Skip to content



Your cart is empty

Data protection

Atelier Hamam
Atelier Hamam is a brand of Mathilden Bäder Betriebs GmbH and operates purely as an online shop.

Notes on data processing

Particular attention is paid to protecting your personal data. Below we explain how we handle your personal data.

  1. Responsible body

The responsible body within the meaning of data protection law is:

Mathilden Bäder Betriebs GmbH
Mathilden Street 5
D-80336 Munich
Telephone: +49 (0)89 – 55 45 73
Fax: +49 (0)89 – 55 50 56 90


Managing Director: Birol Arabaci

Munich Register Court, HRB 132272
VAT ID: DE206361283

  1. Web hosting

To operate our online shop, we use Shopify, a service provided by Shopify Inc 1266 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5. Shopify provides an e-commerce platform through which we sell our goods.

Shopify stores your data on a secure server. If you are in the EU, European Economic Area (EEA) or Switzerland, your data will be processed in Ireland by Shopify International Ltd. processed and stored. However, Shopify notes that data may also be transferred to other regions, including the United States and Canada. Shopify strictly adheres to the agreement between the EU and the USA and the agreement between Switzerland and the USA on data collection. Further details can be found in Shopify's privacy policy, available at the following URL: .

  1. Collection and storage of personal data as well as type and purpose and their use


In accordance with the legal requirements of the Federal Data Protection Act (BDSG), the General Data Protection Regulation (GDPR) and the Telemedia Act (TMG), we only collect personal data if this is permitted by law and if you provide us with personal data as part of your order for goods, when opening a customer account or other contact voluntarily. We use the data you provide without your separate consent exclusively to answer your inquiries and to fulfill and process your order.

We refrain from using customer data for advertising purposes unless you have expressly consented to the further use of your data.

  1. a) When visiting the website

When you access our website, the browser used on your device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the retrieved file,
  • Website from which access is made (referrer URL),
  • browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The data mentioned will be processed by us for the following purposes:

  • Ensuring a smooth connection to the website,
  • Ensuring comfortable use of our website,
  • Evaluation of system security and stability as well
  • for further administrative purposes.

The legal basis for data processing is Article 6 Paragraph 1 Sentence 1 Letter f GDPR. Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally.

  1. b) When using our newsletter

If you have subscribed to our newsletter, we will save your email address in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR. Your data will be deleted as soon as you have unsubscribed from our mailing list, unless we are still legally obliged to retain it. You can unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you can send your request to unsubscribe at any time by email to .

  1. c) When contacting us via email

If you send us an email, we will save your email address and the data contained therein that you provided to us in your message in order to answer your query in accordance with Article 6 Paragraph 1, Sentence 1 lit a GDPR . As soon as we no longer need this data to process your request, we will delete it immediately, unless we are still legally obliged to retain it.

We ensure that the data collected is protected against unauthorized access by third parties using state-of-the-art technology. Please note, however, that unencrypted emails sent over the Internet are not sufficiently protected against unauthorized access by third parties.

  1. d) When using our contact form

If you have any questions, we also offer you the opportunity to contact us using a form provided on the website. It is necessary to provide a valid email address so that we know who the request came from and in order to be able to answer it. Further information can be provided voluntarily.

Data processing for the purpose of contacting us is carried out in accordance with Art. 6 Para. 1, S. 1 lit. a GDPR on the basis of your voluntarily given consent.

The personal data we collect when using the contact form will be automatically deleted after the request you have submitted has been processed.

  1. e) Use of payment service providers

We also work with payment service providers to process your order. As part of the payment processing, we pass on your payment data - specifically for the purpose of the payment - to the commissioned credit institution, if this is necessary for the payment processing. You can select the respective payment service provider for payment from us. The legal basis for passing on the data is Article 6 Paragraph 1 Letter b GDPR.

    1. Transfer of data to third parties


    Your personal data will not be transferred to third parties for purposes other than those listed below.

    We will only share your personal information with third parties if:

    • you have given your express consent to this in accordance with Art. 6 Para. 1, S. 1 lit. a GDPR,
    • This is legally permissible and is necessary for the processing of contractual relationships with you in accordance with Article 6 Paragraph 1 Sentence 1 Letter b of the GDPR. In particular, your address data will be passed on to the shipping company commissioned with the delivery, insofar as this is necessary to deliver the goods and to inform you about the status of your package delivery
    • in the event that there is a legal obligation for the transfer in accordance with Article 6 Paragraph 1 Sentence 1 Letter c GDPR.

    1. Cookies

    We use cookies on our site. These are small files that your browser creates automatically and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your device and do not contain viruses, Trojans or other malware.

    The cookie stores information that arises in connection with the specific end device used. However, this does not mean that we receive direct knowledge of your identity.

    On the one hand, the use of cookies serves to make the use of our offer more pleasant for you. We use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically deleted after you leave our site.

    In addition, to optimize user-friendliness, we also use temporary cookies that are stored on your device for a specific period of time. If you visit our site again to use our services, it will automatically be recognized that you have already been with us and what entries and settings you have made so that you do not have to enter them again.

