1 INTRODUCTION

By law it is our duty that we protect your privacy and security. We abide by the laws of the DSGVO (Data Protection Reason Regulation) of the European Union.

Whenever this is technically possible for us, we offer you a safe experience and channel of communication removed from Big Tech and data harvesting.

This privacy notice applies to the processing of personal data by ESTU ( ESTU company number 0715.887021 registered in Belgium) in connection with the processing of personal data on this website, including any personal data you may provide though the use of the website. For example when you sign up to receive newsletters, make online booking reservations for private sessions, buy shop items, buy online courses or use online contact forms . All these interactions are referred to through this notice as this “Website“. References in this notice to “you” or “your” are references to individuals who use this website. References in this notice to “ESTU”, “we”, “us” or “our” are references to ESTU the business owned by Prana Estu Nibbering.

You can use this site without having to provide data about yourself. However in order to be able to offer you the best service, we request data from you which may in some cases be collected automatically (via cookies). Therefore, please read this Privacy Policy and the Terms & Conditions of use. It is in the interest of your safety and ours. We expressly reserve the right to take legal action if someone sends us advertising, such as spam mails, which we did not request.

This website is located on a renowned server in the Netherlands. This website is not intended for children.

2. PURPOSE OF THIS NOTICE

This notice aims to give you information about how we collect and process your personal data when you use this website. It is important that you read this notice together with any other notices we may provide on specific occasions when we are collecting or processing your personal data, so that you are fully aware of how and why we are using your personal data. This notice supplements the other notices and is not intended to override them.

3. HOW TO MAKE A COMPLAINT ABOUT THE USE OF YOUR DATA BY US

If you have any concerns or questions about this notice, including any requests to exercise your rights, please contact us using the contact details set out below:

Address : Prana Estu Nibbering, Populierenlaan 32, 2020 Antwerp, Belgium
Email : info@openanahata.com
Telephone : +32(0)477068997

If you are unhappy with how we process your personal data you can contact the Data Protection Authority to make a complaint directly at www.dataprotectionauthority.be . However, we would kindly ask you to contact us in the first instance so we may resolve any issues you have.

4. CHANGES TO THE PRIVACY POLICY

We will alert you to any changes to this Privacy Policy by changing the “last updated” date at the top of this policy page. Any changes become effective immediately upon publication on the website. We encourage you to review this Privacy Policy periodically, when you use this website for any purpose or engage with us on social media. You are deemed to have accepted any changes to any revised Privacy Policy by your continued use of this website after the revised Privacy Policy is posted.

5. LINKS TO THIRD PARTIES

This website may include links to third-party websites including social media sites, plug-ins and applications.

Clicking on those links or enabling those connections may allow third parties to collect or share personal data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave this Website, we encourage you to read the privacy notice of every website you visit. Below, you will find lists of all the third party services used for this website.

To the best of our ability we try to promote open source and encrypted channels of communication.

6. PERSONAL DATA WE COLLECT ABOUT YOU

Personal data includes any information about an individual from which that person can be identified. It does not include personal data where the identity has been removed (anonymous data). Please note that we may process your personal data without your knowledge or consent only where this is explicitly required and permitted by law.

We do not automatically collect any special categories of personal data about you through general use of this Website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and bio-metric data). Nor do we collect any information about criminal convictions and offenses.

When you book a private session through the online booking widget, we may request information related to your health. The sharing of this information is always optional and given voluntarily by you. We are bound to complete confidentiality of the personal information that you share with related to a private session. We only share such information when required by law. We offer avenues of communication outside of this Website. When you book or register for a private session, workshop and/or class, you consent to the terms and conditions stated in the Client Agreement.

We collect, use, store and transfer different kinds of personal data about you. We have grouped together the following categories of personal data to explain how this type of information is used by us.

PERSONAL DATA

Personal Data is information that can be used to identify you specifically, including your name, shipping address, email address, telephone number or demographic information like your age, gender, or hometown. You consent to giving us this information by providing it to us voluntarily on this website and any related mobile apps. You provide some of this information when you book a private session or register with or make purchases from this website. You may also provide this information by participating in various activities associated with this website, including responding to blogs, contacting us with questions, or participating in group trainings and workshops. Your decision to disclose this data is entirely voluntary. You are under no obligation to provide this information, but your refusal may prevent you from accessing certain benefits from this website or from making purchases.

DERIVATIVE DATA

Derivative data is information that our servers automatically collect about you when you access the website, such as your IP address, browser type, the dates and times that you access the website, and the specific pages you view. If you are using a mobile application, the servers may collect information about your device name and type, your phone number, your country of origin, and other interactions with our application.

FINANCIAL DATA

Financial data is data that is related to your payment method, such as credit card or bank transfer details. We collect financial data through this website in order to allow you to purchase, order, return or exchange products or services from the website and any related mobile apps. We store limited financial data. Most financial data is transferred to the payment processor, Stripe, and you should review Stripe’s Privacy Policy to determine how they use, disclose and protect your financial data. We ALWAYS accept cash and direct bank transfers as payment methods. Contact info@openahata.com

SOCIAL NETWORK DATA

When using social networking sites and apps, including Facebook, Instagram, Odysee, or other social networking sites or apps not named specifically here, your data will be processed through those networks.

