1. Data controller

Dilara Loistl
Rainackerweg 8
80939 München
Email: dilara@moonletmethod.de

2. Collection of personal data

When you book a class, we collect: first name, last name, email address, optional phone number. Legal basis: Art. 6 (1) lit. b GDPR (contract performance).

When you use the contact form, we collect: name, email address, message. Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in answering your inquiry).

3. Payment processing

Online payments: Payments are processed via Stripe (Stripe Payments Europe, Ltd., Dublin, Ireland). Stripe processes your payment data (credit card data, SEPA) in its own name. Your payment data is not stored on our servers.

Card payment on site (POS): On-site payments via debit card, credit card or contactless are also processed via Stripe (Stripe Terminal). Your card data is processed exclusively by the card reader and transmitted directly to Stripe — neither we nor the platform have access to your card number. After payment, a receipt can be sent to you by email upon request.

Stripe privacy policy: stripe.com/privacy

4. AI-powered chat

This website may offer an AI-powered chat assistant that answers your questions about classes, prices and bookings. The chat runs entirely locally on the platform operator's server in Germany (no OpenAI, no ChatGPT, no cloud AI). Your questions are not stored in plain text — only an anonymized hash is briefly logged for security purposes. No data is shared with third parties.

5. Video embedding

This website may embed videos from YouTube (Google Ireland Ltd.) and Vimeo (Vimeo Inc.). When you play a video, data is transmitted to the respective provider. YouTube: policies.google.com/privacy. Vimeo: vimeo.com/privacy. We use the extended privacy mode (youtube-nocookie.com) and Do-Not-Track (Vimeo dnt=1).

6. Hosting and platform

This website is operated via the Booklera platform (MomentumMind, Munich) and hosted by Hetzner Online GmbH (Germany). All data is stored exclusively in Germany. A data processing agreement (DPA) with the platform provider is in place.

7. Cookies

This website uses cookies in two categories:

Technically necessary cookies (set without consent based on § 25 (2) No. 2 TTDSG):

• bl_session — Login session (after login)
• bl_csrf — CSRF protection (after login)
• bl_force_lang_* — Language preference (when manually changed)
• bl_cookie_consent — Stores your cookie choice itself (1 year)

Cookies requiring consent:

• __stripe_mid, __stripe_sid (Stripe Payments Europe Ltd., Dublin) — Set only when you start an online payment and only with your active consent. Without this consent online payment is not available; you can still pay on-site.

You can review and change your cookie choice at any time on the Cookie Settings page. Your consent is logged with timestamp, IP address and user agent for GDPR audit purposes (Art. 7 GDPR) and stored for 3 years.

No tracking cookies, analytics or marketing cookies are used.

8. Your rights

You have the right to information (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and objection (Art. 21). Contact: dilara@moonletmethod.de

9. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your data violates the GDPR.