Data protection declaration

13.03.2023

Welcome to studiobookr.com - a service of Head-on Solutions GmbH, hereinafter referred to as Head on Solutions, Bärenschanzstraße 2, 90429 Nürnberg, Germany, Phone: +49(0)911-13133518. The privacy and protection of the personal data of our customers and users of our websites/applications/services is an important concern for us. We consider it our highest priority to handle the data entrusted to us with care. The processing takes place in accordance with the applicable legal provisions on the protection of personal data and data security.

&Amendments to the data protection declaration

We always keep this data protection statement up to date. It may therefore be necessary to adapt the data protection statement to changes in the general conditions of a factual or legal nature. These adjustments are accepted with the use of our website.

Head on Solutions acts purely as an intermediary and acts on behalf of the business booked by you (e.g. the respective hairdresser).

In the course of your use of studiobookr.com, Head on Solutions processes the following personal data:

• Personal data that you yourself enter voluntarily as part of our online offer (such as when booking appointments, requests to contact or evaluate the respective studio, etc.), data such as first and last name, email address, telephone number, information provided as part of a support request, ratings and
.

• Information that is automatically sent to us by your web browser or terminal device, such as your IP address, device type, browser type, previously visited website, visited subpages or date and time of the respective visitor request.

We process your personal data for the following purposes:

• to enable you to use the services and functions of the Head on Solutions offers,
• to establish your identity and enable user authentication,
• to process your request,
• to analyse your usage of our websites,
• to ensure the error-free provision of the websites,
• to enforce our terms of use, to assert or defend against legal claims and to prevent and stop fraudulent and similar acts, including attacks on our IT infrastructure.

The following explains the legal basis on which we process all personal data,

this applies directly and unless otherwise stated, it applies in all subsequent circumstances.

Explanation of the legal basis for the processing of personal data under the GDPR:

• the processing of personal data takes place on the basis of Art. 5,
.
• for the performance and fulfilment of a contract with you (Article 6 (1) (b) of the General Data Protection Regulation)
.
• to comply with legal obligations to which Head on Solutions is subject (Article 6(1)(c) of the GDPR), or
.

• to safeguard the legitimate interests of Head on Solutions (Article 6(1)(f) of the General Data Protection Regulation). The legitimate interest of Head on Solutions lies in the processing of your personal data for the purpose of offering and operating the studiobookr.com online services,
.

• to safeguard the rights of children. Our services may only be used if the child has reached the age of 16 or has used our services with the consent or approval of the responsible parent. We reserve the right to delete the data if we become aware that children's data has been collected without the permission of the parent or guardian. (Article 8 para. 1).

Cookies

This website uses cookies. Cookies are small files that contain certain information and are stored on your terminal device. Cookies originate either from Head on Solutions – in which case they are so-called „First Party Cookies“ - or from certain third parties whose services Head on Solutions uses, in which case they are referred to as „Third Party Cookies“.

Cookies are necessary to provide certain functionality on websites, for example the „session cookie“ which is responsible for your authentication, this is automatically deleted at the end of your visit. In addition, cookies allow the respective publisher (Head on Solutions or a third party) to recognise that a website has already been called up once by a certain end device. In this way, it is possible to recognise returning visitors (or their end devices) and to obtain information about their usage behaviour and presumed interests. This information is used to present visitors with relevant advertising for Head on Solutions products and services on the website and on third-party websites.

Depending on their function and purpose, cookies can be divided into four categories: Essential Cookies, Performance Cookies, Functional Cookies and Marketing Cookies. In addition, a distinction is made between session cookies and persistent cookies.

Unnecessary cookies

These cookies are necessary for you to navigate the website and use its features, for example to set your privacy preferences, sign in or fill out forms. Without these cookies, the services you have requested via the website cannot be provided properly. Cookies that are absolutely necessary do not require the user's consent under applicable law.

You may configure your web browser to block cookies that are strictly necessary, but you may not be able to use the Website in the manner intended.

In so far as the data processed with the aid of functional cookies is to be regarded as personal in individual cases, Head on Solutions' legitimate interest in operating the website constitutes the legal basis for processing this data.

