Privacy Policy

We are delighted that you have shown interest in Being HER Retreat OG. Data protection is a particularly high priority for us. The use of our website is possible without providing any personal data; however, if a visitor wishes to book a retreat, join our newsletter, or contact us via our website, the processing of personal data may become necessary. Where the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject, shall always be in line with the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (Datenschutzgesetz, DSG), as the country-specific data protection regulations applicable to Being HER Retreat OG. By means of this privacy policy, we would like to inform you of the nature, scope, and purpose of the personal data we collect, use, and process, and of the rights to which you are entitled.

As the controller, Being HER Retreat OG has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. However, internet-based data transmissions may in principle have security gaps, so absolute protection cannot be guaranteed. For this reason, you are free to transfer personal data to us via alternative means, e.g. by phone or e-mail.

1. Name and address of the controller

Controller for the purposes of the GDPR and the Austrian DSG is:

Being HER Retreat OG
Hauptstraße 172
3400 Weidling, Austria

Phone: [Telefonnummer einfügen]
Email: [E-Mail-Adresse einfügen]
Website: [Domain einfügen]

2. Definitions

This privacy policy is based on the terms used by the European legislator for the adoption of the GDPR. The most relevant terms are:

Personal data means any information relating to an identified or identifiable natural person ("data subject") — for example a name, e-mail address, location data, or online identifier.

Processing is any operation performed on personal data, such as collection, storage, use, disclosure, or erasure.

Controller is the entity which determines the purposes and means of the processing of personal data — in this case, Being HER Retreat OG.

Processor is any party which processes personal data on behalf of the controller — for example our hosting provider, payment processor, or email service.

Consent is any freely given, specific, informed, and unambiguous indication of a data subject's wishes, by which they signify agreement to the processing of personal data relating to them.

3. Collection of general data and logfiles

When you visit our website, our server automatically collects a series of general data and information, which is stored in server logfiles. This may include: the browser type and version used; the operating system used; the website from which you reached our website (referrer); sub-pages visited; date and time of access; an IP address; the internet service provider; and similar data that may be used in the event of attacks on our IT systems.

This data is not used to draw conclusions about you personally. It is needed to deliver the content of our website correctly, to ensure the security and stability of our systems, and, if necessary, to provide law enforcement with information required for criminal prosecution in case of a cyberattack. This data is analysed anonymously and stored separately from any personal data you provide to us.

The legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interest in the secure and functional operation of our website).

4. Cookies

Our website uses cookies. Cookies are small text files that are stored on your device via your browser. Some cookies are technically necessary for the website to function correctly. Where we use cookies that are not technically necessary (e.g. for analytics or marketing), this is done only on the basis of your consent.

You may, at any time, prevent the setting of cookies through a corresponding setting of your browser, and you may delete cookies already stored. Please note that if you deactivate cookies, not all functions of our website may be fully usable.

To confirm. If a cookie consent banner/tool is added to the site (e.g. for analytics), this section should be expanded to describe the categories of cookies used and link to the cookie settings.

5. Hosting

This website is hosted by Squarespace, Inc., 225 Varick Street, 12th Floor, New York, NY 10014, USA. Squarespace processes data necessary to operate and deliver this website (such as server logfiles and IP addresses) on our behalf, on the basis of a data processing agreement pursuant to Art. 28 GDPR.

As Squarespace is located outside the EU/EEA, the transfer of data is based on Standard Contractual Clauses pursuant to Art. 46 GDPR. Further information can be found in Squarespace's privacy policy: squarespace.com/privacy

Squarespace may also set cookies necessary for the core functionality and security of the website. If additional analytics or cookie consent tools are enabled via Squarespace's settings, this section and the cookies section below will be updated accordingly.

6. Contact via the website

Our website provides ways for you to contact us electronically, including a general email address and/or a contact form. If you contact us this way, the personal data you provide (e.g. name, email address, message content) is stored automatically for the purpose of processing your enquiry or contacting you. This data is not passed on to third parties.

The legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries) or Art. 6(1)(b) GDPR, where your enquiry is aimed at entering into a contract with us.

7. Newsletter (Flodesk)

On our website, you have the opportunity to subscribe to our newsletter. We use the email marketing platform Flodesk Inc., based in the United States, to manage and send our newsletter.

When you subscribe, the personal data you provide (e.g. your email address and, if applicable, your name) is transmitted to Flodesk and stored for the purpose of sending the newsletter. We use a double opt-in procedure: after signing up, you will receive a confirmation email, and only once you confirm your subscription will you begin receiving our newsletter.

We may also store the IP address and the date/time of your registration, in order to be able to trace any possible misuse of your email address at a later date.

