Privacy Policy

Holistic Symphony Privacy Policy

Holistic Symphony ("we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy outlines the types of information we collect, how we use it, and the choices you have regarding your information.

1. Data Controller

Holistic Symphony is the data controller for the processing of your personal data. You can contact us at:

Holistic Symphony

Goedestraat 106B, 3572RX, Utrecht (NL)

marco.caspani@gmail.com

+31 6 8548 42 45

2. Types of Data Collected

(a) Personal Information: We may collect personal information, including but not limited to your name, email address, phone number, and billing information, when you use our services.

(b) Sensitive Data: In certain situations, such as during nutritional advising sessions, sound healing sessions, or cacao ceremonies, we may collect sensitive data related to your health, well-being, or spiritual practices. 

3. Purpose of Data Processing

We collect and process personal data for the following purposes:

(a) Providing and improving our services, including nutritional advising sessions, cacao ceremonies, and sound healing sessions.

(b) Processing payments and managing billing.

(c) Sending relevant communications, including session confirmations, updates, and marketing information. You may opt-out of marketing communications at any time.

(d) Ensuring the safety and security of our sessions and events.

4. Legal Basis for Processing

We process personal data based on the legal grounds outlined in the General Data Protection Regulation (GDPR), including the necessity of processing for the performance of a contract, compliance with a legal obligation, protection of vital interests, consent, the performance of a task carried out in the public interest or the exercise of official authority, and legitimate interests pursued by the data controller or a third party.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and as required by applicable laws. After this period, your personal data will be securely deleted or anonymized.

6. Data Sharing

(a) We do not sell, trade, or otherwise transfer your personal information to third parties without your explicit consent.

(b) We may share personal information with trusted service providers who assist us in operating our website, conducting our business, or servicing you, provided they agree to keep this information confidential.

7. International Data Transfers

If we transfer your personal information to third parties or service providers outside the European Economic Area (EEA), we will ensure that appropriate safeguards are in place, such as standard contractual clauses or other legal mechanisms.

8. Your Rights

(a) Access: You have the right to access the personal data we hold about you.

(b) Rectification: You have the right to correct any inaccurate or incomplete personal data.

(c) Erasure: You have the right to request the deletion of your personal data under certain circumstances.

(d) Restriction of Processing: You have the right to request the restriction of processing of your personal data under certain circumstances.

(e) Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

(f) Objection: You have the right to object to the processing of your personal data under certain circumstances.

(g) Withdraw Consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

9. Security Measures

We implement reasonable and appropriate security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction.

10. Cookies and Similar Technologies

(a) We use cookies and similar technologies to enhance your experience on our website. You can manage cookie preferences through your browser settings.

11. Children's Privacy

Our services are not intended for individuals under the age of 18. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

12. Changes to the Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Any changes will be effective immediately upon posting the updated Privacy Policy on our website.

13. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy, please contact us at marco.caspani@gmail.com.

14. Data Protection Officer (DPO)

(a) Holistic Symphony has appointed a Data Protection Officer (DPO) to oversee data protection matters. You can contact our DPO at marco.caspani@gmail.com.

15. Automated Decision-Making

(a) Holistic Symphony does not engage in automated decision-making processes that significantly affect individuals.

16. Data Subject Requests

(a) To exercise your rights as a data subject or make a Data Subject Access Request (DSAR), please contact our DPO or use the contact details provided in Section 13.

(b) We will respond to DSARs within one month, and we may extend this period for complex requests, notifying you of any such extension.

17. Complaints

(a) If you believe that Holistic Symphony has not complied with your data protection rights, you have the right to lodge a complaint with a supervisory authority. The relevant supervisory authority is Dutch Data Protection Authority.

18. Third-Party Links

(a) Our website may contain links to third-party websites. Holistic Symphony is not responsible for the privacy practices or content of these third-party sites. We recommend reviewing the privacy policies of these sites before providing any personal information.

19. Data Breach Notification

(a) In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, Holistic Symphony will notify you without undue delay and, where feasible, no later than 72 hours after becoming aware of the breach.

20. Profiling

(a) Holistic Symphony does not engage in automated profiling using personal data to evaluate certain aspects of an individual.

21. Consent Management

(a) Where we rely on consent for the processing of personal data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

22. Data Minimization

(a) We only collect personal data that is necessary for the purposes for which it is processed. We do not collect excessive or irrelevant information.

23. Privacy by Design and Default

(a) Holistic Symphony incorporates privacy by design and by default principles into the development and operation of its services, ensuring that privacy considerations are an integral part of our processes.

24. Joint Data Controllership

(a) If Holistic Symphony engages in joint data controllership with third parties, the respective responsibilities and roles will be clearly defined in separate agreements.

25. International Data Transfers

(a) When transferring personal data to countries outside the European Economic Area (EEA), we ensure an adequate level of protection through appropriate safeguards, such as standard contractual clauses or binding corporate rules.

26. Data Processing Records

(a) Holistic Symphony maintains records of its data processing activities, as required by GDPR. These records include the purposes of processing, categories of data subjects, categories of personal data processed, and any third-party recipients.

27. Data Impact Assessments (DPIAs)

(a) Holistic Symphony conducts Data Protection Impact Assessments (DPIAs) for high-risk processing activities to assess and mitigate the impact on data subjects' privacy.

28. Data Protection Principles

(a) Holistic Symphony adheres to the data protection principles outlined in the GDPR, including lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

29. Data Retention Policy

(a) We retain personal data only for as long as necessary for the purposes for which it was collected. The retention periods are determined based on the nature and sensitivity of the data, the purposes of processing, and applicable legal requirements.

30. Training and Awareness

(a) Holistic Symphony provides regular training to its staff on data protection and privacy matters, ensuring that employees understand their responsibilities and obligations.