Book online >>
House of Yoga LogoClass Pass

Data protection

Name and contact details of the controller

This privacy information applies to data processing by

Hotyoga GmbH
Peter Zitz
Triester Strasse 14
2351 Wiener Neudorf

Definition of personal data

Personal data is information that relates to an identified or identifiable person. This includes, above all, information that allows conclusions to be drawn about your identity, for example your name, telephone number, address or e-mail address. Statistical data which we collect which cannot be linked to your person, for example when you visit our website, does not fall under the concept of personal data.

Which data do we process?

Visiting our website

When you visit our website, we collect data that your browser or terminal device automatically transmits to us. This includes various standard technical data (so-called log files) which is transmitted to our server:

- date and time of the request,
- address of the website searched as well as the requesting website,
- IP address of the requesting terminal device,
- details of the browser used and the operating system of the terminal device.

Data processing is necessary to enable you to visit our website and to ensure the permanent functionality and security of our systems. For this purpose, the above-mentioned data is temporarily stored in internal log files in order to compile statistical data on the use of our website, to develop it further with regard to the usage habits of our visitors and to maintain our website in general for administrative purposes. The legal basis is Art. 6 para. 1 p. 1 lit. b and f DSGVO. The information stored in the log files does not allow any direct conclusion about your person. In particular, we only store IP addresses in abbreviated form. The log files are stored for 30 days and archived after subsequent anonymisation.

Order on our website

If you order something on our website, we collect the following information for the contract processing:

- First and last name
- E-mail
address - Billing and shipping
address - Payment details (e.g. credit card or PayPal)
- Telephone number

Optional additional information (e.g., individual message regarding the order, inquiry for a specific product) is possible. The legal basis for this is the contract which you conclude with us by placing an order, Art. 6 para. 1 sentence 1 lit. b DSGVO.

Contact form and other interactions

There are several waya to get in contact with us, using our contact form or our e-mail address. If you contact us, we will record your contact data. Depending on the contact channel, your contact information may include your name, postal addresses, telephone numbers, email addresses, reason for contacting us, your individual message and details of your social networking profiles (for example, we receive your Facebook ID when you contact us through Facebook), as well as user names and similar contact details.  You can also opt to provide the order number.

The legal basis is Art. 6 para. 1 sentence 1 lit. b DSGVO, insofar as the information is required to answer your enquiry or to initiate or implement a contract. On the other hand, Art. 6 para. 1 sentence 1 lit. f DSGVO is the legal basis insofar as the data is processed for advertising purposes.

If you are not a customer of ours, the aforementioned data will be deleted upon request within one year. If you are registered with us as a customer, this data is stored for the duration of your existing customer account. After cancellation of the customer account, only data for which a statutory retention period exists will continue to be stored.

Marketing Communications

You can subscribe to our marketing communications by email. For this purpose we collect the following data:

- E-mail address
- Domain used (website)
- Opt-in status


What are cookies?

Cookies are small text files which are stored by your web browser and which store certain settings and data for exchange with our web server. There are basically two different types of cookies: so-called session cookies, which are deleted as soon as you close your browser and temporary/permanent cookies, which are stored for a longer period of time. This storage helps us to tailor our websites and services according to your interests and makes it easier for you to use them, for example by storing certain entries made by you in such a way that you do not have to constantly reenter them.

What do we use cookies for?

For some of our services it is necessary to use cookies. No personal data is stored in cookies used by House of Yoga. Cookies cannot be assigned to a specific person and therefore cannot be assigned to you. When the cookie is activated, it is assigned an identification number. An assignment of your personal data to this identification number is not possible at any time. Your name, your IP address or similar data that would allow the cookie to be assigned to you will not be used at any time. On the basis of cookie technology, we only receive pseudonymised information, for example about which of our web pages have been visited or which products have been viewed. Most browsers are set by default to accept cookies. However, you can adjust your browser settings to refuse cookies or to only store them after prior consent. If you reject cookies, our offers may not all work for you without interruption.

These services are based on our legitimate interest in enabling you to use our website more conveniently and individually. The legal basis is Art. 6 para. 1 sentence 1 lit. f DSGVO.

What do we use your data for?

Order processing & service provision

We process your data for the fulfilment of our contract and for the provision of our services, which include:

- the provision, personalization and needs-based design of our online service and online shop;
- the execution of sales contracts and customer service, including shipping and payment processing, as well as the handling of returns, complaints and warranty claims.


We offer payment by credit card and PayPal. We reserve the right not to offer individual payment methods or to offer them only for certain orders. Therefore we work together with different payment service providers:

- for payment by credit card: STRIPE
- for payment by PayPal: PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg.

