Privacy Policy

As of May 2026

---

Table of contents

1. Person in charge
2. General Information on Data Processing
3. Your rights as a data subject
4. Website hosting and log file generation
5. Hosting (IONOS)
6. Cookies and Cookie Banners
7. Contact us (email, phone, contact form)
8. Live Chat (Tidio)
9. Member Management & B2D App (Nimbuscloud)
10. SEPA Direct Debit
11. Access Control (Personnel Checkpoint, Check-In)
12. Newsletter
13. Photos and videos, YouTube channel
14. Web analytics (Google Analytics via Google Site Kit)
15. Google Tag Manager
16. Meta Pixel (Facebook/Instagram)
17. Instagram Feed Integration (QuadLayers Insta Gallery)
18. Google Reviews (Widget)
19. Language selection (Weglot)
20. Fonts (Google Fonts)
21. Order Processing
22. Data security
23. Partnership with Urban Sports Club
24. Changes to this Privacy Policy

---

1. Data Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States, as well as other data protection regulations, is:

Karabo Enock Morake Born 2 Dance 13a Diedenhofener Str. 54294 Trier Germany

Email: info@born2dance4ever.de Phone: +49 151 10434885

Technical Contact / IT Manager: Max Boiko Email: info@born2dance4ever.de

2. General Information on Data Processing

2.1 Scope of the processing of personal data

We process the personal data of our users and members only to the extent necessary to provide a fully functional website and our content and services, or where we have obtained the appropriate consent.

2.2 Legal Basis for Data Processing

We process personal data on one of the following legal grounds:

• Art. 6(1)(a) of the GDPR (Consent) – if you have given us your consent.
• Art. 6(1)(b) of the GDPR (performance of a contract) – where processing is necessary for the performance of a contract with you or for the implementation of pre-contractual measures.
• Art. 6(1)(c) of the GDPR (legal obligation) – where processing is necessary for compliance with a legal obligation (e.g., tax-related retention requirements).
• Art. 6(1)(f) of the GDPR (legitimate interests) – where processing is necessary for the purposes of our legitimate interests or those of a third party, and the interests, fundamental rights, and freedoms of the data subject do not override those interests.

2.3 Retention Period

Personal data is stored only for as long as is necessary to fulfill the respective purpose or as required by statutory retention obligations (in particular under the German Commercial Code (HGB) and the German Fiscal Code (AO)). Accounting records are generally subject to retention periods of up to 10 years.

3. Your rights as a data subject

You have the following rights with respect to your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing (Art. 21 GDPR)
• Right to withdraw consent (Art. 7(3) GDPR) – with effect for the future

To exercise your rights, please contact us using the contact information provided in section 1.

Right to file a complaint with the supervisory authority

You have the right to file a complaint with a data protection supervisory authority regarding the processing of your personal data. The authority responsible for us is:

The State Commissioner for Data Protection and Freedom of Information in Rhineland-Palatinate Hintere Bleiche 34 55116 Mainz Phone: 06131 / 208 22 26 Email: poststelle@datenschutz.rlp.de Website: https://www.datenschutz.rlp.de

4. Website Hosting and Log File Creation

Every time our website is accessed, our system automatically collects data and information from the computer system of the device used to access it. The following data is collected:

• IP address of the requesting device
• Date and time of access
• Name and URL of the retrieved file
• Website from which the access originates (referrer URL)
• The browser you are using and, if applicable, your computer's operating system

Legal basis: Article 6(1)(f) of the GDPR (legitimate interest in the technical operation and security of the website).

Retention period: Log files are typically deleted automatically after 14 days, unless security-related incidents require them to be retained for a longer period.

5. Hosting (IONOS)

Our website is hosted by IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, Germany.

As part of its hosting services, IONOS processes personal data of our website visitors (in particular IP addresses, log files, and contract data). We have a data processing agreement with IONOS in accordance with Article 28 of the GDPR. The data is processed in data centers located in Germany.

Legal basis: Article 6(1)(f) of the GDPR (legitimate interest in the professional operation of our website).

