Book online at your favourite salon, studio or spa

or

Data protection

03.04.2020


Welcome to studiobookr.com - a service of Head-on Solutions GmbH, Baerenschanzstrasse 2, 90429 Nuremberg, Germany. The privacy and protection of the personal data of our customers and users of our websites has always been important to us - not only since the GDPR came into force. We handle the data entrusted to us with care.

1. Data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data are all data with which you can be personally identified. You can find detailed information on the subject of data protection in our data protection declaration below this text.

Data collection on our website

Who is responsible for data collection on this website?

The data processing on this website is carried out by Head-on Solutions GmbH. It is a company registered in Germany with the registered business address Bärenschanzstrasse 2, 90429 Nuremberg and the commercial register number HRB 31571 with the sales tax identification number DE299624952 (hereinafter referred to as "HOS", "us", "we", "agent" or "our") ). Further contact details can be found in the imprint of this website.

Head-on Solutions GmbH acts purely as an intermediary and acts on behalf of the business you have booked (e.g. the respective hairdresser)

How do we collect your data?

On the one hand, your data is collected by you communicating it to us. This can be, for example, data that you enter in a contact / registration form.

Our IT systems automatically collect other data when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page access). This data is recorded automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected to ensure that our website and our services are provided without errors. Other data can be used to analyze your user behavior. If you book an appointment, we need your data in order to be able to clearly identify you, for example to be able to convey your appointment and your hairdresser properly. This prevents dubious appointment bookings and ensures that the salon / studio you have chosen can offer good service.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipient and purpose of your stored personal data at any time free of charge. You also have the right to request that this data be corrected, blocked or deleted. You can contact us at any time at the address given in the imprint if you have any further questions about data protection. You also have the right to lodge a complaint with the responsible supervisory authority.

Analysis tools and third party tools

When you visit our website, your surfing behavior can be statistically evaluated. This happens primarily with cookies and with so-called analysis programs. Your surfing behavior is usually analyzed anonymously; the surfing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. You can find detailed information on this in the following data protection declaration.

You can object to this analysis. We will inform you about the possibilities of objection in this data protection declaration.

Children

The use of our services is only permitted for people who have reached the age of sixteen or who have the consent of their legal guardian (Art. 8 Para. 1 GDPR). If we become aware that data from children have been collected without the permission of the legal guardians, we will delete them immediately.

Changes to this privacy policy

We always keep this data protection declaration up to date. It may therefore be necessary to adapt the data protection declaration to changed general or factual or legal conditions. These adjustments are accepted when using our website.

2. General information and mandatory information

Privacy

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This data protection declaration explains what data we collect on behalf of our customers (e.g. the hairdresser you have booked) and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.g. when communicating by email) can have security gaps. It is not possible to completely protect data from third-party access.

Information about the responsible body

The responsible body for data processing on this website is:

Head-on Solutions GmbH
Bärenschanzstraße 2
90429 Nuremberg

Phone: 0911-13133518
email: office@headonsolutions.com

The responsible body is the natural or legal person who, alone or together with others, decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. All you need to do is send an informal email to us. The legality of the data processing carried out before the revocation remains unaffected by the revocation.

Right to lodge a complaint with the competent supervisory authority

In the event of violations of data protection law, the person concerned has the right to lodge a complaint with the responsible supervisory authority. The responsible supervisory authority for data protection issues is the state data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html .

Right to data portability

You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only take place if it is technically feasible.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses an SSL or. TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

Encrypted payments on this website

If after the conclusion of a fee-based contract there is an obligation to provide us with your payment details (e.g. account number for direct debit authorization), this data is required for payment processing.

Payment transactions via the common means of payment (Visa / MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http: //" to "https: //" and by the lock symbol in your browser line.

With encrypted communication, your payment data that you transmit to us cannot be read by third parties.

Information, blocking, deletion

Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if necessary, the right to correct, block or delete this data. For this and other questions about personal data, you can contact us at any time under the imprint of the business you booked or with us.

