Skip to main content

    Data protection

    Information according to EU-DSGVO & BDSG

    Nice that you are here

    We, the Fire & Ice Sauna Group team, are pleased that you are visiting our website and that you are interested in our company and the services and products associated with it, as well as the associated data protection that goes hand in hand with the EU GDPR and the BDSG. The security of your data is important for us. In principle, our website can be used without providing any personal data. However, if you would like to use a service, processing of personal data is necessary. Therefore, there is a detailed data protection declaration for the protection of your data, for the use of this website and services, as well as corresponding measures taken, which we would like to inform you about and explain in detail here.

    In general, all business processes are adapted by technical and organizational measures in such a way that they always correspond to the current state of the art in order to ensure that the need for protection of personal data is guaranteed at all times. For this purpose, new techniques are regularly implemented or tested and/or expanded and adapted to technological progress. In the following we will inform you about the purposes for which your data is collected and processed and how you can exercise your rights.  

    The data protection declaration is based on the terms used by the European legislator for directives and regulations when the General Data Protection Regulation (EU-DSGVO) was issued, as well as the BDSG, the Federal Data Protection Act. The detailed data protection declaration follows.

    Download data protection declaration as PDF

    If you would like to print out the data protection declaration, we ask you to download it as a PDF under the button below with the label "Privacy Policy.pdf". Acrobat Reader may be necessary for viewing or other software that is able to open PDF documents securely.


    Responsible body within the meaning of data protection law

    FIRE & ICE Wellness Spa Group GmbH
    Treidlkofen 9, 84155 in Bodenkirchen
    Managing Director Georg Zelger

    General contact

    Phone: +49 (0) 87 41 / 92 66 30
    Fax: +49 (0) 87 41 / 92 66 35
    Mail: This email address is being protected from spam bots! To display JavaScript must be turned on.

    Contact details of the data protection officer

    FIRE & ICE Wellness Spa Group GmbH
    Georg Zelger - Treidlkofen 9
    84155 in Bodenkirchen

    Phone: +49 (0) 87 41 / 92 66 36
    Fax: +49 (0) 87 41 / 92 66 35
    Mail: This email address is being protected from spam bots! To display JavaScript must be turned on.


    General definitions of terms

    The data protection declaration is based on the terms used by the European legislators for the adoption of the General Data Protection Regulation EU-DSGVO & BDSG.

    Personal Data

    Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"), including, among other things, the name, address, e-mail address or telephone number. A natural person is considered to be identifiable if, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more special features, the expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified.

    Affected person

    Data subject is any identified or identifiable natural person whose personal data is processed by the data controller.

    processing

    Processing is any process carried out with or without the help of automated procedures or any such series of processes in connection with personal data such as collecting, recording, organizing, arranging, storing, adapting or changing, reading out, querying, using, involves disclosure by transmission, distribution or any other form of making available, matching or linking, restriction, deletion or destruction.

    restriction of processing

    Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

    profiling

    Profiling is any type of automated processing of personal data, which consists in using this personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal Analyze or predict that natural person’s preferences, interests, reliability, behavior, whereabouts or relocation.

    pseudonymization

    Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data cannot be attributed to an identified or identifiable natural person.

    Responsible or responsible for processing

    The person responsible or responsible for processing is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of the Member States, the person responsible or the specific criteria for his naming can be provided for by Union law or the law of the Member States.

    processor

    Processor is a natural or legal person, public authority, institution or other body that processes personal data on behalf of the person responsible.

    recipient

    Recipient is a natural or legal person, public authority, institution or other body in which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law are not considered recipients.

    third party

    Third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who are authorized under the direct responsibility of the controller (e.g. WSMU) or the processor, the personal to process data.

    consent

    Consent is any expression of will voluntarily given by the data subject in an informed manner and unequivocally for the specific case in the form of a declaration or other clear confirmatory action with which the data subject indicates that they consent to the processing of their personal data is, in whatever form and scope.


    General information about visiting this website

    In principle, you can visit our website without disclosing any personal, identifiable data.