Performance Cookies

These cookies collect information about the use of the website, e.g. which pages are visited most frequently and how visitors move around the website. They are designed to help us improve the usability of the website and therefore the user experience. Other information collected with performance cookies may include: the internet browser and operating system used, the domain name of the website you came from, the number of visits, the average time spent on the site, the pages viewed.

The data generated by the use of performance cookies is aggregated and can generally not be attributed to a specific natural person. If the data processed with the help of performance cookies is to be regarded as personal in individual cases, the user's consent is the legal basis for the processing of this data.

Functional cookies

These cookies allow a website to remember an input or selection you have made (such as username, language or geographical region you are in) and to provide the user with improved, more personalised functionality.

Functional cookies

They are also used to enable requested functions such as playing videos.

If the data processed with the help of functional cookies are to be regarded as personal in individual cases, the user's consent constitutes the legal basis for the processing of these data.

Marketing Cookies

Marketing cookies (also called targeting or advertising cookies) are used to display advertisements on third-party websites that are more relevant to the user and his or her interests. They are also used to limit the frequency of an advertisement and to measure and control the effectiveness of advertising campaigns. Unconditionally required cookies

studiobookr.com

• APS-NET_SessionId (session cookie) Authentication and identification of the user, first party cookie
.

Performance cookies

Google Analytics

• _ga, (2 years or longer) Static analysis, third party cookie
.
• _gat (session) To throttle refresh rates. Third party cookie
• _gid (1 day or session) Cookie from Google, to uniquely distinguish users, third party cookie
.

Server log files

We use the servers of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany and centron GmbH, Heganger 29, 96103 Hallstadt, Germany. The processing is carried out on the basis of an order processing agreement in accordance with Art. 28 Para. 3 DSGVO.

The server providers automatically collect and store the information in so-called server log files, which your browser automatically transmits to the server providers. These are:

• Browser type/browser version
• Operating system used
• Referrer URL
• Host name of accessing computer
• Time of the server request

This data cannot be assigned to specific persons. A combination of this data with other data sources is not made. We reserve the right to check this data on a regular basis if we become aware of concrete indications of illegal use.

Cloudflare

We use the service Cloudflare. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter "Cloudflare").

We use the service "Cloudflare".

Cloudflare offers a globally distributed content delivery network with DNS. This technically routes the transfer of information between your browser and our website via Cloudflare's network. This enables Cloudflare to analyse the traffic between your browser and our website and to act as a filter between our servers and potentially malicious traffic from the internet. In doing so, Cloudflare may also use cookies or other technologies to recognise internet users, but these are used solely for the purpose described here.

The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f DSGVO).

The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.cloudflare.com/privacypolicy/.

For more information on security and privacy at Cloudflare, click here: https://www.cloudflare.com/privacypolicy/.

We have concluded a contract on order processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the Data Protection Regulation (DSGVO).

Google Analytics

We use functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

We use functions of the web analysis service Google Analytics.

Google Analytics sets cookies on your terminal device, which make it possible to evaluate your use of our websites. For this purpose, Google collects data, for example, to uniquely identify your browser, information on when and how often you have accessed our websites, how long you have stayed on our websites and how you have interacted with our websites

IP anonymisation

We have activated the IP anonymisation function on this website (this is ensured by the ga-disable, see under Cookies). This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be combined with other Google data.

Browser plugin

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Order processing

We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographic characteristics in Google Analytics

This website uses the “demographic characteristics” function of Google Analytics. This allows reports to be generated that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics, as described in the section on objection to data collection.

Google Remarketing and DoubleClick

Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-application functions of Google AdWords and Google DoubleClick. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-application functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your earlier usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC).

If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. In this way, the same personalised advertising messages can be displayed on every device on which you log in with your Google account.

If you have given your consent, Google will link your web and app browsing history with your Google account for this purpose.

To support this feature, Google Analytics collects Google-authenticated IDs of users, which are temporarily linked to our Google Analytics data in order to define and create target groups for cross-generational advertising.

You can permanently opt out of aggregate remarketing/targeting by deactivating personalised advertising in your Google Account by following this link: https://www.google.com/settings/ads/onweb/.

The aggregation of the data collected in your Google account is based solely on your consent.

