Date of Last Update: [4/1/2021]
1. Information We Collect
1.1 When you use the Website or the Website Services, the following types of Personal Data, Payment and Invoicing Data, Communication Data, Technical Data and Marketing Data (collectively the “Data”) may be collected from you:
1.1.1 Personal Data:
Includes First Name, Last Name, E-mail Address and Credit/Debit Card Information or such other data as may be deemed necessary for providing the Website Services. When you e-mail us, your e-mail address may be added to our mailing list from which you can unsubscribe at any time using the unsubscribe link in each e-mail or by contacting us at SoundandSoulful@MagnetizeYourself.com
1.1.2 Payment and Invoicing Data: Credit/Debit Card number, payment transactions and banking information etc.
1.1.3 Communication Data: Includes data that you provided us through the consultation/contact form on the Website, through e-mail or otherwise. The lawful ground for this processing is our legitimate interests such as to reply to communications sent to us, to keep records and to establish, pursue or defend potential legal claims.
1.1.4 Technical Data: Technical Data includes data regarding your use of the Website and the Website Services such as your IP address, login, browser details, details of visit of pages on the Website, page views and navigation details, usage amount, time zone settings and other technical information on your device. The lawful ground for this processing is our legitimate interests such as to enable us to properly administer the Website and our business and to grow our business.
1.1.5 Marketing Data: Includes data about your preferences in receiving marketing material from us and our third parties. The lawful ground for this processing is our legitimate interests such as to study how Users use the Website Services, to develop them, to grow our business and to
decide our marketing strategy.
2. Consent and its Withdrawal
2.1 Your consent to process your Data is deemed granted when you use the Website or the Website Services or fill the forms available on the Website. It is necessary for us to collect all necessary Data from you for the purposes of providing the Website Services.
2.3 You may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at SoundandSoulful@MagnetizeYourself.com
3. Usage and Data Processing
3.1 Your Data may be used to provide you the Website Services and better understand your needs in relation thereto and to reply to any of your questions and requests regarding the Website Services.
3.2 Your Data is not rented or sold to others.
3.3 You are deemed to have authorized us to use your Data for the following purposes:
i. processing transactions;
ii. verifying your identity;
iii. providing you the Website Services and responding to your queries, feedback or disputes;
iv. making such disclosures as may be required for any of the above purposes or as required by applicable laws and regulations or in respect of any investigations, claims or potential claims brought on or against us;
v. sending you notices regarding services you are receiving and for billing and collection purposes;
vi. providing and maintaining the Website Services; and
vii. improving the Website such as through personalized features and content.
3.4 It shall be ensured that:
i Your Data collected by us or any of our third party will be used as per applicable data privacy laws;
ii. The reasons for the collection of Data and its usage will always be made known to you;
iii. Only the necessary Data will be collected from you;
iv. Cookies or similar technologies will be used in accordance with applicable laws;
v. If any Data submitted by you online cannot be fully deleted at your request under normal circumstances, you will be informed accordingly;
vi. Necessary technical and organizational measures are used to protect your Data; and
vii. Your Data is transferred securely;
4. Criteria for Disclosure of Data
4.1 Your Data will not be kept private in response to the legal process. If we deem that an investigation is required, an action is warranted in order to prevent illegal activities or suspected fraud, avert threats to the physical safety of a person, stop violation of our Terms or as otherwise required by law, we may disclose your Data. Moreover, your Data may also be disclosed in case of takeover, merger or acquisition.
4.2 Your Data may be disclosed in the good faith belief that an action is necessary to:
i. comply with a legal obligation;
ii. protect and defend our rights or property;
iii. prevent or investigate possible wrongdoing;
iv. protect safety of our users and general public;
v. protect against legal liability.
4.3 Your Data may be disclosed or transferred to our professional advisors, law enforcement agencies, insurers, government, and regulatory and other organizations in case of need.