All information that you provide to the aforementioned service providers in the course of payment processing will not be passed on to us by them. We only receive the information that the payment has been made.

Marketing Communications

We use your data to communicate with you about specific products or marketing campaigns and to recommend products or services that may interest you. In particular for the following purposes:

- implementation of direct advertising, e.g. via our marketing communication
- analysis of how our services are used

You have the option to subscribe to our marketing communication by e-mail, in which we regularly inform you, for example, about updates to our products and offers.

We use the so-called double opt-in procedure for ordering our marketing communications, i.e. we will only send you emails after you have given consent to receiving the marketing communication and confirmed receipt of this marketing communication in a second e-mail. If you confirm your wish to receive the marketing communication, we will store the following data: Customer ID, timestamp, campaign ID, link ID and landing page information until you unsubscribe from our marketing communications. The sole purpose of this storage is to send you marketing communications and to verify your registration. You can unsubscribe from marketing communications at any time. An unsubscribe link is included in every email communication. A message to the contact data given above or by email (e.g. by email or post) is of course also sufficient for this. The legal basis for the processing is your consent in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO.

We use commercially available technologies in our emails to measure interactions with the emails (e.g. opening of emails, links clicked on). We use this data in pseudonymised form for general statistical evaluations as well as for the optimisation and further development of our content and customer communication. This is done by means of small graphics embedded in the messages (so-called pixels). The data is collected exclusively in pseudonymised form, so the IDs are not linked to your other personal data. A direct personal reference is excluded. The legal basis for this is our legitimate interest in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO. If you do not wish to allow analysis of email usage, you can unsubscribe from the emails. Through our marketing communication, we want to share content that is relevant to our customers and better understand what readers are actually interested in. The data on the interaction with our marketing communication is stored pseudonymously for up to 2 years and then completely anonymised.

Use of your data for interest-based advertising on our website

The automatically generated information you provide (in particular your e-mail address, the website you last visited, all data from previous orders, status of your consent to our marketing communication, reaction behaviour in published campaigns) is used to make advertising tailored to you and your interests more useful and interesting for you (interest-based advertising). We use this information exclusively in pseudonymised form. In some cases, we also transfer the data to third parties (e.g. to social networks). By analysing and evaluating this information, we are able to improve our website and online services, and to present you with individual advertising on our website. This means advertising that recommends products that might actually interest you. The legal basis is Art. 6 para. 1 sentence 1 lit. f DSGVO. We have a legitimate interest in offering you personalized advertising.

Use of your data for analysis purposes on our website

In order to improve our website, we use various technologies to analyse user behaviour and evaluate the associated data. The data collected may include, in particular, the IP address of the terminal device, the date and time of access, the identification number of a cookie, the device identification of mobile terminals and technical information about the browser and operating system. However, the data collected is stored exclusively under a pseudonym, so that no direct conclusions can be drawn about the persons involved. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f DSGVO. In this way we want to enable you to use our website conveniently and individually.

Partner for analysis & advertising measures

In the following section we would like to explain the technologies and the providers used for the analysis and advertising measures on our website in more detail.

Facebook Custom Audience (Facebook pixels)

Our website uses for marketing purposes so-called remarketing tags (also called "Facebook pixels") of the social network Facebook, a service of Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA ("Facebook"). We use these remarketing tags without the so-called extended matching. When you visit our website, the remarketing tags establish a connection between your browser and a Facebook server. Facebook thereby receives the information that our website was called up with your IP address. In the event that personal data is transferred to the USA, Facebook has subjected itself to the EU-US Privacy Shield. Facebook uses this information on one hand to provide us with statistical and anonymous data on the general use of our website and the effectiveness of our Facebook advertising ("Facebook Ads"). If you are a member of Facebook and have allowed Facebook to do so through your account's privacy settings, Facebook may also link the information collected about your visit to us to your member account and use it to target Facebook Ads. You can view and change the privacy settings of your Facebook profile at any time. If you deactivate data processing by Facebook, Facebook will only display general Facebook Ads that are not selected on the basis of the information collected about you.  See Facebook's data policy.

Facebook conversion tracking

Our website uses Facebook conversion tracking, a service of Facebook Inc, 1601 Willow Road, Menlo Park, California 94025, USA ("Facebook"). This is used to measure the performance of ads delivered. The analytics program allows Facebook to more accurately evaluate the performance of delivered ads, and both Facebook and we, as Facebook customers, can improve the quality and relevance of the ads you see. Facebook Conversion Tracking uses cookies and similar technologies. The data collected in this context may be transferred by Facebook to a server in the USA for evaluation and stored there. In the event that personal data is transferred to the USA, Facebook has subjected itself to the EU-US Privacy Shield. The cookies normally remain active on your computer for a maximum of 30 days. If you visit our website during this period, Facebook and we will be informed that you have seen the advertisement provided.