    On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offering for you (see section 5). These cookies enable us to automatically recognize that you have already been with us when you visit our site again. These cookies are automatically deleted after a defined period of time.

    The data processed by cookies is necessary for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR.

    Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or that a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all functions of our website.

    1. Mailchimp

    We use Mailchimp from The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA (Mailchimp) to send our newsletter. This allows us to contact subscribers directly. We also analyze your usage behavior in order to optimize our offering. To do this, we pass on the following personal data to Mailchimp: email address, first name, last name.

    Mailchimp is the recipient of your personal data and acts as a processor for us when it comes to sending our newsletter. The processing of the data provided under this section is not required by law or contract. Without your consent and the transmission of your personal data, we cannot send a newsletter to you.

    In addition, Mailchimp collects the following personal data using cookies and other tracking methods: information about your device (IP address, device information, operating system, browser ID, information about the application you use to read your emails and other information via hardware and internet connection. In addition, usage data is collected such as the date and time when you opened the email / campaign and browser activity (e.g. which emails / websites were opened). Mailchimp needs this data to ensure the security and reliability of the Systems to ensure compliance with the terms of use and the avoidance of misuse. This corresponds to the legitimate interest of Mailchimp (according to Art. 6 Para. 1 lit. f GDPR) and serves to implement the contract (according to Art. 6 Para. 1 lit. b GDPR). Mailchimp also evaluates performance data, such as email delivery statistics and other communication data. This information is used to create usage and performance statistics for the services.

    Mailchimp additionally collects information about you from other sources. Within an unspecified period and scope, personal data is collected via social media and other third-party data providers. We have no influence on this process.

    Further information on objection and removal options against Mailchimp can be found at:

    The legal basis for this processing is your consent in accordance with Article 6 (1) (a) GDPR. You can revoke your consent to the processing of your personal data at any time. There is a corresponding link in all mailings. You can also revoke your consent using the contact options provided. Declaring your revocation will not affect the lawfulness of the processing that has taken place so far.

    Your data will be processed for as long as you have given your consent. Apart from that, these will be deleted after the contract between us and Mailchimp has ended, unless legal requirements require further storage.

    Mailchimp has implemented compliance measures for international data transfers. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, see:

    1. Analysis tools

    The tracking measures listed below and used by us are carried out on the basis of Article 6 Paragraph 1, Sentence 1 Letter f of the GDPR. With the tracking measures we use, we want to ensure a needs-based design and the ongoing optimization of our website. On the other hand, we use tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offering for you. These interests are to be viewed as legitimate within the meaning of the aforementioned provision.

    The respective data processing purposes and data categories can be found in the corresponding tracking tools.

    1. a) Google Analytics

    For the purpose of tailoring and continuously optimizing our pages, we use Google Analytics, a web analysis service from Google Inc. ( intl/de/about/) (1600 Amphitheater Parkway, Mountain View, CA 94043 , USA; hereinafter “Google”). In this context, pseudonymized usage profiles are created and cookies (see section 4) are used. The information generated by the cookie about your use of this website such as

    • Browser type/version,
      • operating system used,
      • Referrer URL (the previously visited page),
      • Host name of the accessing computer (IP address),
      • time of server request,

    are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activities and to provide other services related to website use and internet use for the purposes of market research and needs-based design of these websites. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of you. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that assignment is not possible (IP masking).

    You can prevent the installation of cookies by setting the browser software accordingly; However, we would like to point out that in this case not all functions of this website may be able to be used to their full extent.

    You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https: //

    As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent data collection by Google Analytics by clicking on this link. An opt-out cookie will be set to prevent future collection of your data when you visit this website. The opt-out cookie only applies in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will have to set the opt-out cookie again.

    Further information on data protection in connection with Google Analytics can be found in the Google Analytics help ( 6004245?hl=de).

    A notice:

    Data protection authorities require the conclusion of a data processing agreement for the permitted use of Google Analytics. A corresponding template is offered by Google at

    1. b) Google Adwords Conversion Tracking

    In order to statistically record the use of our website and evaluate it for the purpose of optimizing our website for you, we also use Google Conversion Tracking. Google Adwords sets a cookie (see section 4) on your computer if you came to our website via a Google ad.

    These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages on the Adwords customer's website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.

    Every Adwords customer receives a different cookie. Cookies cannot therefore be tracked via the websites of Adwords customers. The information collected using the conversion cookie is used to create conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that can be used to personally identify users.

    If you do not want to take part in the tracking process, you can also refuse the necessary setting of a cookie - for example by using a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain “”. Google's data protection policy on conversion tracking can be found here (

    1. c) Google reCAPTCHA

    For the purpose of protecting against misuse of our web forms and against spam by automated software (so-called bots), Google reCAPTCHA collects data (IP address, time of visit, browser information and information about your use of our website) and uses a so-called JavaScript and cookies analyze your use of our website. In addition, other cookies stored in your browser by Google services are evaluated. Personal data is not read or saved from the input fields of the respective form.

    1. Social media plug-ins

    We use social plug-ins from the social networks Facebook, Instagram and YouTube on our website based on Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR in order to make our company better known. The underlying advertising purpose is to be viewed as a legitimate interest within the meaning of the GDPR. The responsibility for data protection-compliant operation must be ensured by the respective provider. We integrate these plug-ins using the so-called two-click method in order to best protect visitors to our website.

