Privacy Policy

Last updated 12/01/2021

By using this website you are agreeing to this Privacy Policy and the provisions stated on this page. You are also consenting to my Terms & Conditions of use.

1. Introduction

   By law it is my duty that I protect your privacy and security. I abide by the laws of the new DSGVO (Data Protection Reason Regulation) of the EU.
Whenever this is technically possible for me, I offer you a safe experience.

   This privacy notice applies to the processing of personal data by ESTU (company number 09667844 registered in Belgium) in connection with the processing of personal data on this Website, including any personal data you may provide though the use of the Website. For example when you sign up to receive newsletters, make online booking reservations for private sessions, buy shop items, buy online courses or use online contact forms . All these interactions are referred to through this notice as this “Website“. References in this notice to “you” or “your” are references to individuals who use this Website and references in this notice to “ESTU”, “I”, “me” or “my” are references to ESTU the business owned by Prana Estu Nibbering.
You can use my site without having to provide data about yourself. However in order to be able to offer you the best service, I request information about you which may in some cases be collected automatically. Therefore, please read this Privacy Policy and the Terms & Conditions of use. It is in the interest of your safety and mine. As the owner of this Website, I expressly reserve the right to take legal action if someone sends me advertising, such as spam mails, which I did not request.

   This Website is located on a renowned server in the Netherlands. This Website is not intended for children and I do not knowingly collect personal data relating to children.

2. Purpose of this Notice

   This notice aims to give you information about how I collect and process your personal data when you use this Website. It is important that you read this notice together with any other notices I may provide on specific occasions when I am collecting or processing your personal data, so that you are fully aware of how and why I am using your personal data. This notice supplements the other notices and is not intended to override them.

3. How to make a complaint about the use of your data by me

   If you have any concerns or questions about this notice, including any requests to exercise your rights, please contact me using the contact details set out below:

  • Address : Prana Estu Nibbering, Populierenlaan 32, 2020 Antwerp, Belgium
  • Email : info@estu.space
  • Telephone : +32(0)477068997

   If you are unhappy with how I process your personal data you can contact the Data Protection Authority to make a complaint directly at  www.dataprotectionauthority.be . However, I  would kindly ask you to contact me in the first instance so I may resolve any issues you have.

4. Changes to the Privacy Policy

   I will alert you to any changes to this Privacy Policy by changing the “last updated” date at the top of this policy page.  Any changes become effective immediately upon publication on the website.  I encourage you to review this Privacy Policy periodically, when you use this website for any purpose or engage with me on social media. You are deemed to have accepted any changes to any revised Privacy Policy by your continued use of this website after the revised Privacy Policy is posted.

5. Links to third parties

   This Website may include links to third-party websites including social media sites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal data about you. I do not control these third-party websites and am not responsible for their privacy statements. When you leave this Website, I encourage you to read the privacy notice of every website you visit.

6. Personal data I collect about you

   Personal data includes any information about an individual from which that person can be identified. It does not include personal data where the identity has been removed (anonymous data). Please note that I may process your personal data without your knowledge or consent where this is required or permitted by law.
   I collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, I may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if I combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, I treat the combined data as personal data which will be used in accordance with this notice.
   I do not automatically collect any special categories of personal data about you through general use of this Website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do I collect any information about criminal convictions and offences.
   When you book a private session through the online booking widget, I request information related to your health. The sharing of this information is always optional and given voluntarily by you. As a private coach I am bound to complete confidentiality of the personal information that you share with me related to a private session. I only share such information when required by law. I offer avenues of communication outside of this Website. When you book or register for a private session, workshop and/or class with me, you consent to the terms and conditions stated in the Client Agreement.

   I collect, use, store and transfer different kinds of personal data about you. I have grouped together the following categories of personal data to explain how this type of information is used by me. 

Personal data 

   Personal Data is information that can be used to identify you specifically, including your name, shipping address, email address, telephone number or demographic information like your age, gender, or hometown.  You consent to giving me this information by providing it to me voluntarily on this Website and any related mobile apps. You provide some of this information when you book a private session or register with or make purchases from this Website.  You may also provide this information by participating in various activities associated with this Website, including responding to blogs, contacting me with questions, or participating in group training. Your decision to disclose this data is entirely voluntary.  You are under no obligation to provide this information, but your refusal may prevent you from accessing certain benefits from this Website or from making purchases. 

