Privacy Policy

1. Information about the Collection of Personal Data and Contact Details of the Controller

1.1 Personal data are all data with which you can be personally identified.1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Harmony Home Mallorca. They alone decide on the purposes and means of processing personal data.1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller). You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.

2. Data Collection When Visiting Our Website

When using our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which are technically necessary for us to display the website to you:

  • Our visited website
  • Date and time at the time of access
  • Amount of data sent in bytes
  • Source/reference from which you came to the page
  • Used browser
  • Used operating system
  • Used IP address (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 para. 1 lit. b and f GDPR (contract performance and overriding legitimate interests) to provide you with a functional and stable website. The data will not be passed on or otherwise used. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

3. Cookies

To make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and enable us to recognize your browser on your next visit (so-called persistent cookies). When cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can find the duration of the respective cookie storage in the overview of the cookie settings of your web browser. Some cookies serve to simplify the ordering process by storing settings (e.g., remembering the contents of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the execution of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of consent, or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit. Please note that you can set your browser to inform you about the setting of cookies and individually decide on their acceptance or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:

  1. Contacting Us

When contacting us (e.g., via email), personal data (name, email address, and content of your message) are collected. These data are stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing these data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact aims to conclude a contract, an additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after the final processing of your inquiry. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations.

5. Online Appointment Scheduling with Calendly

This website uses the software "Calendly" from the provider Calendly, LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA, to provide an online appointment booking function. For the purpose of scheduling appointments, first and last name as well as email address (and, if applicable, the phone number if a phone appointment is desired) are collected in accordance with Art. 6 para. 1 lit. b GDPR and transmitted to Calendly based on our legitimate interest in effective customer management and efficient appointment management in accordance with Art. 6 para. 1 lit. f GDPR and stored there for the purpose of organizing appointments. After holding the appointment or after the agreed appointment period has expired, your data will be deleted by Calendly. We have concluded a data processing agreement ("Data Processing Addendum", available at https://calendly.com/pages/dpa) with Calendly, in which we oblige Calendly to protect the data of our customers in accordance with legal requirements. Calendly generally transmits collected information outside the European Economic Area and has also agreed with us on standard data protection clauses of the European Commission, which are intended to ensure compliance with the European data protection level. Details on Calendly's privacy policy can be found here: https://calendly.com/pages/privacy

  1. Use of Social Media: Videos

Use of YouTube VideosThis website uses the YouTube embedding function to display and play videos from the provider "YouTube", which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). The extended data protection mode is used here, which, according to the provider, only initiates the storage of user information when the video(s) is/are played. When the playback of embedded YouTube videos is started, the provider "YouTube" uses cookies to collect information about user behavior. According to "YouTube", these serve, among other things, to collect video statistics, improve user-friendliness, and prevent abusive behavior. If you are logged in to Google, your data will be directly associated with your account when you click on a video. If you do not want the association with your profile on YouTube, you must log out before activating the button. Google stores your data (even for non-logged-in users) as usage profiles and evaluates them. Such an evaluation is carried out in particular in accordance with Art. 6 para. 1 lit. a GDPR based on your consent. You can revoke your consent at any time with effect for the future. In the context of using YouTube, it may also lead to the transmission of personal data to the servers of Google LLC. in the USA. Independent of a playback of the embedded videos, a connection to the Google network is established with each call of this website, which can trigger further data processing operations without our influence. The data collected by Facebook Pixel is stored for a period of 1 year. Further information on data protection at "YouTube" can be found in the YouTube terms of use at https://www.youtube.com/static?template=terms and in Google's privacy policy at https://www.google.de/intl/en/policies/privacy.

