PRIVACY NOTICE FOR REIKI FOR BIRTH WORKERS
Effective Date: 6th August 2020
Mitra Sessions, a sole proprietor, (“Mitra,” “we”, “us” and “our”) is committed to respecting the privacy and security of personal information. This Privacy Notice (the “Notice”) explains how we collect, use and disclose personal information as well as the choices you have associated with that information. For the purposes of this Privacy Notice, Mitra is the data controller of the personal information collected and/or received.
By accessing and/or using the Services (as defined below), you signify that you have received and read this Notice. We may update this Notice from time to time as described in the Changes to this Notice Section below.
2. Personal Information We Collect and How We Collect It
3. Legal Bases for Processing
4. How We Use Information
5. Automated Decision Making and Profiling
6. How We Share Information
7. How We Protect Information
8. Data Retention
9. Information From Minors
10. Third-Party Websites
11. Payment Processing
12. Your Choices
13. European Privacy Rights
14. International Data Transfers
15. Advertising and Tracking
16. Do Not Track Preferences
17. California Privacy Rights
18. Changes to This Notice
19. Contact Us[EP1]
This Notice applies to all personal information that Mitra collects or receives, uses, or shares when you:
· access or use our website available at https://www.reikiforbirthworkers.com or any other website where this Notice is posted (collectively, the “Site”);
· register for and/or attend an event, training, class, or other offering provided by Mitra, such as a webinar or group class;
· purchase any product through the Site;
· sign up for a session and/or attend a session with Mitra;
· communicate or interact with us through any written, electronic or oral communications;
· interact with us through our social media pages, such as on Instagram or Facebook; or
· access or use any other service, feature, or content of Mitra Sessions that links to this Notice.
Throughout this Notice, we refer to all of the above together as Mitra’s “Services.”
2. PERSONAL INFORMATION WE COLLECT AND HOW WE COLLECT IT
As used in this Notice, “personal information” means any information about or relating to an individual natural person that directly or indirectly identifies that person.
This Notice also describes practices in relation to information that we collect or receive that does not identify you. While this information is not personal information for purposes of this Notice, we will treat it as personal information to the extent we link it to personal information about you.
We collect the following personal information in connection with the Services:
a. Information That You Provide to Us Directly
We collect personal information that you provide to us directly when you access or use the Services. The information we collect depends on the type of Services you access or use and may include the following:
· Website: When you access or use our Site, you may provide us with information if you submit a form or inquiry to us. The information we collect may include your name, email address, phone number, and any additional message you choose to provide. In most cases when you visit the Site, you will not provide any information to us directly, in which case the only data that we collect is indirect information, as explained below.
· Download content: When you download any content provided on our site, free or paid, we will ask you to provide your contact information, which may include your name and email address. We will also add your contact information to our mailing list.
· Newsletters and other communications: If you sign up to receive our newsletters or other email communications, such as marketing emails announcing new or additional offerings, we will collect your name and email address.
· Schedule a session with Mitra: When you schedule a session with Mitra, we and/or our third-party service providers on our behalf, collect information such as your name and contact details, including your phone number, email address, and home address. We also collect additional information to help facilitate your sessions, if you choose to provide it. This information may include how you heard about Mitra, your concerns and reasons for scheduling a session, your intentions and goals for your session, other methods of healing you’ve tried, and any sensitivities. Some of the information you choose to provide may include sensitive health information.
· Have a session with Mitra: In addition to the information collected when you schedule your session, we may ask you for additional information at the time of your session to help facilitate your session and provide you with a personalized experience. Before and during your session, you may choose to provide information about any concerns you may have, goals for your session, or specific requests regarding the session.
· Emergency contact: If you have a session with Mitra, we may also ask you to provide information about another person who you would like to use as your emergency contact. This information may include your emergency contact’s name, phone number, address, and email address. We will only use this information if necessary in the event of an emergency.
· Sign up for and/or attend a class, training, or other event: When you sign up for and/or attend a class, training or event, we collect information such as your name and contact information (email, phone number, address), and the Service offering you signed up for. When you attend an online class, training or event, we may also collect video and/or audio recordings of the attendees.
· Pay for Service or product: When you sign up for a fee-based class, training or event, or if you purchase a product through the Site, we will also collect your payment information through our third-party payment service providers. Please see the “Payment Processing” section below for more information on how we handle payment for our Services.
