Data Handling & Privacy Policy for

Garden of Earthly Delights

Last updated: 22 September 2025.

We value your privacy and are committed to protecting your personal data. This document explains what information we collect, why we collect it, and how we handle it, in compliance with the General Data Protection Regulation (GDPR).

1. Data We Collect

When booking a private session, we ask you to provide:

  • Name or nickname (so we can address you properly)

  • Pronouns (so we can communicate respectfully)

  • Email address (for communication about your booking)

  • Phone number (for emergency communication)

  • Responses to optional questions (to help us prepare better for your experience)

2. Purpose of Data Collection

We collect this information solely for:

  • Communicating with you about your booking

  • Preparing and tailoring the event

  • Handling payment and administrative requirements

  • Meeting legal obligations (e.g. financial recordkeeping for tax purposes)

We do not use your data for marketing without your explicit consent.

3. Legal Basis

Your data is processed on the following legal bases under GDPR:

  • Contract performance: to provide the service you book.

  • Consent: for sensitive or optional information you choose to share with us.

  • Legal obligation: for financial transactions and invoicing.

4. Data Storage & Retention

  • Data are stored securely on Squarespace servers. Squarespace is certified under the EU–US Data Privacy Framework, ensuring adequate protection of personal data in line with GDPR.

  • Financial records (such as invoices and payment confirmations) are retained for 10 years, in compliance with German tax and commercial law.

  • Other personal data (such as session goals, preferences, and notes) are retained for up to 12 months after your last session, unless you request earlier deletion. This allows us to tailor any future sessions to your needs.

5. Data Sharing

We do not sell or share your personal data with third parties, except where necessary to:

  • Process payments (e.g. payment provider)

  • Comply with legal obligations (e.g. tax authorities if required)

6. Your Rights

Under GDPR, you have the right to:

  • Access your personal data

  • Request correction or deletion of your data

  • Restrict or object to processing

  • Withdraw consent at any time (without affecting the lawfulness of prior processing)

  • Receive your data in a portable format

To exercise these rights, please contact us at: hekateberlin@proton.me

7. Security

We take appropriate technical and organizational measures to keep your data safe and prevent unauthorized access, disclosure, alteration, or destruction.

8. Contact

If you have questions or concerns about how your data is handled, please contact:
Hekate at Soul Impact Berlin
Email: hekateberlin@proton.me
Tel: +49 1525 9466172

If you are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority (Datenschutzbehörde). In Germany, this is usually the authority of your federal state (Bundesland). A list of the competent authorities can be found here: https://www.bfdi.bund.de/SharedDocs/Adressen/EN/LfD/LfD_Liste.html