We, Sacred Body Studio Ltd, based in Ireland, Block C3 First Floor, Unit B, Donnybrook Commercial Centre, Douglas, Cork, T12 APN7, registered with the Company Registrar Office (CRO) of Ireland under the number 657371, are the operator of the website www.sacredbodystudio.com as well as provider of products and services offered there.

We are grateful for your interest in our website. We are responsible for the collection, processing and use of your personal data and for the compatibility of the data processing with the respectively applicable law, particularly the Irish Data Protection Law and the EU General Data Protection Regulation (EU GDPR).

We attach a lot of importance to the protection of your privacy. Hereunder we provide you with detailed information on how we manage your data. Please note that the following information will be reviewed and amended from time to time. Therefore, we recommend checking this data privacy statement regularly.

We collect personal data whenever you voluntarily disclose it within the scope of your sign up, login and membership purchase.

a. When opening an account

The entry of personal data for the creation of your account on our website is voluntary. This pertains to:

• E-Mail address*
• Password*
• Optionally you can provide us with, but not oblige to
• First Name
• Last Name
• Phone Number
• Login name (editable from your account page)

Personal data marked with * must be provided truthfully and mandatorily.

The data in the customer account can be viewed and changed by the customer at any time. Your customer account can be deleted at any time by sending a message to info@sacredbodystudio.com

The legal basis for the processing of your data for the above purpose lies in the fulfilment of a contract pursuant to art. 6 para. 1 lit. b GDPR as well as in our legitimate interest in optimal administration of the customer relationship with you (art. 6 para. 1 lit. f GDPR). You can object to this data processing at any time; this would however be synonymous to the deletion of your customer account.

b. When using the website as a registered user

When the website is used by logged-in, registered customers, we collect data for statistical reasons and to allow smooth access to our member area. In particular, data is collected about the type, frequency and intensity of the use as well as the duration of membership.

The legal basis for the processing of your data for this purpose lies in the fulfilment of a contract pursuant to art. 6 para. 1 lit. b GDPR as well as in our legitimate interest in optimising our website offer and personalising our offer to you (art. 6 para. 1 lit. f GDPR). You can object to this data processing at any time; this would however be synonymous to the deletion of your customer account.

c. When purchasing membership

If you want to purchase a membership on our website, we will require different data for processing the purchase contract.

• Login data*,
• First name*,
• Last name*,
• E-mail address*,
• Phone Number*
• Address*,
• City*,
• Country*,
• Zipcode*, and
• Payment details (credit card information to process payments)

Certain personal data marked with * must be provided truthfully and mandatorily.

We will use this data only for the processing of the contract unless otherwise specified in this data privacy statement or unless you have agreed separately. We will namely process the data to record your purchase as requested, to provide the services, to contact you in the event of any uncertainties or problems and to ensure the correct payment.

The legal basis for the processing of your data for the above purposes lies in the fulfilment of a contract pursuant to art. 6 para.1 lit. b GDPR as well as in our legitimate interest in optimal administration of the customer relationship with you (art. 6 para. 1 lit. f GDPR).

d. When using the contact form

If you contact us using the contact form on the website, we will necessarily collect the following data from you:

• Name,
• E-mail
• Subject and message

We will use this data to answer the questions asked by you or to provide the services requested by you and if necessary, to contact you via e-mail.

Our legitimate interest pursuant to art. 6 para. 1 lit. f GDPR will lie in the processing of your contact request.

Data Transfer for Contract Performance

We will forward your personal data only if you have explicitly consented to this, if there is a legal obligation for this, or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship.

Moreover, we will forward your data to third parties, insofar as this is necessary within the scope of the use of the website and the contract processing, namely the processing of your purchases and payment thereof, for the provision of the services requested by you as well as the analysis of your user behaviour. The use of the data to be forwarded for this by the third parties will be strictly limited to the specified purposes.

Different third-party service providers will be explicitly mentioned in this data privacy statement (e.g. in the sections “Data use for advertising purposes”, “Use of Google Analytics for web analysis” and “Links to our social media presences”).

A service provider, to which the personal data collected through the website will be forwarded or which has or can have an access to such data, is our web host. Our company is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.

All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

Cross-border Transfer of Personal Data

We are entitled to transfer your personal data even to companies domiciled outside of Ireland respectively the EU and the European Economic Area, provided that this is necessary in connection with the aforementioned purposes. In this context, the statutory provisions regulating the disclosure of personal data to third parties are complied with as a matter of course. These third parties are bound to maintain data privacy to the same extent as us. If the level of protection of personal data in a country is not in accordance with the EU data protection law, we ensure by contract that the protection of your personal data always corresponds to that of the European Economic Area (EEA).

