IF YOU ARE A CITIZEN OF EUROPEAN UNION OR A SUBJECT AS DEFINED UNDER THE GENERAL DATA PROTECTION REGULATION (GDPR), YOU ARE REQUIRED TO INFORM US REGARDING THE SAME.
THIS WEBSITE IS OWNED BY HOLISTIC LIFESTYLE SERVICES STUDIO LLP, HAVING ITS ADDRESS AT CHEMBUR, MUMBAI- 400 088 (HEREINAFTER REFERRED TO AS “COMPANY” “WE” OR “US”). THIS NOTICE APPLIES SOLELY TO ALL VISITORS, USERS, AND OTHERS WHO RESIDE OURSIDE INDIA AND SPECIFICALLY IN THE EUROPEAN UNION OR THE EUROPEAN ECONOMIC AREA (”COSTUMERS” OR “YOU”). WE ADOPT THIS NOTICE TO COMPLY WITH THE GENERAL DATA PROTECTION REGULATION (“GDPR”) AND ANY TERMS DEFINED IN THIS NOTICE HAVE THE SAME MEANING AS USED IN GDPR.
We are committed to protecting your privacy and handling your personal information in transparent and secure manner. The personal data that we collect and process depends on how you use our site or service you request from us and agree to in each case.
Please note that if your company has a separate agreement with us, it will govern the processing of all information and data collected by us in connection with service provision, including some data collected through our site. Such agreement takes precedence over any conflicting provision in this GDPR notice.
How we collect and process your personal data
We may also collect and process personal data from publicly available sources such as social networking sites and internet obtained in a lawful and transparent manner. We tend to request the least data possible to ensure proper functioning of our website and the set of features we offer.
The relevant personal data we collect may include your full name, contact details (phone and email), title or work position, authentication data, other data arising from the performance of our contractual obligations.
Third Party Data
In case you wish to share any third party’s data, for the purposes of GDPR and CCPA, our customer is the “Controller”, or decision maker, for the personal data, and we are the “Processor”, acting as a “service provider” for, and at the direction of, our customer. In this notice, your personal data may be also referred to as “Personal Information”. Actions like collecting, handling, storing, sharing and erasing, etc. in respect to your personal Information may generally be called “Data Processing”.
We do not provide any services to children. We may process personal data in relation to children, provided only if, our customer submits this information. For the purposes of this privacy notice, “children” are individuals who are under the age of eighteen (18).
Why provide us with your personal data.
To proceed with a business relationship with us and to procure the services being offered by us, you have to provide your personal data necessary to let us commence the execution of a business relationship and the performance of our contractual obligations. Kindly note that if you refuse to provide the required data we will not be allowed to commence or continue our business relationship with you as our customer, or as the authorized representative/agent of a legal entity which is our customer.
Legal basis for us processing your personal data.
As mentioned prior we are committed to protecting your privacy and handling your data in an open and transparent manner and as such we process your personal data in accordance with the GDPR for one or more of the following reasons:
- For the performance of a contract.
We process personal data in order to offer services based on contracts with our customers and to be able to complete the procedure so as to enter into a contract with prospective customers. The contract terms and conditions provide more details of the relevant purposes.
- For compliance with a legal obligation.
As a service provider, we are subject to a number of laws, legal obligations and statutory requirements. Such obligations and requirements impose personal data processing activities on us for compliance with court orders, tax laws, other reporting obligations, etc.
- For the purposes of safeguarding legitimate interests.
We process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you.
Who receives your personal data
While performing our contractual obligations we may share your personal data with several departments within the Company. Some service providers and suppliers may also receive your personal data so that we are able to perform our contractual obligations. Such service providers and suppliers enter into contracts with Company by which they observe confidentiality and data protection requirements according to the data protection law and the GDPR. All data processors appointed by us to process customer data on our behalf are bound by contract to comply with the GDPR provisions.
Transfer of your personal data to a third country or to an international organization.
Your personal data may be transferred to third countries, i.e. countries outside of the European Economic Area, because we engage service providers from those countries. Our service providers (processors) in third countries are obligated to comply with the European data protection standards and to provide appropriate safeguards in relation to the transfer of your data in accordance with GDPR Article 46.
The extent of automated decision-making and profiling.
In establishing and carrying out a business relationship, we generally do not use any automated decision-making. We may process some of your data automatically, with the goal of assessing certain personal aspects (profiling), in order to enter into or perform a contract with you, in the following cases: voice verification, sending verification codes by text, etc.
How long we keep your personal information.
We will retain your personal information for no more than seven years following the date on which you terminate your use of the Services, unless we are otherwise required by law or regulation to retain your personal information for longer.
All processing activities are performed automatically by Company’s computer scripts and only on protected by firewalls. Company’s customers act as data controllers, which means that file a specific request with our support team to erase and physically delete all the contents of their data.
Your data protection rights.
You have the following rights in terms of your personal data we hold about you:
- Access: You can request more information about the personal data we hold about you. You can request a copy of the personal data.
- Rectification: If you believe that any personal data we are holding about you is incorrect or incomplete, you can request that we correct or supplement the data. You can also correct some of this information directly by logging into your account, if you are a customer. Please contact us as soon as possible if you notice any inaccuracy or incompleteness.
- Objection: You can let us know that you object to the collection or use of your personal data for certain purposes.
- Opt Out of “Sales”: You can ask us to take you out of certain advertising related to your personal data by clicking on the “Do Not ‘Sell’ My Personal Information” link.
- Erasure: You can request that we erase some or all of your personal data from our systems.
- Restriction of Processing: You can ask us to restrict further processing of your personal data. This may mean that we have to delete your account. The revocation will not affect any data processed prior to receiving the request.
- Portability: You can ask for a copy of your personal data in a machine-readable format. You can also request that we transmit the data to someone else where it’s technically possible.
- Withdrawal of Consent: If we are processing your personal data based on consent that you gave us when we got the data, you may have the right to withdraw your consent at any time.
- Right to File Complaint: You have the right to lodge a complaint about Company’s practices with respect to your personal data with the supervisory authority of your country or EU Member State.
Sometimes we will not be able to fulfill your request. If it prevents us from complying with our regulatory obligations or impacts other legal matters, if we cannot verify your identity, or if it requires extraordinary cost or effort, we will tell you in a reasonable time and give you an explanation.
To make a request, please contact our Privacy Team at ________ or by writing to the following address: __________________
Additional Information about Specific Regulations
If you reside in the European Union (EU), United Kingdom, Lichtenstein, Norway, Iceland or Switzerland, you may have legal rights with respect to your personal data, including those set forth under the EU’s General Data Protection Regulation (GDPR).
GDPR requires that we have a “basis” for processing your data. We process your personal data (i) with your consent (where applicable), (ii) to perform a contract with a customer, and (iii) for other legitimate interests and business purposes.
Changes to this GDPR notice
We may modify or amend this notice from time to time. We will notify you appropriately when we make changes to this statement and we will amend the revision date at the top of this page. We do however encourage you to review this statement periodically so as to be always informed about how we process and protect your personal information.