Privacy policy

Privacy Policy

Last updated: June 2026

1. Data protection at a glance

General information

The following information provides an overview of what happens to your personal data when you visit our website, contact us, or book one of our services.

Personal data means any information that can be used to identify you directly or indirectly. This includes, for example, your name, address, telephone number, email address, IP address, and information relating to an event or booking.

Data collection on this website

Data processing on this website is carried out by the website operator. The contact details of the controller can be found in the following section of this Privacy Policy.

Some data is collected automatically when you visit the website by our IT systems or by the systems of our technical service providers. This primarily includes technical data such as your browser type, operating system, IP address, access time, and the pages you visit.

Other data is processed when you provide it to us, for example through a contact form, booking or order form, by email, telephone, WhatsApp, Telegram, SMS, or through social networks.

2. Controller

The controller responsible for processing personal data on this website is:

Alona Yanchenko
Holunderweg 9
65510 Idstein
Germany

Telephone: +49 178 3111 805
Email: shakeparty.de@gmail.com

The controller determines, alone or jointly with others, the purposes and means of processing personal data.

3. General legal bases for data processing

We process personal data only where there is a lawful basis for doing so. Depending on the specific processing activity, the following legal bases may apply:

  • Article 6(1)(a) GDPR, where you have given us your consent;
  • Article 6(1)(b) GDPR, where processing is necessary in order to take steps prior to entering into a contract or to perform a contract;
  • Article 6(1)(c) GDPR, where processing is necessary to comply with a legal obligation;
  • Article 6(1)(d) GDPR, where processing is necessary to protect vital interests;
  • Article 6(1)(f) GDPR, where processing is necessary for our legitimate interests or those of a third party and those interests are not overridden by your interests, fundamental rights, or freedoms;
  • Article 9(2)(a) GDPR, where you have expressly consented to the processing of special categories of personal data, such as health or allergy information.

Where consent is required for storing information on your terminal device or accessing information already stored on it, processing is additionally based on Section 25(1) TDDDG.

Storage or access operations that are strictly necessary for technical purposes are carried out on the basis of Section 25(2) TDDDG.

4. Withdrawal of consent

You may withdraw consent that you have previously given at any time with effect for the future. The lawfulness of processing carried out before the withdrawal remains unaffected.

You may change or withdraw your cookie consent at any time through the “Cookie Settings” link available on our website.

5. Right to object under Article 21 GDPR

Where processing is based on Article 6(1)(e) or Article 6(1)(f) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data.

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing for such marketing.

6. Storage period

Unless a more specific storage period is stated in this Privacy Policy, we retain personal data only for as long as it is required for the relevant processing purpose.

Once the processing purpose no longer applies, the data will be deleted unless continued storage is required due to statutory retention obligations, legitimate interests, ongoing contractual relationships, or the establishment, exercise, or defence of legal claims.

Contractual, invoicing, accounting, and tax-relevant data is retained in accordance with the applicable statutory retention periods.

7. Recipients of personal data

As part of our business activities, we cooperate with external organisations and service providers. Personal data is disclosed only where this is necessary to perform a contract, comply with a legal obligation, pursue a legitimate interest, or where you have given your consent.

Possible recipients or categories of recipients include:

  • hosting and website service providers;
  • Shopify and Shopify-affiliated companies;
  • payment service providers and banks;
  • tax advisers and accounting service providers;
  • IT and technical support providers;
  • communications and messaging service providers;
  • analytics, marketing, and advertising providers where you have consented;
  • entertainers, performers, and event staff engaged by us;
  • transport companies or delivery service providers where necessary;
  • public authorities where disclosure is required by law.

8. Processing on our behalf

Where external service providers process personal data exclusively in accordance with our instructions, we enter into data processing agreements with them under Article 28 GDPR where required by law.

9. Transfers to third countries

Some of the service providers we use are located outside the European Union or European Economic Area or use servers located in so-called third countries.