For more information about data protection at IONOS: https://www.ionos.de/terms-gtc/terms-privacy/

6. Cookies and Cookie Banners

6.1 What are cookies?

Cookies are small text files that are stored on your device. They allow us to recognize you as a visitor and save your settings.

6.2 Use on our website

We use the Moove GDPR Cookie Compliance cookie banner plugin on our website. When you visit our website for the first time, a banner appears informing you about our use of cookies and allowing you to give or withhold your consent.

6.3 Types of Cookies

• Technically necessary cookies: These cookies are required for the website to function (e.g., to save your cookie preferences and language settings). Legal basis: Article 6(1)(f) of the GDPR.
• Analytics and marketing cookies: These cookies are set only with your explicit consent and are used for statistical analysis and marketing purposes (see sections 14–16). Legal basis: Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TDDDG.

6.4 Withdrawal of Consent

You can withdraw or change your cookie consent at any time by clicking the "Cookie Settings" link on our website.

7. Contacting Us (Email, Phone, Contact Form)

When you contact us by email, phone, or through a contact form, the information you provide (name, email address, phone number, message content) will be processed to handle your inquiry.

Legal basis: Article 6(1)(b) of the GDPR (pre-contractual measures / performance of a contract) or Article 6(1)(f) of the GDPR (legitimate interest in responding to inquiries).

Retention period: The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected and there are no legal retention requirements.

8. Live Chat (Tidio)

On our website, we use the Tidio chat service provided by Tidio LLC (headquartered in the United States, with a branch in Poland: Tidio Poland sp. z o.o., ul. Wojska Polskiego 81, 70-481 Szczecin).

Data processed:

• Name (if provided)
• Email address (if provided)
• Content of the chat messages
• IP address, browser type, timestamp
• location data (if applicable; based on the IP address)

Purpose: To process inquiries and communicate with prospective members and members.

Legal basis: Article 6(1)(a) of the GDPR (consent via the cookie banner) or Article 6(1)(f) of the GDPR (legitimate interest in efficient customer communication).

Data transfers to third countries: Tidio may transfer data to the United States. These transfers are based on the EU Standard Contractual Clauses. A data processing agreement has been entered into with Tidio in accordance with Article 28 of the GDPR.

Retention period: Chat histories are stored for as long as necessary to process your inquiry, but no longer than the duration of your membership or business relationship with us.

For more information: https://www.tidio.com/privacy-policy/

9. Member Management & B2D App (Nimbuscloud)

We use the Nimbuscloud studio management system, operated by Nimbus Software GmbH in Austria, to manage our memberships, class bookings, schedules, and payment processing. The accompanying B2D app is the official Nimbuscloud member app, which we make available to our members.

Data processed:

• Personal information (last name, first name, address, date of birth)
• Contact information (email, phone)
• Bank details (IBAN, SEPA mandate)
• Course registrations, attendance, trial lessons
• Billing and payment information
• Login and access credentials for the B2D app
• For minors: information about their legal guardians

Purposes:

• Contract Formation and Execution
• Management of classes, memberships, and flat-rate passes (Purple Card, Black Card, Diamond Card)
• Processing of payments via SEPA Direct Debit
• Access to the personal member area
• Communication with members
• Compliance with statutory retention requirements

Legal basis: Article 6(1)(b) of the GDPR (performance of a contract) and Article 6(1)(c) of the GDPR (compliance with legal obligations).

Data hosting: The data is hosted in data centers in Austria. A data processing agreement has been entered into with the provider in accordance with Article 28 of the GDPR.

Retention period: Data is stored for the duration of the membership and to comply with legal retention requirements (typically up to 10 years).

10. SEPA Direct Debit

We use the SEPA Direct Debit scheme to process recurring payments. To do this, you must provide us with a SEPA Direct Debit mandate, which will be stored in Nimbuscloud (see Section 9).

Data processed:

• Account holder
• IBAN
• Client reference
• Date of Engagement

Transmission: SEPA mandates are processed and stored via the Nimbuscloud API. They are transmitted to our bank for submission of the direct debits.

