Privacy Policy
Effective date: 23 Februar 2025
This privacy policy informs you about the processing of personal data when you visit our website www.de-medici.info and when you use our online services (contact, appointment booking, newsletter, etc.).
1. Controller (Art. 4(7) GDPR)
De Medici Movement Spa Club / Urbanowicz Izabela
Mühlenstraße 31, 40213 Düsseldorf, Germany
Phone: +49 (0)211 16092864
E‑mail: office@de-medici.info
Website: www.de-medici.info
Note: Please verify the exact legal form/entity (e.g. sole proprietorship/GbR) and adjust the legal name accordingly.
Data protection contact / Data Protection Officer (if applicable)
For data protection enquiries, please contact office@de-medici.info.
If a Data Protection Officer has been appointed, please insert their contact details here.
Supervisory authority: State Commissioner for Data Protection and Freedom of Information of North Rhine‑Westphalia (LDI NRW), www.ldi.nrw.de.
2. Purposes and legal bases of processing
We process personal data for the following purposes under Art. 6 GDPR:
- Operation of the website, IT security & log files (Art. 6(1)(f) GDPR – legitimate interests).
- Performance of pre‑contractual/contractual obligations (e.g. appointment booking, purchase of vouchers) (Art. 6(1)(b) GDPR).
- Compliance with legal obligations (e.g. tax and commercial retention) (Art. 6(1)(c) GDPR).
- Consent (e.g. newsletter, non‑essential cookies/marketing tools) (Art. 6(1)(a) GDPR).
- Direct marketing to existing customers within the meaning of Sec. 7(3) UWG (Art. 6(1)(f) GDPR).
3. Hosting & processing on our behalf
We use an external service provider (hosting) for infrastructure, platform, computing, storage and security services required to operate the website. Processing takes place on the basis of a data processing agreement pursuant to Art. 28 GDPR. Please insert the name and address of your hosting provider here.
4. Server log files
When you access our website, the following information is processed automatically: IP address, date/time of access, time zone difference, request line, status code, amount of data transferred, referrer URL, user agent (browser type/version, operating system), pages/files accessed.
Purpose/interest: IT security, stability, prevention of misuse and fraud, technical administration.
Retention: Log data are usually deleted after 7–30 days, unless a security‑related review is required.
Legal basis: Art. 6(1)(f) GDPR.
5. Cookies, consent & similar technologies (TTDSG/GDPR)
For non‑essential cookies/trackers (e.g. analytics/marketing) we obtain your consent via a consent banner before setting them (Art. 6(1)(a) GDPR; Sec. 25(1) TTDSG). Technically necessary cookies may be set without consent (Sec. 25(2) TTDSG).
You can change or withdraw your selection at any time in the consent banner. Details of tools used, providers, storage periods and legal bases are provided in our cookie/tool overview (see 5.3).
5.1 Technically necessary cookies
E.g. session ID, language choice, basket/appointment booking.
Legal basis: Sec. 25(2) TTDSG; Art. 6(1)(f) GDPR.
5.2 Non‑essential cookies/tools
E.g. analytics, reach measurement, marketing/retargeting – only with consent.
Legal basis: Sec. 25(1) TTDSG; Art. 6(1)(a) GDPR.
5.3 Cookie/tool overview (example – please adapt)
| Category | Tool/Provider | Purpose | Legal basis | Storage period | Third‑country transfer |
|---|---|---|---|---|---|
| Analytics | Google Analytics 4 (Google Ireland Limited) | Reach measurement | Consent (Art. 6(1)(a) GDPR; Sec. 25(1) TTDSG) | up to 14 months (configurable) | USA – under EU‑US Data Privacy Framework (DPF) and/or SCCs |
| Marketing | Google Ads/Remarketing | Conversion measurement/remarketing | Consent | variable | USA – DPF/SCCs |
| Convenience | Google Maps/Fonts | Map display/fonts | Consent | variable | USA – DPF/SCCs |
Note: Remove/add tools according to actual use and link to the providers’ privacy notices in the consent banner.