Personal data is transferred only where the requirements of Articles 44 et seq. GDPR are satisfied. Depending on the provider, the transfer may be based on an adequacy decision, certification under the EU-US Data Privacy Framework, European Commission Standard Contractual Clauses, or other appropriate safeguards.

Despite the use of appropriate safeguards, it cannot always be completely excluded that public authorities in third countries may access data or that European data subject rights may be enforceable only to a limited extent.

10. SSL and TLS encryption

For security reasons and to protect the transmission of confidential information, this website uses SSL or TLS encryption.

You can recognise an encrypted connection by the “https://” at the beginning of the website address and the padlock symbol displayed in your browser’s address bar.

Where encryption is active, the data you transmit to us cannot readily be read by third parties.

11. Server log files

When you visit our website, the web server automatically records information in server log files. This may include:

  • IP address;
  • date and time of access;
  • the page or file accessed;
  • amount of data transferred;
  • referrer URL;
  • browser type and browser version;
  • operating system;
  • hostname of the accessing device;
  • HTTP status code.

This processing is necessary to provide the website securely, reliably, and without technical errors and to detect and prevent misuse and attacks.

The legal basis is Article 6(1)(f) GDPR. Our legitimate interest is the secure and reliable provision of our online services.

12. Hosting and website operation through Shopify

Our website and online offering are operated through Shopify.

The service provider for merchants in the European Economic Area is, in particular:

Shopify International Limited
Victoria Buildings
1–2 Haddington Road
Dublin 4, D04 XN32
Ireland

Shopify provides the technical platform through which we manage our website, content, services, bookings, enquiries, and, where applicable, orders.

Shopify may process the following categories of data:

  • IP address and device information;
  • browser and website usage data;
  • cookie and session identifiers;
  • name and contact details;
  • billing and event addresses;
  • booking, order, and contract information;
  • payment status and transaction information;
  • customer account and communication data;
  • information used for fraud and abuse prevention.

Depending on the processing activity, the legal basis is Article 6(1)(b), (c), or (f) GDPR. Analytics and marketing activities requiring consent are based on Article 6(1)(a) GDPR and Section 25(1) TDDDG.

Shopify may disclose personal data to affiliated companies and subcontractors and may process data outside the EU or EEA.

Further information: Shopify Privacy Policy

13. Shopify Network Intelligence and enhanced Shopify services

Where functions such as Shopify Network Intelligence, enhanced analytics, or network-based Shopify services are enabled in our Shopify store, Shopify may combine data about interactions with our store with information from other Shopify services or other Shopify merchants.

This may be used to improve Shopify services, prevent fraud, create analytics, personalise functions, and measure advertising effectiveness.

Where consent is required for such processing, the relevant functions are activated only after you make your choice in the cookie banner.

The legal basis is Article 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG. Where processing is necessary for security or fraud prevention, it may be based on Article 6(1)(f) GDPR.

14. Shopify customer account

Our website may offer the option of creating a customer account. In this case, we process your name, email address, contact details, booking or order history, and the technical information required for login.

The processing is carried out to provide and manage the customer account and to simplify future bookings or orders.

The legal basis is Article 6(1)(b) GDPR. You may request deletion of your customer account unless statutory retention obligations or ongoing contractual relationships prevent deletion.

15. Contact forms and quotation requests

If you contact us using a contact form or enquiry function, we process the data you enter in order to handle your request.

This may include:

  • name;
  • email address;
  • telephone number;
  • event date and time;
  • event venue and address;
  • number and ages of participating children;
  • name and age of the birthday child;
  • requested characters or services;
  • message content;
  • technical transmission information.

Processing is carried out to handle your enquiry and prepare a possible contract.

The legal basis is Article 6(1)(b) GDPR. For general enquiries, processing is based on Article 6(1)(f) GDPR. Our legitimate interest is the proper and efficient handling of communications.

16. Contact by email and telephone

If you contact us by email or telephone, we process your contact details and the content of your enquiry.

The data is used to respond to your enquiry, prepare a quotation, coordinate an appointment, or perform a contract.

The legal basis is Article 6(1)(b) GDPR or, in the case of general enquiries, Article 6(1)(f) GDPR.

