PRIVACY POLICY
1. INTRODUCTION
This Privacy Policy is entered into by and between The Art of Living on behalf of itself and its affiliates, group companies, related entities, and licensors (the “Organization”).
The organization understands that your privacy is important to you and that you care about how your information is used and shared. We are committed to handling your personal information in accordance with your rights under applicable law, including the European Union’s General Data Protection Regulations (GDPR), and other relevant legislation in jurisdictions where we operate. We only collect and use information that is necessary to provide our services, improve user experience, and fulfil our legal obligations.
This Privacy Policy applies to your use of The Art of Living Intuition Process website and mobile application (collectively referred to as the "website"), regardless of whether you access it through a web browser or mobile app.
By accessing and using our website, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and processing of your personal data as described herein. Your acceptance of this Privacy Policy is deemed to occur upon your first visit to our website or mobile application. If you do not accept or agree to this Privacy Policy, you should discontinue use of the website and mobile application immediately.
We respect your privacy rights under the European Union’s GDPR, and other relevant legislation in jurisdictions where we operate. including your rights to access, correct, or delete your personal data. Please refer to the 'Your Rights' section of this Privacy Policy for further details on how to exercise these rights.
2. PURPOSE
The Organization is committed to international compliance with data protection laws. This Privacy Policy applies globally to the Organization and is based on globally accepted, basic principles of data protection. The Privacy Policy provides one of the necessary framework conditions for cross-border data transmission among the Organization and ensures compliance with key data protection laws, including the European Union’s General Data Protection Regulation (GDPR), and other relevant legislation in jurisdictions where we operate.
3. APPLICATION OF NATIONAL LAWS
This Privacy Policy comprises data privacy principles that are generally accepted internationally, in accordance with applicable data protection laws, including the European Union's GDPR, and other relevant international regulations. In the event of any conflict between this Privacy Policy and the national laws of the jurisdiction in which you reside, the applicable national laws will take precedence. National laws shall take precedence to the extent that they conflict with this Privacy Policy.
4. SCOPE
This Privacy Policy applies only to your use of our website and the use of our application. It does not extend to any websites that are linked to from our website (whether we provide those links or whether they are shared by other users). We have no control over how your data is collected, stored or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
We require any individuals under the age of 16 years who access this website to obtain the consent of their parent or guardian prior to accessing the website. In any event, we will only collect information by lawful means and by a means that, in the circumstances of the case (particularly where personal information is being collected from children or young persons), is fair and does not intrude to an unreasonable extent upon the affairs of the individual concerned. If we learn that we have collected or received personal information from an individual under the age of16 years without verification of legal guardian or parental consent, we may delete that information. If you believe that we might have any information from or about a child under the age of 16 years and you have concerns, please contact us at info.ipapp@artofliving.org
5. DATA COLLECTION
Some data will be collected automatically by our website and our application, other data will only be collected if you voluntarily submit it and consent to us using it for the purposes set out herein. Automatically collected data includes (1) Information about the browser type and version used; (2) your operating system; (3) your Internet service provider; (4) your IP address; (5) Date and time of access. In the event of abuse, we may block certain IP addresses.
If you choose to create a Prajñā Yoga (Intuition Process) account, we collect some information directly from you in order to provide you with the Services, including your name, email address, phone number, and the type of device you are using such as the iPhone or Android model (so that we may send you push notifications about the app, experience and information around Prajñā Yoga/ Intuition Process, if you’ve selected this feature).
We also collect information directly from you when you add elements to your user profile (e.g. your name, unique username, profile image which you can add to enhance your profile but this is optional etc.) or request account verification (if applicable) or contact the Prajñā Yoga support team.
The Organization may collect and process medical data, including but not limited to health-related information, if voluntarily provided by the user. As medical data is considered sensitive personal data under applicable data protection laws, such collection and processing will be carried out in strict compliance with relevant legislation, including the European Union’s General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), and any other applicable laws in the jurisdictions where we operate. Medical data will only be processed on lawful grounds, such as explicit consent, where required to protect vital interests, or to fulfil legal obligations. For users under the age of 16, the Organization will ensure that parental or guardian consent is obtained prior to the collection of any medical data. If the Organization becomes aware that it has collected medical data from a child without appropriate consent, such data will be promptly deleted.
Collection of information will at all times adhere to applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) and other relevant legislation in jurisdictions where we operate.
