Last updated: 31 May 2026
The controller responsible for processing personal data on www.dollea.de and coworking.dollea.de is Klauser & Weinstein GbR, Gebsattelstr. 11, 81541 Munich, Germany. You can contact us by e-mail at info@dollea.de or by phone/WhatsApp at +49 1525 3876713.
This policy applies to the public salon pages, online appointment booking, vouchers, contact and lead requests, and to the coworking booking and customer account at coworking.dollea.de. Different categories of data are processed depending on how you use our services.
When you access our websites, technically necessary data is processed, in particular IP address, date and time of access, requested URL, referrer, browser, operating system and server response. This processing is required to deliver the website, analyse errors, prevent misuse and maintain IT security. The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest is the secure and stable operation of the websites.
If you book an appointment, submit a lead form, contact us by phone, WhatsApp, Instagram/Facebook Direct or e-mail, or if a team member manually creates an appointment in the availability calendar, we process the information needed for that purpose. This may include name, phone number, e-mail address, requested service, treatment preference, appointment time, assigned team member, booking status, conversation or processing notes and technical booking data.
Processing is carried out to take steps prior to entering into a contract and to perform a contract under Art. 6(1)(b) GDPR. Where we use status information and communication history for organisation, quality assurance and follow-up of enquiries, processing is based on our legitimate interest under Art. 6(1)(f) GDPR.
For registration, coworking bookings, invoices and customer management, we process data such as name, e-mail address, phone number, billing address, services offered, booking data, invoice data, payment status, internal notes and communication data. The legal bases are Art. 6(1)(b) GDPR for contract and booking handling and Art. 6(1)(c) GDPR for commercial and tax retention obligations.
For voucher orders, we process information about the purchaser and, where provided, the recipient. Online payments may involve payment service providers such as Stripe. Payment data is processed by the relevant payment provider; we usually receive only payment status, amounts and technical transaction references. The legal basis is Art. 6(1)(b) GDPR and, where statutory retention duties apply, Art. 6(1)(c) GDPR.
If you contact us via WhatsApp, Instagram, Facebook or other external platforms, the respective platform provider also processes personal data under its own privacy terms. We process the transmitted content, contact details and metadata to answer your enquiry, coordinate appointments and manage existing or prospective contractual relationships. The legal bases are Art. 6(1)(b) and Art. 6(1)(f) GDPR.
We use Meta Business Tools provided by Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland, to measure and optimise advertising campaigns on Facebook and Instagram. The Meta Pixel is loaded on our websites only after you have consented to the Marketing category in the cookie settings. Information such as visited pages, referrer, browser and device information, IP address, cookie identifiers such as _fbp and _fbc, and timestamps of page views may be transmitted to Meta.
We also use Meta Conversions API to send server-side conversion and lead status events to our Meta dataset. This may include events such as initial_lead, lead status changes, website_booking_created and manual_booking_created. The transmitted data may include event name, event time, source, booking value and currency, service name, service category, IP address, user agent, technical browser or click IDs such as fbp/fbc, and hashed contact data such as e-mail address, phone number, first name and last name. Where available, we also transmit the Meta-generated lead ID.
The browser pixel and marketing-related conversion measurement are used on the basis of your consent under Art. 6(1)(a) GDPR. You can withdraw your consent at any time via the cookie settings in the footer. Processing for internal lead and booking management is carried out, where required, under Art. 6(1)(b) GDPR or on the basis of legitimate interests under Art. 6(1)(f) GDPR. Meta may also process data in third countries, particularly the United States. Suitable safeguards such as standard contractual clauses or applicable adequacy decisions may be used for such transfers.
If you consent to the Statistics category, we may use Google Analytics 4 to analyse the use of our websites. Usage data, device information, shortened IP addresses, page views and interactions may be processed. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The legal basis is your consent under Art. 6(1)(a) GDPR. You can withdraw your consent at any time in the cookie settings.
We use necessary cookies to provide the website, protect sessions, enable CSRF protection and store your cookie selection. Statistics and marketing cookies are only set if you have consented. We store your selection in the dollea_consent cookie and log consent with version, timestamp, category selection, page, referrer, IP address and user agent so that we can demonstrate consent. The legal basis for necessary cookies is Art. 6(1)(f) GDPR; for statistics and marketing it is Art. 6(1)(a) GDPR.
Personal data may be transferred to technical service providers, hosting and e-mail providers, payment providers, Meta, Google, IT support, tax advisers and legal advisers where this is necessary for operation, booking handling, communication, billing, marketing measurement or statutory obligations. We carefully select service providers and conclude required data processing agreements or other data protection arrangements.
We store personal data only for as long as necessary for the respective purposes. Booking, customer and communication data is stored for the duration of the enquiry, the contractual relationship and subsequent statutory retention obligations. Commercial and tax-relevant documents may be retained for up to ten years. Consent logs are retained for as long as proof of consent is required. Marketing cookies such as _fbp and _fbc may have a limited lifetime of up to 90 days.
Subject to the GDPR, you have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection to processing based on legitimate interests (Art. 21). You may withdraw consent at any time with effect for the future. To exercise your rights, send a message to info@dollea.de.
You have the right to lodge a complaint with a data protection supervisory authority. In particular, you may contact the Bavarian Data Protection Supervisory Authority (BayLDA), Promenade 18, 91522 Ansbach, Germany.
We update this privacy policy when our processing activities, services used or legal requirements change. The current version is available on this page.