Privacy Policy
Placeholder text — replace with legally reviewed content before launch.
This policy explains how personal data is processed in Glimpii Doku in accordance with the GDPR.
1. Controller
[TODO: Name and contact details of the controller — see the imprint]
2. What data we process
Studio master data, account and sign-in data (via Keycloak), staff data, customer data and treatment documentation. The latter may contain health-related information — such as allergy notes.
3. Legal bases
Use of the application is based on the performance of a contract (Art. 6(1)(b) GDPR) as well as legal obligations to document hygiene and treatments (Art. 6(1)(c) GDPR). Health-related data (allergy notes) is processed on the basis of Art. 9(2) GDPR, as the documentation serves to fulfil the studio's legal obligations as the controller.
4. Retention period
Treatment and hygiene documentation is stored for the legally mandated retention period and then deleted or anonymised. Account data is retained until the account is closed. [TODO: add specific periods]
5. Recipients and processors
Authentication via Keycloak; payment processing via Stripe (USA — transfer based on the EU Standard Contractual Clauses); email delivery via an EU provider; hosting in the EU. Data processing agreements pursuant to Art. 28 GDPR are in place with processors.
6. Your rights
You have the right to access, rectification, erasure, restriction, data portability and objection (Art. 15–21 GDPR) as well as the right to lodge a complaint with a supervisory authority. Export and deletion of your account are available in the settings.
7. Contact
[TODO: Data protection contact address]