Data protection
Introduction
We take the protection of user data on our website and mobile app (the “Website” and the “Mobile App,” respectively) very seriously and are committed to protecting the information that users provide to us in connection with their use of our Website and/or Mobile App (collectively, “Digital Assets”). Furthermore, we are committed to protecting and using your data in accordance with applicable law.
This Privacy Policy explains our practices regarding the collection, use, and disclosure of your data through your use of our Digital Assets (the “Services”) when you access the Services via your devices.
Please read this Privacy Policy carefully and ensure that you fully understand our data practices before using our Services. If you have read and fully understand this policy and do not agree with our practices, you must discontinue using our Digital Assets and Services. By using our Services, you agree to the terms of this Privacy Policy. Continued use of the services constitutes your acceptance of this Privacy Policy and any amendments to it.
This Privacy Policy explains:
How we collect data
What data we collect
Why we collect this data
Who we share the data with
Where the data is stored
How long the data is retained
How we protect the data
How we handle minors
Updates or changes to the Privacy Policy
What data do we collect?
Below is an overview of the data we may collect:
Non-identified and non-identifiable information that you provide during the registration process or that is collected through your use of our services (“Non-Personal Data”). Non-Personal Data does not reveal who collected it. The Non-Personal Data we collect consists primarily of technical and aggregated usage information.
Individually identifiable information, i.e., any information that can be used to identify you or could reasonably be used to identify you (“Personal Data”). The personal data we collect through our services may include information requested from time to time, such as names, email addresses, physical addresses, telephone numbers, IP addresses, and more. When we combine personal data with non-personal data, we treat it as personal data for as long as it remains in combination.
Conducting Live Calls (as part of the Safety Lounge add-on service)
As part of the voluntary, optional Safety Lounge add-on service, we offer online live calls via Zoom (e.g., Q&A sessions or moderated discussions).
Voluntariness and Anonymity:
Active participation with camera, microphone, or real name is voluntary. Participants can participate anonymously or pseudonymously.
How do we collect data?
The main methods we use to collect data are listed below:
We collect data when you use our services. When you visit our digital assets and use our services, we may collect, record, and store your usage, sessions, and related information.
We collect data that you provide to us yourself, for example, when you contact us directly through a communication channel (such as an email with a comment or feedback).
We may also collect data from third-party sources, as described below.
We collect data that you provide when you log in to our services through a third-party provider such as Facebook or Google.
Why do we collect this data?
We may use your data for the following purposes:
to provide and operate our services;
to develop, customize, and improve our services;
to respond to your feedback, inquiries, and requests, and to offer assistance;
to analyze demand and usage patterns;
for other internal, statistical, and research purposes;
to improve our data security and fraud prevention capabilities;
to investigate violations and enforce our terms and policies, as well as to comply with applicable law, regulations, and governmental orders;
to send you updates, news, promotional material, and other information related to our services. You can choose whether or not to continue receiving promotional emails. If not, simply click the unsubscribe link in those emails.
Who do we share this data with?
We may share your data with our service providers to operate our services (e.g., storing data through third-party hosting services, providing technical support, etc.).
We may also disclose your data in the following circumstances: (i) to investigate, detect, prevent, or take action against unlawful activities or other wrongdoing; (ii) to establish or exercise our rights of defense; (iii) to protect our rights, property, or personal safety, as well as the safety of our users or the public; (iv) in the event of a change of control of us or one of our affiliates (through a merger, acquisition, or purchase of (substantially) all of our assets, among other things); (v) to collect, maintain, and/or manage your data through authorized third-party providers (e.g., cloud service providers), to the extent that this is reasonable for business purposes; (vi) to collaborate with third-party providers to improve your user experience. To avoid misunderstandings, we would like to point out that we may, at our sole discretion, transfer, share, or otherwise use non-personal data with third parties.
Please note that our services allow social interactions (e.g., publicly posting content, information, and comments, and chatting with other users). We advise you that any content or data you make available in these areas can be read, collected, and used by others. We recommend that you refrain from posting or sharing information that you do not wish to make public. Uploading content to our digital assets or otherwise making it available while using a service is done at your own risk. We cannot control the actions of other users or members of the public who have access to your data or content. You acknowledge and agree that copies of your data may remain accessible even after you delete it from cached and archived pages or after a copy/storage of your content has been made by a third party.
Please be aware that this may not affect the availability of your data.
Cookies and Similar Technologies
When you visit or access our services, we authorize third parties to use web beacons, cookies, pixel tags, scripts, and other technologies and analytics services (“Tracking Technologies”). These Tracking Technologies may allow third parties to automatically collect your data to improve your browsing experience on our digital assets, optimize their performance, and ensure a customized user experience, as well as for security and fraud prevention purposes.
To learn more, please read our Cookie Policy.
We will not share your email address or other personal data with advertising companies or networks without your consent.
