I. Data controller
Name of the service provider:Alex Fergus
Registered office of the service provider: Evergreen Wellness Ltd, New-Zealand, NZ-4378 Urenui, 186 Uruti Road, Rd 48
Email address: [email protected]
II. Contact details of the data protection officer
I do not engage in activities that would require the Data Protection Officer.
III. Purposes and legal bases of data processing
The purpose of this information is to provide visitors clear and unambiguous information about the personal data I process and the basis how and for what I use them. I believe that clarity can be ensured by listing the exact legal requirements separately, which I have placed at the end of this information.
Contact form
- The purpose of the contact form on this website is to provide online contact options. The form asks for a name and email address. I process these data based on consent.
Cookies
- A cookie is an information package consisting of letters and numbers that websites generally send to the browser with the aim of saving certain settings, facilitating the use of the website, and helping to collect relevant statistical information about visitors. Cookies do not contain personal information and are not suitable for individual user identification. Cookies often contain an individual identifier – a secret, randomly generated number – stored on your device. Some cookies expire after closing the website, while others are stored on your computer for a longer period of time.
IV. Withdrawal of consent
Data processing based on consent (see above) can be withdrawn for the following activities:
- contact from interested parties via the website contact form or the newsletter
- creating visitor statistics
Consent can be withdrawn at any time in the same simple way it was given.
For other data processing operations related to consent, please send a short message to [email protected].
Processing prior to the withdrawal of consent is considered lawful.
V. Identification of legitimate interests
I process the contact information and names of the website visitors based on legitimate interests.
I have received these personal data from the data subjects themselves, who have already been assured of the confidential handling of the data. I provide the right to object to all my partners.
VI. Duration of data storage
Contact form (name, email address) – monthly review
Data of website visitors (name, email address, phone number) – until a deletion request is received
Cookies from the lighttherapyinsiders.com website – until the expiration date of the cookies or until the user deletes them from their browser
Google Analytics visitor statistics – 26 months
VII. Security measures
I ensure the protection of personal data by implementing appropriate security measures to prevent unauthorized access, accidental disclosure, or unauthorized alteration. After entering a password, access to my laptop is granted. I use fingerprint identification on my phone. I use two-factor authentication for Gmail and Facebook. I take all necessary measures on my website to prevent unauthorized access and also apply SSL encryption.
When designing the appropriate security measures, I have taken into account the current state of science and technology, the nature, scope, context, and purposes of data processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons.
VIII. Recipients
To fulfill certain tasks of the website (lighttherapyinsiders.com), data processors are employed.
Hosting service: Cloudflare, Inc.
(Access to the entire content of the website, forwarding of emails received to its own domain email address.)
Receiving and Sending Emails: Gmail – Google Inc., Mountain View, California, USA
(Access to email and all its data.)
Facebook Page: Facebook Inc. Menlo Park, California, USA
Privacy Policy: https://www.facebook.com/about/privacy/update
(Access to user’s name and comments.)
Facebook pixel: Facebook Inc. Menlo Park, California, USA
(Access to HTTP headers [IP address, page location, referrer, user agent], pixel identifier, Facebook cookie.)
Google Analytics: Google Inc., Mountain View, California, USA
(Access to anonymized, non-personally identifiable IP addresses of website visitors.)
IX. Transfer to third countries
The only third country to which data transfers occur is the United States of America. Compliance decisions were made on July 12, 2016, for the USA (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en), which are also followed by Google (https://policies.google.com/privacy/frameworks) and Facebook (https://www.facebook.com/about/privacyshield).
X. Rights of the data subject
- Right of Access to Personal Data
Visitors to my website, my clients, and my partners have the right to request feedback on whether their personal data is being processed and, if so, to access the following information:
- the purposes of the data processing,
- categories of personal data concerning the data subject,
- recipients to whom the personal data has been or will be disclosed, including recipients in third countries and international organizations,
- the envisaged period for which the personal data will be stored, or if not possible, the criteria used to determine that period,
- the right of the data subject to request rectification, erasure, or restriction of the processing of personal data concerning them and to object to such processing,
I will provide a copy of the personal data undergoing processing. For any additional copies requested, I may charge a reasonable fee based on administrative costs. If the request is made electronically, the information will be provided in a widely used electronic format (.doc, .pdf, .xls, .jpg, etc.), unless otherwise requested by the data subject.