The legal basis for this processing is your consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time, either via the unsubscribe link in every newsletter or by contacting us directly. Withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.

Our newsletters may contain tracking pixels, which allow us to see whether and when an email was opened, and which links were clicked. This data is used to optimise our newsletter content and is not passed on to third parties. Unsubscribing from the newsletter is automatically treated as a withdrawal of consent to this tracking.

Because Flodesk is based in the United States, your data may be transferred to and stored in the US. This transfer is based on Standard Contractual Clauses pursuant to Art. 46 GDPR. Further information is available in Flodesk's privacy policy: flodesk.com/privacy

8. Retreat bookings & payment (Thrivecart)

To book a retreat or workshop with us, you will be asked to provide personal data such as your name, address, and email address, for the purpose of processing your booking. Payment is made via bank transfer to our Austrian business account.

When you make a payment by bank transfer, your bank processes the data necessary to complete the transfer (such as your name, IBAN, and the payment reference). Our own bank, as the recipient, receives this data in order to credit the payment to our account. Banks act as independent controllers for this processing, in accordance with their own privacy policies and applicable banking regulations.

The legal basis for our processing of your booking and payment data is Art. 6(1)(b) GDPR (performance of a contract). Your booking and payment data is stored only for as long as necessary to fulfil the booking and to meet our statutory retention obligations under Austrian commercial and tax law (see section 11).

9. Embedded videos (Vimeo)

We may embed videos hosted on Vimeo (Vimeo.com, Inc., 555 West 18th Street, New York, NY 10011, USA) on our website. When you visit a page containing an embedded Vimeo video, a connection to Vimeo's servers is established. Vimeo receives information that you visited the relevant page on our website, and may also receive your IP address. This happens regardless of whether you have a Vimeo account or are logged in.

The legal basis for this is our legitimate interest (Art. 6(1)(f) GDPR) in presenting our content in an engaging way, or, where applicable, your consent (Art. 6(1)(a) GDPR).

Further information is available in Vimeo's privacy policy: vimeo.com/privacy

10. Social media (Instagram)

Our website contains links to our Instagram profile, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Clicking on these links will take you to Instagram; at this point, no personal data is transmitted by us.

Further information: privacycenter.instagram.com/policy

11. Routine erasure and storage period

We process and store your personal data only for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable statutory retention periods (for example, under Austrian commercial and tax law). Once the purpose no longer applies or a retention period expires, the data is routinely erased.

12. Your rights as a data subject

If your personal data is processed, you are a "data subject" within the meaning of the GDPR, and you have the following rights against us as the controller:

Right of access (Art. 15 GDPR)

You may request confirmation of whether personal data concerning you is being processed, and, if so, request a copy of that data along with information about the purposes of processing, the categories of data, recipients, planned storage duration, and your other rights.

Right to rectification (Art. 16 GDPR)

You may request that we correct inaccurate personal data, or complete incomplete data.

Right to erasure (Art. 17 GDPR)

You may request the erasure of your personal data, for example where it is no longer necessary for the purposes for which it was collected, where you withdraw your consent, or where it has been unlawfully processed.

Right to restriction of processing (Art. 18 GDPR)

You may request that we restrict the processing of your data, for example while we verify the accuracy of contested data.

Right to data portability (Art. 20 GDPR)

Where processing is based on consent or a contract and carried out by automated means, you may request to receive your data in a structured, commonly used, machine-readable format, and to have it transmitted to another controller.

Right to object (Art. 21 GDPR)

You may object, on grounds relating to your particular situation, to processing based on Art. 6(1)(f) GDPR. If you object to processing for direct marketing purposes, we will no longer process your data for those purposes.

Right to withdraw consent (Art. 7(3) GDPR)

Where processing is based on your consent, you may withdraw that consent at any time, with effect for the future.

To exercise any of these rights, please contact us using the details in section 1.

13. Legal basis for processing

Art. 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain your consent (e.g. newsletter sign-up). Art. 6(1)(b) GDPR applies where processing is necessary for the performance of a contract with you, or for pre-contractual measures (e.g. responding to a booking enquiry). Art. 6(1)(c) GDPR applies where we are subject to a legal obligation requiring processing (e.g. tax law). Art. 6(1)(f) GDPR applies where processing is necessary for our legitimate interests, provided these do not override your interests or fundamental rights.

Where processing is based on Art. 6(1)(f) GDPR, our legitimate interest is the secure, functional operation of our website and the responsible administration of our retreat business.

14. Automated decision-making

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.

15. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data. The competent authority in Austria is:

Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Vienna, Austria
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Web: www.dsb.gv.at