Stamy

PRIVACY POLICY

Data Protection Controller

Controller according to GDPR: Stamy GmbH, Universitätsstr. 51, 8006 Zürich roman.weis@stamy.io EU Data Protection Representative (Art. 27 GDPR): Rickert Rechtsanwaltsgesellschaft mbH Stamy Booking GmbH Colmantstrasse 15, 53115 Bonn, Germany art-27-rep-stamybooking@rickert.law

Data Subject Rights

Users can exercise the following rights: • Access to stored data • Correction of inaccurate data • Deletion of stored data • Restriction of data processing • Objection to processing and data portability Consent can be revoked at any time. Complaints can be filed with the relevant supervisory authorities.

Purposes of Data Processing

Data is only processed for the stated purposes. Disclosure to third parties only occurs in case of: • Explicit consent • Contract fulfillment • Legal obligation • Safeguarding legitimate interests

Registration

Upon registration, the following data is collected: name, address, phone, email. Users can change or delete their data at any time. Information is provided, correction/deletion is carried out unless legal retention obligations exist.

Paid Services

Additional data such as payment details are collected and stored until the expiry of statutory retention periods.

SSL Encryption

Data transmissions are protected by modern encryption methods (SSL/HTTPS).

Newsletter

Based on explicit consent, newsletters are sent via email. The double opt-in procedure is used. Data is used exclusively for newsletter delivery and is not shared with third parties. Provider: Sendinblue GmbH, Köpenicker Strasse 126, 10179 Berlin Privacy policy: https://de.sendinblue.com/legal/privacypolicy/ Revocation is possible at any time via the unsubscribe link.

Transactional Emails

Provider: Mailgun Technologies, Inc., 112 E Pecan St. #1135, San Antonio, TX 78205, USA Mailgun is a data processor for automated emails (order confirmations). This is based on legitimate interests (Art. 6(1)(f) GDPR). Privacy policy: https://www.mailgun.com/privacy-policy/

Contact Form

Contact inquiries require a valid email address. Additional data is optional. After processing, data is deleted.

Hosting & Cloud Services

Amazon CloudFront Provider: Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg CDN for security and speed. AWS is a data processor (Art. 6(1)(f) GDPR). Right of objection exists. Google Cloud Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Cloud service for security and speed. Google Cloud is a data processor (Art. 6(1)(f) GDPR). Hetzner Cloud Provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany Hosting of databases and web services. Hetzner is a data processor (Art. 6(1)(f) GDPR).

Changes to the Privacy Policy

This policy may be updated to meet legal requirements or reflect service changes. New versions apply upon revisiting the site.