Mavie Work

Privacy Policy

Last updated: March 2026

1. Data Controller

Mavie Work Deutschland GmbH Managing Director: Michael Theodossiou [Address to be inserted] Email: hello@mavie.work Phone: [Phone number to be inserted]

2. Principles of Data Processing

We take the protection of your personal data seriously. This privacy policy informs you about the nature, scope, and purpose of the processing of personal data on our booking platform.

We process your data exclusively on the basis of statutory provisions (GDPR, German Telecommunications Act, Federal Data Protection Act). Your data is used only for the purposes described here and is not shared with third parties — unless this is necessary for the fulfilment of our service or required by law.

3. Data Collected

3.1 When Booking a Corporate Health Day

We collect the following data:

Company data:

  • Company name
  • Contact person (name, email, phone)
  • Billing address
  • VAT ID (if applicable)

Event data:

  • Preferred date
  • Number of participants
  • Location / address of the event
  • Special requirements (optional)

Payment data:

  • For payment by invoice: no additional data
  • For payment by credit card: payment information is processed via our payment provider Stripe (see 4.2)

3.2 When Participating in the Health Check (Fit15)

Employees participating in the lifestyle check provide the following data:

Health data:

  • Body composition (InBody measurement)
  • Blood pressure, blood sugar
  • Lifestyle questionnaire (movement, nutrition, sleep, stress)

Important: Health data is not accessible to the employer. It is used exclusively to:

  • Provide the participant with their personal results (by email)
  • Produce anonymised, aggregated analyses for the company (e.g. "Average participation rate: 68%")

Individual health data is never transmitted to the employer.

4. Purpose of Data Processing

4.1 Booking Management

We process your data to carry out and administer your booking:

  • Scheduling
  • Communication before, during, and after the event
  • Invoicing

Legal basis: Art. 6 para. 1 lit. b GDPR (performance of a contract)

4.2 Payment Processing

Payments are processed via Stripe (Stripe Payments Europe Ltd., Ireland). Stripe is a certified payment provider and processes your payment data in compliance with the GDPR.

We do not store full credit card details.

Legal basis: Art. 6 para. 1 lit. b GDPR (performance of a contract)

4.3 Processing of Health Data

Health data is processed exclusively for the purpose of health analysis and consultation.

Legal basis: Art. 9 para. 2 lit. a GDPR (explicit consent of the participant)

Each participant explicitly consents to the processing of their health data before check-in. Consent may be withdrawn at any time.

5. Data Storage and Security

5.1 Storage Location

All data is stored on EU servers:

  • Supabase (EU hosting): booking data, health data
  • Stripe (Ireland): payment data

There is no transfer to third countries outside the EU/EEA.

5.2 Retention Periods

  • Booking data: 10 years (statutory retention obligation pursuant to § 147 of the German Fiscal Code)
  • Health data: 2 years after the last check (then deleted), unless otherwise requested by the participant
  • Payment data (at Stripe): in accordance with Stripe's privacy policy

5.3 Security Measures

We implement technical and organisational measures to protect your data:

  • SSL encryption (entire website)
  • Encrypted data storage (Supabase)
  • Access restrictions (authorised staff only)
  • Regular backups (daily)

6. Cookies

Our website uses only technically necessary cookies:

  • Session cookie (for the booking process)
  • Login cookie (if a user account is created)

We do not use:

  • Marketing cookies
  • Tracking cookies (Google Analytics, Facebook Pixel, etc.)
  • Third-party cookies

You can disable cookies in your browser settings. However, this may limit the functionality of the website.

7. Data Sharing

We do not share your data with third parties, except:

7.1 Necessary for Service Provision

  • Stripe: payment processing
  • Supabase: hosting and data storage
  • Email provider: sending booking confirmations and health results

7.2 Legal Obligation

In rare cases, we may be required to disclose data to authorities (e.g. in the case of court orders).

8. Your Rights

You have the following rights at any time:

8.1 Right of Access (Art. 15 GDPR)

You may request information about the personal data we process about you.

8.2 Right to Rectification (Art. 16 GDPR)

You may request the correction of inaccurate data.

8.3 Right to Erasure (Art. 17 GDPR)

You may request the deletion of your data, provided there are no statutory retention obligations.

8.4 Right to Restriction of Processing (Art. 18 GDPR)

You may request the restriction of the processing of your data.

8.5 Right to Data Portability (Art. 20 GDPR)

You may receive your data in a structured, machine-readable format.

8.6 Right to Object (Art. 21 GDPR)

You may object to the processing of your data.

8.7 Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority (e.g. the Berlin Commissioner for Data Protection and Freedom of Information).

Contact for data protection enquiries: Email: datenschutz@mavie.work

9. Changes to this Privacy Policy

We reserve the right to update this privacy policy to reflect changes in our practices or legal requirements. The current version is always available on our website.

Version date: March 2026

If you have any questions regarding data protection, please contact us at datenschutz@mavie.work.