Individual third-party service providers mentioned in this data privacy statement have their registered offices in the USA (refer to “Data use for advertising purposes”, “Use of Google Analytics for web analysis” and “Links to our social media presences). Further information on data transfers into the USA can be found under “Use of Google Analytics for web analysis”.

Use of Data for Communication Purposes

You will receive communication emails from us when you are signing up, purchasing and when we are updating memberships details. Within the scope of the registration, the following details must be provided:

• E-mail address*
• Last name and first name

The personal data marked with * must be provided truthfully and mandatorily.

If you register to on our website, we will use the data required for this or the data disclosed separately by you in order to send you a welcome email, payment confirmation email, expiring date reminder email or a membership detail update email with your consent.

The purpose of these communication emails is deemed necessary for a better and personalised experience.

For sending those communication email, we work with Mailchimp, an e-mail marketing platform from The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA. More information on the data protection at Mailchimp can be found here. We also work with Ascend by Wix, equivalent of Mailchimp developed by Wix Tel Aviv (HQ) Israel 40 Namal Tel-Aviv st. More information on the data protection and their privacy policy can be found here.

The legal basis for the processing of the data for the aforementioned purposes lies in our legitimate interest in the interest-related and personalised advertising communication with you (art. 6 para. 1 lit. f GDPR). You can object to this data processing at any time; this would however be synonymous to the deletion of your customer account.

In order to make a visit to our website more attractive and facilitate the use of certain features, we use “cookies” on our website. Cookies are small files that are stored on your device and save specific settings and data for exchange with our system via your browser.

Some of the cookies that we use are deleted again at the end of the browser session, in other words after you close your browser (so-called “session cookies”). Other cookies remain on your terminal and enable us to recognise your browser the next time you visit the website (persistent cookies). Cookies neither damage the hard drive of your computer nor do these cookies transmit personal data of the users to us.

For example, we use cookies to identify you as a registered user without you having to log in separately. The use does not mean that we receive new personal data about you as an online visitor. Based on cookie technology, we receive only anonymous information, for example, from which websites you were redirected to our website, which pages on our website have been viewed, etc.

Please keep in mind that certain cookies are already set when you access our website. Most web browsers accept cookies automatically. You can configure your browser in such manner that you are notified about the setting of cookies and decide in the individual case whether to accept them or not or exclude the acceptance of cookies in certain cases or generally. If cookies are not accepted, the functionality of our website may, however, be reduced.

Internet browsers allow you to control the storage of cookies on your computer. This is described in the Help menu of each browser and explains how to change your cookie settings. You can find the description for the respective browsers under the following links:

• Microsoft Windows Internet Explorer
• Mozilla Firefox
• Google Chrome for Desktop
• Google Chrome for Mobile
• Apple Safari for Desktop
• Apple Safari for Mobile
• Opera for Desktop

The legal basis for the processing of the data for the aforementioned purposes lies in our legitimate interest in ensuring the functionality and optimising the website (art. 6 para. 1 lit. f GDPR). You can object to the processing at any time. The opt-out option has been pointed out previously.

Use of Google Analytics for Web Analysis

This website uses Google Analytics, a web analysis service provided by Google. Google Analytics uses methods that allow analysis of your use of the website, such as so-called “cookies”, text files that are stored on your computer. The information generated by the cookie about your use of this website, such as

• Browser type/version
• Operating system used
• Referrer URL (the previously visited page)
• Host name of the accessing computer (IP address)
• Time of the server request
• Device

is usually transferred to a Google server in the USA and stored there. Due to the activation of IP anonymisation (“anonymizeIP”) on this website, the IP address will be shortened within Member States of the European Union or in other contracting states acceding to the Agreement on the European Economic Area and in Switzerland before transmission to the USA. The anonymised IP address transmitted by your browser in the context of Google Analytics will not be combined with other Google data. Only in exceptional cases is the full IP-address transmitted to a Google server in the USA and shortened there. In these cases, we ensure through contractual guarantees that Google adheres to a sufficient level of data protection.

The information is used to evaluate your use of the website, in order to compile reports on the activities on our website and to provide other services associated with the use of the website for the purpose of market research and customising the website. Google will also transfer this information to third parties if this is legally prescribed or if third parties process this data on order. According to Google, the IP address will, under no circumstances, be linked with other data relating to the user.

Furthermore, you can prevent the collection of the cookie-generated data (including your IP address) about your use of the website by Google and the processing of this data by Google by downloading and installing the browser plug-in provided under the following link.