6. USE OF DATA
a) All personal data is stored securely in a manner that protects it from misuse and loss and from unauthorized access, use, modification or disclosure, and otherwise in accordance with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) and other relevant legislation in jurisdictions where we operate..
b) We use your data to provide the best possible services to you. This includes: (i) Providing and managing your account; (ii) Providing and managing your access to our website; (iii) Personalising and tailoring your experience on our website; (iv) Supplying our products and services to you; (v) Personalising and tailoring our products and services for you; (vi) Responding to communications from you; (vii) Supplying you with newsletters, alerts etc. via email, that you may have subscribed to and that you may unsubscribe or opt-out at any time by clicking on the unsubscribe link from such emails or from your account profile; (viii) Market research;(ix) Analysing your use of our website and gathering feedback to enable us to continually improve our website and your user experience; and (x) For compliance with legal obligations, including but not limited to tax, regulatory, or legal requests, where applicable..
c) In some cases, the collection of data may be a statutory or contractual requirement, and we will be limited in the products and services we can provide you without your consent for us to be able to use such data.
d) With your permission and/or where permitted by law, we may also use your data for marketing purposes which may include contacting you by email, telephone, text message, post and/or messaging services with information, news and offers on our products and/or services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) and other relevant legislation in jurisdictions where we operate.. You have the right to withdraw your consent to marketing communications at any time by following the opt-out procedures provided, such as using the unsubscribe link in emails or changing preferences in your account settings.
e) Advertisers whose content appears on our website may engage in what is known as “behavioural advertising” – advertising which is tailored to your preferences, based on your activity. Your activity is monitored using Cookies, as detailed in our Cookie Policy. Please note that we do not control the activities of such advertisers, nor the information they collect and use. You agree that any engagement with third party advertising agencies is undertaken at your own risk. We encourage you to review the privacy practices of such advertisers and third-party platforms, as we are not responsible for their data handling practices.
f) Legal basis: We will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following basis applies: (i) you have given consent to the processing of your personal data for one or more specific purposes; (ii) processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract; (iii) processing is necessary for compliance with a legal obligation to which we are subject; (iv) processing is necessary to protect the vital interests of you or of another natural person; (v) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller and/or processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child; and (vi) Processing is necessary for the purposes of complying with regulatory requirements in your jurisdiction..
g) Sensitive Information: Sensitive information as defined under the relevant national data privacy laws, will be used by us only: (i) for the primary purpose for which it was obtained; (ii) for a secondary purpose that is directly related to the primary purpose; and/or (iii) with your consent; or where required or authorized by applicable law.
7. STORAGE OF DATA
a) We only keep your data for as long as we need to in order to use it as described in the above section (Use of Data), and/or for as long as we have your permission to keep it. In any event, we will conduct an annual review to ascertain whether we need to keep your data. Your data will be deleted if we no longer need it for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your data.
You have the right to request the deletion of your data at any time, subject to applicable retention periods required by law.
b) Some or all of your data may be stored or transferred outside of your country of domicile You accept and agree to this by using our website and submitting information to us. If we do store or transfer data outside of your country of domicile, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within your country of domicile.
We will ensure that any international transfers of personal data comply with applicable data protection laws, including the use of mechanisms such as Standard Contractual Clauses (SCCs) or other legal safeguards for cross-border data transfers.
c) Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through our website. We conduct regular reviews of our security measures to ensure they remain up to date and adequate to protect your personal data.
Notwithstanding the security measures that we take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting data to us via the internet.
8. SHARING OF DATA
a) We may share your data within the Organization and we may contract with third parties to supply products and services to you on our behalf, provided that applicable data protection laws including but not limited to GDPR, are complied with. These may include payment processing, delivery of goods, search engine facilities, advertising, and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will ensure that your data is handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under relevant jurisdiction’s laws. We will also ensure that third parties are bound by confidentiality agreements and data protection obligations to protect your data in line with our standards.
b) We may compile statistics about the use of our website including data on traffic, usage patterns, user numbers, sales and other information. All such data will be anonymized and will not include any personally identifying information. We may from time to time share such data with third parties. Data shared for statistical purposes will not be linked to or used to identify any individual user. Data will only be shared and used within the bounds of the law.
c) In certain circumstances, we may be legally required to share certain data held by us, which may include your personal information, for example, where we are involved in legal proceedings, where we are complying with the requirements of legislation, a court order, or a governmental authority. We will notify you if your personal data is shared in response to a legal request, unless prohibited by law or the legal process. We do not require any further consent from you in order to share your data in such circumstances and will comply as required by any legally binding request that is made of us, provided that such disclosure is not limited by applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) and other relevant legislation in jurisdictions where we operate..