    Our website uses SSL or SSL encryption to protect your data and the associated transmission. TLS encryption. You can recognize the encrypted connection by the character string "https://" and the lock symbol in your browser line. Data collection when you visit our website
    By accessing the website, we may collect data from you, which will be stored in the (so-called "server log files").

    When you visit our website, we collect the following data that is technically necessary for us to display the website to you and is created in a log file by the web host: (1) The website/subpage visited
    (2) Date and time of access to Files and sub
    (3) Amount of data sent in bytes
    (4) Source/reference from which you came to the page
    (5) The browser used
    (6) The operating system used
    (7) The IP address used at the time in anonymous form Form

    The processing takes place in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website and in checking technical processes. Any other use of the data does not take place. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.


    Detailed privacy policy

    Detailed information on the data protection declaration follows, for each individual area or function. If you have difficulties understanding any of the areas, please contact the data protection officer.

    Data Storage & Duration

    The duration of the storage of your personal data depends on the respective legal basis, the processing purpose and, if additionally, on the basis of the respective statutory retention period (e.g. trade / service / tax law etc.). The general processing of personal data takes place with express consent in accordance with Article 6 Paragraph 1 lit. a GDPR, this data is stored until the person concerned revokes his consent.

    If there are legal retention periods for the stored and processed data, this is done according to Article 6 Paragraph 1 Letter b GDPR, the data are not subject to any further retention periods, they are routinely deleted after the fulfillment of a contract, for example.

    When processing data in accordance with Article 6 Paragraph 1 Letter f GDPR, this data will only be stored until the data subject exercises his or her right of objection in accordance with Article 21 Paragraph 1 GDPR, unless we can have special reasons for the Evidence of processing that outweighs the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims and/or contracts that have arisen as a result. In the context of direct advertising, we are guided by Article 6 (1) (f) GDPR. The data will only be stored until the person concerned exercises their right of objection in accordance with Art. 21 (2) GDPR.

    Due to data minimization, we regularly delete data that is no longer required and also allow this, provided that it is not affected by other retention periods.

    General contact

    As part of the general contact with us (e.g. via contact form, e-mail, telephone, fax or even by post), the data you transmit to us will be collected and processed as well. Which data is collected can be seen from the respective situation, the data provided by the visitor/customer and/or from the contact form. This data is processed and used exclusively for the purpose of answering your request or for making contact or to fulfill orders. The legal basis for the processing is our legitimate interest in accordance with Article 6 Paragraph 1 Letter f GDPR. If you contact us with the aim of concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted after your request has been processed, unless they are subject to a different retention period or the public interest (e.g. criminal prosecution) is higher than that of the visitor / customer.

    Use of customer data for direct marketing

    We send, as far as the visitor / customer / interested party has permitted this through a clear declaration of intent, "double opt-in procedure", newsletters, e-mails and other electronic notifications, provided this is permitted by the GDPR and the legal framework. The newsletters or emails contain information about our services, innovations and things worth knowing about us. In order to register for the newsletter, it is generally sufficient if you enter your e-mail address. As a rule, and for direct addressing, further data such as a name or other information, if these are required for the purposes of the newsletter, are also requested and processed.

    Double opt-in procedure
    The registration for the newsletter takes place in a so-called double opt-in procedure. After registering, you will receive an email asking you to confirm your registration. This confirmation is absolutely necessary so that nobody can register with someone else's e-mail address. Registrations for the newsletter are logged accordingly. This includes the storage of the IP address, email address and the date.

    Deletion and restriction of processing
    If you request the deletion of your e-mail addresses, we can store them for up to three years on the basis of our legitimate interests before we delete them in order to be able to prove a previously given consent. An individual deletion is possible at any time, provided that the previous existence of a consent is confirmed at the same time. In the event of higher legal obligations and contradictions, we reserve the right to store the e-mail address, e.g. on the blocked list (so-called "blacklist") or in the event of legal violations for an initially unlimited period of time.

    objection (opt-out)
    You can cancel the receipt of our newsletter and the e-mails at any time and revoke your consent or object to further receipt. You will find a link to cancel the newsletter at the end of each newsletter, but you can also inform us of your objection using the contact options given above.

