Privacy Policy
Data
PRIVACY POLICY for HIMALYA Wellness
PRIVACY POLICY for HIMALYA Wellness
1. Responsible Entity
HIMALYA Wellness
Owner: Lukas Wiesflecker
Address: Josef-Lengauer-Straße 25 / 6341 Ebbs
Email: l.wiesflecker@gmail.com
Phone: +436509859840
This privacy policy informs you about how personal data is processed when you use our website, the online shop, or our booking system, or when you take advantage of a massage.
2. Types of Processed Data
We process – depending on contact or booking – the following categories of personal data:
First and last name
Address (for mobile massage or invoices)
Email address
Phone number
Booking information (appointment, type of massage, duration)
Payment data (via Shopify or payment provider)
Communication data (form, email, phone)
Website usage data (server logs, cookies, analytics, optional)
We do not process sensitive health data unless you voluntarily share them (e.g., notes such as “please do not press too hard,” “shoulder tense”). This information will never be stored or shared.
3. Purpose of Data Processing
Data is processed for the following purposes:
Execution of massage applications
Appointment scheduling & organization
Execution of mobile applications
Issuance of invoices
Sale of vouchers & packages
Communication & inquiries
Operation of the website & improvement of content
Legal obligations (trade law, accounting)
Legal basis:
Art. 6 para. 1 lit. b (contract)
Art. 6 para. 1 lit. c (legal obligation)
Art. 6 para. 1 lit. f (legitimate interest)
Art. 6 para. 1 lit. a (consent for cookies/analytics)
4. Appointment Booking via Online System
If you secure an appointment through our online booking system, your data will be processed by the respective service provider.
Used system: Sesami.co
The following data will be transmitted:
Name
Email
Phone number
Type of massage
Appointment time
If applicable, address (for mobile massage)
The provider acts as a processor according to Art. 28 GDPR.
The data is used solely for appointment processing.
5. Contact Form
If you use our contact form, we will only store your information to process your inquiry.
Storage duration:
max. 12 months or until the request is completed.
6. Online Shop via Shopify (Vouchers & Packages)
For sales (vouchers, packages, payments), we use Shopify.
The data is processed directly by Shopify:
Shopify International Ltd., Dublin, Ireland
The following data is processed:
Name
Address
Email
Payment data
Order information
Shopify is certified under the EU–US Data Privacy Framework.
Shopify Privacy:
https://www.shopify.com/legal/privacy
7. Payment Providers
Depending on the settings in the shop, we use the following providers:
Stripe (cards, Apple Pay, Klarna, etc.)
PayPal
Sofortüberweisung (Klarna)
EPS (if activated)
These providers process data independently as controllers.
You can find the corresponding privacy policies there.
8. Server Logs & Technical Data
When accessing our website, the following data is automatically collected:
IP address (anonymized at Framer)
Date & time
Browser type
Operating system
accessed pages
Referrer
This data serves technical security.
Legal basis: Art. 6 para. 1 lit. f GDPR.
9. Cookies
Our website uses cookies to provide basic functions.
Non-essential cookies are set only after your consent.
You can revoke cookies at any time via the banner.
10. Google Analytics 4
Our website uses Google Analytics 4.
We use:
IP anonymization
Contract processing
EU servers, if possible
No personal profiling
Legal basis: Consent according to Art. 6 para. 1 lit. a GDPR.
Revocation possible at any time via cookie banner.
More information: https://policies.google.com/privacy
11. Social Media
When accessing our profiles (Instagram, TikTok, etc.), their privacy policies apply.
No social media plugins that automatically transfer data are loaded on our website.
12. Newsletter
If you subscribe to our newsletter, we store your email address and, if applicable, your name.
Legal basis: Consent according to Art. 6 para. 1 lit. a GDPR.
Unsubscription possible at any time.
13. Storage Duration
We store personal data:
as long as necessary to fulfill an order
based on legal obligations (e.g., invoices: 7 years)
until you request deletion, unless legal obligations stand in the way
14. Your Rights
According to the GDPR, you have the following rights:
Information
Rectification
Deletion
Restriction
Data portability
Withdrawal (for consents)
Objection
Complaint to the Data Protection Authority of Austria
Austrian Data Protection Authority:
www.dsb.gv.at
15. Security
We secure our website through SSL encryption and only use providers who operate in compliance with the GDPR.
16. Data Transfer Outside the EU
Data transfers to providers in the USA only occur if:
a valid data protection agreement exists (e.g., DPF) or
standard contractual clauses (SCC) are used.
17. Changes to the Privacy Policy
This privacy policy may be updated if new systems, techniques, or legal requirements make this necessary.