9. USER OPTIONS
a) When you submit information via our website, you may be given options to restrict our use of your data. We aim to give you strong controls on our use of your data (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails and by managing your account preferences).
b) you may also wish to sign up to one or more of the preference services operating in your country. These may help to prevent you from receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receive.
c) It is important to us that your data is up to date. We will take reasonable steps to make sure that your data is accurate, complete and up to date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.
10. RIGHT TO WITHDRAW INFORMATION
a) You may access certain areas of our website without providing any data at all. However, to use all features and functions available on our website you may be required to submit or allow for the collection of certain data.
b) You may restrict your internet browser’s use of Cookies. For more information, see our Cookie Policy. Please note that restricting Cookies may impact your ability to use certain features or services on our website.
c) You may withdraw your consent for us to use your personal data at any time by deleting your account or by contacting us using the details set out herein below, and we will delete your data from our systems. However, you acknowledge this may limit our ability to provide the best possible products and services to you. We will ensure that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal, in line with applicable data protection regulations.
11. ACCESS TO DATA
You may access your personal data we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your personal data, please access it through your account.
On request by you, we will not charge any fee for your access request but may charge an administrative fee for providing a copy of your personal data, unless otherwise requested by you, the information shall be provided in a commonly used electronic form. We will not charge you for exercising your rights unless the request is excessive or manifestly unfounded, in which case we may charge a reasonable fee or refuse to comply with the request.
In order to protect your personal data, we may require identification from you before releasing the requested information. We may also request additional information to verify your identity if necessary to protect your personal data.
12. YOUR RIGHTS
You have the following rights regarding your personal data:
(i) Right of Access: You have the right to request access to the personal data we hold about you, including information on how we process it, the categories of data we hold, and the purpose of processing.
(ii) Right to Rectification: You have the right to request the correction of any inaccurate or incomplete personal data we hold about you.
(iii) Right to Deletion (Right to be Forgotten): You have the right to request the deletion of your personal data, subject to certain exceptions, such as where the data is required for compliance with a legal obligation or for the performance of a contract.
(iv) Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances, for example, if you believe the data is inaccurate, or you have objected to its processing.
(v) Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another data controller, where technically feasible.
(vi) Right to Object: You have the right to object to the processing of your personal data at any time, particularly when the processing is based on our legitimate interests or for direct marketing purposes.
(vii) Right to Automated Decision-Making and Profiling: You have the right to object to automated decisions, including profiling, which significantly affect you. We will not carry out automated decision-making unless we have obtained your explicit consent or it is necessary for the performance of a contract with you.
To exercise any of the above rights, or if you have any other questions or concerns about how your data is processed, please contact us using the details set out below. We will respond to your request in accordance with applicable data protection laws and will do so without undue delay.
13. AUTOMATED DECISION-MAKING AND PROFILING
a) In the event that we use personal data for the purposes of automated decision-making and those decisions have a legal (or similarly significant effect) on you, you have the right to challenge such decisions, requesting human intervention, expressing their own point of view, and obtaining an explanation of the decision from us. You also have the right to contest such decisions, request human review, and obtain an explanation of the logic, significance, and consequences of the decision.
b) The right described in the section above does not apply in the following circumstances: (i) the decision is necessary for the entry into, or performance of, a contract between you and us; (ii) the decision is authorized by law; (iii) you have given your explicit consent; or (iv) the decision is based on special categories of personal data, with appropriate safeguards, as permitted by law..
c) Where we use your personal data for profiling purposes, the following shall apply: (i) clear information explaining the profiling will be provided, including its significance and the likely consequences; (ii) appropriate mathematical or statistical procedures will be used; (iii) technical and organisational measures necessary to minimise the risk of errors and to enable such errors to be easily corrected shall be implemented; (iv) all personal data processed for profiling purposes shall be secured in order to prevent discriminatory effects arising out of profiling; and (v) You will be provided with an opportunity to object to profiling, particularly when it concerns direct marketing or decisions that have significant effects on you.