17. Bookings, orders, and contract performance

If you book an entertainment programme, mascot appearance, workshop, decoration, balloon delivery, photography or video service, or another service, we process the data necessary to perform the contract.

This may include:

  • the customer’s name and contact details;
  • billing address;
  • event address;
  • event date, time, and duration;
  • selected services and characters;
  • number and ages of participants;
  • special organisational instructions;
  • payment and invoicing information;
  • communications relating to the organisation of the event.

The legal basis is Article 6(1)(b) GDPR. Processing required to comply with tax and commercial law obligations is based on Article 6(1)(c) GDPR.

18. Information relating to children

Our contracts and booking offers are generally intended for adults, particularly parents, legal guardians, and event organisers.

In order to organise a children’s event, we may process information about a child, such as their first name, age, birthday theme, or special requests.

Please provide us only with information about children that is genuinely necessary for organising and carrying out the event.

Processing is based on Article 6(1)(b) GDPR. Where consent is required, it must be given by the person holding parental responsibility.

19. Allergies, intolerances, and health information

For certain services, particularly face painting, glitter tattoos, food-related workshops, or other activities, information about allergies, intolerances, or health-related requirements may be relevant.

Such information may constitute special categories of personal data within the meaning of Article 9 GDPR.

We process such data only where it is necessary for the safe performance of a booked service and where the data subject or the person holding parental responsibility has given explicit consent.

The legal basis is Article 9(2)(a) GDPR. Consent may be withdrawn at any time with effect for the future.

The information is disclosed only to persons who require it for the safe performance of the event.

20. Disclosure of event information to entertainers and service providers

In order to perform a booked event, necessary information may be disclosed to the entertainers, performers, drivers, photographers, videographers, or other event service providers engaged by us.

This may include the event address, date, time, contact person, telephone number, booked services, and organisational instructions.

Information is disclosed only to the extent necessary. The legal basis is Article 6(1)(b) GDPR.

21. Payment processing

In order to process payments, we use payment and transaction information. Depending on the selected payment method, data may be transferred to banks or payment service providers.

Processing for contract performance is based on Article 6(1)(b) GDPR. Processing required to comply with legal obligations is based on Article 6(1)(c) GDPR.

PayPal

When you pay through PayPal, the information required to process the payment is transferred to PayPal.

The European service provider is:

PayPal (Europe) S.à r.l. et Cie, S.C.A.
22–24 Boulevard Royal
L-2449 Luxembourg

Further information: PayPal Privacy Statement

Shopify Payments, credit cards, and other payment methods

Where payments are made through Shopify Payments, credit card, Shop Pay, Apple Pay, Google Pay, or other methods offered during checkout, the required payment information is processed by Shopify and the payment providers involved.

As a rule, we do not receive complete payment details. We generally receive information about the payment status, transaction, and, where applicable, shortened payment details.

22. Cookies and similar technologies

Our website uses cookies and similar technologies, including Local Storage, pixels, tags, web beacons, and other identifiers.

Cookies are small files or units of information that may be stored on your device or accessed from it.

We use the following main categories:

  • Necessary cookies: required for website operation, security, navigation, shopping basket, or booking functions.
  • Preference cookies: store language, display, or other settings.
  • Statistics cookies: help us understand how the website is used and improve our services.
  • Marketing cookies: are used to measure advertising, create audiences, and display personalised content or advertising.
  • External media cookies: enable embedded maps, videos, and social-media content to be displayed.

Technically necessary cookies are used on the basis of Section 25(2) TDDDG and Article 6(1)(f) GDPR.

Non-essential cookies and similar technologies are activated only after your consent on the basis of Section 25(1) TDDDG and Article 6(1)(a) GDPR.

23. Consent management and cookie banner

We use a consent-management solution integrated into or connected with Shopify to obtain and document your choices regarding cookies and similar technologies.

The following information may be processed:

  • consent status;
  • time of selection;
  • region or language;
  • shortened or complete IP address;
  • browser and device information;
  • consent ID or a similar identifier.

