- What is Personal Information?
Personal Information is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute Personal Information.
2. What is Processing?
“Processing” means and covers virtually any handling of data.
3. What law applies?
I act as the data controller in accordance with the New York Privacy Act (“NYPA”) and the EU’s General Data Protection Regulation (“GDPR”).
a) Purpose and legal basis of processing
In accordance with the NYPA and GDPR we need to have both a purpose and a legal basis to process Personal Information. The purposes are:
- providing the website and its functions and contents
- responding to contact requests and communicating with my clients and website users
- providing my services, resources, courses
- security measures
Of course, we can only do that if we have at least one of the following legal bases or, in other words, lawful reasons to do so. Unless specifically described below, we typically link the above purposes to one of the following:
- to fulfill my services and carry out contractual obligations
- to fulfill my legal obligations
- to protect our legitimate interests.
My website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, login data or contact requests that you send to us.
I try to make sure that my website has appropriate security measures, however, internet-based data transmissions can always have security gaps, so absolute protection cannot be guaranteed. In this sense, databases or data sets that include Personal Information may be breached inadvertently or through wrongful intrusion.
Upon becoming aware of a data breach, I will plan to notify all affected individuals whose Personal Information may have been compromised as expeditiously as possible after which the breach was discovered.
c) Retention and Storage
I do not generally work with minors as clients or request Personal Information from minors and children, unless verifiable parental or legal guardian consent is obtained through direct offline contact. I also do not plan on knowingly collecting such data or passing it on to third parties, unless unless verifiable parental or legal guardian consent is obtained through direct offline contact.
e) Automated decision-making
Automated decision-making including profiling does not take place.
f) Do Not Sell
I do not sell your Personal Information.
g) Special Category Data
Unless it is specifically required and consent is obtained, for a particular service, I do not process special category data. In terms of working with clients, there are some questions that I ask during intake, that maybe are considered to be special category data. These questions are just so that I have a better understanding of a client’s background and for assisting in my work with a client. A client is not required to answer these questions.
h) International Transfer
In the course of my website operation, we process data. To my knowledge, we usually do not transfer Personal Information to countries outside the USA. However, if we do, I will plan to make sure that processing of your Personal Information is governed by Processing Agreements that include Standard Contractual Clauses for a high level of data protection.
i) Sharing and Disclosure
We will not disclose or otherwise distribute your Personal Information to third parties unless this is 1) necessary for the performance of my services etc. 2) you have consented to the disclosure, 3) or if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or other legal investigations or other legal proceedings.
Data Collection and Processing
a) Data that is collected automatically
i) Log files
Each time you visit my website, a number of general data and information is transmitted, even if you use my website for purely informational purposes. I only collect the general data and information that your browser transmits to my website’s server. This data and information that are collected are technically necessary for the display of my website to you and they serve the stability, security and danger or threat prevention in the event of attacks on my website. Some examples are:
- IP address
- date and time of an access to the website
- type and version of browser used
- operating system used and its interface
- the website from which an accessing system arrives at my website (so-called referrer)
- sub-websites that are accessed via an accessing system on my website,
- Internet service provider of the accessing system.
This data is deleted after the storage is no longer necessary for error analysis or danger or threat prevention. The legal basis for this data processing is my legitimate interest. When analyzing these general data and information, I do not draw any conclusions about you as a data subject.
ii) Content Management System
We also use the Content Management System (CMS) of WordPress, a service provided by Automattic Inc, to publish and maintain the created and edited content and texts on our website. This means that all content and texts submitted to us is transferred to WordPress. This represents a legitimate interest.
To provide my website, we use the services of Namecheap, Inc, who process the above-mentioned data and all data to be processed in connection with the operation of this website on my behalf. The legal basis for the data processing is my legitimate interest in providing my website.
v) When you watch my videos
On my website, we implement videos of the video portal “YouTube” of the company Google LLC. When you call up a page that has an embedded video, a connection is established to Google’s servers and in the process the content is displayed on the website by notifying your browser. According to Google’s information, in “extended data protection mode”, your data ( in particular which of our Internet pages you have visited as well as device-specific information including the IP address ), is only transmitted to the YouTube server in the USA when you watch the video. By clicking on the video, you consent to this transmission.
b) Data from third party sources
c) Data that is collected directly
i) Contacting me
If you contact me, your transmitted Personal Information will be automatically stored for the purpose of processing the request or replying to you. Data processing for the purpose of contacting me is carried out on the basis of your voluntarily given consent or the initiation of a contractual service.
ii) Social Media
I’m present on social media on the basis of my legitimate interest (currently YouTube, Facebook, LinkedIn, and Instagram). If you contact me via social media, I and the relevant social media platform are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. The legal basis is my legitimate interest, your consent, or, in some cases, the initiation of a contractual service, if any.
iii) Online appointment booking via Acuity Scheduling
I use the service of Acuity Scheduling for the simplified booking of the free consultation appointments. By using this service, data is transferred to Acuity Scheduling. The processing of the data entered via Acuity Scheduling is thus exclusively based on a legitimate interest of simplified appointment arrangement. The data entered by you remains with us until you request us to delete it or the purpose for storing the data no longer applies.
