top of page
Kailo-logo-blue.png

Data Protection/ Privacy Policy

1. Controller and Data Protection Officer
Responsible for data processing:
Olivia Köhler
cocreation.loft
Schinkestraße 9, 12047 Berlin
Germany
Email: kailonaturetherapy @ gmail.com
Phone: +49 (0) 171 5410558

2. General Information on Data Processing
2.1 Scope of Personal Data Processing
We process personal data of our users only to the extent necessary to provide a functional website, our content, and services. The processing of personal data occurs regularly only with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of data is permitted by law.

2.2 Legal Basis for Processing Personal Data

  • Art. 6 (1) lit. a GDPR serves as the legal basis when we obtain consent for processing personal data.

  • Art. 6 (1) lit. b GDPR applies when processing personal data is necessary for the performance of a contract (e.g., booking inquiries, event registrations).

  • Art. 6 (1) lit. f GDPR serves as the legal basis when processing is necessary for the purposes of our legitimate interests (e.g., website analytics, security).
     

3. Data Collection on Our Website
3.1 Server Log Files
When you visit our website, your browser automatically transmits certain information that is temporarily stored in server log files. This includes:

  • IP address

  • Date and time of access

  • Browser type and version

  • Operating system

  • Referrer URL (previously visited page)

This data is processed on the basis of Art. 6 (1) lit. f GDPR (legitimate interest in ensuring system security and website functionality). The data is automatically deleted after 7 days.
Hosting: This website is hosted by Wix.com Ltd. (40 Namal Tel Aviv St., Tel Aviv, Israel). Wix processes data on our behalf and is contractually bound to comply with GDPR requirements. For more information, see Wix's privacy policy: https://www.wix.com/about/privacy

3.2 Cookies
Our website uses cookies. Cookies are small text files that are stored on your device. Some cookies remain on your device until you delete them, while others are automatically deleted when you close your browser.
Types of cookies we use:

  • Essential cookies: Required for basic website functionality

  • Analytics cookies: Used to understand how visitors use our website (if applicable)

You can configure your browser to inform you about cookie placement and allow cookies on a case-by-case basis, or to reject cookies in certain cases or generally. You can also set your browser to automatically delete cookies when you close the browser.

 

3.3 Detailed Cookie Information

Essential Cookies:

  • Session cookies (required for website functionality)

  • Security cookies (XSRF protection)

Analytics Cookies (Google Analytics):

  • _ga - Expires after 2 years - Distinguishes users

  • _gid - Expires after 24 hours - Distinguishes users

  • _gat - Expires after 1 minute - Throttles request rate

Third-party Cookies:
Our website may set cookies from external services such as Instagram, Facebook, and YouTube when embedded content is loaded.

You can manage your cookie preferences at any time through your browser settings or by using our cookie consent tool.


3.4 SSL/TLS Encryption
This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as inquiries you send to us. You can recognize an encrypted connection by the "https://" in your browser's address bar and the lock icon.

4. Contact Forms and Communication
4.1 Contact Form
When you use our contact form on the website, we collect the following data:

  • Name

  • Email address

  • Message content

  • Optional: Newsletter consent (checkbox)

Legal basis: Art. 6 (1) lit. b GDPR (inquiry processing) or Art. 6 (1) lit. a GDPR (newsletter consent)
Purpose: To respond to your inquiry and provide information about our services
Storage duration: Your inquiry data is stored for 6 months after your inquiry is processed, then deleted unless a contractual relationship is established (in which case, statutory retention periods apply).

4.2 Email Contact
If you contact us via email, your data (email address, name, message content) will be stored to process your inquiry.
Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in responding to inquiries)
Storage duration: Emails are deleted 6 months after final correspondence unless longer retention is required by law.

4.3 Wix Chat Widget
We use the Wix Chat feature to enable real-time communication. When you use the chat function, the following data is processed:

  • Chat messages

  • Name (if provided)

  • Email (if provided)

  • Timestamp

Provider: Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv, Israel
Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in customer communication)
Data processing agreement: Wix is our data processor and bound by GDPR requirements.