Google Universal Analytics

This website uses Google Universal Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google uses cookies and similar technologies to analyse and improve our website based on your user behaviour. Tracking across devices does not take place. The data collected in this context may be transferred by Google to a server in the USA for evaluation and stored there. In the event that personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield. However, your IP address will be shortened before the evaluation of the usage statistics, so that no conclusions can be drawn about your identity. For this purpose, Google Analytics has been extended on our website by the code "anonymizeIP" to ensure anonymous recording of IP addresses. Google will process the information obtained from the cookies to evaluate your use of the website, to compile reports on website activities for the website operator and to provide further services associated with website and Internet use.You can configure your browser as shown above to reject cookies, or you can prevent the collection of data generated by cookies and related to your use of this website (including your IP address) and the processing of this data by Google by downloading and installing the browser add-on provided by Google. You can find more information on this in the Google privacy policy.

Google Ads Conversion Tracking

Our website uses Google Ads conversion tracking, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). This is used to measure the performance of delivered advertisements (so-called AdWords campaigns). The analysis program allows Google to more accurately evaluate the performance of ads provided and both Google and we, as Google's customers, can improve the quality and relevance of the ads you see. Google Ad Conversion Tracking uses cookies and similar technologies. Google may transfer and store the data collected in this connection to a server in the United States for analysis. In the event that personal information is transferred to the USA, Google has adopted the EU-US Privacy Shield. The cookies normally remain active on your computer for a maximum of 30 days. If you visit our website during this period, Google and we are informed that you have seen the advertisement provided. You can find more information about this in Google's privacy policy.

Google Remarketing

Our website uses Google Remarketing, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). This service uses cookies and similar technologies to display individualised advertising messages on websites that work with Google or are part of Google itself (including YouTube, Google search function). Cookies and similar technologies are also used to perform website usage analysis, which forms the basis for the creation of interest-based advertisements. The data arising in this connection can be transferred by Google to a server in the USA for evaluation and stored there. In the event that personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield. If you use a Google Account, Google may link your Google web and app browsing history to your Google Account and use information from your Google Account to personalize ads, depending on the settings on your Google Account. If you don't want these services associated with your Google Account, you'll need to sign out of Google before you can access our contact page. Please see the Google Privacy Policy for more information.


Newsletters are sent via MailChimp, a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The e-mail addresses of our newsletter recipients, as well as their further data described in this notice, are stored on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, MailChimp may use this data to optimize or improve its own services, e.g. for technical optimization of creating and sending newsletters, or to determine from which countries the recipients come for business purposes. However, MailChimp does not use newsletter recipients' data to contact them directy, nor does it pass them on to third parties. We trust in the reliability and the IT- and data security of MailChimp. MailChimp is certified under the US-EU data protection agreement "Privacy Shield" and is committed to comply with the EU data protection regulations. Furthermore we have concluded a "Data-Processing-Agreement" with MailChimp. This is a contract in which MailChimp commits  to protecting the data of our users, to processing it according to its data protection regulations on our behalf, and not to pass it on to third parties. The privacy policy of MailChimp can be viewed here:

Website optimization

This website uses SEO tools, which are presented on the website These tools do not use any user-related data from this website.

Facebook Social Media Plug-Ins

Our website uses social media plug-ins (such as the Like button) from the social network Facebook Inc, 1601 Willow Road, Menlo Park, California, 94025, USA ("Facebook"). The plug-ins are deactivated by default and therefore do not send any data. Only when you interact with the plug-ins, for example, when you click the Facebook "Like" button, will you be asked to log in to your Facebook account. This information is transmitted from your browser or device directly to the social network and stored there. In the event that personal data is transferred to the USA, Facebook has subjected itself to the EU-US Privacy Shield. Facebook receives the information that you have called up the corresponding subpage of our online offer. This happens regardless of whether you have an account with Facebook and are logged in or not. If you are logged in to Facebook, this data is assigned directly to your account. If you activate the activated plug-in and, for example link to the page, Facebook will also store this information, including the date and time in your user account and will publicly communicate this to your contacts. If you do not wish to connect the assignment with your profile on Facebook, you must log out before activating the plug-in. Facebook stores this data as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website and other offers. In particular, such an evaluation is carried out (also for users who are not logged in) for the purpose of presenting need-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. As a Facebook member, you can deactivate advertising based on social actions in the advertising preferences. You can also completely prevent the loading of the Facebook Social Media Plug-ins with additional programs for your browser, e.g. with the Facebook Blocker. You can find more information on this in the Facebook privacy policy.

