Effective Sep 19, 2019 – Updated May 26, 2020.
We, Sacred Body Studio Ltd, based in Ireland, Block C3 First Floor, Unit B, Donnybrook Commercial Centre, Douglas, Cork, T12 APN7, registered with the Company Registrar Office (CRO) of Ireland under the number 657371, are the operator of the website www.sacredbodystudio.com as well as provider of products and services offered there.
We are grateful for your interest in our website. We are responsible for the collection, processing and use of your personal data and for the compatibility of the data processing with the respectively applicable law, particularly the Irish Data Protection Law and the EU General Data Protection Regulation (EU GDPR).
We attach a lot of importance to the protection of your privacy. Hereunder we provide you with detailed information on how we manage your data. Please note that the following information will be reviewed and amended from time to time. Therefore, we recommend checking this data privacy statement regularly.
We collect personal data whenever you voluntarily disclose it within the scope of your sign up, login and membership purchase.
a. When opening an account
The entry of personal data for the creation of your account on our website is voluntary. This pertains to:
Personal data marked with * must be provided truthfully and mandatorily.
The data in the customer account can be viewed and changed by the customer at any time. Your customer account can be deleted at any time by sending a message to firstname.lastname@example.org
The legal basis for the processing of your data for the above purpose lies in the fulfilment of a contract pursuant to art. 6 para. 1 lit. b GDPR as well as in our legitimate interest in optimal administration of the customer relationship with you (art. 6 para. 1 lit. f GDPR). You can object to this data processing at any time; this would however be synonymous to the deletion of your customer account.
b. When using the website as a registered user
When the website is used by logged-in, registered customers, we collect data for statistical reasons and to allow smooth access to our member area. In particular, data is collected about the type, frequency and intensity of the use as well as the duration of membership.
The legal basis for the processing of your data for this purpose lies in the fulfilment of a contract pursuant to art. 6 para. 1 lit. b GDPR as well as in our legitimate interest in optimising our website offer and personalising our offer to you (art. 6 para. 1 lit. f GDPR). You can object to this data processing at any time; this would however be synonymous to the deletion of your customer account.
c. When purchasing membership
If you want to purchase a membership on our website, we will require different data for processing the purchase contract.
Certain personal data marked with * must be provided truthfully and mandatorily.
We will use this data only for the processing of the contract unless otherwise specified in this data privacy statement or unless you have agreed separately. We will namely process the data to record your purchase as requested, to provide the services, to contact you in the event of any uncertainties or problems and to ensure the correct payment.
The legal basis for the processing of your data for the above purposes lies in the fulfilment of a contract pursuant to art. 6 para.1 lit. b GDPR as well as in our legitimate interest in optimal administration of the customer relationship with you (art. 6 para. 1 lit. f GDPR).
d. When using the contact form
If you contact us using the contact form on the website, we will necessarily collect the following data from you:
We will use this data to answer the questions asked by you or to provide the services requested by you and if necessary, to contact you via e-mail.
Our legitimate interest pursuant to art. 6 para. 1 lit. f GDPR will lie in the processing of your contact request.
Data Transfer for Contract Performance
We will forward your personal data only if you have explicitly consented to this, if there is a legal obligation for this, or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship.
Moreover, we will forward your data to third parties, insofar as this is necessary within the scope of the use of the website and the contract processing, namely the processing of your purchases and payment thereof, for the provision of the services requested by you as well as the analysis of your user behaviour. The use of the data to be forwarded for this by the third parties will be strictly limited to the specified purposes.
Different third-party service providers will be explicitly mentioned in this data privacy statement (e.g. in the sections “Data use for advertising purposes”, “Use of Google Analytics for web analysis” and “Links to our social media presences”).
A service provider, to which the personal data collected through the website will be forwarded or which has or can have an access to such data, is our web host. Our company is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.