14. DATA RETENTION POLICY
We will retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required by law. The retention period for your data will depend on the type of data, the purpose for which it is collected, and the legal obligations we must comply with.
In general, we will delete or anonymize your personal data once it is no longer needed for the purposes for which it was collected. However, we may retain certain data for a longer period if required to comply with legal obligations, resolve disputes, or enforce agreements.
You have the right to request information about the retention periods of your personal data and the criteria used to determine those periods.
15. SECURITY OF DATA
We take the security of your personal data seriously. We implement appropriate technical, organizational, and physical security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include but are not limited to encryption, firewalls, secure access controls, and data backup protocols.
While we strive to protect your personal data, please be aware that no security system is completely infallible. We cannot guarantee the absolute security of your data, but we will make all reasonable efforts to ensure its safety.
If there is a data breach that may impact your rights and freedoms, we will notify you as soon as possible, in accordance with applicable data protection laws.
16. THIRD-PARTY SERVICES AND TRANSFERS
We may share your personal data with third-party service providers who assist us in delivering services to you, such as payment processors, delivery services, or marketing platforms. These third parties are only permitted to use your personal data in accordance with our instructions and for the purpose of providing the relevant services to us.
We ensure that these third-party providers comply with appropriate confidentiality and data protection measures, as required by applicable data protection laws.
Your personal data will not be sold or rented to third parties for their marketing purposes without your consent.
17. CONTACT US
If you have any questions about our website or this Privacy Policy, please contact us by email at info.ipapp@artofliving.org. Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you.
18. CHANGES TO THE PRIVACY POLICY
We may change this Privacy Policy as we may deem necessary from time to time, or as may be required by law. Any references to legislation shall be interpreted to include amended or substituted legislation from time to time. Any changes will be posted on our website as soon as practicable and you will be deemed to have accepted the terms of the Privacy Policy on your first use of our website following the alterations. We recommend that you check this page regularly to keep up-to-date. We will notify you of any significant changes to this Privacy Policy, particularly those that impact your rights, either through prominent notices on the website or directly via email.
19. LANGUAGE
This Privacy Policy was prepared and written in English. Any non-English translations of this Privacy Policy which may be made available are provided for convenience only and are not legally binding.
20. APPLICABLE FOR PERSONS FROM THE EUROPEAN ECONOMIC AREA
Legal Framework
It has been concluded by the European Commission that particular countries outside of the European Economic Area (the “EEA” which consists of all European Union member states, plus Norway, Iceland, and Liechtenstein) require to adequately protect personal data. This can be reviewed under European Commission adequacy decision. Where data is being transferred from the EEA to other countries, we shall comply with legal frameworks that ascertain an equivalent level of protection with European Union law. We will also ensure that any cross-border data transfers comply with applicable international data protection laws, including the use of mechanisms like Standard Contractual Clauses (SCCs) or other legal safeguards.
Model Contract Clauses
The Organization shares personal information within the Organization and to other trusted businesses or persons to process it for us, based on our guidelines and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures. Your information may be transferred, or stored and processed in other countries outside of where you live for the purposes as described in this Privacy Policy, provided that applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) and other relevant legislation in jurisdictions where we operate. is complied with at all times. These data transfers are necessary to provide the services to you and to globally operate and provide our products to you. We utilize Standard Contractual Clauses (SCCs), rely on the European Commission's adequacy decisions about certain countries, as applicable, and obtain your consent for these data transfers to other countries. We ensure that any third-party recipients of your data outside the EEA also comply with applicable data protection laws and provide adequate safeguards for data protection.
21. INTERNATIONAL DATA TRANSFERS
Your personal data may be transferred, stored, and processed outside of your country of residence for the purposes outlined in this Privacy Policy. In particular, we may transfer your data to countries outside the European Economic Area (EEA), the United Kingdom, or New Zealand, where different data protection laws may apply.
We will take all necessary steps to ensure that any international transfers of personal data comply with applicable data protection laws, including the use of Standard Contractual Clauses (SCCs) or other mechanisms approved by the relevant authorities to ensure that your data is adequately protected when transferred to another country.
By using our services, you agree to the transfer, storage, and processing of your personal data as described in this section.