Protection of your data

We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data from dangers during data transfers and from third parties gaining knowledge of them. These measures are updated to the current state of the art technology. To secure the personal data you provide, we use Transport Layer Security (TLS), which encrypts the information you enter.

Receiving data from third parties

The data we collect will only be passed on if it is necessary to fulfill the contract, to support the technical functionality of the website, or if there is another legal basis for data transfer. Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, providers may include computer centers that store our website and databases, IT service providers that maintain our system, logistics companies, call centers, market research institutes, consulting companies, service providers for handling payment transactions and the collection process, service providers for handling payroll accounting, auditors, tax consultants, as well as service providers for assisting in the elimination of technical defects. If we pass on data to service providers, these service providers may use the data exclusively to fulfill their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have suitable technical and organisational measures in place to protect the rights of the persons concerned and are regularly monitored by us. In addition, data may be passed on in connection with official enquiries, court orders and legal proceedings if this is necessary for legal prosecution or enforcement.

Place of data processing

As a matter of principle, we process your data in Austria, in the EU or within the European Economic Area ("EEA"). In some cases, your data is processed on servers located outside the EU, in particular in the USA. In order to ensure the continued protection of your data in this case, we make sure that sufficient guarantees are available. Therefore, the providers we use either participate in the EU-US Privacy Shield or we have established contracts (EU standard contract clauses) with these providers.

For how long do we store your data?

As a matter of principle, we only store personal data for as long as necessary to fulfill contractual or legal obligations for which we have collected the data. Afterwards, we delete the data immediately, unless we need the data until the expiry of the statutory limitation period for evidence purposes, for civil law claims or because of statutory storage obligations. For evidence purposes, we must retain contractual data for a further three years from the end of the year in which the business relationship ends. Any claims shall become statute-barred after the statutory standard period of limitation at this point in time at the earliest. Even after this period, we still have to store your data in part for accounting reasons. We are obliged to do so because of statutory documentation obligations which may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the Money Laundering Act and the Securities Trading Act. The periods stipulated there for the retention of documents range from two to ten years.

In principle, we store your data from your existing customer account as long as the business relationship with us exists. Should you have requested the deletion or cancellation of your customer account, we will delete it. Data which we still need until the expiry of the statutory period of limitation for the purpose of providing evidence for civil law claims or because of statutory storage obligations will be deleted after the expiry of these periods.

Data protection rights

In accordance with the Data Protection Basic Regulation and the Data Protection Act, you, as a data subject of our data processing, are entitled to the following rights and remedies:

Right to information (Art. 15 EU-DSGVO)

As a data subject of the above and other data processing operations, you have the right to obtain information as to whether and, if so, which personal data concerning you are being processed. For your own protection - so that no unauthorised person can obtain information about your data - we will check your identity in a suitable form before providing information.

Right of rectification (Article 16) and deletion (Article 17 EU-DSGVO)

You have the right to request without delay the rectification of incorrect personal data or - taking into account the purposes of the data processing - the completion of incomplete personal data and the deletion of your data, provided that the criteria of Art. 17 EU-DSGVO are met.

Right to restrict processing (Art. 18 EU-DSGVO)

You have the right to restrict the processing of all personal data collected, subject to legal requirements; these data will only be processed with your individual consent or for the assertion and enforcement of legal claims.

Right to data transferability (Art. 20 EU-DSGVO)

You may request the unimpeded and unrestricted transfer of personal data that you have provided to you or to a third party.

Right of objection (Art. 21 EU-DSGVO)

You may at any time, for reasons arising from your particular situation, object to the processing of personal data concerning you which is necessary to protect our legitimate interests or those of a third party. Your data will no longer be processed after opposition, unless there are compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims. You may object to data processing for the purpose of direct marketing at any time.

Revocation of a consent

If you have separately given your consent to the processing of your data, you can revoke this consent at any time. Such a revocation influences the permissibility of processing of your personal data after you have given it to us. If you take a measure to enforce your above-mentioned rights under the DSGVO, we must comment on the requested measure or comply with the request without delay, but at the latest within one month of receipt of your request.

Right of withdrawal of cookies

We will respond to all reasonable requests within the legal framework free of charge and as soon as possible. You have the right to information, correction, blocking and deletion of your stored data at any time, without cost. You can contact us regarding this matter via e-mail at or by post to the company location stated in the imprint. This right is limited only insofar as we can suspend the deletion to protect our claims. The data protection authority is responsible for requests concerning violation of the right to information, violation of the rights to confidentiality, correction or deletion. Their contact details are as follows: Austrian Data Protection Agency, Wickenburggasse 8, 1080 Vienna.

Book online >>