Legal basis: Article 6(1)(b) of the GDPR (performance of a contract).

Retention period: SEPA mandates are stored for the duration of the membership and to comply with legal retention requirements (typically 10 years).

11. Access Control (Security Checkpoint, Check-In)

We use an electronic access control system (turnstile) and a check-in system to grant access to our facilities and to verify attendance in classes.

Data processed:

• Membership number / Loyalty card
• Check-in date and time
• For private lessons/room reservations: individual access code

Purpose: To verify eligibility to participate, ensure the security of the premises, and serve as the basis for billing.

Legal basis: Article 6(1)(b) of the GDPR (performance of a contract) and Article 6(1)(f) of the GDPR (legitimate interest in security and the proper use of the premises).

Retention period: Check-in data is stored for up to 12 months after check-in and is then deleted or anonymized. Access codes for private lessons and room reservations expire at the end of the reservation period.

12th Newsletter

Born 2 Dance does not send out an active email newsletter. Newsletter content is published exclusively on our website (via the WordPress system) and through the B2D app. We do not use external newsletter services (such as Mailchimp or Brevo) to send out newsletters.

When accessing the newsletter via the website or the B2D app, the information provided in Section 4 (Log Files) and Section 9 (Nimbuscloud) applies.

13. Photos and videos, YouTube channel

During classes, workshops, shows, and events, we take photos and record videos, which we use for promotional purposes (website, social media, YouTube channel).

13.1 Photographs of Adults

By participating in courses and events, you are deemed to have consented to the publication of your information in accordance with our Terms and Conditions. You may object to such publication in writing at any time.

Legal basis: Article 6(1)(a) of the GDPR (consent) and Sections 22 and 23 of the German Copyright Act (KUG).

13.2 Photographs of Minors

We have written consent forms from the legal guardians for any images of minors. We do not take any images of minors for publication purposes without consent.

Legal basis: Article 6(1)(a) of the GDPR in conjunction with Article 8 of the GDPR.

13.3 YouTube Channel

We operate an official YouTube channel at https://www.youtube.com/@b2d_born2dance. When you visit the channel or view embedded videos, data is transmitted to YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). This may involve the transfer of data to the United States.

For more information: https://policies.google.com/privacy

13.4 Withdrawal of Consent

Consent that has been given may be revoked at any time with future effect. Recordings that have already been published will be removed upon written request, to the extent that this is technically and legally feasible.

14. Web Analytics (Google Analytics via Google Site Kit)

We use Google Analytics 4 on our website via the Google Site Kit plugin. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Data processed:

• IP address (abbreviated)
• Device and browser information
• Pages visited and time spent on each page
• Source of access (referrer)
• approximate location

Purpose: Statistical analysis of user behavior to improve the website.

Legal basis: Article 6(1)(a) of the GDPR (consent via the cookie banner) in conjunction with Section 25(1) of the TDDDG.

Data transfers to third countries: Google may transfer data to the United States. These transfers are based on the EU Standard Contractual Clauses and the European Commission’s adequacy decision (EU-US Data Privacy Framework).

Retention period: The data is stored for a maximum of 14 months.

Opt-out: You can opt out of data collection at any time via your cookie settings or by installing the browser add-on: https://tools.google.com/dlpage/gaoptout

For more information: https://policies.google.com/privacy

15. Google Tag Manager

We use Google Tag Manager, provided by Google Ireland Limited, to manage the tracking and analytics tools used on the website. Google Tag Manager itself does not create user profiles, store cookies, or perform any independent data processing. It serves solely as an administrative tool.

Other tools (in particular Google Analytics and Meta Pixel) are loaded via the Tag Manager after you have given your consent.

Legal basis: Article 6(1)(f) of the GDPR (legitimate interest in the efficient management of third-party scripts).

For more information: https://policies.google.com/privacy

16. Meta Pixel (Facebook/Instagram)

We use the Meta Pixel from Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland, to measure the effectiveness of our ads on Facebook and Instagram, as well as for remarketing purposes.