Derivative data 

   Derivative data is information that my servers automatically collect about you when you access the Website, such as your IP address, browser type, the dates and times that you access the Website, and the specific pages you view.  If you are using a mobile application, my servers may collect information about your device name and type, your phone number, your country of origin, and other interactions with our application. 

Financial data 

   Financial data is data that is related to your payment method, such as credit card or bank transfer details. I collect financial data through this Website in order to allow you to purchase, order, return or exchange products or services from the Website and any related mobile apps. I store limited financial data.  Most financial data is transferred to the payment processor, Paypal, and you should review Paypal’s Privacy Policy to determine how they use, disclose and protect your financial data. 

Social networking data

   I may access personal information from social networking sites and apps, including Facebook, Instagram, Twitter, or other social networking sites or apps not named specifically here, which may include your name, your social network username, location, email address, age, gender, profile picture and any other public information. If you do not want me to access this information, please go to the specific social networking site and change your privacy settings.

Mobile device data

   If you use my Website via a mobile device or app, I may collect information about your mobile device, including device ID, model and manufacturer, and location information.

Other data

   On occasion, you may give me additional data in order to enter into a contest or giveaway or to participate in a survey. You will be prompted for this information and it will be clear that you are offering this kind of information in exchange for an entry into such a contest or giveaway.

8. If you do not provide personal data to me

   Where I need to collect personal data by law, or under the terms of a contract I have with you and you fail to provide that data when requested, I may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with an item you have requested to purchase). In this case, I may have to cancel your purchase or decline to enter into a contract with you. But I will notify you if this is the case at the time.

9. How your personal data is collected

   I use different methods to collect personal data from and about you, including through the channels set out below.

Direct interactions

   You give me your contact information (address, email address, tel number), identity information (name) and profile informations (appointments, purchases) directly, for example, when you:

  • Make an appointment for a private session; or
  • Submit a contact form on this Website; or
  • Request marketing to be sent to you for example a newsletter or special offers.
  • When you visit some of this Website you will have the ability to purchase certain products and services through the Website. To the extent that you are purchasing any products or services through this Website, I will also use your Financial Data and transaction information.

Automated technologies or interactions

   I receive Derivative Data about your equipment, browsing actions and patterns. I collect this data by using cookies, server logs and other similar technologies. 

Third parties or publicly available sources

10. How I use your personal data

   I will only use your personal data when the law allows me to. Most commonly, I will use your personal data in the following circumstances:

  • Where I need to perform the contract we are about to enter into or have entered into with you (for example to fulfil on the purchase of a product or service through this Website).
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (for example it is within our legitimate interests to know who has made an appointment for a private session).
  • Where I need to comply with a legal or regulatory obligation.
  • In certain circumstances I may rely on your consent to process your personal data, for example for certain email marketing.

   More specifically, I may use the information and data described above to:

  • Create and administer your account; and
  • Deliver any products or services purchased by you to you; and
  • Correspond with you; and
  • Process payments or refunds; and
  • Contact you about new offerings that we think you will be interested in; and
  • Interact with you via social media; and
  • Send you a newsletter or other updates about our company or website; and
  • Deliver targeted advertising; and
  • Request feedback from you; and
  • Notify you of updates to our product and service offerings; and
  • Resolve disputes and troubleshoot any problems; and
  • Administer contests or giveaways; and
  • Generate a profile that is personalised to you, so that future interactions with our website will be more personal; and
  • Compile anonymous statistical data for our own use or for a third party’s use; and
  • Assist law enforcement as necessary; and
  • Prevent fraudulent activity on our website or mobile app; and
  • Analyse trends to improve our website and offerings. 

11. Change of purpose

   If I need to use your personal data for an unrelated purpose to the list above, I will notify you and I will explain the legal basis which allows me to do so.

12. Discloser of your personal data

   I may have to share your personal data with the entities and persons set out below for the purposes for which I collected the personal data, as detailed in section 10. Where required, I will disclose your personal data to:

  • Any person or entity to whom I am required or requested to make such disclosure by any court of competent jurisdiction or by any governmental, taxation or other regulatory authority, law enforcement agency or similar body;
  • My professional advisers or consultants, including lawyers, bankers, auditors, accountants and insurers providing consultancy, legal, banking, audit, accounting or insurance services to me; and
  • Service providers who provide information technology and system administration services.