22. DPO
If, after contacting us, you feel that your concerns have not been addressed to your satisfaction, you can contact our data protection officer (“DPO”) at info.ipapp@artofliving.org
This Privacy Policy is entered into by and between The Art of Living on behalf of itself and its affiliates, group companies, related entities, and licensors (the “Organization”).
The organization understands that your privacy is important to you and that you care about how your information is used and shared. We are committed to handling your personal information in accordance with your rights under applicable law, including the European Union’s General Data Protection Regulations (GDPR), and other relevant legislation in jurisdictions where we operate. We only collect and use information that is necessary to provide our services, improve user experience, and fulfil our legal obligations.
This Privacy Policy applies to your use of The Art of Living Intuition Process website and mobile application (collectively referred to as the "website"), regardless of whether you access it through a web browser or mobile app.
By accessing and using our website, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and processing of your personal data as described herein. Your acceptance of this Privacy Policy is deemed to occur upon your first visit to our website or mobile application. If you do not accept or agree to this Privacy Policy, you should discontinue use of the website and mobile application immediately.
We respect your privacy rights under the European Union’s GDPR, and other relevant legislation in jurisdictions where we operate. including your rights to access, correct, or delete your personal data. Please refer to the 'Your Rights' section of this Privacy Policy for further details on how to exercise these rights.
2. PURPOSE
The Organization is committed to international compliance with data protection laws. This Privacy Policy applies globally to the Organization and is based on globally accepted, basic principles of data protection. The Privacy Policy provides one of the necessary framework conditions for cross-border data transmission among the Organization and ensures compliance with key data protection laws, including the European Union’s General Data Protection Regulation (GDPR), and other relevant legislation in jurisdictions where we operate.
3. APPLICATION OF NATIONAL LAWS
This Privacy Policy comprises data privacy principles that are generally accepted internationally, in accordance with applicable data protection laws, including the European Union's GDPR, and other relevant international regulations. In the event of any conflict between this Privacy Policy and the national laws of the jurisdiction in which you reside, the applicable national laws will take precedence. National laws shall take precedence to the extent that they conflict with this Privacy Policy.
4. SCOPE
This Privacy Policy applies only to your use of our website and the use of our application. It does not extend to any websites that are linked to from our website (whether we provide those links or whether they are shared by other users). We have no control over how your data is collected, stored or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
We require any individuals under the age of 16 years who access this website to obtain the consent of their parent or guardian prior to accessing the website. In any event, we will only collect information by lawful means and by a means that, in the circumstances of the case (particularly where personal information is being collected from children or young persons), is fair and does not intrude to an unreasonable extent upon the affairs of the individual concerned. If we learn that we have collected or received personal information from an individual under the age of16 years without verification of legal guardian or parental consent, we may delete that information. If you believe that we might have any information from or about a child under the age of 16 years and you have concerns, please contact us at info.ipapp@artofliving.org
5. DATA COLLECTION
Some data will be collected automatically by our website and our application, other data will only be collected if you voluntarily submit it and consent to us using it for the purposes set out herein. Automatically collected data includes (1) Information about the browser type and version used; (2) your operating system; (3) your Internet service provider; (4) your IP address; (5) Date and time of access. In the event of abuse, we may block certain IP addresses.
If you choose to create a Prajñā Yoga (Intuition Process) account, we collect some information directly from you in order to provide you with the Services, including your name, email address, phone number, and the type of device you are using such as the iPhone or Android model (so that we may send you push notifications about the app, experience and information around Prajñā Yoga/ Intuition Process, if you’ve selected this feature).
We also collect information directly from you when you add elements to your user profile (e.g. your name, unique username, profile image which you can add to enhance your profile but this is optional etc.) or request account verification (if applicable) or contact the Prajñā Yoga support team.
The Organization may collect and process medical data, including but not limited to health-related information, if voluntarily provided by the user. As medical data is considered sensitive personal data under applicable data protection laws, such collection and processing will be carried out in strict compliance with relevant legislation, including the European Union’s General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), and any other applicable laws in the jurisdictions where we operate. Medical data will only be processed on lawful grounds, such as explicit consent, where required to protect vital interests, or to fulfil legal obligations. For users under the age of 16, the Organization will ensure that parental or guardian consent is obtained prior to the collection of any medical data. If the Organization becomes aware that it has collected medical data from a child without appropriate consent, such data will be promptly deleted.
Collection of information will at all times adhere to applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) and other relevant legislation in jurisdictions where we operate.