For more information and the privacy policy, please see Google's privacy statement at: https://www.google.com/policies/technologies/ads/.

Open Street Map

We use the mapping service Open Street Map via an API. Provider is FOSSIGS e.V., Römerweg 5,79199 Kirchzarten, DE.

The provider of Open Street Map automatically collects and stores information in so-called server log files, which your browser automatically transmits. This is:

Browser type and version, operating system used, referrer URL, host name of the accessing computer, time of the server request.

The provider automatically collects this information in so-called server log files.

The provider of this site has no influence on this data transmission.

This data cannot be assigned to specific persons. This data is not merged with other data sources.

The provider of this site has no influence on this data.

The operator of Open Street Map reserves the right to check this data on a regular basis if concrete indications of illegal use become known.

The operator of Open Street Map reserves the right to check this data on a regular basis if concrete indications of illegal use become known.

The use of Open Street Map is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website.

This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.

More information on the handling of user data can be found in the privacy policy of FOSSIGS e.V.: https://www.fossgis.de/datenschutzerklärung/

Sentry

We have integrated Sentry on this website. The provider is Functional Software Inc, 45 Fremont Street, 8th Floor, San Francisco, California 94105, USA (hereinafter referred to as Sentry).

Sentry is an open source error tracking software that allows us to monitor and fix errors and crashes anywhere in a web-based software in real time. We process the following data for this purpose: IP address, user agent, referrer, stack trace, click path. However, we host Sentry locally on our servers so that the data is processed exclusively by us.

Sentry is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the error-free functioning of its own website.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as payments or enquiries that you send to us as site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the padlock symbol in your browser line.

If SSL or TLS encryption is activated, the data you send to us cannot be read by third parties.

Links to external websites

This privacy policy applies only to Head on Solutions offerings and not to third party websites and applications. Head on Solutions offerings may contain links to third party websites and applications that may be of interest to you. Head on Solutions is not responsible for the collection, processing or use of your data on websites or applications that are not operated by Head on Solutions or for their content

2. eCommerce and payment­providers

When you book services, make payments or voucher purchases, we pass on your personal data to the payment service provider commissioned to process the payment. Only the data that the respective service provider requires to perform its task will be disclosed. The legal basis for this is Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the performance of a contract or pre-contractual measures.

Data­übmittlung bei Vertragsschluss für Dienstleistungen und digitale Inhalte

We only pass on personal data to third parties if this is necessary for the processing of the contract, for example to the credit institution commissioned with the processing of payments. Further transmission of the data does not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

Payment services

We include third party payment services on our website. When you make a purchase from us, your payment details (e.g. name, payment amount, account details, credit card number) are processed by the payment service provider for the purpose of processing the payment. The respective contract and data protection provisions of the respective providers apply to these transactions. The payment service provider is used on the basis of Art. 6 Para. 1 lit. b DSGVO (contract processing) and in the interest of a smooth, convenient and secure payment process (Art. 6 Para. 1 lit. f DSGVO). If your consent is requested for certain actions, Art. 6 para. 1 lit. a DSGVO is the legal basis for data processing; consent can be revoked at any time in the future.

We use the following payment services / payment service providers within the scope of this website: 

Adyen

For the processing of payments via studiolution Pay, we use the subcontractor Adyen GmbH, Simon Carmiggeltstraat 5-60, 1011 DJ Amsterdam, the Netherlands (hereinafter referred to as “Adyen”). Head-on Solutions GmbH has an order processing contract with Adyen.

When using studiolution Pay (e.g. to purchase vouchers or to make online payments), the payment is processed by Adyen. The end customer payment data (such as name, payment data, address) are processed and stored by Adyen.

The processing of the end customer data by Adyen is based on Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract to which the end customer is a party).

3. Processing of personal data of business partners

In the context of the cooperation with business partners, Head on Solutions processes personal data of end users and contacts at customers, prospective customers, distributors, suppliers and partners (each a „business partner“):

• Contact information, such as first and last name, address, telephone number, mobile phone number, fax number and e-mail address,
.
• Payment information, such as information required to process payment transactions or fraud prevention, including credit card information and card numbers,
.
• other information whose processing is required in the context of a project or the handling of a contractual relationship with Head on Solutions or which is provided voluntarily by business partners, e.g. in the context of orders placed, enquiries or project details,
.
• Personal data collected from publicly available sources, information databases or credit agencies and
.
• to the extent legally required in the context of e.g. compliance screenings: date of birth, identity card and ID numbers, information on relevant court proceedings and other legal disputes involving business partners
.