· Communications and feedback: When you communicate with us, such as by sending us an email or text message or by messaging us on social media, we collect information such as your name, email address, phone number and the content of your communication, which may include your questions, comments, or feedback. You may also choose to submit testimonials to us. We will obtain your consent if we choose to publicly post any testimonials we receive in a way that would be identifiable to you, such as by using your first and last name.
b. Information Collected Indirectly
We automatically collect information about any computer or device you use to access the Services and your activity when you use the Services. Depending on your activity, the information we collect may include:
Cookies and Other Tracking Technologies. We and/or our authorized third-party service providers or agents collect certain information by automated means using cookies and other tracking technologies. The information we collect in this manner enables us to better understand the pages or content you view, your searches, traffic patterns, to secure and maintain our Services, and to optimize user experience. For more information on our use of these technologies, including information on how to opt out, please see our Cookie Notice available at [insert link when available] .
Device and Usage Data. We may record information about your device and usage of the Services automatically. We collect log file information each time you access the Services. This may include information such as your web request, IP address, browser type, unique device identifiers, information about your device, referring / exit pages and URLs, number of clicks and how you interact with the Services and links on the Services, domain names, landing pages, pages viewed and other similar information. When you access the Services with a mobile device, we may collect and store a unique identifier associated with your device (including, for example, a UDID, Unique ID for Advertisers (“IDFA”), Google Ad ID, or Windows Advertising ID), mobile carrier, device type, model and manufacturer, mobile device operating system brand and model and phone number.
c. Information Received From Third Parties
We receive information from the following types of third parties:
Service Providers. We receive information from third parties who help us provide and manage our Services. For example, we receive booking information including session time and type from our third-party online scheduling system, transaction confirmations from our payment processors, and email preferences information from our email marketing vendors.
Partners. From time to time, we may partner with third-parties to provide offerings or we may make offerings available through a third-party forum, event, or service. For example, we may partner with another healer to provide a workshop or class, or we may offer a workshop as part of a larger forum, conference, or group event. In these cases, we may receive personal information such as contact information and/or event registration details from our partners.
Third-Party Tracking and Online Advertising. We receive information from the third parties who provide some of the cookies and tracking technologies we use as part of our Services. Please see our Cookie Notice, available at [insert link] to learn more about the data collected through these third-party technologies.
d. Sensitive Personal Information
In some cases, the information you choose to provide to us may include sensitive information, such as sensitive health information, including past or present medical conditions. You may also choose to provide sensitive information related to your racial or ethnic background, your gender identity (such as LGBT+), or your religion, to the extent that it may impact your session and you would like to make us aware of the information. In some cases, we may ask for or collect this information related to offerings we provide that are designed uniquely to support individuals of particular racial, gender identity, or other unique sensitive personal attributes. The amount and type of sensitive information you choose to provide is up to you and is voluntary. As required under applicable law, we will obtain your consent prior to collecting such sensitive personal information.
e. Choosing Not to Provide Personal Information
You may choose not to provide information directly to us or to not use the Services. However, some personal information is necessary so that we can provide you with the Services you have requested. Failure or refusal to provide this information may prevent us from providing you with access to our Services.
3. LEGAL BASES FOR PROCESSING
We rely on the following legal bases for collecting, using, sharing, and otherwise processing personal information:
· Consent. In some cases, we process personal information based on your consent. For example, where applicable and as legally required, we will process sensitive personal information based on consent.
· Performance of a contract. We process personal information to enter into a contract with you and to perform our contract with you once we’ve entered into a contract. For example, when you sign up for a session or register for a class, we will collect and use personal information to provide those Services.
· Legitimate interests. We process personal information for our legitimate interests to manage our business operations, protect, improve, and enhance our Services, develop new products and Services, personalize your experience when accessing and using our Services, and market and promote our Services.
· Compliance with Laws. Where necessary, we process personal information to comply with applicable laws and legal obligations. For example, we may process personal information to comply with a subpoena, court order, or binding law enforcement request.
4. HOW WE USE INFORMATION
We collect, use, process, combine, retain and store personal information that we collect or receive for the following purposes:
Provide the Services. To provide and operate the Services, such as scheduling and holding sessions with you, providing you with trainings and classes, and enabling the Site to function;
Improve and Protect the Services. To maintain, analyze, secure and improve the Services, such as to detect and prevent fraud, abuse, or security risks, and to track outages and troubleshoot;
Enhanced and New Services. To enhance the Services and develop new features, functionality, products and services;
Business Purposes. For our internal business operations activities, such as to manage and maintain client history and accounts and to better understand our client’s needs and interests;
Payment Processing. To process your payment;
Communications. To communicate with you and respond to your requests, such as to respond to your questions, provide you with requested documentation and contact you about changes to the Services ;
Marketing and Advertising. For our marketing and advertising purposes, such as to market to you or offer you our and third-party special offers or other products or services we think that you may be interested in. For example, we may send you an email to tell you about a new online class;
Upon Consent. For any other purpose that you consent to.