6. USE OF DATA
a) All personal data is stored securely in a manner that protects it from misuse and loss and from unauthorized access, use, modification or disclosure, and otherwise in accordance with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) and other relevant legislation in jurisdictions where we operate..
b) We use your data to provide the best possible services to you. This includes: (i) Providing and managing your account; (ii) Providing and managing your access to our website; (iii) Personalising and tailoring your experience on our website; (iv) Supplying our products and services to you; (v) Personalising and tailoring our products and services for you; (vi) Responding to communications from you; (vii) Supplying you with newsletters, alerts etc. via email, that you may have subscribed to and that you may unsubscribe or opt-out at any time by clicking on the unsubscribe link from such emails or from your account profile; (viii) Market research;(ix) Analysing your use of our website and gathering feedback to enable us to continually improve our website and your user experience; and (x) For compliance with legal obligations, including but not limited to tax, regulatory, or legal requests, where applicable..
c) In some cases, the collection of data may be a statutory or contractual requirement, and we will be limited in the products and services we can provide you without your consent for us to be able to use such data.
d) With your permission and/or where permitted by law, we may also use your data for marketing purposes which may include contacting you by email, telephone, text message, post and/or messaging services with information, news and offers on our products and/or services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) and other relevant legislation in jurisdictions where we operate.. You have the right to withdraw your consent to marketing communications at any time by following the opt-out procedures provided, such as using the unsubscribe link in emails or changing preferences in your account settings.
e) Advertisers whose content appears on our website may engage in what is known as “behavioural advertising” – advertising which is tailored to your preferences, based on your activity. Your activity is monitored using Cookies, as detailed in our Cookie Policy. Please note that we do not control the activities of such advertisers, nor the information they collect and use. You agree that any engagement with third party advertising agencies is undertaken at your own risk. We encourage you to review the privacy practices of such advertisers and third-party platforms, as we are not responsible for their data handling practices.
f) Legal basis: We will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following basis applies: (i) you have given consent to the processing of your personal data for one or more specific purposes; (ii) processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract; (iii) processing is necessary for compliance with a legal obligation to which we are subject; (iv) processing is necessary to protect the vital interests of you or of another natural person; (v) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller and/or processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child; and (vi) Processing is necessary for the purposes of complying with regulatory requirements in your jurisdiction..
g) Sensitive Information: Sensitive information as defined under the relevant national data privacy laws, will be used by us only: (i) for the primary purpose for which it was obtained; (ii) for a secondary purpose that is directly related to the primary purpose; and/or (iii) with your consent; or where required or authorized by applicable law.
7. STORAGE OF DATA
a) We only keep your data for as long as we need to in order to use it as described in the above section (Use of Data), and/or for as long as we have your permission to keep it. In any event, we will conduct an annual review to ascertain whether we need to keep your data. Your data will be deleted if we no longer need it for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your data.
You have the right to request the deletion of your data at any time, subject to applicable retention periods required by law.
b) Some or all of your data may be stored or transferred outside of your country of domicile You accept and agree to this by using our website and submitting information to us. If we do store or transfer data outside of your country of domicile, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within your country of domicile.
We will ensure that any international transfers of personal data comply with applicable data protection laws, including the use of mechanisms such as Standard Contractual Clauses (SCCs) or other legal safeguards for cross-border data transfers.
c) Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through our website. We conduct regular reviews of our security measures to ensure they remain up to date and adequate to protect your personal data.
Notwithstanding the security measures that we take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting data to us via the internet.
8. SHARING OF DATA
a) We may share your data within the Organization and we may contract with third parties to supply products and services to you on our behalf, provided that applicable data protection laws including but not limited to GDPR, are complied with. These may include payment processing, delivery of goods, search engine facilities, advertising, and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will ensure that your data is handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under relevant jurisdiction’s laws. We will also ensure that third parties are bound by confidentiality agreements and data protection obligations to protect your data in line with our standards.
b) We may compile statistics about the use of our website including data on traffic, usage patterns, user numbers, sales and other information. All such data will be anonymized and will not include any personally identifying information. We may from time to time share such data with third parties. Data shared for statistical purposes will not be linked to or used to identify any individual user. Data will only be shared and used within the bounds of the law.
c) In certain circumstances, we may be legally required to share certain data held by us, which may include your personal information, for example, where we are involved in legal proceedings, where we are complying with the requirements of legislation, a court order, or a governmental authority. We will notify you if your personal data is shared in response to a legal request, unless prohibited by law or the legal process. We do not require any further consent from you in order to share your data in such circumstances and will comply as required by any legally binding request that is made of us, provided that such disclosure is not limited by applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) and other relevant legislation in jurisdictions where we operate..
