Privacy Policy

1. Data Controller

Responsible for data processing on this website:

Sala Thai Massage & Spa
Nut Karch
Stievestr. 15, 80638 Munich, Germany
Phone: 089 / 926 585 60
Email: info@sala-thai-massage.com

Due to the size of our company, we are not required to appoint a Data Protection Officer under Art. 37 GDPR. For any data protection questions, please use the contact details listed above.

2. General Information on Data Processing

We take the protection of your personal data very seriously and treat your personal data confidentially in accordance with statutory data protection regulations (GDPR, BDSG, TDDDG) and this privacy policy. The use of our website is generally possible without providing personal data. Where personal data is collected on our pages, this is always done on a voluntary basis and with your knowledge.

Third-country transfers: To the extent personal data is transferred to countries outside the European Union (EU) or the European Economic Area (EEA), such transfers take place exclusively in compliance with the requirements of Art. 44 et seq. GDPR – for example, on the basis of an adequacy decision, standard contractual clauses, an approved certification mechanism (such as the EU-US Data Privacy Framework), or your explicit consent.

3. Hosting and Server Log Files

Our hosting provider automatically collects and stores information in server log files that your browser automatically transmits. These are: browser type and version, operating system used, referrer URL, hostname of the accessing computer, time of the server request and IP address. This data is not merged with other data sources. Collection is based on Art. 6(1)(f) GDPR (legitimate interest in the technically error-free presentation and optimisation of the website). Our server is operated in Germany by Hetzner Online GmbH (Gunzenhausen). Your data is not transferred to third countries for hosting purposes.

4. SSL/TLS Encryption

This site uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content. You can recognise an encrypted connection by the browser address bar changing from "http://" to "https://" and the lock icon in your browser bar.

5. Contact Form

When you send us enquiries via the contact form, the following data is collected: name, email address, phone number (optional), your message. Your IP address is recorded in anonymised form (for IPv4 the last two octets are set to zero; for IPv6 the address is truncated to its /48 prefix). The data is stored for the purpose of processing your enquiry and for follow-up questions. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures). Data is deleted once it is no longer required for its purpose.

An automated notification confirming receipt of your enquiry is sent internally by e-mail to our business address to ensure timely processing.

To prevent abuse and automated requests, your IP address is additionally processed temporarily in an in-memory store (rate limiting). A hidden form field ("honeypot") provides additional protection against automated spam. This data is not stored persistently. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in the security and availability of our service).

If you voluntarily disclose health data or other special categories of personal data within the meaning of Art. 9 GDPR in your message, we will process this data exclusively on the basis of your explicit consent pursuant to Art. 9 (2) (a) GDPR for the purpose of responding to your enquiry.

Alternatively you may reach us by phone at 089 / 926 585 60 or via WhatsApp at +49 176 576 270 86. When you use WhatsApp, your data – in particular your phone number, device information and message content – is processed by Meta Platforms Ireland Ltd. Data may be transferred to the United States to Meta Platforms, Inc.; Meta is certified under the EU-US Data Privacy Framework. Legal basis: Art. 6 (1) (a) GDPR (consent by active contact). Further information: https://www.whatsapp.com/legal/privacy-policy.

6. Online Booking (Salonized)

For online appointment booking, we use the Salonized service (Salonized B.V., Netherlands). The booking system is only loaded after you actively click on "Book Appointment". You are informed about the data transfer before loading. The following data is transmitted to Salonized:

  • Your IP address
  • Browser and device information
  • Data you enter in the booking form (name, contact details, desired service, appointment)

Legal basis: Art. 6(1)(a) GDPR (consent by active click). You can revoke your consent at any time by closing the booking overlay. Alternatively, you can book an appointment by phone at 089 / 926 585 60 or via WhatsApp at +49 176 576 270 86. More information: https://www.salonized.com/de/datenschutz

7. Google Maps

On our contact page, we offer the option to load a Google Maps map. The map is only loaded after you actively click, and you are informed about the data transfer beforehand. Only then is data transmitted to Google LLC (USA), in particular your IP address and location data. Legal basis: Art. 6(1)(a) GDPR (consent by click). Google is certified under the EU-US Data Privacy Framework. More information: https://policies.google.com/privacy

8. Fonts

All fonts used on this website (EB Garamond, Cormorant, Nunito Sans) are hosted locally on our own server. No connection to external font services such as Google Fonts takes place. No data is transmitted to third parties for the purpose of font delivery.

9. Cookies

Our website exclusively uses technically necessary cookies required for the operation of the site (e.g. session cookies). These cookies are set on the basis of § 25(2) TDDDG and Art. 6(1)(f) GDPR. Analytics, tracking or advertising cookies are not used. A cookie consent banner is therefore not required (cf. § 25(2) No. 2 TDDDG).

10. No Analytics or Tracking Services

We do not use any analytics or tracking services on our website (no Google Analytics, no Matomo, no social media plugins, no advertising pixels). No user profiles are created and no data is transmitted to advertising networks or analytics providers.

11. Data Retention and Deletion

Personal data from the contact form is automatically and irreversibly deleted from our database 90 days after receipt, regardless of whether the request has been answered, is in progress, or archived. This period is calibrated so that handling and any necessary follow-up on an open request remain practical without keeping personal data longer than the processing purpose requires. You may request earlier deletion of your data at any time.

12. Your Rights as a Data Subject

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)

To exercise these rights, please contact us by e-mail at info@sala-thai-massage.com or in writing at the address listed in § 1. Providing information, correcting or deleting your data is generally free of charge for you.

13. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR. The competent supervisory authority for us is: Bayerisches Landesamt fuer Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany, poststelle@lda.bayern.de.

14. Google reviews and customer testimonials

On our website we display selected reviews published by our customers on Google Maps. The reviews are served exclusively from our own servers, no external Google services are loaded when you open the page and no cookies are set. Both the review text and the Google logo are delivered locally. Reviewers are identified only by first name or first name plus last-name initial, consistent with how they appear publicly on Google. The legal basis for citing these reviews is our legitimate interest in displaying authentic customer testimonials (Article 6(1)(f) GDPR). If you click the "View all reviews on Google" link you will leave our website and be redirected to Google Maps; from that point the privacy policy of Google Ireland Limited applies (https://policies.google.com/privacy).

Source and categories of processed data (information pursuant to Art. 14 GDPR): The cited review texts originate exclusively from the publicly accessible Google Maps business profile of Sala Thai Massage & Spa. The data processed comprises first name (or first name plus last-name initial), review text, star rating and the date of the review – exactly as they appear publicly on Google. We do not collect this data directly from the reviewers; this constitutes indirect data collection. Individual notification of each reviewer would, in accordance with Art. 14 (5) (b) GDPR, be disproportionate, as we do not have their contact information and the data is already publicly accessible.

15. Automated Decision-Making and Profiling

No automated decision-making, including profiling, within the meaning of Art. 22 (1) and (4) GDPR takes place. We do not create user profiles and do not make decisions that produce legal effects concerning you or similarly significantly affect you.

16. Protection of Minors

Persons under the age of 16 should not transmit personal data to us without the consent of their legal guardians. We do not knowingly collect data from minors under 16 and do not conduct targeted marketing aimed at this age group.

Last updated: 5/7/2026

Load booking system

Loading the booking system will transmit data to Salonized (salonized.com).

Privacy Policy