If you do not want us to access this information, please go to the specific social networking site and change your privacy settings.

MOBILE DEVICE DATA

If you use this website via a mobile device or app, the servers may collect information about your mobile device, including device ID, model and manufacturer, and location information. Use a VPN if you do not want our servers to collect this information.

OTHER

On occasion, you may give us additional data in order to enter into a contest or giveaway or to participate in a survey. You will be prompted for this information and it will be clear that you are offering this kind of information in exchange for an entry into such a contest or giveaway.

8. IF YOU DO NOT PROVIDE PERSONAL DATA TO ME

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with an item you have requested to purchase). In this case, we may have to cancel your purchase or decline to enter into a contract with you. But we will notify you if this is the case at the time.

9. HOW YOUR PERSONAL DATA IS COLLECTED

We use different methods to collect personal data from and about you, including through the channels set out below.

DIRECT INTERACTIONS

You give us your contact information (address, email address, tel number), identity information (name) and profile information (appointments, purchases) directly, for example, when you:

-Make an appointment for a private session, class, course and workshop; or
-Submit a contact form on this website; or
-Request marketing to be sent to you for example a newsletter or special offers.
-When you visit some of this website you will have the ability to purchase certain products and services through the website. To the extent that you are purchasing any products or services through this website, we will also use your Financial Data and transaction information.

AUTOMATED TECHNOLOGIES INTERACTIONS

We receive Derivative Data about your equipment, browsing actions and patterns. This data is collected by using cookies, server logs and other similar technologies and is stored in the web-hosting servers.

10. HOW WE USE YOUR PERSONAL DATA

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

-Where we need to perform the contract we are about to enter into or have entered into with you (for example to fulfill on the purchase of a product or service through this website).
-Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (for example it is within our legitimate interest to know who has made an appointment for a private session).
-Where we need to comply with a legal or regulatory obligation.
-In certain circumstances we may rely on your consent to process your personal data, for example for certain email marketing.

More specifically, we may use the information and data described above to:

-Create and administer your account; and
-Deliver any products or services purchased by you to you; and
-Correspond with you; and
-Process payments or refunds; and
-Contact you about new offerings that we think you will be interested in; and
-Interact with you via social media; and
-Send you a newsletter or other updates; and
-Request feedback from you; and
-Notify you of updates to our product and service offerings; and
-Resolve disputes and troubleshoot any problems; and
-Administer contests or giveaways; and
-Generate a profile that is personalized to you, so that future interactions with our website will be more personal; and
-Assist law enforcement as necessary; and
-Prevent fraudulent activity on our website or mobile app; and

11. CHANGE OF PURPOSE

If we need to use your personal data for an unrelated purpose to the list above, we will notify you and we will explain the legal basis which allows us to do so.

12. DISCLOSURE OF YOUR PERSONAL DATA

We may have to share your personal data with the entities and persons set out below for the purposes for which we collected the personal data, as detailed in section 10. Where required, we will disclose your personal data to:

Any person or entity to whom we are required or requested to make such disclosure by any court of competent jurisdiction or by any governmental, taxation or other regulatory authority, law enforcement agency or similar body;
Our professional advisers or consultants, including lawyers, bankers, auditors, accountants and insurers providing consultancy, legal, banking, audit, accounting or insurance services to us; and service providers who provide information technology and system administration services.

13. LIST OF THIRD PARTY SERVICES

MAILPOET
We use mailpoet plugin to manage the Open Anahata mailing list. https://automattic.com/privacy/

ODYSEE & YOUTUBE & VIMEO & RUMBLE
We use odysee, youtube, rumble and vimeo to host videos. Interacting with us through these channels is entirely voluntary. We do not know what data is transmitted.

INSTAGRAM
We use instagram to share information and to connect with you. Interacting with and through instagram and their features on our page is entirely voluntary and optional. You can find more information on Instagram’s Privacy Statement.

TELEGRAM
We use telegram to share information and to connect with you. Interacting with and through telegram and their features is entirely voluntary and optional.

FACEBOOK
Please note that we prefer NOT to communicate via Facebook Messenger.

On the website there are Facebook plugins which enables you to link and share sections of the website to Facebook. For more information, see Facebook’s Privacy Policy. If you do not want Facebook to associate your visit to my pages with your Facebook account, please log out of your Facebook account and avoid pressing a “Facebook” button.

EMAIL
Our email addresses are hosted by a reputable server in the Netherlands. However if you use email services such as gmail or yahoo, their servers will also store the email data of our correspondence.

AMELIA BOOKING
We use the Amelia booking plugin for online bookings of private sessions and events. Data is stored with our hosting-service. You can delete your personal booking data through the unique customer panel link you received during booking.