Status: January 2025
1. Responsible Entity
HIMALYA Wellness
Owner: Lukas Wiesflecker
Address: Josef-Lengauer-Straße 25 / 6341 Ebbs
Email: l.wiesflecker@gmail.com
Phone: +436509859840
This privacy policy informs you about how personal data is processed when you use our website, the online shop, or our booking system, or when you take advantage of a massage.
2. Types of Processed Data
We process – depending on contact or booking – the following categories of personal data:
First and last name
Address (for mobile massage or invoices)
Email address
Phone number
Booking information (appointment, type of massage, duration)
Payment data (via Shopify or payment provider)
Communication data (form, email, phone)
Website usage data (server logs, cookies, analytics, optional)
We do not process sensitive health data unless you voluntarily share them (e.g., notes such as “please do not press too hard,” “shoulder tense”). This information will never be stored or shared.
3. Purpose of Data Processing
Data is processed for the following purposes:
Execution of massage applications
Appointment scheduling & organization
Execution of mobile applications
Issuance of invoices
Sale of vouchers & packages
Communication & inquiries
Operation of the website & improvement of content
Legal obligations (trade law, accounting)
Legal basis:
Art. 6 para. 1 lit. b (contract)
Art. 6 para. 1 lit. c (legal obligation)
Art. 6 para. 1 lit. f (legitimate interest)
Art. 6 para. 1 lit. a (consent for cookies/analytics)
4. Appointment Booking via Online System
If you secure an appointment through our online booking system, your data will be processed by the respective service provider.
Used system: Sesami.co
The following data will be transmitted:
Name
Email
Phone number
Type of massage
Appointment time
If applicable, address (for mobile massage)
The provider acts as a processor according to Art. 28 GDPR.
The data is used solely for appointment processing.
5. Contact Form
If you use our contact form, we will only store your information to process your inquiry.
Storage duration:
max. 12 months or until the request is completed.
6. Online Shop via Shopify (Vouchers & Packages)
For sales (vouchers, packages, payments), we use Shopify.
The data is processed directly by Shopify:
Shopify International Ltd., Dublin, Ireland
The following data is processed:
Name
Address
Email
Payment data
Order information
Shopify is certified under the EU–US Data Privacy Framework.
Shopify Privacy:
https://www.shopify.com/legal/privacy
7. Payment Providers
Depending on the settings in the shop, we use the following providers:
Stripe (cards, Apple Pay, Klarna, etc.)
PayPal
Sofortüberweisung (Klarna)
EPS (if activated)
These providers process data independently as controllers.
You can find the corresponding privacy policies there.
8. Server Logs & Technical Data
When accessing our website, the following data is automatically collected:
IP address (anonymized at Framer)
Date & time
Browser type
Operating system
accessed pages
Referrer
This data serves technical security.
Legal basis: Art. 6 para. 1 lit. f GDPR.
9. Cookies
Our website uses cookies to provide basic functions.
Non-essential cookies are set only after your consent.
You can revoke cookies at any time via the banner.
10. Google Analytics 4
Our website uses Google Analytics 4.
We use:
IP anonymization
Contract processing
EU servers, if possible
No personal profiling
Legal basis: Consent according to Art. 6 para. 1 lit. a GDPR.
Revocation possible at any time via cookie banner.
More information: https://policies.google.com/privacy
11. Social Media
When accessing our profiles (Instagram, TikTok, etc.), their privacy policies apply.
No social media plugins that automatically transfer data are loaded on our website.
12. Newsletter
If you subscribe to our newsletter, we store your email address and, if applicable, your name.
Legal basis: Consent according to Art. 6 para. 1 lit. a GDPR.
Unsubscription possible at any time.
13. Storage Duration
We store personal data:
as long as necessary to fulfill an order
based on legal obligations (e.g., invoices: 7 years)
until you request deletion, unless legal obligations stand in the way
14. Your Rights
According to the GDPR, you have the following rights:
Information
Rectification
Deletion
Restriction
Data portability
Withdrawal (for consents)
Objection
Complaint to the Data Protection Authority of Austria
Austrian Data Protection Authority:
www.dsb.gv.at
15. Security
We secure our website through SSL encryption and only use providers who operate in compliance with the GDPR.
16. Data Transfer Outside the EU
Data transfers to providers in the USA only occur if:
a valid data protection agreement exists (e.g., DPF) or
standard contractual clauses (SCC) are used.
17. Changes to the Privacy Policy
This privacy policy may be updated if new systems, techniques, or legal requirements make this necessary.
Status: January 2025