Datenschutzerklärung

Welcome to the Privacy Policy of DIBO Barbershop. We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) and applicable national data protection laws. This policy explains what data we collect, why we collect it, how we use it, and what rights you have regarding your personal information. By using our services, you acknowledge that you have read and understood this Privacy Policy.

The data controller responsible for the processing of your personal data is DIBO Barbershop, located at Regensburg DE. As the data controller, they determine the purposes and means of processing your personal data. For any questions regarding the processing of your data, you may contact the data controller directly using the contact details provided at the end of this document.

We use Ypsilon.dev UG (haftungsbeschränkt), located at Abensstraße 8, 93059 Regensburg, Germany, as our technical platform operator and data processor. Ypsilon.dev UG (haftungsbeschränkt) processes your data on our behalf and in accordance with our instructions, as governed by a Data Processing Agreement (DPA) pursuant to Article 28 GDPR. Ypsilon.dev UG (haftungsbeschränkt) implements appropriate technical and organisational measures to ensure the security of your data.

This booking and services platform is provided and operated by Ypsilon.dev UG (haftungsbeschränkt). The platform enables online appointment booking, customer loyalty programmes, gift card management, and related services. All data processing through the platform is carried out in compliance with European data protection standards. The platform infrastructure is hosted within the European Union to ensure your data remains protected under EU law.

In order to provide our services effectively, we collect and process several categories of personal data. The specific data collected depends on the services you use and the features enabled by the shop. We only collect data that is necessary for the stated purposes (data minimisation principle). Below you will find detailed information about each category of data we may process.

Your booking data — including appointment date, time, selected services, assigned staff member, and any notes you provide — is processed to fulfil our contractual obligations to you (Art. 6(1)(b) GDPR). This data is necessary to schedule and manage your appointments, send you confirmations and reminders, and maintain an accurate booking history. We retain booking records for the duration specified in our data retention policy below.

If you participate in our loyalty programme, we track your visits and stamp card progress to provide loyalty rewards. This data includes the number of stamps earned, dates of visits, and redemption history. Processing is based on our legitimate interest in maintaining customer loyalty programmes (Art. 6(1)(f) GDPR) and, where applicable, your consent. Stamp data is retained for as long as your account is active.

We process data related to reward claims, including the reward type, claim date, and fulfilment status. This enables you to redeem earned rewards through our loyalty programme. The legal basis is the performance of our loyalty programme terms (Art. 6(1)(b) GDPR). Reward claim records are kept for the period necessary to resolve any disputes and for accounting purposes.

Gift card data includes card codes, purchase amounts, remaining balances, and transaction history. This data is processed to enable the purchase, management, and redemption of gift cards (Art. 6(1)(b) GDPR). Gift card records are retained for as long as the card has a remaining balance and for a reasonable period thereafter for accounting and audit purposes.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Inactive customer accounts are automatically flagged after 24 months of inactivity. Following deletion, your data enters a grace period of 60 days during which it can be restored upon request. After this grace period, your data is permanently deleted or anonymised in accordance with our retention policy. Certain data may be retained longer where required by law (e.g., tax and accounting obligations).

Under Article 15 GDPR, you have the right to obtain confirmation as to whether your personal data is being processed and, if so, to access that data along with information about the purposes of processing, the categories of data concerned, the recipients, and the envisaged retention period. You may request a copy of your personal data free of charge. We will respond to your request within one month.

Under Article 17 GDPR, you have the right to request the deletion of your personal data without undue delay where the data is no longer necessary for its original purpose, you withdraw your consent, or the data has been unlawfully processed. You can initiate a data deletion request through your account at /my-data or by contacting us directly. Please note that we may be required to retain certain data for legal or contractual obligations.

Under Article 16 GDPR, you have the right to request the correction of inaccurate personal data and the completion of incomplete data. You can update most of your information directly through your account profile. For data that cannot be self-corrected, please contact us and we will rectify it promptly.

Under Article 20 GDPR, you have the right to receive your personal data in a structured, commonly used, and machine-readable format (such as JSON or CSV). You also have the right to transmit that data to another controller without hindrance. This right applies to data you have provided to us and that is processed based on consent or contract performance. You can request a data export through your account at /my-data.

Under Article 21 GDPR, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation, where processing is based on our legitimate interests. Upon receiving your objection, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for legal claims.

Where processing is based on your consent (Art. 6(1)(a) or Art. 9(2)(a) GDPR), you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal. You can withdraw consent through your account settings, by contacting us, or by using the unsubscribe mechanism in our communications.

Under Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR. You may file a complaint with the supervisory authority in your country of residence, your place of work, or the place of the alleged infringement. We encourage you to contact us first so we can try to resolve your concern directly.

Your personal data is stored and processed within the European Union. Our platform infrastructure, operated by Ypsilon.dev UG (haftungsbeschränkt), is hosted on servers located in the EU. In the event that data needs to be transferred to a country outside the EU/EEA, we will ensure that appropriate safeguards are in place, such as EU Standard Contractual Clauses (SCCs) or an adequacy decision by the European Commission, to protect your data.

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how your data is processed, please contact us at:
Email: info@barbershop-dibo.de
Phone: 0941 60016562
We aim to respond to all enquiries within 30 days.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features. When we make significant changes, we will notify you through a prominent notice on our website or via email. We encourage you to review this policy periodically. The date of the most recent update will be indicated at the top of this document. Continued use of our services after changes take effect constitutes your acceptance of the revised policy.