Mindfulnessa

Privacy Policy

I take the protection of your personal data very seriously. I treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy. In this privacy policy, I inform you about the most important aspects of data processing within the framework of my website.

This privacy policy informs you about the type, scope and purpose of the processing of personal data within my website and the web pages, functions and content connected to it (hereinafter collectively referred to as “online offer” or “website”). The privacy policy applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) on which the online offer is executed.

The Controller

The entity responsible for processing your personal data in the sense of the  General Data Protection Regulation (GDPR) is:

http://www.mindfulnessa.com

Vanessa Keranović

Zagreb, Croatia

e-mail: vanessa@mindfulnessa.com

https://www.instagram.com/themindfulnessa/

https://www.tiktok.com/@themindfulnessa/

https://twitter.com/themindfulnessa

https://www.youtube.com/channel/UCJd6p1PmZq9QVSuorO_sZ7A

Definitions

For more information on the terms used, such as “personal data” or their “processing”, please refer to Article 4 of the General Data Protection Regulation (GDPR).

The term “users” includes all categories of data subjects. They include my business partners, customers, interested parties and other visitors to my online offer.

Processing of Personal data on the mindfulnessa.com website

The personal data of users processed within the scope of this online offer includes inventory data (e.g. names and addresses of customers), contract data (e.g. services used and payment information), usage data (e.g. the websites visited on my online offer, interest in my services ) and content data (e.g. entries in the contact or newsletter form).

The purpose of the processing includes the provision of the online offer, its functions and content, answering contact requests and communication with users, security measures and range measurement as well as marketing.

I process users’ personal data only in compliance with the relevant data protection regulations. This means that the users’ data is only processed with legal permission.

This means, in particular, if the data processing is necessary or legally required for the provision of my contractual services (for example, processing of orders) and online services, the user’s consent is given. In addition, the users’ consent is also given on the basis of my legitimate interests (for example, interest in the analysis, optimization and economic operation and security of the online offer within the meaning of Art. 6 Para. 1 lit. f. of the GDPR, in particular in measuring reach, creating profiles for advertising and marketing purposes and collecting access data and using third-party services).

I point out that the legal basis for the consents is Art. 6 para. 1 lit. a. and Art. 7 GDPR, the legal basis for the processing for the fulfilment of our services and implementation of contractual measures is Art. 6 para. 1 lit. b. GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 para. 1 lit. c. GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f. GDPR.

Security

I take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and thus to protect the data processed by me against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. The security measures include in particular the encrypted transmission of data between your browser and my server.

Transfer of data to third parties and third party providers

Data is only passed on to third parties within the framework of legal requirements. I only pass on users’ data to third parties if, for example, this is necessary for contractual purposes on the basis of Art. 6 (1) b) GDPR or on the basis of legitimate interests in accordance with Art. 6 (1) f) GDPR. GDPR in the economic and effective operation of my business.

If I use subcontractors to provide my services, I take appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal provisions.

If content, tools or other means from other providers (hereinafter collectively referred to as “third party providers”) are used within the scope of this privacy policy and their named registered office is located in a third country, it is to be assumed that a data transfer to the third party providers’ countries of domicile takes place. Third countries are countries in which the GDPR is not directly applicable law, i.e. countries outside the EU or the European Economic Area. The transfer of data to third countries takes place either if there is an adequate level of data protection, the consent of the users or otherwise a legal permission.

Contact with me

If you contact me using the form on the website or by e-mail, the data you provide will be stored for a maximum of six months for the purpose of processing your enquiry and in case of follow-up questions. Of course, I will not pass on this data without your consent. However, it is also possible to use my website without providing personal data. As far as personal data (e.g. name, address or e-mail address) is collected on my pages (e.g. newsletter or free promotional material), this is always done on a voluntary basis, as far as possible. This data will of course not be passed on to third parties without express consent.

I would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

When contacting me (via contact form or email), the user’s details are processed for the purpose of handling the contact request and its processing in accordance with Art. 6 Para. 1 lit. b) GDPR.

Collection of access data and log files

I collect data on every access to my website on the basis of my legitimate interests as defined in Art. 6 para. 1 lit. f. GDPR, I collect data on every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of seven days and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.