13. List of third party services

MailChimp

   I use MailChimp to manage the newsletter and for email marketing. For more information on privacy and MailChimp, please see Mailchimp’s Privacy Policy.
   While the Rocket Science Group, LLC, which operates MailChimp, is in the US. In 2017, MailChimp switched to the DSVGO guidelines. In addition, it is certified according to the specifications of the Privacy Shield. Thus, the prerequisites are that your data complies with the local privacy policy. Even if the data is processed in the US.
   Anyone who subscribes to my newsletter can concretely agree by agreeing to use MailChimp. Like other service providers in online business, MailChimp can evaluate user data. As a result, I can keep track of my subscribers and newsletters. In order for your email program to correctly display the emails, you will be forwarded as a subscriber to the MailChimp page.

MailChimp stores the following information:

  • Your IP address, with which you have registered. This way, the company can prove that your request actually comes from you.
  • The date of a profile update.
  • The place and the time zone where you live. So I can send you the mails at a certain time of day.
  • The language you have set.
  • Your e-mail address.

Onlineafspraken.nl

   I use Onlineafspraken.nl to manage my bookings and process personal data related to private sessions. For more information on privacy and Onlineafspraken.nl, please see their Onlineafspraken.nl’s Privacy Policy. Onlineafspraken.nl is located in the Netherlands and is subject to DSGVO (Data Protection Reason Regulation) of the EU. Onlineafspraken.nl stores the following information:

  • Personal data and contact data (All personal information submitted by you though using the online booking widget)
  • Profile data (services you have chosen and dates you have booked)
  • Financial data (when you choose to pay online)
  • Derivative data (where you are logging in from)

If you do not wish to use their services to book an appointment, you can contact me directly by phone : +32477068997 or Email : info@estu.space.

Instagram

   I use instagram to share information and to connect with you. Interacting with and through instagram and their features on my page is entirely voluntary and optional.
   I do not know what data is accurately transmitted, and how Instagram uses that data. You can find more information on Instagram’s Privacy Statement.

Facebook

    Please note that I prefer NOT to communicate via Facebook Messenger.
    On my website there are Facebook plugins which enables you to link and share sections of the Website to Facebook. For more information, see Facebook’s Privacy Policy. If you do not want Facebook to associate your visit to my pages with your Facebook account, please log out of your Facebook account and avoid pressing a “Facebook” button.

Contact form

   The contact form on this Website is directly linked to my Email hosted by Antagonist.nl. No other third parties have access to this information. You may request that I call you back to continue our communication. 

Email

   My email address is hosted by Antagonist B. V.. However if you use email services such as gmail or yahoo, their servers will also store the email data of our correspondence. Antagonist B.V.’s Online Security Statement. Antagonist is a reputable web-hosting service based in the Netherlands.

Server log files

   My server collects and automatically stores information in so-called server log files. These are automatically sent by your browser. These are:

  • Which browser you use and which version it is
  • Which operating system do you use
  • Referrer URL
  • What is the hostname of the machine that is accessing
  • When is the server request

   I can not assign this data to specific people. Also, this data will not be linked to other data sources. However, I reserve the right to check this data retrospectively if, for example, I have concrete indications that my page was used unlawfully.

Paypal

   I use Paypal for shop and membership payment processing. You can review Paypal’s Privacy Policy to determine how they use, disclose and protect your financial data.  I collect financial data through this Website in order to allow you to purchase, order, return or exchange products or services from the Website and any related mobile apps. I store limited financial data, only what is required of me to comply to the local business and tax regulations.

11. International data transfers

   My server and and online booking service are located in the Netherlands. In some cases, the parties who I use to process personal data on my behalf are based outside the European Economic Area (EEA), therefore their processing of your personal data will involve a transfer of such data outside the EEA.  Whenever I transfer your personal data out of the EEA, I ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented.
 
  • I will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
  • Where I use providers based in the US, I may transfer personal data to them if they are certified under the EU-US Privacy Shield which requires certified providers to have in place and maintain a similar level of protection to the personal data as if it was processed within the EEA.

12. Data security

   I have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, I limit access to your personal data to those agents, contractors and other third parties who have a business need to know. They will only process your personal data on my instructions and they are subject to a duty of confidentiality.

