Privacy Policy

1. Data controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

HareemIT

Mühlenkamp 16a, 23795 Bad Segeberg

Email: kontakt@hareemit.de

Phone: +49 1512 711 326 0

2. General information on data processing

We generally process the personal data of our users only to the extent necessary to provide a functioning website and our content and services (digital waiting-room management). Processing regularly takes place only with the consent of the data subject (Art. 6(1)(a) GDPR), for the performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR), to comply with legal obligations (Art. 6(1)(c) GDPR), or on the basis of legitimate interests (Art. 6(1)(f) GDPR).

3. Provision of the website (server log files)

We operate our website on a virtual server (VPS) provided by 1&1 IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, Germany. When you access our website, our hosting provider automatically collects data and information in so-called server log files (including IP address, date and time of the request, page accessed, browser type, operating system used, referrer URL). The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the technical provision and security of the website). We have entered into a data processing agreement with IONOS in accordance with Art. 28 GDPR.

4. Registration, account and bookings

The creation of a user account is required to use certain functions (e.g. managing waiting rooms, bookings, staff and role management). In doing so, we process the data you provide (including name, email address, password as a hash, and, if applicable, address and contact details of the waiting room) to establish, design and modify the user relationship (Art. 6(1)(b) GDPR). When participating in a waiting room as a guest, we process the information necessary to organise the queue (e.g. name, phone number, chosen position).

5. Resetting your password

If you reset your password, we send a time-limited, signed link (valid for several hours) to the email address on file, which can be used to set a new password. The legal basis is Art. 6(1)(b) GDPR (performance of the user agreement) and/or Art. 6(1)(f) GDPR (protecting the account from unauthorised access).

6. Contact form and email contact

If you send us enquiries via the contact form or by email, your details (name, email address, message text) will be stored by us in order to process the enquiry and in case of follow-up questions. The legal basis is Art. 6(1)(b) GDPR and/or Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries). System and transactional emails (e.g. registration confirmation, password reset, reminders) are also sent via 1&1 IONOS SE (see section 3 regarding the data processing agreement in place there).

7. Payment processing via PayPal

When paying for chargeable services, we offer payment via the provider PayPal (PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg). As part of payment processing, we transmit the data required for this purpose (e.g. name, billing address, payment amount) to PayPal. Processing takes place for the performance of the contract (Art. 6(1)(b) GDPR). Data may be transferred to third countries (including the USA); PayPal has put in place suitable safeguards for this (e.g. EU standard contractual clauses). Further information can be found in PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

8. Invoicing via Lexoffice

We use the Lexoffice service provided by Lexware GmbH & Co. KG to create and manage invoices. In doing so, the data required for invoicing (e.g. name, address, service billed, amount) is processed. The legal basis is Art. 6(1)(c) GDPR (compliance with retention obligations under commercial and tax law) in conjunction with Art. 6(1)(b) GDPR. We have entered into the data processing agreement required under Art. 28 GDPR with Lexware.

9. WhatsApp integration (Meta Cloud API)

If a provider activates the optional WhatsApp integration, guests can communicate with the respective waiting room via WhatsApp or join the queue. In doing so, phone number and message text are processed via the Meta Cloud API (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland). Data may be transferred to third countries (including the USA). The legal basis is Art. 6(1)(b) GDPR (performance of the user agreement between guest and provider) and/or Art. 6(1)(f) GDPR. Further information: https://www.whatsapp.com/legal/privacy-policy.

10. Cookies and session management

We use technically necessary cookies to manage logged-in sessions across multiple server instances (session cookie, stored in our database, valid for a maximum of 60 minutes of inactivity). These cookies are strictly necessary for the operation of the website; consent is not required for this under Section 25(2) TTDSG. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in providing a secure and functioning website).

11. Web analysis with Google Analytics (with consent only)

If you have given your consent via our cookie banner, we use Google Analytics 4, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies or comparable technologies that allow an analysis of how you use our website (e.g. pages visited, time spent, visitor origin). The information generated in this way is generally transmitted to and stored on a Google server in the USA; we have activated IP anonymisation. The legal basis is your consent (Art. 6(1)(a) GDPR, Section 25(1) TTDSG). You can withdraw your consent at any time with effect for the future by deleting the local storage entry wr-cookie-consent from your browser and reloading the page, whereupon the cookie banner will appear again. Further information on data processing by Google can be found at: https://policies.google.com/privacy.

12. Storage period

We store personal data only for as long as is necessary for the respective processing purposes, or as long as required by statutory retention periods (e.g. requirements under commercial and tax law, generally 6–10 years for invoicing and booking documents). The data is then deleted or anonymised, provided there are no legitimate reasons for further storage.

13. Your rights as a data subject

Subject to the statutory requirements, you have the following rights:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing (Art. 21 GDPR)
• Right to withdraw consent given, with effect for the future (Art. 7(3) GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise your rights, please contact us using the contact details given in the "Data controller" section. You also have the right to lodge a complaint with the supervisory authority responsible for us:

Independent Centre for Privacy Protection Schleswig-Holstein (ULD)

Holstenstraße 98, 24103 Kiel

https://www.datenschutzzentrum.de

14. Data security

We use the widely used TLS/SSL encryption method during your visit to the website. In addition, we employ suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorised access by third parties.

15. Currency and amendment of this privacy policy

This privacy policy is currently valid. As we further develop our website and services, or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy.

Last updated: 07.06.2026.