  1. Online Marketing

Facebook Pixel for Creating Custom Audiences with Extended Data Matching (with Cookie-Consent Tool)Within our online offering, the so-called "Facebook Pixel" of the social network Facebook is used in the mode of extended data matching, which is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). Based on your explicit consent, when a user clicks on an ad we placed on Facebook, the URL of our linked page is appended by Facebook Pixel. This URL parameter is then written into the user's browser via a cookie, which our linked page itself sets. Additionally, this cookie collects specific customer data such as the email address that we collect on our website linked to the Facebook ad during transactions such as purchases, account registrations, or sign-ups (extended data matching). The cookie is then read by Facebook Pixel and enables the forwarding of the data, including the specific customer data, to Facebook. With the help of the Facebook Pixel with extended data matching, Facebook can determine the visitors of our online offering as a target group for the display of ads (so-called "Facebook Ads"). Accordingly, we use the Facebook Pixel with extended data matching to display the Facebook Ads we place only to those Facebook users who have shown an interest in our online offering or who exhibit certain characteristics (e.g., interests in certain topics or products determined based on the visited websites) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook Pixel with extended data matching, we also want to ensure that our Facebook Ads correspond to the potential interest of the users and do not appear annoying. This allows us to further evaluate the effectiveness of the Facebook Ads for statistical and market research purposes by tracking whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion"). Compared to the standard version of Facebook Pixel, the extended data matching function helps us measure the effectiveness of our advertising campaigns better by capturing more assigned conversions. All transmitted data is stored and processed by Facebook, allowing a connection to the respective user profile and enabling Facebook to use the data for its own advertising purposes, in accordance with Facebook's data usage policy (https://www.facebook.com/about/privacy/). The data can enable Facebook and its partners to place ads on and outside of Facebook. These processing operations are carried out exclusively with the explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. The information generated by Facebook is usually transferred to a Facebook server and stored there, which may also involve a transmission to the servers of Facebook Inc. in the USA. You can revoke your consent at any time with effect for the future.

  1. Rights of the Data Subject

8.1 The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) against the controller regarding the processing of your personal data, which we inform you about below:

  • Right of access according to Art. 15 GDPR: You have the right to obtain information about your personal data processed by us, the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, the right to lodge a complaint with a supervisory authority, the source of your data if not collected by us from you, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the significance and intended effects of such processing, as well as your right to be informed about the guarantees pursuant to Art. 46 GDPR when your data is transferred to third countries;
  • Right to rectification according to Art. 16 GDPR: You have the right to obtain the rectification of inaccurate personal data concerning you and/or to have incomplete personal data stored by us completed without undue delay;
  • Right to erasure according to Art. 17 GDPR: You have the right to request the erasure of your personal data under the conditions of Art. 17 para. 1 GDPR. However, this right does not exist, in particular, if the processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;
  • Right to restriction of processing according to Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data contested by you is being verified, if you oppose the erasure of your data due to unlawful data processing and instead request the restriction of the use of your data, if you need your data for the establishment, exercise, or defense of legal claims after we no longer need these data for the purpose of processing, or if you have objected to processing based on your particular situation, pending the verification whether our legitimate grounds override yours;
  • Right to be informed according to Art. 19 GDPR: If you have asserted the right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about those recipients;
  • Right to data portability according to Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request the transmission to another controller, where technically feasible;
  • Right to withdraw consent given according to Art. 7 para. 3 GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of withdrawal, we will delete the affected data without delay, provided that further processing cannot be based on a legal basis for consent-free processing. The withdrawal of consent does not affect the lawfulness of the processing carried out based on the consent until the withdrawal;
  • Right to lodge a complaint according to Art. 77 GDPR: If you consider that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, without prejudice to any other administrative or judicial remedy. The competent supervisory authority in Spain is Islas Baleares (www.agpd.es).

8.2 Right to object

WHEN WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA. FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS. IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING BY NOTIFYING US ACCORDINGLY. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.

9) Duration of storage of personal dataThe duration of the storage of personal data is determined by the respective legal basis, the purpose of processing, and – if applicable – additionally by the respective statutory retention period. When processing personal data based on explicit consent according to Art. 6 para. 1 lit. a GDPR, these data are stored until the data subject withdraws their consent. Personal data that are processed within the framework of contractual or quasi-contractual obligations based on Art. 6 para. 1 lit. b GDPR are routinely deleted after the expiration of the statutory tax and commercial retention periods of seven years from the end of the fiscal year in which the data were collected, provided that there is no legitimate interest in further storage (e.g., for legal defense in the event of claims). When processing personal data based on Art. 6 para. 1 lit. f GDPR, these data are stored as long as the controller has a predominant legitimate interest in the data processing, as specified in connection with the respective data processing processes. Unless otherwise specified in the additional information of this statement about specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed. This translation provides an accurate and complete representation of the privacy policy text as provided.