Cookies

This site only sets the cookies that are indispensable for the operation of this website. I do not collect statistics about website visitors.

Cookies are small text files that are placed on your device by your browser. They do not cause any damage. Cookies are used to make the website user-friendly. Some cookies remain stored on your end device until you delete them. They make it possible to recognise your browser on your next visit. If you do not wish this, you can set up your browser so that it informs you about the setting of cookies and only allows this in individual cases (for example, Firefox, Safari, Chrome, Internet Explorer). Stored cookies can be deleted in the system settings of the browser. If you deactivate cookies, the functionality of my website may be limited.

You can learn more about cookies in general on www.allaboutcookies.org  and if you wish to learn more about the cookies used on my website please read my cookie policy.

Newsletter

You have the possibility to subscribe to my newsletter via my website. For this I need your e-mail address and the declaration that you agree to receive the newsletter. The registration for the newsletter is done in a so-called double opt-in procedure. This means that you will receive an e-mail after registration in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other email addresses.

The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Changes to your stored data in the newsletter software are also logged.

You can cancel the receipt of my newsletter at any time with one click, i.e. revoke your consent. At the same time, your consent to the dispatch of the newsletter by the dispatch service provider and the statistical analyses will expire. A separate cancellation of the dispatch by the dispatch service provider or the statistical analysis is unfortunately not possible. You will find a link to cancel the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and cancelled this subscription, their personal data will be deleted.

The newsletter is sent using “MailChimp”, a newsletter sending platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The email addresses of the newsletter recipients, as well as their other data described in this notice, are stored on MailChimp’s servers in the USA. MailChimp uses this information to send and evaluate the newsletter on my behalf. Furthermore, according to its own information, MailChimp may use this data to optimise or improve its own services, e.g. for the technical optimisation of the dispatch and the presentation of the newsletters or for economic purposes to determine from which countries the recipients come. However, MailChimp does not use the data of my newsletter recipients to write to them itself or to pass it on to third parties.

The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. Within the scope of this retrieval, technical information, such as information on the browser and your system, as well as your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or the access times.

Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our intention nor that of MailChimp to observe individual users. The analyses are much more used to recognise the reading habits of the users and to adapt the content to them or to send different content according to the interests of the users.

The use of the mailing service provider, the performance of the statistical surveys and analyses as well as the logging of the registration process are based on my legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. My interest is in the use of a user-friendly and secure newsletter system that serves both my business interests and the expectations of users.

Integration of services and contents of third parties

I use content or service providers within my online offer on the basis of my legitimate interests (the interest in the analysis, optimisation and economic operation of our online offer in the sense of Art. 6 para. 1 lit. f. GDPR) to integrate content or services offered by third-party providers, such as videos or fonts (hereinafter uniformly referred to as “content”).

This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to the user’s browser. The IP address is therefore necessary for the display of this content. I endeavour to only use content whose respective providers only use the IP address to deliver the content.

Third-party providers may also use so-called “pixel tags” (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. These pixel tags can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our website, as well as being linked to such information from other sources.

Deletion of data

The data stored by me will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to retain the data. If the user’s data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for reasons of commercial or tax law.

Your rights

You have the following rights in relation to us in respect of personal data relating to you:

Right to withdraw consent

If you have given your consent to the processing of your data, you may revoke it at any time. Such a revocation affects the permissibility of processing your personal data for the future after you have expressed it.

Right to information

In the event of a request for information, you must provide sufficient details of your identity and proof that the information in question is yours. The information concerns the following information:

  • the purposes for which the personal data are processed;
  • the categories of personal data which are processed; and
  • the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  • the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage period;
  • the existence of a right to obtain the rectification or erasure of personal data concerning you, a right to obtain the restriction of processing by the controller or a right to object to such processing;
  • the existence of a right of appeal to a supervisory authority;
  • any available information on the origin of the data if the personal data is not collected from the data subject;
  • the existence of automated decision-making, including profiling, and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

Right to rectification or erasure

You have a right to rectification and/or completion if the personal data processed concerning you is inaccurate or incomplete. The controller must make the correction without delay.