Processing is necessary to demonstrate valid consent and comply with legal obligations.

The legal basis is Article 6(1)(c) GDPR in conjunction with Article 7(1) GDPR.

24. Shopify Analytics

Shopify provides us with statistical reports about visits, sales, bookings, shopping baskets, devices used, referral sources, and interactions with our online offering.

Where this involves technically necessary or aggregated statistical data, processing is based on Article 6(1)(f) GDPR.

Where cookies or similar identifiers are used for analytics purposes, processing begins only after your consent on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG.

25. Google Tag Manager

We use Google Tag Manager. The provider is:

Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland

Google Tag Manager enables us to manage website tags centrally. Other analytics, marketing, or external services may be integrated through these tags.

The Tag Manager itself is primarily used to manage services. However, when it is loaded, a connection to Google may be established and technical data, particularly the IP address, may be processed.

Activation is based on your consent under Article 6(1)(a) GDPR and Section 25(1) TDDDG.

Further information: Google Privacy Policy

26. Google Analytics 4

We use Google Analytics 4 to analyse the use of our website. The provider is Google Ireland Limited.

Google Analytics may process the following data:

  • IP address;
  • approximate location;
  • browser and device information;
  • operating system;
  • pages visited;
  • length of visit;
  • interactions, clicks, and scrolling behaviour;
  • source of the visit;
  • booking, purchase, and conversion events;
  • cookie and device identifiers.

Google Analytics is activated only after you have given your consent.

The legal basis is Article 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

We use the data-protection and security settings made available by Google to the extent supported by our configuration.

Processing by Google LLC in the United States cannot be excluded.

Google Signals

Where Google Signals is enabled, data relating to users who are signed in to their Google accounts and have allowed personalised advertising may be analysed across different devices.

This may allow aggregated demographic information and cross-device usage patterns to be provided in Google Analytics.

This processing is also carried out only after you have given your consent.

27. Google Consent Mode

We may use Google Consent Mode to communicate the choices you make in our cookie banner to Google services.

Depending on your selection, Google tags may be fully activated, run in a restricted mode, or remain blocked.

Google Consent Mode does not replace your consent. Access to or storage of information that requires consent takes place only after the corresponding selection.

28. Google Ads, conversion tracking, and remarketing

We use Google Ads to promote our services and measure the effectiveness of our advertisements.

If you reach our website through a Google advertisement, Google may store a cookie or similar identifier. This makes it possible to determine whether a specific action, such as an enquiry or booking, has taken place.

As part of remarketing functions, audiences may be created in order to display relevant advertising to users on other websites or Google services.

The data processed may include IP address, device information, advertising identifiers, pages visited, clicks, and conversion events.

Processing is carried out only after your consent on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG.

29. Google Maps

We use Google Maps to display maps, locations, and travel directions. The provider is Google Ireland Limited.

When a map is loaded, your IP address, device information, location information, and usage data may be transferred to Google.

If you are signed in to a Google account, your use of the map may be associated with your account.

Google Maps is loaded only after your consent or after you actively open the relevant external content.

The legal basis is Article 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

30. YouTube

Videos from the YouTube platform may be embedded on our website. YouTube is a Google service.

When a YouTube video is loaded or played, your IP address, device information, referrer URL, video-viewing information, and other usage data may be transmitted to Google.

If you are signed in to YouTube or Google, your use of the service may be associated with your account.

YouTube content is loaded only after you have given consent or actively opened the external content.

The legal basis is Article 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

31. Google Fonts

Our website may use Google Fonts.

Where fonts are stored locally on our server or within Shopify infrastructure, no direct connection to Google Fonts servers is established when you access the website.

Where fonts are loaded directly from Google servers, your IP address may be transferred to Google. External loading takes place only after consent where this is technically and legally required.

The legal basis is Article 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

32. Google reCAPTCHA

We may use Google reCAPTCHA to determine whether entries in forms are made by a natural person or an automated program.

In this context, Google may process your IP address, mouse movements, time spent on the page, browser and device information, and other technical characteristics.

The service is used to protect our website against spam, misuse, and automated attacks.

