Privacy Policy

Introduction

stellarpulse AG ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, and protect your information when you visit our website or use our services. We are the data controller for the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Our registered office is located at Beethovenstraße 185, 10725 Berlin, Germany. We are registered under company number HRB712893.

Data We Collect

We collect different types of information depending on how you interact with our services. The data collection includes both information you provide directly and information we collect automatically through your use of our website.

Information You Provide

• Contact information (name, email address, phone number, company details)
• Communication content (messages, enquiries, feedback)
• Service preferences and requirements
• Professional information related to your cosmetic clinic or beauty business

Information We Collect Automatically

• Website usage data (pages visited, time spent, click patterns)
• Device information (browser type, operating system, IP address)
• Cookies and similar tracking technologies (see our Cookie Policy for details)
• Referral sources and marketing attribution data

How We Use Your Information

We use of your data is based on legitimate business interests, contractual necessity, legal obligations, and your consent where required. We process your personal information for the following purposes:

• Providing compliance consultation and audit services
• Responding to your enquiries and communication
• Delivering custom compliance checklists and documentation
• Providing ongoing support and monitoring services
• Improving our website functionality and user experience
• Sending relevant service updates and regulatory notifications
• Marketing our services to potential clients (with appropriate consent)
• Complying with legal obligations and regulatory requirements

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use and how to control them, please see our Cookie Policy.

Data Sharing and Third Parties

We do not sell your personal data to third parties. We may share your information with trusted service providers who assist us in delivering our services, including:

• Website hosting and technical infrastructure providers
• Email communication and marketing platforms
• Analytics and performance monitoring services
• Legal and professional advisors when necessary
• Regulatory authorities when required by law

All third-party service providers are bound by appropriate data protection agreements and are required to protect your information in accordance with applicable laws.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal obligations. Our data retention periods include:

• Client communication and enquiries: 3 years from last contact
• Service delivery records: 7 years for regulatory compliance
• Website analytics data: 26 months maximum
• Marketing consent records: Until consent is withdrawn plus 3 years
• Legal and contractual documents: As required by applicable law

Your Rights

Under GDPR and applicable data protection laws, you have several rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Correct inaccurate or incomplete information
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for processing activities

To exercise any of these rights, please contact us using the contact information provided below.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication procedures
• Staff training on data protection and security practices
• Incident response and breach notification procedures

International Data Transfers

As we operate primarily within the European Union, most of your data is processed within the EU/EEA. When we do transfer data outside the EU/EEA, we ensure appropriate safeguards are in place, including:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules where applicable
• Your explicit consent for specific transfers

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date at the top of this page.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or need to contact us regarding data protection matters, please contact us:

You also have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data in accordance with applicable laws.