Data protection
Effective Date: October 1, 2025
1. Data Controller
SITOS – Retreats, Dilan & Baran Lukacek, Hauptstraße 38, 73550 Waldstetten, Germany
Email: sitos-retreats@gmx.de, Phone: +49 151 42855494, Legal Notice: www.sitos-retreats.com
2. Purposes & Legal Bases
Provision of the website, communication, possible contract processing/payment handling, and security purposes.
Art. 6 para. 1 lit. b, c, f GDPR; for optional cookies/integrations: lit. a (consent).
3. Hosting (Wix) & Log Files
This website is operated via Wix.com Ltd. (including CDN/sub-processors). Data such as IP address, device/browser information, page views, and timestamps may be processed for website functionality and security purposes (Art. 6 para. 1 lit. f GDPR).
4. Cookies & Consent
Technically necessary cookies are always active. Analytics and marketing cookies are only used with your consent (cookie banner). Consent can be withdrawn at any time via the banner.
5. Contact & Inquiries
When contacting us (via form, email, or phone), the provided information is processed for handling the request (Art. 6 para. 1 lit. b/f GDPR).
6. Booking & Payment (optional)
Where offered, customer and contract-related data will be processed. Payment information is handled through payment service providers (e.g. PayPal).
Art. 6 para. 1 lit. b (contract), lit. f (business operations).
7. Embedded Content (optional)
External content such as YouTube videos or Google Maps will only be loaded after consent has been given. Providers may receive the user’s IP address and may set cookies or tracking technologies (Art. 6 para. 1 lit. a GDPR).
8. Analytics: Google Analytics
Google Analytics is used with IP anonymization only after consent has been granted. Data such as IP address, device/browser information, visited pages, and session duration may be transferred to the USA (EU-US DPF/SCC). Consent can be withdrawn at any time via the cookie banner.
9. Messenger Communication
Communication may take place via WhatsApp, Instagram DM, or TikTok messages. Some content may be end-to-end encrypted (e.g. WhatsApp), while metadata may still be processed by the respective providers. Alternatively, users may contact us via email or phone.
Art. 6 para. 1 lit. a/b/f GDPR.
10. Social Media Presence
We maintain profiles on platforms including Instagram, LinkedIn, Pinterest, Threads, and YouTube. These platforms may process personal data for market research and advertising purposes and may transfer data to third countries (Art. 6 para. 1 lit. f GDPR).
11. Data Retention
Personal data will be deleted once the purpose for processing no longer applies. Statutory retention periods of 6–10 years remain unaffected. Limitation periods are generally 3 years.
12. International Data Transfers
We use adequacy decisions (e.g. EU-US Data Privacy Framework) and/or Standard Contractual Clauses for international data transfers.
13. Security
TLS/SSL encryption and technical as well as organizational measures are implemented in accordance with the current state of technology.
14. Amendments
This privacy policy may be adjusted due to changes in processing activities, legal requirements, or technical developments.
Learn more here .