13. Data retention

   I retain personal data as long as it is needed to to conduct my legitimate business purposes or to comply with my legal obligations, or until you ask me to delete your data. For example, I will retain certain personal information indefinitely for the purposes of maintaining your account, unless and until you delete your account.  Data that I gather for a specific and particular purpose, such as assisting law enforcement or analysing trends, will not be kept for longer than is necessary for that particular purpose.  Data that is no longer needed by me for any of the purposes listed above will be permanently deleted, after a period of seven years. However I may retain data for longer periods of time if the circumstances permit. 
   You may request that I delete your data at any time. However, note that I cannot control the retention policies of third parties. If you wish to have any third parties, including those to whom I’ve transmitted your data, delete that data, you will need to contact those third parties directly.  You may request from me a list of all third parties to whom I have transmitted your data. However I may retain data for longer periods of time if the circumstances permit.

14. Your Rights

   Under certain circumstances, you have rights under data protection laws in relation to your personal data. You may exercise any of your rights at any time using the contact details set out in Section 3.  You will not have to pay a fee to access your personal data (or to exercise any of the other rights).  However, I may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
   I may need to request specific information from you to help me confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).  This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.  I may also contact you to ask you for further information in relation to your request to speed up our response.
   I try to respond to all legitimate requests within one calendar month.  Occasionally it may take me longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, I will notify you and keep you updated.

Right to be informed about how personal data is used

   You have a right to be informed about how I will use and share your personal data. 

Right to access personal data

   You have a right to obtain confirmation of whether I am processing your personal data, access to your personal data and information regarding how your personal data is being used by me.

Right to have inaccurate personal data rectified

   You have a right to have any inaccurate or incomplete personal data rectified.  If I have disclosed the relevant personal data to any third parties, I will take reasonable steps to inform those third parties of the rectification where possible.

Right to have personal data erased in certain circumstances

   You have a right to request that certain personal data held by me be erased. This is also known as the right to be forgotten. This is not a blanket right to require all personal data to be deleted.  I will consider each request carefully in accordance with the requirements of any laws relating to the processing of your personal data.

Right to restrict processing of personal data in certain circumstance

   You have a right to block the processing of your personal data in certain circumstances. This right arises if you are disputing the accuracy of personal data, if you have raised an objection to processing, if processing of personal data is unlawful and you oppose erasure and request restriction instead or if the personal data is no longer required by us but you require the personal data to be retained to establish, exercise or defend a legal claim.

Right to data portability

   In certain circumstances you can request to receive a copy of your personal data in a commonly used electronic format. This right only applies to personal data that you have provided to us (for example by completing a form or providing information through a website).  Information about you which has been gathered by monitoring your behaviour will also be subject to the right to data portability. The right to data portability only applies if the processing is based on your consent or if the personal data must be processed for the performance of a contract and the processing is carried out by automated means (i.e. electronically).

Right to object processing of personal data in certain circumstances, including where personal data is used for marketing purposes

   You have a right to object to processing being carried out by me if (a) I am processing personal data based on legitimate interests or for the performance of a task in the public interest (including profiling), (b) if I am using personal data for direct marketing purposes, or (c) if information is being processed for scientific or historical research or statistical purposes. You will be informed that you have a right to object at the point of data collection and the right to object will be explicitly brought to your attention and be presented clearly and separately from any other information.

15. Cookies

   I use “cookies” whenever you come to my site. This also happens when you open my newsletters, look up information shown under my name on other sites and when you click on my adds. This happens automatically. I receive Derivative Data such as your Internet Protocol, the addresses of the websites connected to it, the type of browser and the name of the domain. This allows me to offer user friendly functions and adjust my site accordingly.
   A cookie is a small amount of data that your web browser offers and stores on your computer when you visit a website. It can only be read by the server that sent it to you. Cookies can not run as code or deliver viruses, and they do not contain personally identifiable information about you. They can not be used to identify you personally. However, cookies help me in tracking which of my offers you appreciate. They make it easier for you to get to my Website faster.

Third party cookies

   Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which I have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

Blocking or restricting Cookies

   You can stop cookies being used on your device by activating the setting on your browser that allows you to block the deployment of all or some cookies. Please visit www.allaboutcookies.org to find out how. Please note, if you use your browser settings to block cookies you may not be able to access all or parts of this Website. Except for essential cookies, all cookies will expire after 2 years.

© 2021 ESTU | All rights reserved