9. USER OPTIONS
a) When you submit information via our website, you may be given options to restrict our use of your data. We aim to give you strong controls on our use of your data (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails and by managing your account preferences).
b) you may also wish to sign up to one or more of the preference services operating in your country. These may help to prevent you from receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receive.
c) It is important to us that your data is up to date. We will take reasonable steps to make sure that your data is accurate, complete and up to date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.
10. RIGHT TO WITHDRAW INFORMATION
a) You may access certain areas of our website without providing any data at all. However, to use all features and functions available on our website you may be required to submit or allow for the collection of certain data.
b) You may restrict your internet browser’s use of Cookies. For more information, see our Cookie Policy. Please note that restricting Cookies may impact your ability to use certain features or services on our website.
c) You may withdraw your consent for us to use your personal data at any time by deleting your account or by contacting us using the details set out herein below, and we will delete your data from our systems. However, you acknowledge this may limit our ability to provide the best possible products and services to you. We will ensure that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal, in line with applicable data protection regulations.
11. ACCESS TO DATA
You may access your personal data we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your personal data, please access it through your account.
On request by you, we will not charge any fee for your access request but may charge an administrative fee for providing a copy of your personal data, unless otherwise requested by you, the information shall be provided in a commonly used electronic form. We will not charge you for exercising your rights unless the request is excessive or manifestly unfounded, in which case we may charge a reasonable fee or refuse to comply with the request.
In order to protect your personal data, we may require identification from you before releasing the requested information. We may also request additional information to verify your identity if necessary to protect your personal data.
12. YOUR RIGHTS
You have the following rights regarding your personal data:
(i) Right of Access: You have the right to request access to the personal data we hold about you, including information on how we process it, the categories of data we hold, and the purpose of processing.
(ii) Right to Rectification: You have the right to request the correction of any inaccurate or incomplete personal data we hold about you.
(iii) Right to Deletion (Right to be Forgotten): You have the right to request the deletion of your personal data, subject to certain exceptions, such as where the data is required for compliance with a legal obligation or for the performance of a contract.
(iv) Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances, for example, if you believe the data is inaccurate, or you have objected to its processing.
(v) Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another data controller, where technically feasible.
(vi) Right to Object: You have the right to object to the processing of your personal data at any time, particularly when the processing is based on our legitimate interests or for direct marketing purposes.
(vii) Right to Automated Decision-Making and Profiling: You have the right to object to automated decisions, including profiling, which significantly affect you. We will not carry out automated decision-making unless we have obtained your explicit consent or it is necessary for the performance of a contract with you.
To exercise any of the above rights, or if you have any other questions or concerns about how your data is processed, please contact us using the details set out below. We will respond to your request in accordance with applicable data protection laws and will do so without undue delay.
13. AUTOMATED DECISION-MAKING AND PROFILING
a) In the event that we use personal data for the purposes of automated decision-making and those decisions have a legal (or similarly significant effect) on you, you have the right to challenge such decisions, requesting human intervention, expressing their own point of view, and obtaining an explanation of the decision from us. You also have the right to contest such decisions, request human review, and obtain an explanation of the logic, significance, and consequences of the decision.
b) The right described in the section above does not apply in the following circumstances: (i) the decision is necessary for the entry into, or performance of, a contract between you and us; (ii) the decision is authorized by law; (iii) you have given your explicit consent; or (iv) the decision is based on special categories of personal data, with appropriate safeguards, as permitted by law..
c) Where we use your personal data for profiling purposes, the following shall apply: (i) clear information explaining the profiling will be provided, including its significance and the likely consequences; (ii) appropriate mathematical or statistical procedures will be used; (iii) technical and organisational measures necessary to minimise the risk of errors and to enable such errors to be easily corrected shall be implemented; (iv) all personal data processed for profiling purposes shall be secured in order to prevent discriminatory effects arising out of profiling; and (v) You will be provided with an opportunity to object to profiling, particularly when it concerns direct marketing or decisions that have significant effects on you.