Head on Solutions processes the personal data for the following purposes:

• Communication with business partners about products, services and projects, e.g. to process enquiries from the business partner or to forward the enquiries to them or to provide technical information about products,
.
• Planning, implementing and managing the (contractual) business relationship between Head on Solutions and the business partner, e.g. to process orders for products and services, to collect payments, for accounting and billing purposes and to carry out deliveries, maintenance activities or repairs,
. Conducting customer satisfaction surveys and direct marketing as further described in clause 3,.
• Maintaining and protecting the security of our products and services and our websites, preventing and detecting security risks, fraud or other criminal or fraudulent activity
.
• Compliance with (i) legal requirements (e.g. tax and commercial retention requirements), (ii) existing compliance screening obligations (to prevent white-collar crime or money laundering) and (iii) Head on Solutions policies and industry standards, and
.
• Settling disputes, enforcing existing contracts and asserting, exercising and defending legal claims.

The processing of personal data is necessary to achieve the aforementioned purposes. Unless expressly stated otherwise when collecting the personal data, the legal basis for the data processing is:

• for the performance and fulfilment of a contract with you (Article 6(1)(b) of the General Data Protection Regulation),
.
• to comply with legal obligations to which Head on Solutions is subject (Article 6(1)(c) of the GDPR), or
.
• the safeguarding of legitimate interests of Head on Solutions (Article 6(1)(f) of the General Data Protection Regulation). The legitimate interest of Head on Solutions lies in the initiation, implementation and settlement of the business relationship.

If you have expressly given your consent to the processing of your personal data in an individual case, this consent is the legal basis for the processing (Article 6 (1) (a) of the General Data Protection Regulation).

4. Disclosure and transfer of personal data

Head on Solutions may disclose your personal data to:

• Other third parties – e.g. accounting, sales partners or suppliers - if this is necessary in connection with the offer and operation of the Head on Solutions online offers or the initiation, implementation or settlement of the business relationship,
.
• IT service providers who process data as part of your service provision (such as service providers for IT maintenance activities), and/or
.
• Third parties if this is necessary to comply with applicable law or to assert, exercise or defend legal claims (e.g., in connection with arbitration or legal proceedings, to courts, arbitration tribunals, authorities or legal advisors)
.

The recipients are partly based in countries whose data protection laws provide a level of protection that does not correspond to the level of protection in the country in which you have your registered office or place of residence.

The recipients are partly based in countries whose data protection laws provide a level of protection that does not correspond to the level of protection in the country in which you have your registered office or place of residence.

In this case, Head on Solutions will take measures to ensure appropriate and adequate safeguards for the protection of the personal data otherwise.

• Personal data will only be transferred to non-Group recipients in such countries if they have (1) EU Standard Contractual Clauses(link) in place with Head on Solutions or (2) Binding Corporate Rules(link) or (3) - in the case of recipients located in the USA - are certified under the EU/US Privacy Shield(link). For more information and a copy of the measures implemented, please visit: office@headonsolutions.com
.

5. Processing of personal data for customer service, customer satisfaction analysis and direct marketing

To the extent permitted by applicable law, Head on Solutions may use your contact information for direct marketing purposes (e.g. trade show invitations, newsletters) and to conduct customer satisfaction surveys, in each case also by email. You have the right to object to the use of your contact data for these purposes at any time by sending an email to office@headonstudiolutions.com or by making use of the objection option in the message you have received.