    Logging
    The registration process is logged on the basis of legitimate interest for the purpose of proving that the process has taken place properly.

    Notes on legal bases
    The newsletter / mails are always sent on the basis of your consent, which you have given us, if consent is not required, the dispatch takes place within the framework of the legitimate interest in direct marketing, if and to the extent that this is required by law, e.g. in the case from existing customer advertising, is permitted.

    Types of data processed
    Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), meta/communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times), communication partners, Users / customers (e.g. website visitors users of online services).

    Purposes of processing & legal bases
    Direct marketing (e.g. by email or post), provision of contractual services and customer service. Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

    Cookies - General

    Cookies are text files containing data from websites visited and stored by a browser on the user's computer. A cookie is primarily used to store information about a user during or after their visit to an online offer. The stored information can include, for example, the language settings on a website, the login status, a shopping cart or the place where a video was viewed. The term "cookies" also includes other technologies that fulfill the same functions as cookies (e.g. when user information is stored using pseudonymous online identifiers, also referred to as "user IDs").

    Temporary cookies
    (also: session or session cookies), temporary cookies are deleted at the latest after a user has left an online offer and closed his browser.

    Permanent cookies
    These remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the interests of users, which are used to measure reach or for marketing purposes, can be stored in such a cookie.

    Necessary cookies
    Essential or absolutely necessary cookies can be absolutely necessary for the operation of a website (e.g. to save logins or other user entries or for security reasons).

    Third-party cookies
    Third-party cookies are mainly used by advertisers (so-called third parties) to process user information, eg analysis tools.

    Statistical, marketing and personalization cookies
    Furthermore, cookies are usually also used to measure reach and when the interests of a user or his behavior (e.g. viewing certain content, using functions, etc.) are stored in a user profile on individual websites will. Such profiles are used to show users, for example, content that corresponds to their potential interests. This process is also known as "tracking", ie tracking the potential interests of users. If we use cookies or "tracking" technologies, we will inform you separately in our data protection declaration or when obtaining consent.

    Notes on legal bases
    on which we process your personal data using cookies depends on whether we ask for your consent. If this is the case and you consent to the use of cookies, the legal basis for the processing of your data is the declared consent (Art. 6 Para. 1 S. 1 lit. a. GDPR). Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR) (e.g. in the commercial operation of our online offer and its improvement) or if the use of cookies is necessary is to fulfill our contractual obligations (Art. 6 Para. 1 lit. b GDPR), as well as to protect the website (Art. 6 Para. 1 lit. e GDPR).

    Storage
    period If we do not provide you with any explicit information on the storage period of permanent cookies (e.g. as part of a so-called cookie opt-in), please assume that the storage period can be up to 365 days.

    General information on revocation and objection (opt-out):
    Depending on whether the processing is based on consent (Art. 6 Para. 1 S. 1 lit. a. GDPR) or legal permission, you have the option at any time to withdraw the consent given or to object to the processing of your data by cookie technologies (collectively referred to as "opt-out"). You can initially declare your objection using the settings in your browser, e.g. by deactivating the use of cookies (which can also limit the functionality of our online offer). Alternatively, you can use our cookie manager to adjust your settings at any time. An objection to the use of cookies for online marketing purposes can also be raised using a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/ be explained. In addition, you can receive further objection notices as part of the information on the service providers and cookies used.

    Processing of cookie data on the basis of consent
    We use a procedure for cookie consent management, as part of which the consent (Art. 6 Para. 1 S. 1 lit. a. GDPR) of the user to the use of cookies , or the processing and providers mentioned in the context of the cookie consent management procedure can be obtained and managed and revoked by the users. The declaration of consent is stored here so that the query does not have to be repeated and to be able to prove the consent in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or with the help of comparable technologies) in order to be able to assign the consent to a user or his device.

    data & persons processed
    Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), users (e.g. website visitors, users of online services).