Where do we store the data?
Non-Personal Data
Please note that our companies, as well as our trusted partners and service providers, are located around the world. For the purposes explained in this Privacy Policy, we store and process all non-personal data we collect in various jurisdictions.
Personal Data
Personal data may be collected, processed, and stored in the United States, Ireland, South Korea, Taiwan, Israel, and, to the extent necessary for the proper provision of our services and/or as required by law (as further explained below), in other jurisdictions.
How long will the data be retained?
Please note that we retain the collected data for as long as necessary to provide our services, comply with our legal and contractual obligations to you, resolve disputes, and enforce our agreements.
We may correct, supplement, or delete inaccurate or incomplete data at any time at our sole discretion.
How do we protect the data?
The hosting service for our digital assets provides us with the online platform through which we can offer you our services. Your data may be stored through our hosting provider's data storage, databases, and general applications. They store your data on secure servers behind a firewall and offer secure HTTPS access to most areas of their services.
All payment options offered by us and our hosting provider for our digital assets comply with the PCI DSS (Credit Card Industry Data Security Standard) regulations of the PCI Security Standards Council. This involves the collaboration of brands such as Visa, MasterCard, American Express, and Discover. PCI DSS requirements help ensure the secure handling of credit card data (including physical, electronic, and procedural measures) by our shop and service providers.
Despite the measures and efforts taken by us and our hosting provider, we cannot and will not guarantee absolute protection and security of the data you upload, publish, or otherwise share with us or others.
For this reason, we ask that you create strong passwords and, if possible, avoid sharing confidential information with us or others if you believe that disclosure could cause you significant or lasting harm. Since email and instant messaging are not considered secure forms of communication, we also ask that you do not share confidential information through any of these channels.
How do we handle minors?
These services are not intended for users who have not yet reached the age of legal age. We will not knowingly collect data from children. If you are not yet of legal age, you should not download or use the services or provide us with any information.
We reserve the right to request proof of age at any time to verify whether minors are using our services. If we become aware that a minor is using our services, we may prohibit and block that user's access and delete all data we hold about that user. If you have reason to believe that a minor has provided us with data, please contact us as explained below.
We use your personal data only for the purposes set out in the Privacy Policy and only if we are convinced that:
the use of your personal data is necessary to fulfill or enter into a contract (e.g., to provide you with the services themselves, customer service, or technical support);
The use of your personal data is necessary to comply with applicable legal or regulatory obligations, or
the use of your personal data is necessary to support our legitimate business interests (provided that this is always done in a proportionate manner and respects your data protection rights).
As an EU resident, you can:
request confirmation as to whether or not personal data concerning you is being processed, and request access to your stored personal data and certain additional information;
request to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format;
request the correction of your personal data stored by us;
request the erasure of your personal data;
object to our processing of your personal data;
request the restriction of the processing of your personal data; or
lodge a complaint with a supervisory authority.
Please note, however, that these rights are not absolute and may be subject to our own legitimate interests and regulatory requirements. If you have general questions about the personal data we collect and how we use it, please contact us as indicated below.
In the course of providing our services, we may transfer data across borders to affiliated companies or other third parties and from your country/jurisdiction to other countries/jurisdictions worldwide. By using our services, you consent to the transfer of your data outside the EEA.
If you are located in the EEA, your personal data will only be transferred to locations outside the EEA if we are satisfied that an adequate or comparable level of protection for personal data is ensured. We will take appropriate steps to ensure that we have suitable contractual agreements with our third parties to guarantee that appropriate safeguards are in place to minimize the risk of unlawful use, alteration, deletion, loss, or theft of your personal data and that these third parties act in accordance with applicable laws at all times.
If you are located in the EEA, your personal data will only be transferred to locations outside the EEA if we are satisfied that an adequate or comparable level of protection for personal data is guaranteed. Rights under the California Consumer Privacy Act
If you are a California resident using the Services, you may be entitled under the California Consumer Privacy Act (CCPA) to request access to and deletion of your information.
To exercise your right to access and delete your information, please see below for how to contact us.
We do not sell users' personal information for the purposes of the CCPA.
Users of the Services who are California residents and under the age of 18 may request and obtain the removal of their posted content by emailing the address provided below in the "Contact" section. All such requests must be marked "California Removal Request." All requests must include a description of the content you wish to have removed and sufficient information to allow us to locate the material. We do not accept messages that are not properly marked or transmitted, and we may not be able to respond if you do not provide sufficient information. Please note that your request does not guarantee that the material will be completely or comprehensively deleted. For example, material you have posted may be republished or reposted by other users or third parties.