All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Cross-border Transfer of Personal Data
We are entitled to transfer your personal data even to companies domiciled outside of Ireland respectively the EU and the European Economic Area, provided that this is necessary in connection with the aforementioned purposes. In this context, the statutory provisions regulating the disclosure of personal data to third parties are complied with as a matter of course. These third parties are bound to maintain data privacy to the same extent as us. If the level of protection of personal data in a country is not in accordance with the EU data protection law, we ensure by contract that the protection of your personal data always corresponds to that of the European Economic Area (EEA).
Individual third-party service providers mentioned in this data privacy statement have their registered offices in the USA (refer to “Data use for advertising purposes”, “Use of Google Analytics for web analysis” and “Links to our social media presences). Further information on data transfers into the USA can be found under “Use of Google Analytics for web analysis”.
Use of Data for Communication Purposes
You will receive communication emails from us when you are signing up, purchasing and when we are updating memberships details. Within the scope of the registration, the following details must be provided:
The personal data marked with * must be provided truthfully and mandatorily.
If you register to on our website, we will use the data required for this or the data disclosed separately by you in order to send you a welcome email, payment confirmation email, expiring date reminder email or a membership detail update email with your consent.
The purpose of these communication emails is deemed necessary for a better and personalised experience.
The legal basis for the processing of the data for the aforementioned purposes lies in our legitimate interest in the interest-related and personalised advertising communication with you (art. 6 para. 1 lit. f GDPR). You can object to this data processing at any time; this would however be synonymous to the deletion of your customer account.
We will save personal data only as long as this is necessary to execute the afore-mentioned tracking services and to carry out the further processing activities within the scope of our legitimate interest. We will retain contractual data for a longer period, as this is prescribed by legal retention obligations. Retention obligations that require us to retain data will result from accounting regulations and tax regulations. According to these regulations, business communication, concluded contracts and accounting records must be retained for up to 10 years. If we no longer need this data to execute the services for you, the data will be blocked. This means that the data may then only be used for billing and tax purposes.
User Rights, Data security and Contact Detailsa. User rights
You can any time object to data processing, particularly to data processing in connection with direct advertisement (e.g. against advertising e-mails). You will also have the following rights:
Right to information: You will have the right to demand an insight into your personal data saved with us any time and free of charge if we are processing this data. You can check as to which of your personal data is being processed by us, and that we are using it according to the applicable data protection regulations.
Right to correction: You will have the right to have incorrect or incomplete personal data corrected and to be informed about the correction. In this case, we will inform the recipients of the data concerned about the changes made unless this is impossible or associated with disproportionate effort.
Right to deletion: You will have the right to have your personal data deleted under certain circumstances. In the individual case, the right to deletion can be ruled out.
Right to restriction of the processing: Under certain conditions, you will have the right to demand restriction of the processing of your personal data.
Right to data transfer: If you are domiciled in Liechtenstein, you will have the right under certain circumstances to receive the personal data, which you have provided to us, from us free of charge in a readable format.
Right of appeal: If you are domiciled in Liechtenstein, you will have the right to appeal to the competent supervisory authority in Liechtenstein against the method of the processing of your personal data.
Right of revocation: You will basically have the right to revoke an issued consent at any time. Processing activities in the past based on your consent will however not become illegal through your revocation.
b. Data security
We take appropriate technical and organisational security measures to protect your personal data that is stored with us from manipulation, partial or complete loss and unauthorised access by third parties. Our security measures are constantly being improved in line with technological developments.
When you register yourself with us as a customer, the access to your customer account will be possible only upon entering your personal password in each case. You should always treat your payment information as confidential and close the browser window once you have ended the communication with us, particularly if you are using a shared computer.
We also take data protection within our organisation very seriously. Our employees and the service providers commissioned by us are obligated by us to maintain confidentiality and to comply with the data protection regulations. Moreover, they are granted access to personal data only to the necessary extent.
If you have any questions regarding the collection, processing or use of your personal data, for information, correction, blocking or deletion of data as well as for revocation of issued consents or objection to a specific use of data, please directly contact our contact person for data protection law by sending an e-mail to email@example.com