    Settings for the respective browser
    Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
    Firefox: https://support.mozilla.org/de/kb/cookies -allow-and-deny
    Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
    Safari: https://support.apple.com/de-de/guide /safari/sfri11471/mac
    Opera: http://help.opera.com/Windows/10.20/de/cookies.html

    Cookie Consent Tool (Manager)

    Our website uses a so-called "cookie manager" to obtain user consent in the area of ​​cookies, for cookies that require consent and its applications. When visiting the website for the first time, the cookie manager gives all site visitors the opportunity, in the form of an interactive user interface, to set their consent for certain cookies and/or applications accordingly or to object to them. With the help of the tool, all cookies/services that require consent are only loaded if the user has given the appropriate consent. This ensures that such cookies are only loaded if consent has been given. Subsequent changes via the cookie manager are possible at any time on each subpage.

    Technically necessary cookies cannot be saved or changed by the user in the cookie manager, this is done for the security of the website, these are exclusively necessary technical cookies. By setting the settings in the cookie manager, a cookie is set to save the settings, as a result the processing takes place in accordance with (Art. 6 Para. 1 lit. f DSGVO) and (Art. 6 Para. 1 S. 1 lit. a. GDPR) on the basis of our legitimate interest in a legally compliant, user-specific and user-friendly consent for cookies or your direct consent.

    Another legal basis for processing is Art. 6 (1) (c) GDPR.

    The duration of the storage of the consent for the cookies and their services can be up to 365 days, unless otherwise stated. A pseudonymous user identifier is created and stored with the time of the consent, information on the scope of the consent (e.g. which categories of cookies and/or service providers) and the browser, system and end device used.

    The consent or revocation for the setting of cookies is logged by the system for the purpose of verification and stored for the duration of the consent or revocation. The data only includes the IP address, the date and a pseudonym.

    Web analysis service Matomo

    Data is collected and stored on this website using the web analysis service software Matomo, a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand ("Matomo"). However, the data is stored and processed exclusively on our own server.

    The database is located at https://matomo.fire-ice-sauna.com/ .

    Pseudonymised usage profiles can be created and evaluated from this data for the same purpose. Cookies are used for this. The cookies enable, among other things, the recognition of the Internet browser. The pseudonymised information generated by the cookie is not used to personally identify the visitor to this website and is not combined with personal data about the bearer of the pseudonym. All of the processing described above, in particular the setting of cookies for reading information on the end device used, will only be carried out if you have given us your express consent in accordance with Article 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “Cookie Consent Tool” provided on the website.

    Microsoft Teams

    We use the "Microsoft Teams" service for easy communication with some customers & partners and the associated meetings.

    When using Microsoft Teams, different data is processed. The scope of the data processed depends on which data you share with us before or during participation in an online meeting. The data is processed on the Microsoft Teams servers. The server locations in our O-365 account are all configured in the EU. The data that we process about this may include your registration data (name, email address, telephone and meeting data such as the participant IP address, device information, etc.) and any other data that you voluntarily provide to us Legal processing
    The legal basis for processing the data required to fulfill a contract is based on Article 6 Paragraph 1 Letter b GDPR If you have given us your consent to the processing of your data, the processing will take place according to Article 6 Paragraph 1 lit. a GDPR. In order to protect our own interests and free communication, we also collect data in accordance with Article 6 Paragraph

    1
    lit. One Microsoft Way, Redmond, WA 98052-6399 USA (hereinafter “Microsoft Teams”)

    Microsoft Privacy
    https://privacy.microsoft.com/de-de/privacystatement

    YouTube videos

    Currently, no videos from Google (YouTube) are actively included on this site. If you are interested in the videos, we ask you to look around on the corresponding video portal.

    Google reCaptcha

    For the security of this website, we also use the reCAPTCHA function from Google, which is only used to protect the website, but also to protect your data. The reCAPTCHA function, which is provided by Google, is only used for input options on the website, such as the contact forms, and prevents improper use and manipulation of requests and protection against spam.

    reCAPTCHA function
    Google reCAPTCHA uses the IP address of the visitor, his behavior on the site, access to the website (link), the browser used and other criteria to analyze whether the potential visitor is real or whether it is a so-called " Bot" that only aims to spread spam

    data processed
    Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

    Affected persons
    Users / customers (e.g. website visitors, users / customers of online services).