SERVER LOG FILES

Our server collects and automatically stores information in so-called server log files. These are automatically sent by your browser. These are:

-Which browser you use and which version it is
-Which operating system do you use
-Referrer URL
-What is the host name of the machine that is accessing
-When is the server request

We can not assign this data to specific people. Also, this data will not be linked to other data sources. However, we reserve the right to check this data retrospectively if, for example, we have concrete indications that our page was used unlawfully.

STRIPE

We use Stripe for booking, shop and membership payment processing. You can review Stripes’s Privacy Policy to determine how they use, disclose and protect your financial data. We collect financial data through this website in order to allow you to purchase, order, return or exchange products or services from the Website and any related mobile apps. We store limited financial data, only what is required of us to comply to the local business and tax regulations.

11. INTERNATIONAL DATA TRANSFERS
Our server is located in the Netherlands. In some cases, the parties who we use to process personal data on our behalf are based outside the European Economic Area (EEA), therefore their processing of your personal data will involve a transfer of such data outside the EEA. Whenever we transfer your personal data out of the EEA, to the best of our ability, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented.

12. DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

13. DATA RETENTION

We retain personal data as long as it is needed to to conduct my legitimate business purposes or to comply with our legal obligations, or until you ask us to delete your data. For example, we will retain certain personal information indefinitely for the purposes of maintaining your account, unless and until you delete your account. Data that we gather for a specific and particular purpose, such as assisting law enforcement will not be kept for longer than is necessary for that particular purpose. Data that is no longer needed by us for any of the purposes listed above will be permanently deleted, after a period of seven years. However we may retain data for longer periods of time if the circumstances permit by law.

You may request that we delete your data at any time. However, note that we cannot control the retention policies of third parties. If you wish to have any third parties, including those to whom we’ve transmitted your data, delete that data, you will need to contact those third parties directly. You may request from us a list of all third parties to who we have transmitted your data. However we may retain data for longer periods of time if the circumstances permit by law.

14. YOUR RIGHTS

Under certain circumstances, you have rights under data protection laws in relation to your personal data. You may exercise any of your rights at any time using the contact details set out in Section 3. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one calendar month. Occasionally it may take us longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Right to be informed about how personal data is used
You have a right to be informed about how we will use and share your personal data.

Right to access personal data
You have a right to obtain confirmation of whether we are processing your personal data, access to your personal data and information regarding how your personal data is being used by us.

Right to have inaccurate personal data rectified
You have a right to have any inaccurate or incomplete personal data rectified. If you have disclosed the relevant personal data to any third parties, we will take reasonable steps to inform those third parties of the rectification where possible.

Right to have personal data erased in certain circumstances
You have a right to request that certain personal data held by me be erased. This is also known as the right to be forgotten. This is not a blanket right to require all personal data to be deleted. We will consider each request carefully in accordance with the requirements of any laws relating to the processing of your personal data.

Right to restrict processing of personal data in certain circumstance
You have a right to block the processing of your personal data in certain circumstances. This right arises if you are disputing the accuracy of personal data, if you have raised an objection to processing, if processing of personal data is unlawful and you oppose erasure and request restriction instead or if the personal data is no longer required by us but you require the personal data to be retained to establish, exercise or defend a legal claim.

Right to data portability
In certain circumstances you can request to receive a copy of your personal data in a commonly used electronic format. This right only applies to personal data that you have provided to us (for example by completing a form or providing information through a website). Information about you which has been gathered by monitoring your behavior will also be subject to the right to data portability. The right to data portability only applies if the processing is based on your consent or if the personal data must be processed for the performance of a contract and the processing is carried out by automated means (i.e. electronically).

Right to object processing of personal data in certain circumstances, including where personal data is used for marketing purposes
You have a right to object to processing being carried out by me if (a) we are processing personal data based on legitimate interests or for the performance of a task in the public interest (including profiling), (b) if we are using personal data for direct marketing purposes, or (c) if information is being processed for scientific or historical research or statistical purposes. You will be informed that you have a right to object at the point of data collection and the right to object will be explicitly brought to your attention and be presented clearly and separately from any other information.

15. COOKIES

We use “cookies” whenever you come to the site. This also happens when you open our newsletters, look up information shown under our name on other sites and when you click on our adds. This happens automatically. We receive Derivative Data such as your Internet Protocol, the addresses of the websites connected to it, the type of browser and the name of the domain.

A cookie is a small amount of data that your web browser offers and stores on your computer when you visit a website. It can only be read by the server that sent it to you. Cookies can not run as code or deliver viruses, and they do not contain personally identifiable information about you. They can not be used to identify you personally. However, cookies help in tracking which offers you appreciate. They make it easier for you to get to the website faster.

THIRD PARTY COOKIES

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which I have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

BLOCKING OR RESTRICTING COOKIES

You can stop cookies being used on your device by activating the setting on your browser that allows you to block the deployment of all or some cookies. Please visit www.allaboutcookies.org to find out how. Please note, if you use your browser settings to block cookies you may not be able to access all or parts of this website. Except for essential cookies, all cookies will expire after 2 years.