The legal basis for the processing of the data for the aforementioned purposes lies in our legitimate interest in the optimisation and personalisation of our website and the services offered there (art. 6 para. 1 lit. f GDPR). You can object to the processing at any time. The opt-out option has been pointed out previously.

For the sake of completeness, we would like to point out that the US authorities have put monitoring measures in place in the USA, which generally allow for the storage of all personal data belonging to all persons, whose data has been transmitted from Switzerland to the United States. This is done without differentiation, restriction or exception in terms of the aim pursued and without an objective criterion that allows access by US authorities to the data and its subsequent use to be restricted to specific, strictly defined purposes justifying both access to this data and intervention related to its use. Furthermore, we draw your attention to the fact that no remedies are available in the USA for persons from Switzerland directly affected, which would allow them to gain access to the data concerning them or to bring about its correction or deletion and there is no effective legal protection against general access rights by US authorities.

Links to Our Social Media Presences

On our website, you will find links to social media networks. These are not plugins provided by the service provider, which already transmit data to the service provider when loading the website without influence of the users. The interfaces to the social media networks will only contain a link to the social media network including transfer of the website to be shared. No user data will be transmitted from the website to the social media network.

The links will lead to the following networks:

• Facebook, Inc., 1601 Willow Road Menlo Park, California 94025, USA
• Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA
• Google LLC, D/B/A YouTube, 901 Cherry Ave., San Bruno, CA 94066, USA

When you call up a link to one of our social media profiles, a direct connection will be established between your browser and the server of the social network concerned. The network will thus receive the information that you, with your IP address, have visited our website and called up the link. When you call up a link to a network while being logged in to your account with the network concerned, the contents of our website can be linked with your profile with the network; this means that the network can directly assign your visit to our website to your user account. If you want to prevent this, you should log out before using the corresponding links. An assignment will take place in any case if you log in with the network concerned after using the link.

Retention Periods

We will save personal data only as long as this is necessary to execute the afore-mentioned tracking services and to carry out the further processing activities within the scope of our legitimate interest. We will retain contractual data for a longer period, as this is prescribed by legal retention obligations. Retention obligations that require us to retain data will result from accounting regulations and tax regulations. According to these regulations, business communication, concluded contracts and accounting records must be retained for up to 10 years. If we no longer need this data to execute the services for you, the data will be blocked. This means that the data may then only be used for billing and tax purposes.

User Rights, Data security and Contact Detailsa. User rights

You can any time object to data processing, particularly to data processing in connection with direct advertisement (e.g. against advertising e-mails). You will also have the following rights:

Right to information: You will have the right to demand an insight into your personal data saved with us any time and free of charge if we are processing this data. You can check as to which of your personal data is being processed by us, and that we are using it according to the applicable data protection regulations.

Right to correction: You will have the right to have incorrect or incomplete personal data corrected and to be informed about the correction. In this case, we will inform the recipients of the data concerned about the changes made unless this is impossible or associated with disproportionate effort.

Right to deletion: You will have the right to have your personal data deleted under certain circumstances. In the individual case, the right to deletion can be ruled out.

Right to restriction of the processing: Under certain conditions, you will have the right to demand restriction of the processing of your personal data.

Right to data transfer: If you are domiciled in Liechtenstein, you will have the right under certain circumstances to receive the personal data, which you have provided to us, from us free of charge in a readable format.

Right of appeal: If you are domiciled in Liechtenstein, you will have the right to appeal to the competent supervisory authority in Liechtenstein against the method of the processing of your personal data.

Right of revocation: You will basically have the right to revoke an issued consent at any time. Processing activities in the past based on your consent will however not become illegal through your revocation.

b. Data security

We take appropriate technical and organisational security measures to protect your personal data that is stored with us from manipulation, partial or complete loss and unauthorised access by third parties. Our security measures are constantly being improved in line with technological developments.

When you register yourself with us as a customer, the access to your customer account will be possible only upon entering your personal password in each case. You should always treat your payment information as confidential and close the browser window once you have ended the communication with us, particularly if you are using a shared computer.

We also take data protection within our organisation very seriously. Our employees and the service providers commissioned by us are obligated by us to maintain confidentiality and to comply with the data protection regulations. Moreover, they are granted access to personal data only to the necessary extent.

Contact details

If you have any questions regarding the collection, processing or use of your personal data, for information, correction, blocking or deletion of data as well as for revocation of issued consents or objection to a specific use of data, please directly contact our contact person for data protection law by sending an e-mail to info@sacredbodystudio.com