6. Web analytics (example: Google Analytics 4 – if used)
If you have consented, we use Google Analytics 4 (provider: Google Ireland Limited). GA4 uses cookies/similar technologies to analyse website usage. Pseudonymous usage profiles are created.
IP anonymisation/regional processing: Google processes data from EU devices via EU‑based domains/servers first; IP addresses are truncated prior to storage.
Legal basis: Consent (Art. 6(1)(a) GDPR; Sec. 25(1) TTDSG).
Withdrawal: possible at any time via the consent banner.
Third‑country transfer: Data may be transferred to Google LLC (USA). The legal basis is the EU‑US Data Privacy Framework (DPF) and/or Standard Contractual Clauses (SCCs) with supplementary measures.
Storage period: user and event data up to 14 months (configurable).
If you do not use GA, remove this section.
7. Contact (e‑mail/form/phone)
When you contact us, we process your details (name, contact data, content of the enquiry) to handle your request and any follow‑up questions.
Legal basis: Art. 6(1)(b) GDPR (pre‑contractual/contractual) or Art. 6(1)(f) GDPR (general communication).
Retention: until completion of the request; longer where statutory retention applies.
8. Newsletter & product information by e‑mail
- Newsletter only with consent (double opt‑in, logging; Art. 6(1)(a) GDPR; Sec. 7(2)(3) UWG). You can withdraw consent at any time via the unsubscribe link.
- Product recommendations to existing customers under Sec. 7(3) UWG on the basis of our legitimate interests (Art. 6(1)(f) GDPR). You can object at any time.
9. Appointment booking, purchase of vouchers & performance of contract
For this purpose we process master data (e.g. name, address), communication data (e‑mail/phone), contract/service data (booked services, appointments), payment data.
Legal basis: Art. 6(1)(b) GDPR; for legal obligations Art. 6(1)(c) GDPR.
Retention: pursuant to Sec. 147 AO/Sec. 257 HGB up to 10 years; otherwise until purpose is fulfilled.
10. Recipients/categories of recipients
Internal departments (sales, customer service, accounting), IT/hosting providers, payment service providers, shipping/logistics (for goods), newsletter/CRM providers, and public authorities where legally required. Data processing agreements under Art. 28 GDPR are in place with processors.
11. Third‑country transfers
Where providers outside the EEA are used (e.g. Google LLC, USA), we ensure an adequate level of protection, e.g. via the EU‑US Data Privacy Framework (where certified) and/or Standard Contractual Clauses with supplementary measures. Information on the specific mechanism can be found in the consent banner or tool notes.
12. Storage period
Unless stated otherwise, we delete or anonymise data once they are no longer required for the stated purposes and no statutory retention obligations conflict with this.
13. Obligation to provide data
For bookings/contracts, those details are required which are necessary for conclusion and performance. Without these details, we cannot provide our services.
14. Automated decision‑making/profiling
No solely automated decision‑making takes place. Usage‑based profiling may occur if you consent to marketing/analytics tools.
15. Your rights
Subject to the legal requirements, you have the following rights: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21) and withdrawal of consent (Art. 7(3)).
You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR), in particular with the LDI NRW.
Terms and Conditions (T&Cs)
Version: 23 Januar 2025
1. Scope
These T&Cs govern the legal relationship between De Medici Movement Spa Club / Urbanowicz Izabela (hereinafter the “Provider”) and customers with regard to the use of the website www.de-medici.info, appointment bookings, and the purchase of services/vouchers. Deviating terms of the customer shall not apply unless the Provider has agreed to them in writing.
2. Services & Conclusion of Contract
The presentation of services on the website does not constitute a binding offer but an invitation to submit an offer. By submitting a booking/order, you make an offer; the contract is concluded upon confirmation (by e-mail). Appointment confirmations are subject to availability.
3. Prices & Payment
All prices include statutory VAT where applicable. The prices shown at the time of booking/order apply. Available payment methods are displayed during the ordering process. In the event of default of payment, the statutory provisions apply.