14. DATA RETENTION POLICY
We will retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required by law. The retention period for your data will depend on the type of data, the purpose for which it is collected, and the legal obligations we must comply with.
In general, we will delete or anonymize your personal data once it is no longer needed for the purposes for which it was collected. However, we may retain certain data for a longer period if required to comply with legal obligations, resolve disputes, or enforce agreements.
You have the right to request information about the retention periods of your personal data and the criteria used to determine those periods.
15. SECURITY OF DATA
We take the security of your personal data seriously. We implement appropriate technical, organizational, and physical security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include but are not limited to encryption, firewalls, secure access controls, and data backup protocols.
While we strive to protect your personal data, please be aware that no security system is completely infallible. We cannot guarantee the absolute security of your data, but we will make all reasonable efforts to ensure its safety.
If there is a data breach that may impact your rights and freedoms, we will notify you as soon as possible, in accordance with applicable data protection laws.
16. THIRD-PARTY SERVICES AND TRANSFERS
We may share your personal data with third-party service providers who assist us in delivering services to you, such as payment processors, delivery services, or marketing platforms. These third parties are only permitted to use your personal data in accordance with our instructions and for the purpose of providing the relevant services to us.
We ensure that these third-party providers comply with appropriate confidentiality and data protection measures, as required by applicable data protection laws.
Your personal data will not be sold or rented to third parties for their marketing purposes without your consent.
17. CONTACT US
If you have any questions about our website or this Privacy Policy, please contact us by email at info.ipapp@artofliving.org. Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you.
18. CHANGES TO THE PRIVACY POLICY
We may change this Privacy Policy as we may deem necessary from time to time, or as may be required by law. Any references to legislation shall be interpreted to include amended or substituted legislation from time to time. Any changes will be posted on our website as soon as practicable and you will be deemed to have accepted the terms of the Privacy Policy on your first use of our website following the alterations. We recommend that you check this page regularly to keep up-to-date. We will notify you of any significant changes to this Privacy Policy, particularly those that impact your rights, either through prominent notices on the website or directly via email.
19. LANGUAGE
This Privacy Policy was prepared and written in English. Any non-English translations of this Privacy Policy which may be made available are provided for convenience only and are not legally binding.
20. APPLICABLE FOR PERSONS FROM THE EUROPEAN ECONOMIC AREA
Legal Framework
It has been concluded by the European Commission that particular countries outside of the European Economic Area (the “EEA” which consists of all European Union member states, plus Norway, Iceland, and Liechtenstein) require to adequately protect personal data. This can be reviewed under European Commission adequacy decision. Where data is being transferred from the EEA to other countries, we shall comply with legal frameworks that ascertain an equivalent level of protection with European Union law. We will also ensure that any cross-border data transfers comply with applicable international data protection laws, including the use of mechanisms like Standard Contractual Clauses (SCCs) or other legal safeguards.
Model Contract Clauses
The Organization shares personal information within the Organization and to other trusted businesses or persons to process it for us, based on our guidelines and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures. Your information may be transferred, or stored and processed in other countries outside of where you live for the purposes as described in this Privacy Policy, provided that applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) and other relevant legislation in jurisdictions where we operate. is complied with at all times. These data transfers are necessary to provide the services to you and to globally operate and provide our products to you. We utilize Standard Contractual Clauses (SCCs), rely on the European Commission's adequacy decisions about certain countries, as applicable, and obtain your consent for these data transfers to other countries. We ensure that any third-party recipients of your data outside the EEA also comply with applicable data protection laws and provide adequate safeguards for data protection.
21. INTERNATIONAL DATA TRANSFERS
Your personal data may be transferred, stored, and processed outside of your country of residence for the purposes outlined in this Privacy Policy. In particular, we may transfer your data to countries outside the European Economic Area (EEA), the United Kingdom, or New Zealand, where different data protection laws may apply.
We will take all necessary steps to ensure that any international transfers of personal data comply with applicable data protection laws, including the use of Standard Contractual Clauses (SCCs) or other mechanisms approved by the relevant authorities to ensure that your data is adequately protected when transferred to another country.
By using our services, you agree to the transfer, storage, and processing of your personal data as described in this section.
22. DPO
If, after contacting us, you feel that your concerns have not been addressed to your satisfaction, you can contact our data protection officer (“DPO”) at info.ipapp@artofliving.org