Below, I explain how I comply with the General Data Protection Regulation (hereafter ”GDPR”). If you are here on this page it means you are one of the few who is interested, so I will do my best make it an easy read for you! The GDPR states that all this has to be “concise, transparent, intelligible and easily accessible” so crisp and clear is what I am aiming for.
As an EU Citizen and your data controller, I feel responsible for your personal data. Therefore, please call me or drop me a note if you have further questions about any of the services I use or on what I do with your data, in case my explanations in the below are not as crisp and clear as I had intended or if you would like to receive a copy of what data I have on you.
To be transparent, I hereby inform you of your legal rights under GDPR rules.
You have the right to request me a copy of your personal data and you also have the right to request the deletion of your personal data.
You have the right to get incorrect info about you corrected and you have the right to revoke your consent.
I will happily support you with any of these rights.
By providing me with your data, you assert that you are over 18 years old. If you are younger, please ask your mum or dad to connect with me for any services.
I collect and store just a couple of data points to provide you with the services I would like you to buy from me or that I provide for free. I process the following, depending on what type of client you are:
• Client Data:
If you are buying from me, I collect your name, billing address, e-mail address, phone number, contact details, and your card details. Online payments, usually via Stripe on my website, are conducted in accordance with Payment Card Industry data security standards and your billing info is encrypted. Payment processors use the billing info for fraud protection. Your browser communicates directly to these payment processors – I do not see nor store your credit card details or Permanent Account Number. Stripe is GDPR compliant. Other than that, e.g. in case of a bank transfer, I process your data to supply you the services you bought and to keep records of such transactions.
If you still have a session paid but not used, I will keep that session as outstanding on my records. This lays out the contract between you and me at your request to enter into such a contract.
Keeping track of my client’s payments is necessary on basis of tax and accounting laws. I will only retain your payment data to fulfill its purpose of satisfying any legal, accounting, or reporting requirements.
• Tech and User Data:
Your IP address, browser details, page views, length of visit to websites, the times you use a website, country and time zone settings, the devices you use are tracked, anonymously.
I do use Google Analytics from time to time, to see how my content and website is doing. I would like to make sure that I understand what matters to my audience so I can do more of that. For your comfort: all I can see is that a person or people interacted with my sites in a particular way.
Also, I administer and protect my sites against spam, using the services of third party providers, like Captcha software. I fear this is unavoidable and legit, a necessity to sustainably and properly run my websites and business.
There are content sharing buttons on some of my communications, and if you use them, this is tracked via the tool provider, e.g. UpViral. That’s really it.
If I am not collecting data about you by you providing the data directly to me, e.g. by filling in forms or by sending e-mails, I may automatically collect certain data from you as you use my websites through cookies and similar technologies. I receive data from third party search info or analytics providers such as Google, networks such as Facebook and Instagram, and providers of technical, payment and delivery services, data brokers or aggregators, such as Stripe and UpViral. Some of them are based outside the EU.
My websites may include links to third-party websites, plug-ins and applications. When you click those links or enable those connections, you may allow third parties to collect data about you. I do not control these third-parties and cannot be held responsible for their privacy policies.
If you are signed up or bought anything on my site – newsletter, freebies, paid workshop, fully paid, discounted or free of charge 1:1, anything – your name and e-mail address made its way to Mailchimp, which is the system I use to manage newsletters and e-mails. Your name and e-mail address are stored securely in Mailchimp. They are GDPR compliant. Mailchimp automatically tracks stuff so if you click on a link I know. If you open an e-mail or if you ignore me I know as well. Well, not by person, it is anonymous.
You can unsubscribe from my e-mails at any time by hitting the unsubscribe button.
If you sign up for a course or a workshop, you will have to pay either via Stripe of via a bank account. I will send you e-mails about the course or workshop. The frequency depends. You can unsubscribe but you will miss important stuff about the course or workshop.
If you opt out of receiving communications this opt-out does not apply to administrative data provided as a result of purchases, orders etc. since there are accounting and tax laws I need to comply with.
If we do on-line coaching sessions, these will take place via Zoom or Skype who may require you to enter your data. Again, not providing your data may lead you to miss the call with me.
4. Data Security
I apply security measure to prevent your data from getting lost, altered or disclosed, used or accessed in an unauthorized way.
If there is any suspected personal data breach affecting my own hardware or software, I will notify you immediately.
Where there is a data breach with my tech providers, like Zoom, Mailchimp or UpViral, I will inform you as well.
For data breaches on social networks (Facebook gets a special mention here), I count on you to follow the news yourself and take action as you see fit.
I may have to share my e-mail list or detailed data in the following cases:
• Government bodies or tax auditors in case they require me to provide detailed reports on my activities.
• IT and system administration service providers or (customer support) assistants who help me with my website or business.
• Professional advisers like lawyers, auditors or insurers in case of payment or legal issues.
If this happens I will require that they respect the security of your personal data and treat it in accordance with the law, not utilizing this beyond the purpose of the contract or audit. I will only allow them to use the data for specified purposes, only when they really need to know them, and only as agreed for the task at hand, through use of a confidentiality clause.
6. Upcoming changes
GDPR is new and new guidance is still being published. Thus, there may be changes to my policy in the coming months. Please come back to check.
InterVitalize commits to the Code of Ethics from Phoenix Educations.
Please contact InterVitalize for more information on ethics policy, T&C’s and privacy statements.