Data processed:

• IP address
• Device and browser information
• Pages visited
• Interactions on the website

Purpose: Measuring advertising effectiveness, optimizing ads, remarketing.

Legal basis: Article 6(1)(a) of the GDPR (consent via the cookie banner) in conjunction with Section 25(1) of the TDDDG.

Data transfers to third countries: Meta may transfer data to the United States. These transfers are based on the EU Standard Contractual Clauses and the EU-US Data Privacy Framework.

Joint controllership: We are joint controllers with Meta for the collection and transfer of data, in accordance with Article 26 of the GDPR. You can find the agreement at: https://www.facebook.com/legal/controller_addendum

Withdrawal: You can object to the processing at any time via the cookie settings.

For more information: https://www.facebook.com/privacy/policy/

17. Instagram Feed Integration (QuadLayers Insta Gallery)

We embed content from our Instagram profile (@b2d_born2dance) on our website using the QuadLayers Insta Gallery plugin. When you visit the relevant pages, content is loaded from the Instagram server (Meta Platforms Ireland Limited).

Legal basis: Article 6(1)(a) of the GDPR (consent) or Article 6(1)(f) of the GDPR (legitimate interest in maintaining our social media presence).

For more information: https://privacycenter.instagram.com/policy

18. Google Reviews (Widget)

We display Google reviews on our website using the Widget for Google Reviews plugin. When you visit the relevant pages, data is transmitted to Google (see Section 14).

Legal basis: Article 6(1)(f) of the GDPR (legitimate interest in displaying customer reviews).

19. Language selection (Weglot)

To translate our website into various languages (German, English, Russian, French), we use the Weglot service provided by Weglot SAS, 138 Rue Pierre Joigneaux, 92270 Bois-Colombes, France.

Data processed:

• IP address
• Language setting
• Pages viewed

Legal basis: Article 6(1)(f) of the GDPR (legitimate interest in maintaining a multilingual website).

Location: The data is processed within the EU.

For more information: https://www.weglot.com/privacy

20. Fonts (Google Fonts)

We use fonts from Google Fonts on our website. These are primarily loaded locally from our server, so no connection is established with Google’s servers. In some cases, however, fonts may be loaded directly from Google’s servers (Google Ireland Limited). In this case, your IP address will be transmitted to Google.

Legal basis: Article 6(1)(f) of the GDPR (legitimate interest in ensuring a consistent presentation of the website).

For more information: https://policies.google.com/privacy

21. Data Processing

We have entered into data processing agreements in accordance with Article 28 of the GDPR with all external service providers who process personal data on our behalf. This applies in particular to:

• IONOS SE (Hosting)
• Nimbus Software GmbH (Nimbuscloud / B2D App)
• Tidio (Live Chat)
• Google Ireland Limited (Analytics, Tag Manager, Site Kit)
• Meta Platforms Ireland Limited (Pixel, Instagram integration)
• Weglot SAS (Translation)

22. Data Security

We use technical and organizational measures (TOM) to protect your data against unauthorized access, loss, destruction, or manipulation. These include, in particular:

• SSL/TLS encryption of the website
• Restrictions on access to member data
• regular security updates
• Backup procedures

23. Partnership with Urban Sports Club

Born 2 Dance is a partner studio of Urban Sports Club (Urban Sports GmbH, Lobeckstraße 36–40, 10969 Berlin). If you participate in our classes through Urban Sports Club, Urban Sports Club will provide us with your name and membership information to verify your eligibility to participate. In turn, we will provide Urban Sports Club with attendance data for billing purposes.

Legal basis: Article 6(1)(b) of the GDPR (performance of a contract) and Article 6(1)(f) of the GDPR (legitimate interest in billing cooperation partners).

For more information: https://urbansportsclub.com/de/privacy

24. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy in the event of changes to our data processing procedures or legal requirements. The most current version is available on our website at https://born2dance4ever.de/datenschutz/.