5. Data Storage
5.1 We will store and process your Data at our dedicated Shopify’s customer account system, in the stripe.com system and in our Shopify membership app.
5.2 We act as the controller and our above partners as processors, meaning they will not undergo Personal Data processing activities towards information registered, submitted or conveyed by us.
5.3 Your Data may be transferred to our affiliated entities or other third-parties across borders. You hereby give consent to such transfer.
5.4 Your Data will be retained for as long as necessary to fulfil the purposes we collected it including to satisfy any record retention or reporting requirements under applicable laws.
5.5 As herein above mentioned, we will maintain Personal Data pertaining to our Users for the duration of the Website Services and as per legal requirements.
6. How We Protect Your Information
6.1 While we strive to use commercially acceptable means to protect your Data, we cannot guarantee its absolute security since no method of transmission over the Internet or method of electronic storage is 100% secure.
6.2 While we are concerned with protecting privacy of your Data, we do not give any guarantee to the security of your Data.
6.3 Your Data will be retained by us and will be accessible by our employees and any third-party service providers engaged by us.
7. Compliance with the GDPR
7.1 We will make all reasonable efforts to ensure that the Website complies with the General Data Protection Regulation (GDPR) (EU) 2016/679 of the EU regarding the collection, use and retention of Data from the Users based in European Union’s Member States. We will also make all reasonable efforts to adhere to the GDPR requirements of notice, choice, onward transfer, security, data integrity, access and enforcement.
7.2 We strictly observe Article 14 ruling of the GDPR, making explicitly known to the user which Personal Data we have gathered pertaining to him / her and what has been the source as well as the “purpose” and “scope” of our Personal Data processing activities.
7.3 Per Article 14 of the GDPR, if either the user provides no feedback or he/she declines to approach / contact, we shall erase the Personal Data that we have gathered until one (1) month after collection date.
7.4 To prevent further contact within the same scope, the user’s name and e-mail address will be ‘blacklisted’ in our records that is accessible to our relevant internal departments only.
7.5 Personal Data pertaining to any User that is identified as being under eighteen (18) years of age (therefore not bearing full legal capacity as an adult) will be automatically excluded from our records. This also comprehends the unlikely event of a user who is under eighteen (18) years of age but has been identified as an adult by error / mistake/ his / her own conduct.
7.6 Upon the collection of Personal Data pertaining to Users, we will identify the User by asking further information, if required.
7.7 The Rights of Users: Users based in EU may exercise following rights regarding their Data:
(i) Right of confirmation: Users shall have the right to obtain confirmation from us as to whether or not your Personal Data is being processed.
(ii) Right of Access: Users shall have the right to obtain free information from us about their Personal Data as well as its copy at any time. The EU directives and regulations also grant you access to the following information:
- the purpose of the processing;
- the categories of Personal Data concerned;
- the recipients or types of recipients to whom your Personal Data have been or will be disclosed, in particular recipients in third countries or international organizations;
- the envisaged period for which your Personal Data will be stored, or, if that is not possible, the criteria used to determine that period;
- the right to request from us rectification or erasure of Personal Data or restriction of processing of your Personal Data or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where your Personal Data is not collected, any available information as to its source;
- the existence of automated decision-making, including profiling, referred to in Articles 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved as well as the significance and envisaged consequences of such processing for you.
(iii) Right to rectification: Users shall have the right to obtain from us without undue delay the rectification of their inaccurate Personal Data. Taking into account the purposes of the processing, Users shall have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
(iv) Right to be forgotten: Users shall have the right to require us to erase their Personal Data without delay which we will be obliged to do so where one of the following grounds applies as long as the processing is not necessary:
- The Personal Data is no longer required.
- You choose to withdraw your consent as per sub-article (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR.
- As per Article 21(1) of the GDPR, you raise any objection against the processing of your Data and when there is no overriding ground for such processing or you raise objection pursuant to Article 21(2) of the GDPR.
