This website (“Site”) is operated by Wunderhaus Wellness GmbH, a company registered in Germany under registration number HRB 168193 B (“Wunderhaus”, “we”, “us” and/or “our”). Our registered address is Greifswalder Str. 31, 10405 Berlin. You can contact us as indicated under the “Contact” section below.
The data controller responsible for your personal data is the Wunderhaus company with whom you contract as a customer, member or membership applicant (“Wunderhaus”, “we”, “us” and/or “our”).
We collect the following personal data about you:
We use your personal data in the following ways:
o where we are asked to deal with any enquiries or complaints you make.
o to administer our Site, to better understand how visitors interact with our websites and ensure that our Site is presented in the most effective manner for you and for your computer/device.
o to conduct analytics to inform our marketing strategy and enable us to enhance and personalise the experience we offer to our members and our communications, including by creating customer or member profiles to enable personalised direct marketing communications.
o to provide postal communications which we think will be of interest to you.
o if you ask us to delete your data or to be removed from our marketing lists and we are required to fulfil your request, to keep basic data to identify you and prevent further unwanted processing.
o to share personal data among our affiliated businesses for administrative purposes, for providing membership services and in relation to our sales and marketing activities.
o we may anonymise, aggregate and de-identify the data that we collect and use such anonymised, aggregated and de-identified data for our own internal business purposes, including sharing it with our current and prospective members, business partners, our affiliated businesses, agents and other third parties for commercial, statistical and market research purposes, for example to allow those parties to analyse patterns among groups of people, and conducting research on demographics, interests and behavior.
o for internal business/technical operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes and as part of our efforts to keep our Site, network and information systems secure.
o to (a) comply with legal obligations, (b) respond to requests from competent authorities; © enforce our House Rules; (d) protect our operations or those of any of our affiliated businesses; (e) protect our rights, safety or property, and/or that of our affiliated businesses, you or others; and (f) enforcing or defending legal rights, or preventing damage.
We share your personal data with third parties in the following situations:
Any credit/debit card payments and other payments you make through our Site will be processed by our third party payment providers and the payment data you submit will be securely stored and encrypted by our payment service providers using up to date industry standards. Please note that we do not ourselves directly process or store the debit/credit card data that you submit.
We may arrange that card or payment data you submit in support of a membership application or subscription fee is stored for the purpose of processing your application, initiating your membership and collecting your subscription fees if your initial application is successful (or if you are put on to a membership waiting list, please note that this data may be stored for later use to initiate your membership and subscription).
We store and use this card or payment information for the purpose of processing any future payments that you make as a member for additional goods and services. We will store this data in accordance with our legal obligations under applicable law and only for so long as legally permitted.
You may choose to opt out of us holding your card or payment data although this means that you will need to re-supply us with card/payment details to initiate your membership subscription fee or for the purpose of making any future purchases.
Your personal data will be transferred to and stored in countries other than the country in which the information was originally collected, including the United States and other destinations outside the European Economic Area (“EEA”), to our service providers and affiliated businesses for the purposes described above.
Please note that the countries concerned may not provide the same legal standards for protection of your personal data that you have in the United Kingdom or EEA. Where we transfer your personal data to countries outside of the EEA we will take all steps to ensure that your personal data will continue to be protected. We will implement appropriate safeguards for the transfer of personal data to our service providers in accordance with the applicable law, such as relying on our service providers’ Privacy Shield certification or implementing standard contractual clauses for data transfers. We have implemented data transfer agreements pursuant to applicable data protection law in order to implement appropriate safeguards for the transfer of personal data to Wunderhaus group companies in countries outside the EEA. If you would like to receive more information on the safeguards that we implement, including copies of relevant data transfer contracts, please contact us as indicated below.
Where we have given you (or where you have chosen) a password or log-in which enables you to access certain restricted parts of our Site, you are responsible for doing everything you reasonably can to keep these details secret. You must not share your password or log-in details with anyone else.
Unfortunately, the transmission of information over the internet or public communications networks can never be completely secure. We will take appropriate technical and organisational security measures to protect the personal data that you submit to us against unauthorised/unlawful access or loss, destruction or damage, although we cannot 100% guarantee the security of personal data that you provide to us online.
To determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of the personal data, the purposes for which we process your personal data, applicable legal requirements or operational retention needs, and whether we can achieve those purposes through other means.
Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case it is no longer personal data.
Certain applicable data protection laws give you specific rights in relation to your personal data. In particular, if the processing of your personal data is subject to the GDPR, you have the following rights in relation to your personal data:
If you wish to exercise any of these rights please contact us as described in the “Contact” section below. We may also need to ask you for further information to verify your identity before we can respond to any request.