Where consent is required, reCAPTCHA is activated only after your selection. The legal basis is Article 6(1)(a) GDPR and Section 25(1) TDDDG.

33. Meta Pixel

We use Meta Pixel to measure and optimise advertising on Facebook and Instagram.

The provider is:

Meta Platforms Ireland Limited
Merrion Road
Dublin 4, D04 X2K5
Ireland

Meta Pixel may process:

  • IP address;
  • browser and device information;
  • pages visited;
  • clicks and interactions;
  • referrer URL;
  • cookie and advertising identifiers;
  • enquiries, bookings, and other conversion events.

Meta may use this information to create audiences, measure advertising campaigns, and display personalised advertising.

Meta Pixel is activated only after you have given your consent.

The legal basis is Article 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

Further information: Meta Privacy Policy

34. Meta Conversions API

We may also use the Meta Conversions API. Certain event information is then transmitted to Meta on the server side.

Depending on the configuration, this may include information about page views, enquiries, bookings, orders, transactions, or hashed contact details.

The service is used to measure advertising campaigns, attribute conversions, and improve advertisement delivery.

Where processing is based on consent, the relevant data is transmitted only where marketing consent has been given.

The legal basis is Article 6(1)(a) GDPR.

35. Facebook and Instagram

We operate business profiles on Facebook and Instagram.

When you visit our profiles, view posts, comment, share content, or send us a message, Meta processes personal data under its own responsibility.

Meta may process profile information, IP address, device information, interactions, message content, and user behaviour.

We may receive aggregated statistics about the use of our profiles. For certain Page Insights functions, we and Meta may be considered joint controllers.

Our processing of messages and interactions is based on Article 6(1)(b) or Article 6(1)(f) GDPR. Our legitimate interest is customer communication and the public presentation of our services.

36. TikTok Pixel and TikTok advertising

We use TikTok Pixel to measure, analyse, and optimise our advertising on TikTok.

The provider for users in the European Economic Area is, in particular:

TikTok Technology Limited
10 Earlsfort Terrace
Dublin, D02 T380
Ireland

TikTok Pixel may process your IP address, device information, browser data, advertising identifiers, pages visited, clicks, interactions, and conversion events.

TikTok may use this information to measure advertising campaigns, create audiences, and display personalised advertising.

Processing of or access to data outside the EU or EEA cannot be excluded.

TikTok Pixel is activated only after your explicit consent.

The legal basis is Article 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

Further information: TikTok Privacy Policy

37. Embedded TikTok content

Videos, posts, or other TikTok content may be embedded on our website.

When embedded content is loaded, a connection to TikTok may be established. Your IP address, device information, referrer URL, and information about your use of the embedded content may be processed.

TikTok content is loaded only after your consent or active selection.

38. Pinterest and Pinterest Tag

We operate a business profile on Pinterest and may use Pinterest Tag to measure the effectiveness of our advertising.

The provider is:

Pinterest Europe Ltd.
Palmerston House, 2nd Floor
Fenian Street
Dublin 2
Ireland

Pinterest Tag may collect information about page views, clicks, interactions, browser and device information, and conversion events.

Pinterest Tag is activated only after you have given your consent.

The legal basis is Article 6(1)(a) GDPR and Section 25(1) TDDDG.

Further information: Pinterest Privacy Policy

39. X, formerly Twitter

We operate a profile on X. For European users, the service is provided, in particular, by X Internet Unlimited Company in Ireland.

When you visit our profile or interact with our content, X may process profile information, your IP address, device information, cookies, interactions, and user behaviour.

Further information: X Privacy Policy

40. Tumblr

We operate a profile on Tumblr.

When you visit our Tumblr profile or interact with our posts, Tumblr processes personal data under its own responsibility.

This may include your IP address, device information, account information, cookies, interactions, and usage information.

Further information: Tumblr Privacy Policy

41. External social-media links

Our website contains links to our profiles on Facebook, Instagram, YouTube, TikTok, X, Pinterest, Tumblr, and Telegram.