- The Personal Data has been unlawfully processed.
- The Personal Data must be erased for compliance with a legal obligation in EU or a Member State law to which we are subject.
- The Personal Data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
- Where we have made Personal Data public and are obliged pursuant to Article 17(1) to erase such Personal Data, we, while taking account of available technology and the cost of implementation, shall take reasonable steps including technical measures to inform other controllers processing the Personal Data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. We will arrange the necessary measures in individual cases.
(v) Right of restriction of processing: User shall have the right to obtain from us restriction of processing where one of the following applies:
- The accuracy of the Personal Data is contested by the User for a period enabling us to verify the accuracy of the Personal Data.
- The processing is unlawful and the User opposes the erasure of the Personal Data and requests instead the restriction of their use.
- We no longer need the Personal Data for the processing but we are required by the User for the establishment, exercise or defence of legal claims.
- Pursuant to Article 21(1) of the GDPR you exercise your right to object to processing when the verification process is pending.
If any of the above conditions is fulfilled and you want to restrict processing of your Personal Data stored by us, you may contact us at SoundandSoulful@MagnetizeYourself.com.
(vi) Right to data portability: Users shall have the right to receive their Personal Data, which was provided to us, in a structured, commonly used and machine-readable format. Users shall also have the right to transmit such data to another data controller if such processing is based on consent retrieved as per point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR and the processing is carried out by automated means as long as the processing is not necessary for the performance of a task carried out in the public interest or the exercise of official authority vested in us.
(vii) Right to object: Users shall have the right to object on grounds relating to their particular situation at any time to processing of their Personal Data, which is based on point (e) or (f) of Article 6(1) of the GDPR.
- The Personal data will no longer be processed in the event of the objection unless we can demonstrate compelling legitimate grounds for the processing.
- If a User’s Personal Data is processed for direct marketing purposes, that User shall have the right to object at any time to processing of his / her Personal Data for such marketing. This applies to profile to the extent that it is related to such direct marketing. If a User objects to us to the processing for direct marketing purposes, we will no longer process the Personal Data for these purposes.
- A User shall have the right, on grounds relating to his / her particular situation, to object to the processing of his / her Personal Data for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
(viii) Right to withdraw data protection consent
: Users shall have the right to withdraw their consent to the processing of their Personal Data at any time. Users may initiate a request with us at SoundandSoulful@MagnetizeYourself.com
to exercise any of the above-mentioned rights. We shall review your request and, in our discretion, honour your request, if deemed necessary by us, within a reasonable time. Personal Data pertaining to a former Users shall be erased from our records once all applicable legal timelines have expired being that if those are dilated in time (meaning over 1 year after service termination), the Personal Data shall be securely segregated from live Data.
8. Compliance with CalOPPA
- You can visit our site anonymously.
9. Compliance of California Privacy Act 2018
9.2 Your rights under the CCPA:
9.2.1 Under the CCPA, Users have the right to access their Personal Data during the past twelve (12) months and information about our data practices. Users also have the right to request that we delete their Personal Data.
9.2.4 Please note that for making manual requests you will need to verify your identity by providing us with all the information as we may require from you for this purpose.
9.2.5 You have the right to be free from any discrimination for exercising your rights to access or delete your Personal Information.
10. Third-Party Service Providers
10.1 Third party companies and individuals may be employed to facilitate operational and voice communication services ("Third Party Service Providers") in relation to providing the Website Services on our behalf, to perform Website Services-related services or to assist us in analyzing how the Website Service is used.
10.2 These third parties have access to your Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
10.3 Following are third-party service providers that the Company uses that work over SSL.
11. Changes to this Privacy Statement
11.3 We reserve the right to correct any errors, inaccuracies or omissions and to change or update the information at any time, without prior notice in case there is any information on the Website that contains typographical errors, inaccuracies or omissions that may relate to service descriptions, pricing, availability and various other information.
12. Contact us