Mimosa← Back to home

Legal

Privacy Policy

Last updated: May 14, 2026

This Privacy Policy explains what personal data we collect when you use Mimosa Booking, why we collect it, and what rights you have.

1. Data controller

The data controller for personal data processed via Mimosa Booking is Mimosa Management, a Berlin-based studio building and operating booking systems, marketplaces, and community platforms, and the operator of this platform.

Operator and contact:
Mimosa Management, Berlin, Germany
General: hello@mimosa-management.com
Legal & privacy: legal@mimosa-management.com
Web: www.mimosa-management.com
Full company details are listed on our Imprint.

2. Data we collect

  • Account data: name, email, role (Artist / Promoter / Venue), password hash, and authentication provider (e.g. Google).
  • Profile data: information you add during onboarding — bio, location, genres, capacity, links, photos.
  • Activity data: tour threads, messages, bookings, and preferences.
  • Technical data: IP address, device, browser, and approximate location for security and abuse prevention.
  • Diagnostic logs: we log auth events (e.g. email verification attempts) with a per-session correlation ID to debug issues.

3. Why we process your data

  • To provide the service (Article 6(1)(b) GDPR — contract).
  • To keep the platform secure (Article 6(1)(f) — legitimate interests).
  • To send essential service emails (account, verification, security).
  • With your consent, for optional analytics or marketing (Article 6(1)(a)).

4. Sharing

We share data only with:

  • Other users, where you choose to make your profile or activity visible.
  • Service providers (hosting, email delivery, authentication) under data processing agreements.
  • Authorities, where required by law.

5. International transfers

Some providers may process data outside the EEA. In those cases we rely on Standard Contractual Clauses or other valid GDPR transfer mechanisms.

6. Retention

We keep account data for as long as your account is active. After deletion, residual data may be retained for up to 90 days in backups, or longer where required by law.

7. Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you.
  • Request correction or deletion.
  • Restrict or object to processing.
  • Receive your data in a portable format.
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with your local data protection authority.

8. Security

We use industry-standard measures including encrypted transport (TLS), hashed passwords, and role-based access control. No system is perfectly secure — please use a strong password and report suspected incidents to us promptly.

9. Cookies

We use a limited set of cookies and similar technologies. See the Cookie Policy for details.

10. Changes

We may update this Policy. Material changes will be highlighted in the platform before they take effect.

11. Complaints & dispute resolution

If you have a concern about how we handle your data, please contact us first at legal@mimosa-management.com so we can try to resolve it directly. You also have the right to lodge a complaint with your local data protection authority. The European Commission provides a platform for online dispute resolution (ODR) at https://ec.europa.eu/consumers/odr. In accordance with § 36 VSBG, Mimosa Management is not obligated and not willing to participate in dispute resolution proceedings before a consumer arbitration board.

Questions?

Reach the team at legal@mimosa-booking.com. For data requests, see the Privacy Policy.