preferences. Consequently, processing is carried out in accordance with (Art. 6 para. 1 lit. f GDPR) and (Art. 6 para. 1 sentence 1 lit. a GDPR) based on our legitimate interest in legally compliant, user-specific, and user-friendly cookie consent or your direct consent.

Another legal basis for the processing is Art. 6 para. 1 lit. c GDPR.

Unless otherwise specified, the storage period for consent to cookies and their services can be up to 365 days. A pseudonymous user identifier is created and stored along with the time of consent, information on the scope of the consent (e.g., which categories of cookies and/or service providers), as well as the browser, operating system, and device used.

The system logs consent to or withdrawal of consent for the setting of cookies for documentation purposes and stores this information for the duration of the consent or withdrawal. The data includes only the IP address, the date, and a pseudonym.

This website uses the web analytics software Matomo, a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand ("Matomo"), to collect and store data. However, the storage and processing of this data takes place exclusively on our own servers.

The database is located at https://matomo.fire-ice-sauna.com/ . Pseudonymized user profiles can be created and analyzed from this data for the same purpose. Cookies are used for this. Among other things, the cookies enable the recognition of the internet browser. The pseudonymized information generated by the cookie is not used to personally identify visitors to this website and is not combined with personal data about the holder of the pseudonym.

All processing described above, in particular the setting of cookies for reading information on the device used, will only be carried out if you have given us your explicit consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.

We use Microsoft Teams for easy communication with some customers and partners, including for related meetings. When using Microsoft Teams, various data is processed. The scope of the data processed depends on what information you share with us before or during your participation in an online meeting. This data processing takes place on Microsoft Teams servers. All server locations within our Office 365 account are configured within the EU. The data we process may include your registration data (name, email address, telephone number, and meeting data such as participant IP address, device information, etc.), as well as any other data you voluntarily provide.

basis
for processing data necessary for the performance of a contract is Art. 6 para. 1 lit. b GDPR. If you have given us your consent to process your data, the processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR. To protect our own interests and facilitate free communication, we also collect data in accordance with Art. 6 para. 1 lit. f GDPR for easy communication with our customers.

communication provider is
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA (hereinafter "Microsoft Teams").

Microsoft Privacy Statement
: https://privacy.microsoft.com/de-de/privacystatement

Currently, no videos from Google (YouTube) are actively embedded on this page. If you are interested in the videos, please visit the corresponding video portal.

For the security of this website, we also use Google's reCAPTCHA function. This serves solely to protect the website and your data. The reCAPTCHA function, provided by Google, is only integrated into input fields on the website, such as contact forms, and prevents improper use, manipulation of requests, and spam.

reCAPTCHA function
analyzes the visitor's IP address, behavior on the page, access to the website (referrer), browser used, and other criteria to determine whether the potential visitor is genuine or a so-called "bot" whose sole purpose is to spread spam.

Types of data processed:
Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

Affected persons:
Users / customers (e.g., website visitors, users / customers of online services).

Purposes of processing:
Provision of our online services and user-friendliness, provision of contractual services and customer service, as well as the security of the website.

Legal basis:
Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR), consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR).

Service provider:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;

Google Privacy Policy
https://policies.google.com/privacy

For easy visualization of our company headquarters, we use the open-source map service "OpenStreetMap" (also known as "OSM"). This map service allows us to offer an interactive map on our website, showing our customers how to find and reach us.

Types of data processed:
Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

Affected persons:
Users / customers (e.g., website visitors, users / customers of online services).

Purposes of processing:
Provision of an online map, for user-friendliness and customer service.

Legal basis:
Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR), Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR).

Service provider
OpenStreetMap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom

OpenStreetMap Privacy Policy
https://wiki.osmfoundation.org/wiki/Privacy_Policy

We currently do not use any social media plugins on our website that could further enhance the user experience or analyze user behavior, such as Facebook Pixel. If you wish to share content from our site, you must do so by copying and pasting the URL or content on your device.

Detailed information about your rights and how you can exercise them follows.

In particular, you have the right to information about your personal data processed by us, the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, lodging a complaint with a supervisory authority, the origin of your data if they were not collected from you by us, the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved and the significance and the envisaged consequences of such processing for you, as well as your right to be informed of the safeguards pursuant to Article 46 GDPR relating to the transfer of your data to third countries.

You have the right to immediate rectification of inaccurate data concerning you and/or completion of incomplete data stored with us.

You have the right to request the erasure of your personal data if the conditions of Article 17(1) GDPR are met. However, this right does not exist, in particular, if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

You have the right to request the restriction of the processing of your personal data while the accuracy of your data, which you have contested, is being verified; if you object to the erasure of your data due to unlawful data processing and instead request the restriction of the processing of your data; if you need your data for the establishment, exercise or defense of legal claims after we no longer need this data for the purposes for which it was collected; or if you have objected to processing on grounds relating to your particular situation, pending the verification whether our legitimate grounds override yours.

You have the right to be notified of the disclosure, to rectification, erasure or restriction of the data processed by us or by you, provided that you have agreed to this with us or that the legislator requires it.

You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format, or to request its transmission to another controller, insofar as this is technically feasible.

If we process your personal data based on our overriding legitimate interest as part of a balancing of interests, you have the right to object to this processing at any time, on grounds relating to your particular situation, with effect for the future. If you exercise your right to object, we will cease processing the data in question. If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

This privacy policy for the protection of your personal data will be revised from time to time due to the new legal rulings that came into effect on May 25, 2018. You should therefore review the privacy policy periodically to stay informed about how your data is protected, processed, and stored. The content and technical requirements are constantly being improved to ensure the highest level of security.

Protecting your data is a matter of personal importance to us.

https://dsgvo-gesetz.de
https://www.datenschutz-guru.de

Last updated on 21.09.2022