Conducting Online Coaching via Zoom
We use the video conferencing service "Zoom" for conducting online coaching sessions. Zoom Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA, is the provider of this service. Personal data is processed solely for the purpose of conducting the coaching sessions, based on Article 6(1)(b) GDPR (performance of a contract), and – insofar as special categories of personal data (especially health data) are involved – on the basis of Article 9(2)(h) GDPR in conjunction with Section 22(1)(1)(b) of the German Federal Data Protection Act (BDSG).
We have concluded a data processing agreement with Zoom in accordance with Article 28 GDPR. Zoom generally processes data on servers within the EU, but may transfer data to third countries (especially the USA) in certain cases. Zoom is certified under the Data Privacy Framework, thus ensuring an adequate level of data protection.
Zoom generally processes data on servers within the EU, but may transfer data to third countries (especially the USA) in certain cases. Data processed during online coaching may include:
First and last name
Contact details
Health data
Technical connection data (e.g., IP address, device information)
The coaching sessions are not recorded. The data is processed only for the duration of the coaching session and is not permanently stored by Zoom afterward.
Further information on data processing by Zoom can be found at:
https://explore.zoom.us/de/privacy/
Conducting Live Calls
Recipients / Transfer to Third Countries
We use the service provider Zoom Video Communications Inc., USA, for conducting the sessions. Transfer to third countries (especially the USA) cannot be ruled out. We have concluded the standard contractual clauses published by the EU Commission with Zoom to ensure an adequate level of data protection.
Payment processing via Stripe (for credit card payments)
For processing credit card payments, we use the payment service provider Stripe, a service offered by Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.
Data processing is carried out for payment processing in accordance with Art. 6 para. 1 lit. b GDPR (performance of a contract). Stripe may process personal data such as name, email address, billing address, credit card details, and transaction data. Stripe acts as an independent data controller in this context.
Stripe may transfer data to third countries (in particular the USA). If a transfer to third countries takes place, it is based on the Standard Contractual Clauses (SCCs) approved by the EU Commission. Stripe is certified under the EU-U.S. Data Privacy Framework, which guarantees an adequate level of data protection.
Stripe For more information, please see Stripe's privacy policy at:
Use of PayPal as a payment service provider
We also offer the PayPal payment service for our online program. The provider is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal").
If you select payment via PayPal, the payment data you enter will be transmitted to PayPal. This typically includes:
Name,
Billing address,
Email address,
Purchase amount,
Payment information (e.g., bank or credit card details).
This transmission is based on Article 6 Paragraph 1 Letter b GDPR (contractual necessity). Payment processing via PayPal is not possible without this data transmission.
PayPal reserves the right to conduct a credit check for certain payment methods (e.g., direct debit, credit card via PayPal) and may transmit data to credit agencies for this purpose. Further information can be found in PayPal's Privacy Statement:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
PayPal may transfer personal data to companies within the PayPal Group and to service providers outside the EU/EEA. Insofar as data is transferred to third countries, PayPal relies on the EU Standard Contractual Clauses (SCCs), which you can view here:
https://www.paypal.com/de/webapps/mpp/ua/standard-contractual-clauses
Use of Apple Pay as a payment method
We offer payment processing via Apple Pay. The provider is Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland ("Apple").
If you select Apple Pay as your payment method, payment processing will be handled via the credit card, debit card, or bank account stored on your Apple device. The payment information you provide during the checkout process will be transmitted to Apple and the respective card issuer.
The legal basis for processing your data is Article 6(1)(b) GDPR (contractual necessity). Payment processing via Apple Pay is not possible without this data transfer.
Apple may also transfer personal data to third countries (especially the USA). In these cases, the transfer is based on the Standard Contractual Clauses (SCCs) approved by the European Commission.
For more information about data protection at Apple, please visit:
👉 https://www.apple.com/legal/privacy/de-ww/
Payment service provider Klarna
If the customer selects Klarna as the payment method during the ordering process, the personal data required for payment processing (e.g., name, address, email address, payment information) will be transmitted to Klarna.
The provider is Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden.
The data is transmitted for the purpose of payment processing and fulfilling the contract in accordance with Article 6 Paragraph 1 Letter b GDPR.
Further processing of the data is carried out by Klarna under its own responsibility. Further information on data protection at Klarna can be found in Klarna's privacy policy.
Updates or Changes to the Privacy Policy
We may revise this Privacy Policy from time to time at our sole discretion. The version published on the website is always the most current version (see the "Date" date). We encourage you to check this Privacy Policy regularly for changes. In the event of significant changes, we will post a notice on our website. If you continue to use the services after being notified of changes on our website, this constitutes your acceptance of the changes to the Privacy Policy and your agreement to be bound by the terms of those changes.
Contact
If you have general questions about the services or the data we collect about you and how we use it, please contact us at:
Name: Dr. Dr. Jacqueline Metzner, trading as Dr. Metzner Health Concepts
Address: Krummebergstr. 13, 88662 Überlingen, Germany
Email address: info@safetyretreat.com
Version dated October 12, 2025