5. AUTOMATED DECISION MAKING AND PROFILING
We do not use personal information for automated decision making or profiling.
6. HOW WE SHARE INFORMATION
We transmit, share, grant access, make available and provide personal information to or with the following types of third parties:
Service Providers. Service providers, vendors, partners, agents, consultants, subcontractors and others that help us provide our Services or with any of the purposes described in this Notice. For example, we use third party services for scheduling and sending email communications;
Legal and Public Authorities. Third parties such as law enforcement or regulatory or governmental agencies to respond to or comply with legal process, such as a court order or subpoena, or an enforceable law enforcement or other government request, if we have a good faith belief that such access, use, preservation, or disclosure is reasonably necessary (with or without notice to you, in our discretion);
Professional Advisors. Third parties, such as lawyers, auditors, security consultants, accountants, or insurers, to: (i) satisfy any applicable law or regulation, (ii) enforce the Terms of Service, including the investigation of potential violations thereof, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) detect, prevent, or otherwise address fraud, security, or technical issues, or (iv) protect against harm to the rights, property or safety of Mitra, the Services, other users of the Services, or third parties, as required or permitted by applicable law;
Business Transfers. Buyers, successors, or others in connection with a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by us may be among the assets transferred; and
With Consent. Other third parties upon your consent.
Please note that when you attend a group class or other group offering online, other class participants and any other joint instructors or assistants will be able to view your image, video and name based on how you use the videoconferencing software. We ask that all participants be respectful of one-another’s privacy and not share identifying personal information without first obtaining consent.
We do not sell personal information that we collect or receive.
7. HOW WE PROTECT INFORMATION
We have implemented what we believe to be commercially reasonable and appropriate technical and organizational security measures to help protect the personal information that we collect. However, the transmission of information via the Internet is not completely secure, and we cannot and do not guarantee that personal information will be completely protected.
By using our Services, you understand and assume the risks associated with your activities on the Internet. If you have reason to believe that your information is no longer secure, please let us know by contacting us using the information provided in the “Contact Us” section of this Notice below.
8. DATA RETENTION
We keep personal information for as long as necessary for our business purposes, or as otherwise required to operate the Services, comply with your requests, or comply with applicable law.
In some instances, we may choose to anonymize personal information instead of deleting it. We may do this for statistical use, for example.
9. INFORMATION FROM MINORS
We require the consent of a parent or guardian for minors under the age of 16 to access or use the Services. We make reasonable efforts to ensure that we do not target or collect personal information directly from minors under the age of 16 without prior parental consent. If you are a parent or guardian of a child under the age of 16, and believe that your child may have provided us with personal information without your consent, please contact us at firstname.lastname@example.org, and we will delete that information as required by applicable law.
10. THIRD-PARTY WEBSITES
11. PAYMENT PROCESSING
We do not directly collect your payment information and do not store your payment information. We use third party, PCI-compliant payment processors that collect the payment information on our behalf to complete the transactions.
12. YOUR CHOICES
As described below, we provide you with the ability to access and update personal information and to limit our use of personal information for marketing and advertising purposes.
Accessing and Updating Personal Information
If you would like to access or update your personal information, you may send your request to us at email@example.com. We will review your request and respond in accordance with applicable law. We may require you to provide additional information to identify yourself. We do not promise that we will be able to satisfy your request. Not all personal information is maintained in a format that you can access or change. For example, the personal information may already have been relied or acted upon, or disclosed to third parties, and we generally do not take steps (or have the ability to take steps) to undo prior reliance or actions. We also may not accommodate a request to change information if we believe the change would violate any law or legal requirement, cause the information to be incorrect, or if doing so would be burdensome in our discretion. In any case where we provide access or updates, we perform this service free of charge, except if doing so would require a disproportionate effort.