In addition, you may request the erasure of the personal data concerning you if one of the following reasons applies to you:

  • the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  • you withdraw your consent on which the processing was based pursuant to your consent and there is no other legal basis for the processing.
  • you object to the processing  and there are no overriding legitimate grounds for the processing, or you object to the processing.
  • the personal data concerning you have been processed unlawfully.
  • the erasure of the personal data concerning you is necessary for compliance with a legal obligation under to which I`m subject to.
  • the personal data concerning you has been collected in relation to information society services.
  • if we have made the personal data concerning you public and we are obliged to erase it, I will take all reasonable steps to also inform other data controllers that you have requested the erasure of all links to, or copies or replications of, that personal data.
  • the right to erasure does not apply to the extent that the processing is necessary
  • for the exercise of the right to freedom of expression and information;
  • for compliance with a legal obligation which requires processing under law to which I`m subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in me;
  • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes, insofar as the right referred to is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
  • to assert, exercise or defend legal claims.

Right to restriction of processing

Under the following conditions, you may request that we restrict the processing of personal data relating to you:

  • if you dispute the accuracy of the personal data relating to you for a period of time that enables me  to verify the accuracy of your personal data;
  • the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
  • I`m no longer need the personal data for the purposes of processing, but you need them for the assertion, exercise or defence of legal claims; or
  • if you have objected to the processing and it is not yet clear whether our legitimate grounds override your grounds.

If the processing of personal data relating to you has been restricted, such data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by me before the restriction is lifted.

Right to information

If you have asserted your right to rectification, erasure or restriction of data processing against us, we are obliged to inform all recipients of your personal data of the rectification, erasure or restriction of data processing. This only applies insofar as this notification does not prove impossible or would involve a disproportionate effort.

You have the right to know which recipients have received your data.

Right to data portability

You have the right to receive your personal data from us in a common, machine-readable format in order to have it transferred to another controller if necessary, provided that

  • the processing is based on consent pursuant to your consent or on a contract and
  • the processing is carried out with the help of automated procedures.

When exercising your right to data portability, you have the right to have the personal data transferred directly from me to another controller, insofar as this is technically feasible.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in me.

Right to object to processing

Insofar as I base the processing of your personal data on a legitimate interest or on our part, you may object to the processing.

When exercising such an objection, I ask you to explain the reasons why I should not process your personal data as I have done. In the event of your justified objection, I will examine the merits of the case and either discontinue or adapt the data processing or show you my compelling legitimate grounds on the basis of which I will continue the processing.

Right to complain to the competent supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

Use of social media plug ins

This website uses so-called social media plug ins (“plug ins”) of the following social networks:

  • Twitter, which is operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.
  • Instagram, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA.
  • YouTube, which is operated by YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066 USA.

You can recognise the plug ins by the Twitter, YouTube and Instagram logos. When you visit my pages, direct connections are established between your browser and the servers of the services via the plug ins. They thereby receive the information that you have visited my site with your IP address. If you click on one of the buttons while you are logged in to one of the services, the information that you have visited my site can be assigned to your user account with the respective service. If you are a member of one of these services and do not want the service providers to collect data about you via my website and link it to your membership data, you must log out of the respective services before visiting my website. I would like to point out that I , as the provider of this website, do not have any knowledge of the content of the transmitted data or its use by the individual services. For more information on which data is collected by the respective services when the social plug ins are called up and how this data is used, please refer to the data protection provisions of the individual service providers.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content and enquiries that you send to me as the website operator, this website uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

Automated decision-making

I do not use automated decision-making or profiling.

Do Not Track

Do Not Track is a privacy preference you can set in most browsers. I support Do Not Track because I believe that you should have genuine control over how your info gets used and my website responds to Do Not Track requests.

Do Not Sell My Personal Information

I do not sell information that directly identifies you, like your name, address or phone records.

Accuracy

It is important that the data I hold about you is accurate and current, therefore please keep me informed of any changes to your personal data.

External Links

My website contains links to the online offers of other providers. I hereby point out that I have no influence on the content of the linked online offers and the compliance with data protection regulations by their providers.

Changes to the privacy policy

I reserve the right to change the privacy policy in order to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this only applies to declarations regarding data processing. If the consent of the users is required or parts of the privacy policy contain regulations of the contractual relationship with the users, the changes will only be made with the consent of the users.

Users are requested to inform themselves regularly about the content of the privacy policy.