When ordinary external links are used, a connection to the relevant platform is generally established only after you click the link.

After clicking the link, you leave our website. The operator of the relevant platform is generally responsible for the subsequent processing of your data.

42. Communication through WhatsApp

We offer the option of contacting us through WhatsApp.

The provider for users in the European Economic Area is:

WhatsApp Ireland Limited
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

The following data may be processed when WhatsApp is used:

  • mobile telephone number;
  • profile name and profile picture;
  • message content and media files;
  • time and duration of communications;
  • device and connection information;
  • address-book information, depending on your device settings.

Use of WhatsApp is voluntary. You may alternatively contact us by email or telephone.

Where the communication relates to an enquiry or booking, the legal basis is Article 6(1)(b) GDPR. General communications are processed on the basis of Article 6(1)(f) GDPR.

Further information: WhatsApp Privacy Policy

43. Communication through Telegram

You may voluntarily contact us through Telegram.

The provider is Telegram Messenger Inc. Telegram has appointed a representative under Article 27 GDPR for users in the European Economic Area.

When communicating through Telegram, your telephone number, username, profile picture, message content, files, communication times, and technical information may be processed.

Telegram is a cloud-based communications service. Processing or transfer of data outside the EU or EEA cannot be excluded.

Use of the service is voluntary. Alternative communication methods are email and telephone.

The legal basis is Article 6(1)(b) GDPR for contract-related communications and Article 6(1)(f) GDPR for general enquiries.

Further information: Telegram Privacy Policy

44. SMS and mobile communications

If you provide us with your mobile telephone number, we may use it to send SMS messages or mobile communications relating to a contract.

This may include:

  • booking confirmations;
  • appointment confirmations and reminders;
  • travel or arrival information;
  • short-notice changes;
  • organisational information about the event;
  • payment or collection information;
  • responses to your enquiries.

Contract-related messages are processed on the basis of Article 6(1)(b) GDPR.

Depending on the telecommunications or SMS provider used, your telephone number, message content, sending time, delivery status, device information, and technical connection information may be processed.

Marketing SMS messages

Marketing SMS messages, for example about promotions, offers, or new services, are sent only where appropriate consent has been given or a statutory exception applies.

The legal basis is Article 6(1)(a) GDPR in conjunction with the applicable statutory requirements governing electronic direct marketing.

You may withdraw your consent at any time with effect for the future, for example by replying to the message or contacting us by email.

45. Shopify Inbox and chat functions

Shopify Inbox or a comparable chat function may be used on our website.

When you use the chat, we process the content of your message, your contact details, the date and time of the communication, and technical device and session information.

Processing is carried out to answer questions, provide customer support, and prepare or perform bookings.

The legal basis is Article 6(1)(b) GDPR or Article 6(1)(f) GDPR.

46. Newsletter and email marketing

If you subscribe to our newsletter or other promotional email communications, we process your email address, your name where applicable, and information about your subscription.

Subscription may be confirmed through a double opt-in procedure. In this context, the subscription time, confirmation time, IP address, and wording of the consent may be stored.

Processing is based on your consent under Article 6(1)(a) GDPR.

You may withdraw your consent at any time through the unsubscribe link included in the relevant email or by contacting us.

Shopify Email

Where we use Shopify Email, information relating to recipients, sending, and responses to communications is processed through Shopify.

Emails may contain technical elements that make it possible to determine whether an email was opened or a link was clicked.

Personalised measurement of effectiveness is carried out only on the basis of your consent.

47. Customer reviews and testimonials

If you send us a review or testimonial, we process the information you provide.

Your name, review, photographs, or other personal information is published only with your consent or in anonymised form.

The legal basis is Article 6(1)(a) GDPR. Consent may be withdrawn with effect for the future unless statutory grounds prevent this.

48. Photographs and video recordings at events

Photographs or video recordings may be created as part of our services where this has been expressly booked or agreed.

Recordings of identifiable individuals are created and used only where an appropriate legal basis exists.

Recordings of children generally require the consent of the persons holding parental responsibility. The organiser is responsible for informing us about individuals who must not be photographed or recorded.