    1. a) Facebook

    Our website uses social media plugins from Facebook to make their use more personal. For this we use the “LIKE” or “SHARE” button. This is an offer from Facebook.

    If you access a page on our website that contains such a plugin, your browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted from Facebook directly to your browser and integrated into the website.

    By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page on our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted from your browser directly to a Facebook server in the USA and stored there.

    If you are logged in to Facebook, Facebook can assign your visit to our website directly to your Facebook account. If you interact with the plugins, for example by clicking the “LIKE” or “SHARE” button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.

    Facebook can use this information for the purposes of advertising, market research and needs-based design of the Facebook pages. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. B. to evaluate your use of our website with regard to the advertisements shown to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services related to the use of Facebook.

    If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website.

    The purpose and scope of data collection and the further processing and use of the data by Facebook as well as your related rights and setting options to protect your privacy can be found in Facebook's data protection information (

    1. b) Instagram

    There are also so-called social plugins on our website

    (“Plugins”) are used by Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”).

    The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”.

    If you access a page on our website that contains such a plugin, your browser establishes a direct connection to Instagram's servers. The content of the plugin is transmitted directly to your browser by Instagram and integrated into the page. Through this integration, Instagram receives the information that your browser has accessed the corresponding page on our website, even if you do not have an Instagram profile or are not currently logged in to Instagram.

    This information (including your IP address) is transmitted from your browser directly to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can directly assign your visit to our website to your Instagram account. If you interact with the plugins, for example by clicking the “Instagram” button, this information is also transmitted directly to an Instagram server and stored there.

    The information will also be published on your Instagram account and shown to your contacts there.

    If you do not want Instagram to directly assign the data collected via our website to your Instagram account, you must log out of Instagram before visiting our website.

    Further information can be found in Instagram's data protection declaration (

    1. c) YouTube plugin

    To integrate third-party content, data (IP address, time of visit, device and browser information) is collected via the YouTube video plugin in the extended data protection mode we use, transmitted to Google and then processed by Google, only if you Play video.

    1. YouTube
      This website embeds videos from YouTube. The website is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
      We use YouTube in extended data protection mode. According to YouTube, this mode causes:
      YouTube does not store any information about visitors to this website before they watch the video. However, the extended data protection mode does not necessarily exclude the passing on of data to YouTube partners. This means that YouTube connects to the Google DoubleClick network regardless of whether you are watching a video.
      As soon as you start a YouTube video on this website, a connection to the servers of
      YouTube made. The YouTube server is informed which of our pages you have visited.

    If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
    Furthermore, after starting a video, YouTube can store various cookies on your device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can receive information about visitors to this website. This information is used, among other things, to collect video statistics, improve user experience and prevent fraud attempts.
    If necessary, further data processing operations may take place after starting a YouTube video
    are triggered, over which we have no influence.
    The use of YouTube is in the interest of an attractive presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
    Further information about data protection at YouTube can be found in their data protection declaration at

    1. Trusted Shops
      To display our Trusted Shops seal of quality and the Trusted Shops products for buyers after an order, the Trusted Shops trust badge is integrated on this website. This serves to protect our legitimate interests, which predominate in the context of a balancing of interests, in the optimal marketing of our offer (Art. 6 para. 1 sentence 1 lit. f GDPR). The Trustbadge and the services advertised with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. When you access the trust badge, the web server automatically saves a so-called server log file, which contains, for example, your IP address, date and time of retrieval, amount of data transferred and the requesting provider (access data) and documents the retrieval. This access data is not evaluated and is automatically overwritten no later than seven days after the end of your site visit. Further personal data will only be transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or have already registered for use. In this case, the contractual agreement between you and Trusted Shops applies.


    1. Rights of those affected

    You have the right:

    • in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can obtain information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a Right to complain, the origin of your data, if it was not collected by us, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information about its details;
    • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or complete personal data stored by us;
    • in accordance with Art. 17 GDPR, to request the deletion of your personal data stored by us, unless the processing is carried out to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is required;
    • in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful but you refuse its deletion and we no longer need the data but you use it to assert or exercise your rights or need to defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
    • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another person responsible;
    • In accordance with Art. 7 Para. 3 GDPR, you can revoke your consent to us at any time. This means that we are no longer allowed to continue the data processing based on this consent in the future
    • to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority at your usual place of residence or work or at our company headquarters.
      1. Right to object

      You can revoke the storage of your personal data at any time with future effect. This can be done by sending an email to . If your data was stored for the purpose-related execution of a contract, we will delete it immediately after the execution of the contract has been completed.

      1. Data security

      When visiting our website, we use the common SSL procedure (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser. This is usually 256 bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the bottom status bar of your browser.

      We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

      1. Questions about data protection
        If you have any questions about privacy, please email us at .
      1. Currentness and changes to this data protection declaration

      This data protection declaration is currently valid and is valid as of September 2022.

      Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website under the “Data protection declaration” section.

      © Attorney Michael Voltz,

      Become part of the team