    Purposes of processing
    Provision of our online offer and user-friendliness, provision of contractual services and customer service, as well as the security of the website.

    Legal basis
    Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR), consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S 1 lit. b. GDPR).

    Service provider
    Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA;

    Google Privacy
    Policy https://policies.google.com/privacy

    OpenStreetMap

    We use the open source map service "OpenStreetMaps" (also called "OSM") for the simple representation of our company headquarters. The map service serves to offer an interactive map on our website that shows our customers how to find and reach us.

    data processed
    Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

    Affected persons
    Users / customers (e.g. website visitors, users / customers of online services).

    Purposes of processing
    Provision of online map (map), for user-friendliness and customer service.

    Legal bases
    Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR), consent (Art. 6 Para. 1 S. 1 lit. a. GDPR).

    Service
    Provider OpenStreetMap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom

    OpenStreetMap Privacy
    Policy https://wiki.osmfoundation.org/wiki/Privacy_Policy

    Social Media Plugins

    We currently do not use any social media plugins on our website that can further increase the user experience or evaluate the user, e.g. Facebook Pixel. If you want to share content from our site, you must do so by copying and pasting the URL or content on your device.


    Information, blocking, provision or deletion of data

    Below is detailed information about your rights and how to exercise them.

    Right to information - Art. 15 EU-GDPR

    In particular, you have a right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data was or will be disclosed, the planned storage period or the criteria for the Determination of the storage period, the existence of a right to correction, deletion, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if they were not collected from you by us, the existence of automated decision-making including profiling and if applicable, meaningful information about the logic involved and the scope and intended effects of such processing on you, as well as your right to information about the guarantees according to Art. 46 GDPR if your data is forwarded to third countries.

    Correction - Art. 16 EU-GDPR

    You have the right to immediate correction of incorrect data concerning you and/or completion of your incomplete data stored by us.

    Deletion of data - Art. 17 EU GDPR

    You have the right to request the deletion of your personal data if the requirements of Article 17 (1) GDPR are met. However, this right does not exist in particular if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

    Restriction of processing - Art. 18 EU GDPR

    You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you contest, is checked, if you refuse to delete your data because of inadmissible data processing and instead request the restriction of the processing of your data, if you change your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail.

    Right to information according to Art. 19 EU-DSGVO

    You have the right to be informed of the disclosure, correction, deletion or restriction of the data processed by us, by you, if you have agreed this with us or if this is required by law.

    Data portability - Art. 20 EU GDPR

    You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible, insofar as this is technically feasible.

    Right of objection Art. 21 EU-DSGVO

    If we process your personal data as part of a balancing of interests on the basis of our overriding legitimate interest, you have the right at any time to object to this processing with effect for the future for reasons that arise from your particular situation. If you exercise your right to object, we will stop processing the data concerned. If personal data is processed in order to operate direct advertising, you have the right to object at any time to the processing of personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

    Revoke consent - Art. 7 Para. 3 EU-DSGVO

    You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

    Complaints to a supervisory authority Art. 77 EU-DSGVO

    If you believe that the processing of your personal data violates the GDPR, you have the right - without prejudice to any other administrative or judicial remedy - to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged violation.

    The competent supervisory authority is:
    Bavarian State Office for Data Protection Supervision (BayLDA)
    boardwalk 18
    91522 Ansbach
    Telephone: +49 (0) 981 180093-0
    Fax: +49 (0) 981 180093-800
    E-mail: This email address is being protected from spam bots! To display JavaScript must be turned on.


    Closing words on the GDPR and data protection declaration

    This data protection regulation for the protection of your personal data will be revised from time to time due to the current situation of the new case law on May 25th, 2018.

    You should therefore occasionally review the Privacy Policy to stay up to date on how your information is being protected, processed or stored. The content and technical requirements are constantly being improved in order to be able to guarantee the highest level of security. The protection of your data is a personal concern for us.

    Credits

    Last update on 09/21/2022