Privacy Policy

Last updated: 2 March 2026

This Privacy Policy informs you about the nature, scope, and purposes of the processing of personal data when visiting our website tutti-studios.com.

1. Controller

Vitality Fitness Group GmbH
Perlacher Str. 66
82031 Grünwald
Germany

Commercial Register: HRB 300194, Munich
Managing Directors: Nicholas Peisch, Constantin Greinacher
Email: info@tutti-studios.com
Phone: 015231379742

2. General Information on Data Processing

Personal data means any information relating to an identified or identifiable natural person. We process personal data exclusively in accordance with the applicable data protection laws, in particular the General Data Protection Regulation (GDPR).

Processing is carried out in particular on the following legal bases:

  • Article 6(1)(a) GDPR, where you have given us your consent

  • Article 6(1)(b) GDPR, where processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract

  • Article 6(1)(c) GDPR, where processing is necessary for compliance with a legal obligation

  • Article 6(1)(f) GDPR, where processing is necessary for the purposes of our legitimate interests

3. Hosting and Provision of the Website

Our website is provided and hosted via Squarespace. When you access the website, technically necessary data is processed in order to deliver the website and ensure the security and stability of the service. This may include in particular:

  • IP address

  • Date and time of access

  • Browser type and browser version

  • Operating system used

  • Referrer URL

  • Accessed pages and files

  • Access status / HTTP status code

The processing is carried out for the purpose of the technically secure provision of the website on the basis of our legitimate interest pursuant to Article 6(1)(f) GDPR.

Squarespace provides a Data Processing Addendum (DPA) for its services and states that, in connection with the provision of its services, international data transfers may occur, in particular to the United States. Squarespace refers to appropriate data protection mechanisms for this purpose, including the EU-U.S. Data Privacy Framework and, where required, standard contractual clauses.

We store personal data in this context only for as long as necessary for the purposes described above or where statutory retention obligations apply. Where no fixed retention periods can be specified, the retention period depends on the criteria of necessity, security, and statutory retention obligations.

4. Cookies and Similar Technologies

Our website uses cookies and similar technologies. These include, in part, technically necessary technologies that are required for the operation and security of the website, and, in part, optional technologies, in particular for analytics purposes.

Technically necessary cookies and similar technologies are used on the basis of the applicable legal provisions and our legitimate interests in the secure and functional operation of the website. Optional cookies and tracking technologies are used only with your consent.

You may withdraw or adjust your consent at any time with effect for the future via the cookie banner or cookie settings integrated on the website.

5. Contact by Email, Telephone, or Contact Form

If you contact us, we process the personal data you provide to us, in particular:

  • Name

  • Email address

  • Telephone number

  • Content of your message

  • Time of contact

The processing is carried out for the purpose of handling your inquiry and further communication with you.

The legal basis is:

  • Article 6(1)(b) GDPR, insofar as your inquiry is related to the conclusion or performance of a contract, or

  • Article 6(1)(f) GDPR, insofar as the processing is based on our legitimate interest in handling inquiries and communicating with prospective customers and clients

We store this data only for as long as necessary to process your inquiry. If statutory retention obligations apply, the data will be stored for the period required by law.

6. Contact Form via Squarespace

If you use the contact form provided on our website, the data you enter will be processed through Squarespace’s infrastructure.

The processing is carried out for the purpose of handling your inquiry on the basis of Article 6(1)(b) GDPR or Article 6(1)(f) GDPR.

Squarespace states that personal data may also be processed outside the European Union in connection with its services and that appropriate data protection mechanisms are in place for such transfers.

7. Use of Google Analytics

Where you have given your consent, we use Google Analytics, a web analytics service provided by Google, on our website. Google Analytics helps us to statistically analyze the use of our website and improve our online offering.

In particular, the following data may be processed:

  • truncated or technical IP-related information

  • device and browser information

  • usage data

  • interactions with the website

  • page views, time spent on pages, and conversion data

  • online identifiers and cookie information

Google Analytics is used only on the basis of your consent pursuant to Article 6(1)(a) GDPR. Without your consent, Google Analytics will not be activated.

According to Google, for data collection from users in the EU, IP addresses are processed via domains and servers located in the EU and are not logged or stored in Google Analytics. Google also states that it provides regional data protection controls for European users.

To the extent that personal data is transferred to the United States in connection with Google Analytics, such transfer takes place in accordance with the data protection mechanisms provided by Google.

You may withdraw your consent at any time with effect for the future via the cookie settings.

8. Recipients of Data

We transfer personal data to third parties only where this is legally permitted. Recipients may include in particular:

  • technical service providers for hosting and website operation

  • communication service providers

  • analytics service providers

Where we use external service providers, this is done in accordance with applicable data protection requirements, in particular on the basis of a data processing agreement where required.

9. Transfers to Third Countries

In the context of using Squarespace and Google Analytics, it cannot be ruled out that personal data may be transferred to recipients in countries outside the European Union or the European Economic Area, in particular the United States.

Such transfers are carried out only in compliance with the legal requirements, in particular on the basis of an adequacy decision or appropriate safeguards such as standard contractual clauses.

10. Retention Period

We store personal data only for as long as necessary for the respective processing purposes. After that, the data will be deleted unless statutory retention obligations prevent deletion.

Where no specific retention period is stated in this Privacy Policy, the storage period depends on:

  • the respective processing purpose

  • statutory retention obligations

  • the need for legal defense

  • technical and organizational security requirements

11. Your Rights

Under the GDPR, you have in particular the following rights:

  • right of access pursuant to Article 15 GDPR

  • right to rectification pursuant to Article 16 GDPR

  • right to erasure pursuant to Article 17 GDPR

  • right to restriction of processing pursuant to Article 18 GDPR

  • right to data portability pursuant to Article 20 GDPR

  • right to object pursuant to Article 21 GDPR

  • right to withdraw consent at any time with effect for the future pursuant to Article 7(3) GDPR

To exercise your rights, you may contact us at any time at info@tutti-studios.com.

12. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.

For non-public bodies in Bavaria, the competent supervisory authority is the:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

13. Data Security

We take appropriate technical and organizational measures to protect your personal data against loss, misuse, unauthorized access, or other unlawful processing.

14. Updates to This Privacy Policy

We reserve the right to amend this Privacy Policy where necessary due to legal, technical, or organizational changes. The version published on our website from time to time shall apply.