Objection to advertising emails

We hereby object to the use of contact data published within the scope of the imprint obligation for sending unsolicited advertising and information material. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam e-mails.

3. Data protection officer

Data protection officer required by law

We have appointed a data protection officer for our company.

Attorney at law Holger Loos
company SiDIT GmbH
Unterdürrbacher Straße 8
97080 Würzburg

Telephone: +49 (0) 931-78086651
email: info@sidit.de

4. Data collection on our website

Cookies

So-called cookies are used on our website. Cookies do no damage to your computer and contain no viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies”. They are automatically deleted after your visit. Other cookies remain on your device until you delete them. These cookies enable us to recognize your browser the next time you visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.

Cookies that are required to carry out the electronic communication process or to provide certain functions you require (e.g. shopping cart function) are set on the basis of Art. 6 Para. 1 lit. f GDPR saved. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. cookies for analyzing your surfing behavior) are stored, these are dealt with separately in this data protection declaration.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.

These are:

Browser type and version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
IP address
This data is not merged with other data sources.

The basis for data processing is Art. 6 Para. 1 lit. f GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures.

Appointment booking with your details

You can book an appointment with your hairdresser, for example, on our website. The following data is requested to arrange the appointment:

gender
First name
Surname
mobile number
e-mail address


We use the data entered for the purpose of validation to prevent incorrect bookings. This mandatory information must be given in full. Otherwise, no appointment booking can be made. If you cannot be verified using the data (i.e. you are not an existing customer of the business), you will receive an email from us for verification - this verification can also be done by SMS at your own request. After a successful booking you will receive a confirmation of the booking by email from us. This also includes a cancellation link (if the booked business allows it) that can be used to cancel the appointment with a click.

The data you have entered will be transmitted to the respective store for the purpose of booking an appointment and saved in the customer file. The selected business uses the software we provide, which runs under the domain studiolution.com.

The data entered when booking the appointment is processed on the basis of your consent (Art. 6 Para. 1 b GDPR).

The data recorded during the appointment booking will be stored by us on behalf of the contracted business (e.g. hairdresser) in the respective customer file, as long as there is an ongoing business relationship or you can delete the respective business. Statutory retention periods remain unaffected.

We have concluded an order processing agreement with the business you have booked, in which we - and the business you have booked (e.g. the hairdresser) - undertake to protect your data and not to pass it on to third parties.

Evaluation function

For the rating function of, for example, your hairdresser on our online booking page, your name, year of birth, email address and last visit are saved in addition to your rating at the time the rating is submitted. For security, you will receive an email from us after you have submitted your review to verify your email address and to prevent dubious reviews.

The ratings and the associated data are stored and remain on our website until the rated content has been completely deleted or the rating has to be deleted for legal reasons (e.g. offensive comments).

The comments are saved on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You can withdraw your consent at any time. All you need to do is send an informal email to us. The legality of the data processing that has already taken place remains unaffected by the revocation.

Processing of data (customer and contract data)

We collect, process and use personal data only insofar as they are necessary for the establishment, content or change of the legal relationship (inventory data). This is done on the basis of Art. 6 Para. 1 lit. b GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures. We only collect, process and use personal data about the use of our website (usage data) insofar as this is necessary to enable or bill the user for the use of the service.

The customer data collected will be deleted after the order has been completed or the business relationship has ended. Statutory retention periods remain unaffected.

Data transmission when concluding a contract for services and digital content

We only transfer personal data to third parties if this is necessary as part of the contract processing, for example to the credit institution commissioned with the payment processing.

A further transmission of the data does not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without express consent, for example for advertising purposes.

The basis for data processing is Art. 6 Para. 1 lit. b GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures.

5. Analysis tools and advertising

Google Analytics

We use functions of the web analytics service Google Analytics. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Google Analytics cookies are stored on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

IP anonymization

We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. The full IP address will only be transmitted to a Google server in the USA and abbreviated there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: https://tools.google.com/dlpage/gaoptout?hl=de .

Objection against data collection

You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie is set that prevents the collection of your data on future visits to this website: Deactivate Google Analytics .