4. Appointments, Cancellations & No-Shows
Appointments are binding. Cancellations are free of charge up to 24 hours before the scheduled start (unless stated otherwise). Cancellations within 24 hours before the start of treatment will be charged at 40% of the price of the booked service.
In the event of a no-show or a cancellation after the appointment start, we charge 100% of the agreed price, unless you prove that no damage or substantially less damage has occurred.
If you appear for the appointment but, for reasons within your responsibility, the treatment is delayed by at least half of the scheduled time, the full price (100%) of the booked service is due.
Statutory rights of withdrawal remain unaffected.
5. Gift Vouchers & Stored-Value Cards
Vouchers are transferable and valid for 3 years from the date of purchase (regular limitation period). Cash payment is excluded unless there is a legal obligation. Remaining balances remain valid until expiry.
6. Health Information
Certain treatments require suitability from a health perspective. Please inform us in advance about relevant health restrictions. The Provider reserves the right to refuse treatments if there are medical reasons against them.
7. House Rules & Conduct
Staff instructions must be followed. Brought-along items must be stored carefully. The Provider is not liable for loss or damage to items brought along unless caused by intent or gross negligence.
8. Warranty
Statutory warranty rights apply.
9. Liability
The Provider is liable for damages—regardless of the legal basis—in cases of intent and gross negligence. In cases of simple negligence, the Provider is liable only
(a) for damages resulting from injury to life, body, or health, and
(b) for damages resulting from the breach of an essential contractual obligation (cardinal obligation); in such cases, liability is limited to the foreseeable damage typical for this type of contract.
Liability under the German Product Liability Act remains unaffected.
10. Copyright & Usage Rights, External Links
Website content is protected by copyright. Any use not expressly permitted requires prior consent. The content of linked external sites is the sole responsibility of their respective operators.
11. Consumer Right of Withdrawal in Distance Contracts
11.1 General
Consumers have, as a rule, a 14-day right of withdrawal for off-premises and distance contracts.
11.2 No Right of Withdrawal for Leisure Services with a Fixed Date (Section 312g (2) No. 9 BGB)
For contracts relating to services connected to leisure activities (e.g., spa/wellness treatments) where a specific date or period is agreed, there is no right of withdrawal. Our 24-hour cancellation rule (40%) and the no-show rule (100%) apply without restriction in such cases.
11.3 Vouchers without a Fixed Date
For the purchase of value/performance vouchers without date commitment, a 14-day right of withdrawal applies. The right of withdrawal expires if the voucher is fully redeemed within the withdrawal period. In the case of partial redemption, any refund amount is reduced by the portion already redeemed.
11.4 Services Outside the Leisure Exception
If, at your express request, we begin providing the service before the withdrawal period expires, you must pay reasonable compensation for the services provided up to the time of your withdrawal (Section 357a (2) BGB). If the service has been fully performed and you previously expressly consented and acknowledged the loss of the right of withdrawal, the right of withdrawal expires (Section 356 (4) BGB).
11.5 Exercising the Right of Withdrawal
To exercise your right of withdrawal, you must inform us (De Medici Movement Spa Club / Urbanowicz Izabela, Mühlenstraße 31, 40213 Düsseldorf, Germany, Phone: +49 (0)211 16092864, E-mail: office@de-medici.info).
12. Data Protection
Our Privacy Policy (see above) applies.
13. Dispute Resolution / ODR Platform
The European Commission provides an Online Dispute Resolution (ODR) platform: https://ec.europa.eu/consumers/odr. We are neither obliged nor generally willing to participate in dispute resolution proceedings before a consumer arbitration board.
14. Final Provisions
German law applies, excluding the UN Convention on Contracts for the International Sale of Goods (CISG). For consumers, this choice of law applies only insofar as it does not deprive them of the protection afforded by mandatory provisions of the law of the state of their habitual residence. If you are a merchant, the place of jurisdiction is Düsseldorf. Should individual provisions be or become invalid, the validity of the remaining provisions shall not be affected.