The right to request a copy shall not adversely affect the rights and freedoms of others.
2. Right to rectification
Visitors to my website, my clients, and my partners have the right to request the correction of any inaccurate personal data concerning them. Taking into account the purposes of the processing, they may also request the completion of incomplete personal data. I must inform all recipients of the personal data about the rectification unless this proves impossible or involves disproportionate effort. Upon request, I will inform the data subject about these recipients.
3. Right to erase
I am obliged to erase personal data concerning my clients, principals, or website visitors without undue delay upon their request or even without a request if:
- the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
- the data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing;
- the data subject objects to the processing, and there are no overriding legitimate grounds for the processing;
- the personal data has been unlawfully processed;
- the personal data must be erased for compliance with a legal obligation under Union or Member State law to which I am subject;
- the personal data has been collected in relation to the offer of information society services.
If I have made personal data public and I am obliged to erase it, taking into account available technology and the cost of implementation, I will take reasonable steps to inform data controllers who are processing the data to link to, copy, or replicate the personal data that the data subject has requested to be erased.
I am not required to erase personal data if the processing is necessary for the establishment, exercise, or defense of legal claims. If a request for deletion of such data is received, I will consider it and respond to the request in writing.
I must inform all recipients of the personal data about the erasure unless this proves impossible or involves disproportionate effort. Upon request, I will inform my clients/principals/users about these recipients.
4. The right to restrict data processing
My client/employer/website visitor is entitled to request the restriction of data processing if:
- They dispute the accuracy of personal data until it is clarified.
- The data processing is unlawful, and instead of deletion, they request the restriction of its use.
- I no longer need the personal data for the purposes of data processing, but the user/client/employer requires them for presenting, enforcing, or defending legal claims.
- The user/client/employer has objected to the processing of personal data based on legitimate interests. In this case, the restriction applies until it is determined whether the legitimate grounds of the data controller override the interests of the data subject.
If data processing is restricted, personal data, except for storage, can only be processed with the consent of the user/client/employer or for the presentation, enforcement, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
I will inform the user/client/employer in advance about the lifting of the restriction.
I must inform all recipients to whom I have disclosed the personal data about the restriction, unless it is impossible or requires disproportionate effort. Upon request, I will inform my client/employer/user about the recipients.
5. The right to data portability
In the case of automated data processing based on consent or contractual legal basis, my client/employer/website visitor is entitled to receive their personal data provided to me in a structured, commonly used, machine-readable format and to transmit this data to another data controller, if technically feasible.
The right to data portability must not adversely affect the rights and freedoms of others.
Right to object
The website visitor/client/employer may object to the processing of their personal data at any time for reasons related to their particular situation if the legal basis for data processing is legitimate interests. In this case, I may not further process the personal data unless I demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the website visitor/client/employer or are related to the presentation, enforcement, or defense of legal claims.
Automated individual decision-making, including profiling
Since I do not carry out automated decision-making and profiling, I cannot provide this fundamental right.
XI. In case of complaints
I handle your personal data with the utmost care. If you feel that I have not taken all necessary measures to protect your personal data or if you simply have questions, please write to me at [email protected].
If my business violates the principles of data processing, the individuals can exercise their rights in court through a civil lawsuit. The adjudication of the lawsuit falls within the jurisdiction of the court.
The lawsuit can also be initiated before the court according to the place of residence of the individuals (you can find the list and contact information of the courts here).
XIII. Automated decision-making
There is no automated decision-making in my business.
XIV. When determining the legal basis for data processing, I have taken into account the following legal provisions:
Regarding contact form submissions, website traffic statistics, conversion measurements, the use of cookies, and data processing related to business relationships and agreements, I have considered Article 6(1)(a) of the European Parliament and Council (EU) Regulation 2016/679.
The basis for data processing related to invoicing is Article 6(1)(c) of the European Parliament and Council (EU) Regulation 2016/679, as well as Section 78(3) of Act CL of 2017 on the Rules of Taxation (deadline for document retention) and Section 169(e) of Act CXXVII of 2007 on Value Added Tax (mandatory elements of invoices).
Other provisions:
This information becomes effective on July 25, 2023, and I will review the content whenever new guidelines, opinions, or detailed regulations become known, which require modifications. If there are changes in the scope of my business activities or if I introduce new marketing tools, I will also make the necessary updates.
Please let me know if there’s anything else I can assist you with!