Privacy Policy
Last updated: November 2025
We take the protection of your personal data very seriously. This Privacy Policy explains how we collect, use, store, protect, and potentially transfer your data internationally when you use the website www.mantra-wellness.com or our associated digital services (“Services”).
By using our website, you agree to this Privacy Policy. If you do not agree, please do not continue to use our digital services.
-----
## 1. Data Controller
**Mantra-Wellness®**
Owner: Bianca Adhartha
Hinter den Höfen 1
28870 Ottersberg
Germany
Email: info@mantra-wellness.com
-----
## 2. Types of Data We Process
### 2.1 Non-Personal Data
Examples:
- Device type, browser type, operating system
- Referrer URL
- Timestamps, session duration
- Aggregated usage and performance data
- Cookie information (technically necessary cookies)
### 2.2 Personal Data
Examples:
- Name
- Email address
- Phone number
- IP address
- Payment data via Stripe (credit card data is not stored by us)
- Content from forms
- Booking and session data
Combined data is treated as personal data.
-----
## 3. How We Collect Data
### 3.1 Direct Information
- Contact forms
- Bookings
- Emails or other communication
### 3.2 Automated Collection
- Log files
- Cookies
- Session and usage data
- Analytics tools (Wix Analytics, optionally Google Analytics)
### 3.3 Third-Party Sources
- Registration via Facebook or Google
- Payment provider (Stripe)
- Video service (Zoom)
-----
## 4. Purposes of Data Processing
### 4.1 Provision of Our Services
- Processing bookings
- Contact and support
- Payment processing
- Provision of online sessions
### 4.2 Analysis & Optimization
- Improving content and functionality
- Error diagnosis
- Creating anonymized statistics
### 4.3 Security & Compliance
- Detection of abuse
- IT security
- Fulfillment of legal obligations
### 4.4 Marketing (only with consent)
- Newsletter
- Information about new offers
Withdrawal possible at any time.
-----
## 5. Legal Bases (GDPR)
### 5.1 Consent (Art. 6(1)(a) GDPR)
- Newsletter
- Analytics cookies
- Recording of online sessions
### 5.2 Contract Performance (Art. 6(1)(b) GDPR)
- Bookings
- Provision of Services
### 5.3 Legitimate Interest (Art. 6(1)(f) GDPR)
- Security
- User-friendliness
- Communication in non-contractual cases
### 5.4 Legal Obligation (Art. 6(1)(c) GDPR)
- Tax and retention obligations
-----
## 6. Sharing Personal Data
We only share data when necessary.
### 6.1 Processors
|Service Provider |Purpose |Location |Safeguards |
|----------------------------------|------------------------|-------------|---------------------------------|
|**Wix.com Ltd.** |Hosting, operations, CRM|Israel/USA |Adequacy decision (Israel), SCC |
|**Stripe Payments Europe Ltd.** |Payment processing (EU) |Ireland |GDPR-compliant, PCI-DSS Level 1 |
|**Stripe Inc.** |Payment processing (USA)|USA |EU–US Data Privacy Framework, SCC|
|**Zoom Video Communications Inc.**|Online sessions |USA/EU |DPF + SCC |
|**Wix Email/CRM** |Contact management |Israel/Global|Adequacy decision (Israel), SCC |
**We do not sell personal data.**
### 6.2 Other Permitted Cases
- Legal obligations
- Enforcement of our rights
- Protection against abuse
- Business transfers
-----
## 7. International Data Transfers
Data may be processed worldwide.
Transfers only occur when:
- An adequacy decision exists
- Standard Contractual Clauses (SCC) are employed
- Or the company is certified under the EU–US Data Privacy Framework
**Safeguards:**
- Encryption
- Access restrictions
- Data minimization
-----
## 8. Retention Periods
- **Contract and booking data:** up to 10 years
- **Invoice data:** 10 years
- **Contact form data:** up to 3 years
- **Newsletter data:** until withdrawal
- **Log files:** 7–30 days
- **Cookies:** session to 12 months
Data is deleted or anonymized after expiration.
-----
## 9. Data Security
- HTTPS encryption
- Firewalls
- Secure servers
- Regular updates
- PCI-DSS compliance at Stripe
No internet transmission is completely secure.
-----
## 10. Minors
Our Services are not directed at persons under 16 years of age (EU).
We do not process data from minors without parental consent.
Immediate deletion upon discovery.
-----
## 11. Your Rights
- Access
- Rectification
- Erasure
- Restriction
- Data portability
- Objection
- Withdrawal
**Requests to:** info@mantra-wellness.com
**Complaints possible at:**
- State Data Protection Authority of Lower Saxony (Germany)
- FDPIC (Switzerland)
- ICO (UK)
-----
## 12. Cookies & Tracking
### 12.1 Types of Cookies
- Necessary cookies
- Functional cookies (consent required)
- Analytics cookies (consent required)
- Marketing cookies (consent required)
### 12.2 Management
- Via cookie banner
- Via cookie settings in footer
- Via browser settings
-----
## 13. Online Sessions (Zoom)
- Zoom processes data in accordance with GDPR
- EU data centers are prioritized
- Recordings only with consent
-----
## 14. Medical Notice & Liability
### 14.1 Not a Medical Service
Mantra-Wellness offers wellness, coaching, meditation, and energetic treatments, not medical or psychotherapeutic services.
### 14.2 Liability
Liability exists only according to statutory provisions.
### 14.3 Personal Responsibility
Use is at your own responsibility.
-----
## 15. Changes
We may modify this policy at any time.
Current version always available on our website.
-----
## 16. International Notes
- **Switzerland:** revDSG
- **UK:** UK GDPR
- **Other countries:** local data protection laws may apply
-----
## 17. Contact
**Mantra-Wellness®**
Bianca Adhartha
Hinter den Höfen 1
28870 Ottersberg
Germany
Email: info@mantra-wellness.com
-----
## 18. Legal Notice
This policy does not replace legal advice.
Laws may change.
For binding questions, please obtain legal counsel.
-----
**Last updated: November 2025**