If you but the online course(s), it is also possible for you to register for an account. For this purpose, you can choose a password together with your e-mail address/username, both of which will enable you to log in more easily in order to access the course(s) and making it easier in case there will be more courses etc. in the future that you would like to purchase. We store the data you enter to set up a customer account through which your orders are recorded, executed, and processed. We will hold your data for further orders as long as you have your account with us. The legal basis for the data processing is our contract and the fulfillment of our legal obligations.
v) Payment Data
If you pay through my website for the course(s), your payment data will be processed via my payment service provider Stripe. Payment data for purchasing of the course(s) will solely be processed through Stripe and we have no access to any Payment Data you may submit. The legal basis for the provision of a payment system is the establishment and implementation of the user contract for the use of the service.
vi) Mailing list
If you join my mailing list, we process your name and e-mail address in order to potentially send various updates, newsletters, course launches etc.. I may send you newsletters and communications on a regular or occasional basis. Unsubscribing is possible at any time and can be done either by sending a message to me at Eugene@progressivetherapist.com , or via a link provided for this purpose in the email that you receive. The relevant e-mails are sent using the services of Mailchimp by Intuit Inc. The legal basis for the processing of your Personal Information is your consent.
vii) Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks as well as organization of our business, and compliance with legal obligations. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are our legal obligations and my legitimate interest.
If you choose to do a testimonial, within your testimonial you may be able to share certain details, knowledge, insights etc.. Content and data are publicly viewable. You have choices about the information on your testimonial. You are not required to provide a testimonial and you don’t have to provide additional information, and it is your choice whether to include sensitive information and to make it public. Please do not post or add personal data to your testimonial that you would not want to be available. The legal basis for the storage is my legitimate interest and your consent.
Cooperation with Processors
We use content or service offers of third-party providers on the basis of our legitimate interests in order to integrate their content and services (“content”).
This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content.
The following provides an overview of third-party providers and their content, together with links to their privacy policies, which contain further information on the processing of data and so-called opt-out measures, if any :
- Fonts: Google Font API by Google LLC and Font Awesome by Fonticons Inc,
- eCommerce system: WooCommerce by Automattic Inc.
Insofar as you have also given me your consent to process your Personal Information for marketing and advertising purposes, I am entitled to contact you for these purposes via the communication channels you have given your consent to. Please note however, that it is very important for me to try do my best to run my business in an ethical manner and I take this seriously. I do not plan to take any kind of action where I would treat a client/customer in a way that I would not want to be treated.
Your Rights and Privileges
a) Privacy Rights
Under the NYPA, you can exercise the following rights:
- Right to Notice
- Right to Opt-In Consent
- Right to Access, Correct Data
- Right to Delete
Under the GDPR, you can exercise the following rights:
- Right to information
- Right to rectification
- Right to object to processing
- Right to deletion
- Right to data portability
- Right of objection
- Right to withdraw consent
- Right to complain to a supervisory authority
- Right not to be subject to a decision based solely on automated processing
If you have any questions or if you want to enforce your right, please contact me at Eugene@progressivetherapist.com
b) Updating your Information
If you believe that the information I hold about you is inaccurate or you would like to request its rectification, deletion, or object to its processing, please do so by contacting me at Eugene@progressivetherapist.com
c) Withdrawing your Consent
You can withdraw consents you have given at any time by contacting me at Eugene@progressivetherapist.com
d) Access Request
In the event you want to make a Data Subject Access Request, please contact me at Eugene@progressivetherapist.com . I will plan to respond to requests regarding access and correction as soon as reasonably possible. Should I not be able to respond to your request within thirty (30) days, I will plan to tell you why and when I will be able to respond to your request. If I`m unable to provide you with any Personal Information or to make a correction requested by you, I will plan to tell you why.
e) Complaint to a Supervisory Authority
You have the right to complain about our processing of Personal Information to a supervisory authority responsible for data protection.
f) COPPA (Children Online Privacy Protection Act)
When it comes to the collection of PII from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. I do not plan to specifically market to children under the age of 13 years old. I also do not plan to allow users under the age of 13 to use my services unless verifiable parental or legal guardian consent is obtained through direct offline contact. I also do not knowingly collect any data from users under the age of 13, unless verifiable parental or legal guardian consent is obtained through direct offline contact.
g) CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. To be in accordance with CANSPAM, I agree to the following: If at any time you would like to unsubscribe from receiving future emails, you can email me at Eugene@progressivetherapist.com , and I will remove you from ALL correspondence.
h) Controls for Do-Not-Track Features
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (‘DNT’) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, my website does not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, I will plan to inform you about that practice in a revised version of this policy.
If you have any questions about the processing of your Personal Information, please contact me at Eugene@progressivetherapist.com