You can find more information on the handling of user data at Google Analytics in Google's data protection declaration: https://support.google.com/analytics/answer/6004245?hl=de .

Order data processing

We have concluded a contract for order data processing with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographic characteristics in Google Analytics

This website uses the "demographic features" function of Google Analytics. This allows reports to be created that contain information about the age, gender and interests of the website visitors. This data comes from interest-based advertising from Google and visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the point “Objection to data collection”.

Google Analytics remarketing

Our websites use the functions of Google Analytics Remarketing in connection with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

This function enables the advertising target groups created with Google Analytics Remarketing to be linked to the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-related, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.g. cell phone) can also be displayed on another of your devices (e.g. tablet or PC).

If you have given your consent, Google will link your web and app browser history to your Google account for this purpose. In this way, the same personalized advertising messages can be displayed on any device on which you log in with your Google account.

To support this function, Google Analytics records Google-authenticated user IDs, which are temporarily linked to our Google Analytics data in order to define and create target groups for cross-device advertising.

You can permanently object to cross-device remarketing / targeting by deactivating personalized advertising in your Google account; follow this link: https://www.google.com/settings/ads/onweb/ .

The summary of the data recorded in your Google account takes place exclusively on the basis of your consent, which you can give or revoke to Google (Art. 6 Para. 1 a GDPR). In the case of data collection processes that are not merged into your Google account (e.g. because you do not have a Google account or have objected to the merging), the recording of the data is based on Art. 6 Para. 1 lit. f GDPR. The legitimate interest arises from the fact that the website operator has an interest in the anonymized analysis of website visitors for advertising purposes.

Further information and the data protection regulations can be found in Google's data protection declaration at: https://www.google.com/policies/technologies/ads/.

Google AdWords and Google Conversion Tracking

This website uses Google AdWords. AdWords is an online advertising program by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”).

As part of Google AdWords, we use so-called conversion tracking. If you click on an advertisement placed by Google, a cookie for the conversion tracking is set. Cookies are small text files that the Internet browser places on the user's computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page.

Every Google AdWords customer receives a different cookie. The cookies cannot be tracked through the websites of AdWords customers. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that can be used to personally identify users. If you do not want to participate in tracking, you can object to this use by easily deactivating the Google Conversion Tracking cookie via your internet browser under user settings.You will then not be included in the conversion tracking statistics.

“Conversion cookies” are saved on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

You can find more information on Google AdWords and Google Conversion Tracking in Google's data protection regulations: https://www.google.de/policies/privacy/.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).

ReCAPTCHA is intended to check whether the data entry on our websites (e.g. in a contact form) is carried out by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (e.g. IP address, length of time the website visitor stays on the website or mouse movements made by the user). The data collected during the analysis are forwarded to Google.

The reCAPTCHA analyzes run completely in the background. Website visitors are not advised that an analysis is taking place.

Data processing is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM.

For more information about Google reCAPTCHA and Google's privacy policy, please see the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html .

6. Newsletter and informational emails

Mailjet

We use Mailjet to send transactional emails, for example to confirm the appointment you have booked. In addition, all e-mail newsletters sent by our customers via the studiolution e-mail marketing system are sent via the service provider Mailjet. The provider is Mailjet SAS, 13-13bis, Rue de l'Aubrac, 75012 Paris, France. Your email address and name will be sent to Mailjet to send the message. Mailjet stores your data only on servers in the EU and take all measures necessary to protect your data in accordance with applicable data protection laws. A transfer to third parties is excluded. The data stored at Mailjet will be deleted after the purpose has been achieved. Mailjet's privacy policy can be found here: https://www.mailjet.de/sicherheit-datenschutz/

With the help of Mailjet we can analyze and optimize our emails. We can also find out for our customers whether there were any problems when using the studiolution email marketing tool (e.g. bounces). When you open an email sent with Mailjet, a file (pixel) contained in the email connects to the Mailjet servers. In this way it can be determined whether a newsletter message has been opened and which links have been clicked on. In addition, technical information is recorded (e.g. time of access, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. They are used only for statistical analysis of newsletter campaigns. The results of these analyzes can be usedto better adapt future newsletters to the interests of the recipients.