Newsletter and Marketing Email Opt-Out
We may send you marketing or newsletter emails from time to time. If you do not wish to receive them, you can opt-out following the unsubscribe instructions in the emails or by contacting us[EP4] . We will work to honor your request within 10 business days or as required under applicable law. If you opt-out, we will still send you transactional emails for service purposes, such as responses to your requests, payment confirmations, or scheduling confirmations.
Cookies and Online Advertising Opt-Out
As described above in this Notice, we collect and may permit third parties to collect information using cookies and other technologies. Please see our Cookie Notice] for ways to exercise your choices around cookies and other technologies.
13. EUROPEAN PRIVACY RIGHTS
If the GDPR applies to you because you are located in the European Economic Area, you have certain rights in relation to your personal information.
Explanation of Individual Rights
· The right to be informed – that’s an obligation on us to inform you how we use personal information about you (and that’s what we’re doing in this Privacy Notice);
· The right of access – that’s a right to make a request for a copy of the personal information we hold about you;
· The right to rectification – that’s a right to ask us to correct personal information about you that may be incomplete or inaccurate;
· The right to erasure (also known as the ‘right to be forgotten’) – that’s where, in certain circumstances, you can ask us to delete the personal information we have about you (unless there’s an overriding legal reason we need to keep it);
· The right to restrict processing – that’s a right for you, in certain circumstances, to ask us to suspend processing personal information about you;
· The right to data portability – that’s a right for you to ask us for a copy of your personal information in a common format (for example, a .csv file);
· The right to object – that’s a right for you to object to us processing personal information about you (for example, if you object to us processing your information for direct marketing);
· Rights in relation to automated decision-making and profiling – that’s a right you have for us to be transparent about any profiling we do, or any automated decision-making, which we address in the section of this Notice titled “Automated Decision Making and Profiling”;
· Withdraw Consent—that’s a right to revoke any consent you may have previously given us at any time, if we have collected and processed personal information with your consent. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent; and
· File a complaint—that’s the right to file a complaint with a supervisory authority about our collection and processing of personal information.
How to Submit a Request
These rights are subject to certain rules around when you can exercise them. If are located in the European Economic Area and wish to exercise any of the rights set out above, please contact us at firstname.lastname@example.org.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
We will respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.
In addition, if you no longer wish to receive our marketing/promotional information, we remind you that you may withdraw your consent to direct marketing at any time directly from the unsubscribe link included in each electronic marketing message we send to you. If you do so, we will promptly update our databases and will take all reasonable steps to meet your request at the earliest possible opportunity, but we may continue to contact you to the extent necessary for the purposes of providing the Services as requested and/or ordered by you.
If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact us by email at email@example.com .
14. INTERNATIONAL DATA TRANSFERS
The personal information that we collect or receive may be sent to and stored on servers located outside of the country where you are located, including in the United States. Such storage is necessary in order to process the information. The third-party service providers we use may be situated outside of your home country or regional area and have staff operating outside of your country or regional area. The data protection laws of the United States or other countries may not be as comprehensive or equivalent to those in your country of residence.
The European Union’s General Data Protection Regulation (“GDPR”) allows for transfer of personal information from the European Union to a third country in certain situations. We rely on legally-provided mechanisms to lawfully transfer personal information across borders. For example, we may enter into the EU Standard Contractual Clauses adopted by the EU Commission. More information about the Standard Contractual Clauses is available here.
15. ADVERTISING AND TRACKING
We use personal information to send you marketing communications about our products and Services and/or the products and services of our partners or others that we think may interest you. You may choose to opt-out at any time as described in the “Your Choices” section of this Notice.
16. DO-NOT-TRACK PREFERENCES
The Services do not monitor for or behave differently if your computer or browser transmits a “do-not-track” or similar message to us or the Services.
17. CALIFORNIA PRIVACY RIGHTS
We do not share personal information with third parties for their own marketing purposes. If you have questions or would like to learn more about how we share personal information with third parties and for what purposes, please send us an email at firstname.lastname@example.org.
18. CHANGES TO THIS NOTICE
We may amend this Notice from time to time. When we do so, we will update the “Effective Date” noted at the top of this page. Whenever we make any material changes to this Notice, we will provide you with notice before the modifications are effective, such as by posting a notice on our Site or sending a message to the most recent email address that we have on file for you. We encourage you to review this Notice regularly for any changes. Your continued use of the Services after the posting of an updated Privacy Notice and/or any such update notice will be subject to the terms of the then-current Privacy Notice.
19. CONTACT US
If you have questions about this Notice or our privacy practices, please contact us at email@example.com.