Privacy Policy
Last updated: July 2026
Note: this is sample text from a template. All details are fictitious. Before publishing, every entry must be replaced with the real company information and reviewed by a lawyer.
1. Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) is:
STILLE Massage Studio GmbH, Ruheplatz 1, 10115 Berlin, Germany
Phone: +49 30 555-3921 · Email: termin@stille-studio.de
We have not appointed a data protection officer, as the statutory conditions requiring one do not apply.
2. Privacy at a glance
The following notes give a simple overview of what happens to your personal data when you visit this website. Personal data means any data by which you can be personally identified.
This website deliberately uses no tracking, no analytics tools, no advertising networks and no embedded third-party content, with the exception of the fonts described in section 6.
3. Legal bases for processing
We process personal data solely on the basis of the following provisions:
- Art. 6 (1) (a) GDPR – consent, for example where you voluntarily tell us health information relevant to your treatment.
- Art. 6 (1) (b) GDPR – pre-contractual steps and performance of a contract, in particular to handle your booking request.
- Art. 6 (1) (f) GDPR – legitimate interest in the secure and trouble-free operation of this website.
4. Booking requests
The booking form on this website transmits no data to our server. Your entries are processed entirely locally in your browser and assembled there into an email, which you then send yourself using your own mail program, or copy to your clipboard. Nothing is stored in a database.
Once you send us that email, we process the details it contains (name, email address, telephone number, preferred appointment and any voluntary remarks) in order to handle your request and to answer any follow-up questions. The legal basis is Art. 6 (1) (b) GDPR.
If you tell us health data in the free-text field, such as allergies, injuries or a pregnancy, you do so voluntarily. We process these special categories of personal data within the meaning of Art. 9 GDPR solely on the basis of your consent under Art. 9 (2) (a) GDPR, and only in order to carry out your treatment safely.
5. Hosting and server log files
The provider of this website automatically collects and stores information in server log files, which your browser transmits automatically. These are browser type and version, the operating system in use, the referrer URL, the host name of the accessing computer, the time of the server request and the IP address.
This data is not merged with other data sources. Collection takes place on the basis of Art. 6 (1) (f) GDPR. The operator has a legitimate interest in the technically error-free presentation and optimisation of the website.
6. Cookies and fonts
This website sets no cookies for analytics or advertising. Your chosen language is stored purely locally in your browser (localStorage) so that the site appears in the same language on your next visit. That information never leaves your device.
For consistent typography, fonts are loaded from Google Fonts. In doing so your browser establishes a connection to Google's servers, transmitting your IP address. The legal basis is Art. 6 (1) (f) GDPR. Further information is available at https://policies.google.com/privacy.
7. Retention period
We store your personal data only for as long as is necessary for the purposes described. Requests that do not lead to an appointment are deleted no later than six months after the last contact. Data arising from concluded treatment contracts is subject to commercial and tax retention periods of up to ten years. Server log files are deleted after seven days at the latest.
8. Recipients of the data
Your data is not passed to third parties unless we are legally obliged to do so or you have expressly consented. No transfer takes place to third countries outside the European Union.
9. Your rights as a data subject
You have the following rights in relation to us:
- Access to the data we process about you (Art. 15 GDPR).
- Rectification of inaccurate data, or completion of incomplete data (Art. 16 GDPR).
- Erasure of the data we hold about you (Art. 17 GDPR).
- Restriction of processing (Art. 18 GDPR).
- Data portability in a structured, commonly used format (Art. 20 GDPR).
- Objection to processing on grounds relating to your particular situation (Art. 21 GDPR).
- Withdrawal of consent already given, with effect for the future (Art. 7 (3) GDPR).
10. Right to complain to a supervisory authority
In the event of breaches of data protection law you have the right to complain to the competent supervisory authority. The competent authority is the Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59–61, 10555 Berlin.
11. Data security
This website uses SSL/TLS encryption. You can recognise an encrypted connection by the browser address bar switching from “http://” to “https://”. When encryption is active, the data you transmit to us cannot be read by third parties.
12. Currency of this policy
This privacy policy is current as of July 2026. As our website develops, or as legal requirements change, it may become necessary to amend this policy.