If you do not want to be analyzed by Mailjet, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.

The data entered is processed exclusively on the basis of your consent (Art. 6 Para. 1 b GDPR). If you do not want an analysis by Mailjet, you must not book the appointment online. In this case, you can book the appointment at any time by phone at the store of your choice (e.g. hairdresser).

The data you have deposited with us for the purpose of booking an appointment is based on your consent (Art. 6 Para. 1 lit. b GDPR). The consent given expires automatically after a successful appointment. The legality of the data processing that has already taken place remains unaffected by the revocation. When booking an appointment, you can give the respective booked business (e.g. your hairdresser) separate consent for the purpose of direct advertising in order to receive appointment reminders, for example.

We as intermediaries only send emails / SMS for the purpose of fulfilling the contract.

Conclusion of an order processing contract

We have entered into an order processing agreement with Mailjet, in which we oblige Mailjet to protect our customers' data and not to pass them on to third parties.

Customer service via email

Zendesk

We use the Zendesk ticket system to process customer inquiries, a customer service platform from Zendesk Inc., 989 Market Street # 300, San Francisco, CA 94102. For this purpose, necessary data such as last name, first name, e-mail address are recorded on our website. Zendesk is a certified participant in the so-called "Privacy Shield Framework" and thus fulfills the minimum requirements for legally compliant order data processing.

Further information on data processing by Zendesk can be found in Zendesk's data protection declaration at http://www.zendesk.com/company/privacy . If you have any questions, you can also contact Zendesk's data protection officer directly: privacy@zendesk.com

If you contact us by email or using the form on the website, we will only use the personal data you have provided to process your specific request. The given data will be treated confidentially. The specified data and the message history with our support will be saved for follow-up questions and later contacts. The processing of the data entered in the contact form or the data sent by email takes place on the basis of your consent (Art. 6 Para. 1 lit. a GDPR).

We have concluded an order processing contract with Zendesk and fully implement the strict requirements of the German data protection authorities when using Zendesk.

Groove

In some situations, we also use the Groove ticket system to process customer inquiries for some inquiries. Groove is a ticket system (SAAS) from the American company Groove Networks, LLC. 300 Delaware Ave Ste 210-ADE 19801. The data that you send to support or via the service form will be sent to Groove Networks, LLC. transfer. Learn more about Groove Networks, LLC's collection and use of data. can be found at https://www.groovehq.com/our/privacy .

If you contact us by email or using the form on the website, we will only use the personal data you have provided to process your specific request. The given data will be treated confidentially. The specified data and the message history with our support will be saved for follow-up questions and later contacts. The processing of the data entered in the contact form or the data sent by email takes place on the basis of your consent (Art. 6 Para. 1 lit. a GDPR).

Groove is a certified participant in the so-called "Privacy Shield Framework" and thus fulfills the minimum requirements for legally compliant order data processing.

We have concluded a so-called "data processing agreement" with Groove and fully implement the strict requirements of the German data protection authorities when using Groove.

7. Plugins and tools

Google Web Fonts

We use so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that our website has been accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

If your browser does not support web fonts, a standard font will be used by your computer.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/ .

Open street map

We use the map service Open Street Map via an API. The provider is FOSSIGS eV, Römerweg 5,79199 Kirchzarten, DE.

The provider of Open Street Map automatically collects and stores information in so-called server log files, which your browser automatically transmits. These are:

Browser type and browser version, operating system used, referrer URL, host name of the accessing computer, time of the server request.

The provider of this page has no influence on this data transmission.

This data cannot be assigned to specific people. This data is not merged with other data sources.

The operator of Open Street Map reserves the right to check this data retrospectively if specific indications of illegal use become known.

The use of Open Street Map is in the interest of an attractive presentation of our online offers and to make it easier to find the places we have indicated on the website.

This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f represents.

You can find more information on handling user data in the data protection declaration of FOSSIGS eV: https://www.fossgis.de/datenschutzerklärung/