5. Newsletter
5.1 Mailchimp
We use Mailchimp to send newsletters about our events, retreats, and special offerings. When you subscribe to our newsletter, we collect:

  • Email address

  • Name (optional)

  • Subscription date and time

  • IP address (for verification purposes)

Provider: The Rocket Science Group LLC d/b/a Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA
Legal basis: Art. 6 (1) lit. a GDPR (your consent via newsletter signup)
Double opt-in: We use a double opt-in procedure. After registration, you will receive a confirmation email to verify your email address.
Unsubscribe: You can unsubscribe at any time by clicking the unsubscribe link in every newsletter or by contacting us directly.
Data processing: Mailchimp processes data on our behalf in compliance with GDPR. For details, see Mailchimp's privacy policy: https://mailchimp.com/legal/privacy/

6. Social Media and Embedded Content
6.1 Social Media Links
We link to our social media profiles (Instagram, Facebook). Clicking these links will redirect you to the respective platforms, which are operated by third parties. Please refer to their privacy policies:


6.2 Instagram Feed Integration
We display Instagram posts on our website using Wix's Instagram feed widget. This may load content from Instagram servers.
Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Data processing: When you visit pages with Instagram content, your IP address and browsing behavior may be transmitted to Instagram servers. We have no control over this data processing.

6.3 YouTube Videos
We embed YouTube videos on our website. When you play a video, a connection to YouTube servers is established.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data processing: YouTube may collect data about your viewing behavior. For details, see YouTube's privacy policy: https://policies.google.com/privacy
 

7. Analytics and Tracking

7.1 Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited ("Google"). Google Analytics uses cookies to help us analyze how visitors use our website.

Data collected:

  • Pages visited

  • Time spent on pages

  • Referring websites

  • Device and browser information

  • Anonymized IP addresses

  • User interactions (clicks, scrolling)

  • Geographic location (country/city level)

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in understanding website usage and improving our services)

IP Anonymization: We have activated IP anonymization (anonymizeIP) on this website. Your IP address will be shortened by Google within member states of the European Union or other parties to the Agreement on the European Economic Area before transmission to the USA. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there.

Data processing: Google processes data on our behalf under a data processing agreement that complies with GDPR requirements. Data may be transferred to Google servers in the USA. Google is certified under the EU-U.S. Data Privacy Framework.

Purpose: We use Google Analytics to analyze website traffic, understand user behavior, and improve our website and services.

Storage duration: Cookies are stored for up to 2 years. Analytics data is automatically deleted after 26 months.

Opt-out: You can prevent Google Analytics from collecting your data by:

  1. Browser Add-on: Installing the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout

  2. Cookie settings: Adjusting your browser settings to block or delete cookies

  3. Do Not Track: Enabling the "Do Not Track" feature in your browser

For more information about Google Analytics' privacy practices, visit: https://policies.google.com/privacy

7.2 Wix Analytics

We also use Wix's built-in analytics to understand how visitors use our website. This includes:

  • Pages visited

  • Time spent on pages

  • Referring websites

  • Device and browser information

  • Anonymized IP addresses

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in understanding website usage)

Data processing: Wix processes this data on our behalf. IP addresses are anonymized.



8. Your Rights
You have the following rights regarding your personal data:
8.1 Right to Information (Art. 15 GDPR)
You have the right to obtain confirmation about whether we process your personal data and, if so, to receive information about this data.
8.2 Right to Rectification (Art. 16 GDPR)
You have the right to request the correction of inaccurate personal data.
8.3 Right to Erasure (Art. 17 GDPR)
You have the right to request the deletion of your personal data under certain conditions.
8.4 Right to Restriction of Processing (Art. 18 GDPR)
You have the right to request the restriction of processing under certain conditions.
8.5 Right to Data Portability (Art. 20 GDPR)
You have the right to receive your personal data in a structured, commonly used format.
8.6 Right to Object (Art. 21 GDPR)
You have the right to object to the processing of your personal data based on legitimate interests.
8.7 Right to Withdraw Consent
If data processing is based on your consent, you can withdraw this consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
8.8 Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates GDPR.
Responsible supervisory authority for Berlin:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin, Germany
Phone: +49 30 13889-0
Email: mailbox@datenschutz-berlin.de
Website: https://www.datenschutz-berlin.de

9. Data Security
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security measures are continuously reviewed and updated in line with technological developments.

10. Changes to This Privacy Policy
We reserve the right to update this privacy policy to ensure it complies with current legal requirements or to reflect changes in our services. Your new visit to our website will be subject to the updated privacy policy.


Last updated: January 12, 2026

bottom of page