Mailjet

We use Mailjet to send transactional emails such as confirming the appointment you have booked. In addition, all email newsletters sent by our customers via the studiolution email marketing system are sent via the service provider Mailjet. The provider is Mailjet SAS, 13-13bis, Rue de l’Aubrac, 75012 Paris, France. Your email address and name will be sent to Mailjet in order to send the message. Mailjet stores your data exclusively on servers in the EU. We take all necessary measures to protect your data in accordance with the applicable data protection laws. Your data will not be passed on to third parties. The data deposited with Mailjet will be deleted once the purpose has been achieved. You can find Mailjet's data protection statement here: https://www.mailjet.de/sicherheit-datenschutz/

Mailjet allows us to analyse and optimise our emails. Furthermore, we can find out for our customers whether there were any problems (e.g. bounces) when using the studiolution email marketing tool. When you open an email sent with Mailjet, a file (pixel) contained in the email connects to Mailjet's servers. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you do not want any analysis by Mailjet, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.

The processing of the data entered is based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent to receive the newsletter (e.g. information on product use) at any time, for example by clicking on the unsubscribe link in the newsletter. The legality of the data processing procedures already carried out remains unaffected by the revocation.

In the case of transactional processing (e.g. activation of your access) of the data entered, the consent is given on the basis (Art. 6 para. 1 lit. b DSGVO). The consent given expires automatically with the expiry of the contract. The legitimacy of the data processing procedures already carried out remains unaffected by the revocation.

The data you have provided us with for the purpose of sending you emails will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email addresses for the members' area) remain unaffected by this.

We have concluded an order processing agreement with Mailjet in which we oblige Mailjet to protect the data of our customers and not to pass it on to third parties.

Groove

In some situations, we use the Groove ticketing system to handle customer queries. Groove is a ticket system (SAAS) from the American company Groove Networks, LLC. 300 Delaware Ave Ste 210-ADE 19801. The data that you send by email to the support or via the service form is transferred to Groove Networks, LLC. übergübertragen. For more information about the collection and use of data by Groove Networks, LLC., please visit https://www.groovehq.com/our/privacy.

If you contact us by email or via the form on the website, we will only use the personal data you provide to process your specific enquiry. The data provided will be treated confidentially. The data provided and the message history with our support will be stored for follow-up questions and later contacts. The processing of the data entered in the contact form or the data sent by email is based on your consent (Art. 6 para. 1 lit. f DSGVO).

Groove is a certified participant in the so-called Privacy Shield Framework and thus meets the minimum requirements for legally compliant commissioned processing.

We have concluded a so-called „Data Processing Agreement“ with Groove and fully implement the strict requirements of the German data protection authorities when using Groove.

6. Storage periods

If no explicit storage period is specified at the time of collection (e.g. in the context of a declaration of consent), your personal data will be deleted as soon as it is no longer required to fulfil the purpose for which it was stored (within the meaning of Art. 5 para. 1 lit. b,c,e), unless legal retention obligations (e.g. commercial and tax retention obligations) prevent the deletion.

7. legal declaration on the revocation of your declaration of consent

If you have given us consent to process your personal data, you have the right to revoke this consent at any time with effect for the future. The revocation does not affect the lawfulness of the processing carried out on the basis of the consent before the revocation. (Art. 7 para. 3) After revocation, Head on Solutions may only process the personal data insofar as Head on Solutions can base the processing on another legal basis. Please send your revocation to: office@headonsolutions.com

8. Your rights

Under the General Data Protection Regulation, you have the right to:

• to request confirmation as to whether Head on Solutions is processing personal data about you and to receive information about the personal data processed by Head on Solutions and further information,
.
• request the rectification of inaccurate personal data,
• to request the erasure of personal data processed by Head on Solutions,
• to request the restriction of the processing of personal data by Head on Solutions,
• request the transfer of the data or
.
• to object to the processing of personal data by Head on Solutions.

Further information and explanations regarding the above-mentioned rights can be found on the website „Rights for Bürger“(link) of the European Commission.

9. contact person

The Head on Solutions supports you with all questions concerning data protection. Complaints can also be made to Head on Solutions and the rights set out in this data protection statement can be exercised.

9.

The responsible party for data processing on this website is:

Head-on Solutions GmbH
. Bärenschanzstraße 2
90429 Nürnberg

Phone: +49(0)911-13133518
Email: office@headonsolutions.com

Our data protection officer:

Lawyer Holger Loos
Company SiDIT GmbH
Unterdürrbacher Straße 8
97080 Würzburg

Phone: +49 (0)931-78086651
Email: info@sidit.de