The legal basis is generally Article 6(1)(a) GDPR. Where a photography or video service has been expressly booked, Article 6(1)(b) GDPR may also apply.

49. Publication of photographs and video recordings

Photographs and video recordings are published on our website, on social networks, or in advertising materials only where the data subject or the person holding parental responsibility has given explicit consent.

Consent may generally be withdrawn at any time with effect for the future. Materials that have already been printed generally cannot be recalled or destroyed retrospectively.

Where material is published on social networks, complete deletion cannot be guaranteed after further distribution by other users.

50. Security and fraud prevention

We and our technical service providers may process data to detect and prevent fraud, misuse, spam, unauthorised access, payment defaults, and other security risks.

This may involve analysing IP addresses, device information, session data, booking information, payment status, and unusual user activity.

The legal basis is Article 6(1)(f) GDPR. Our legitimate interest is the protection of our website, customers, and business operations.

51. Statutory retention obligations

Where data forms part of invoices, contracts, business correspondence, accounting documents, or tax records, it is retained for the applicable statutory retention periods.

The legal basis is Article 6(1)(c) GDPR.

52. Legal claims and defence

We may retain and process personal data where this is necessary for the establishment, exercise, or defence of legal claims.

The legal basis is Article 6(1)(f) GDPR. Our legitimate interest is the protection and enforcement of our legal rights.

53. Automated decision-making and profiling

As a rule, we do not make decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you.

Analytics and advertising providers may create profiles or target audiences as part of their own services. Such services are activated on our website only after your consent where consent is required.

54. Requirement to provide data

When making a booking or entering into a contract, you must provide the personal data required to establish, perform, and terminate the contractual relationship.

Without this information, we may not be able to process your enquiry or provide the requested service.

There is no statutory or contractual requirement to use WhatsApp, Telegram, social networks, or marketing services.

55. Your rights

Subject to the applicable statutory requirements, you have the following rights:

  • the right of access to your personal data under Article 15 GDPR;
  • the right to rectification of inaccurate data and completion of incomplete data under Article 16 GDPR;
  • the right to erasure under Article 17 GDPR;
  • the right to restriction of processing under Article 18 GDPR;
  • the right to data portability under Article 20 GDPR;
  • the right to object to certain processing under Article 21 GDPR;
  • the right to withdraw consent under Article 7(3) GDPR;
  • the right to lodge a complaint with a supervisory authority under Article 77 GDPR.

To exercise your rights, please contact: shakeparty.de@gmail.com

56. Right of access

You may request confirmation as to whether we process personal data relating to you. Where processing takes place, you may request further information concerning the purposes of processing, categories of data, recipients, storage periods, and your rights.

57. Right to rectification and erasure

You may request the correction of inaccurate data and the completion of incomplete data.

You may also request deletion of your personal data unless statutory retention obligations, overriding legitimate interests, or other lawful grounds prevent deletion.

58. Right to restriction of processing

Subject to the statutory requirements, you may request restriction of the processing of your personal data.

59. Right to data portability

Where the statutory requirements are met, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format or to request that it be transmitted to another controller.

60. Right to lodge a complaint with a supervisory authority

If you believe that the processing of your personal data infringes data-protection law, you have the right to lodge a complaint with a supervisory authority.

The following supervisory authority is generally responsible for businesses established in the State of Hesse:

The Hessian Commissioner for Data Protection and Freedom of Information
Wilhelmstraße 7
65185 Wiesbaden
Germany

Postal address:
Postfach 3163
65021 Wiesbaden
Germany

Website: https://datenschutz.hessen.de

The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

61. Data Protection Officer

Where there is no legal obligation to appoint a Data Protection Officer, you may direct all data-protection enquiries to the controller identified above.

62. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy where legal requirements, our services, technical systems, or the service providers we use change.

The version currently published on this website applies.

63. Prevailing German version

This translation is provided for ease of understanding. In the event of discrepancies, differences in wording, or questions of interpretation, the German version of this Privacy Policy shall prevail.