Last updated 1 year ago (20 May, 2020)
Total Mindfulness (“Total Mindfulness,” “us,” “we,” or “our”) is committed to protecting and respecting your privacy in connection with your use of our website, totalmindfulness.com (the “Website”), and other products, services, and features thereof (the Website, and such other products, services, and features are collectively referred to herein as the “Product”, which may be updated from time-to-time at our sole discretion).
Please read the following carefully to understand our practices regarding your personal data, and how we will collect, use, and disclose your personal data.
We don’t sell your data.
When you sign up to the site, you submit your name, email address, and password.
You can set a ‘display name’ in your account settings to stay anonymous.
We don’t email you unless:
- you request a password reminder, or;
- we’re about to delete your account.
When you take the course, you answer ‘reflective practice’ questions; only you see them.
We don’t use Google Analytics.
If you donate to us, we don’t collect, process, or store your payment details; that’s handled by PayPal.
We may collect and process the following data about you:
- Personal data, including your name, e-mail address, password, answers to your reflective practices, and data about your usage of the Product, for example, when you last accessed your account, the length of time it takes you to complete the course, or the last lesson you completed if the course is unfinished.
- If you share an invite link, we store how many individuals it has been shared with, and how many have subsequently becomes members. We do not share this data with you or the invited member, it is used only to track the success of our invite system.
- Any discussions you create or get involved with.
- We do not collect, process, or or credit or debit card data, this is handled by PayPal.
We do not provide your personal data to any third party. We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once it is received. If you have any questions about the security of your personal data, you can contact us at firstname.lastname@example.org.
You will receive no electronic communication from us unless specifically opted-in. If you sign up to receive notification of any future content we produce, we will use the data you give us to provide the communications you have requested. If you wish to cancel email promotional materials via your account settings, or by selecting “unsubscribe” at the bottom of such communication, or by emailing us at email@example.com, we will remove you from our mailing list.
All data you provide to us through the Product is stored on our secure servers located in the United Kingdom. Any payment transactions will be encrypted using SSL technology; all payment data is stored with our payment processor and is never stored on our personal servers. Where you have a password which enables you to access certain parts of the Product, you are responsible for keeping this password confidential. We ask you not to share a password with anyone, and suggest that your change your password frequently.
Unfortunately, the transmission of data via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Product; any transmission is at your own risk. Once we have received your data, we will use strict procedures and security features to try to prevent unauthorised access.
The European Union’s General Data Protection Regulation (“GDPR”) give certain rights to applicable individuals in relation to their personal data. Accordingly, we have implemented transparency and access controls to help such users exercise those rights. As required under applicable law, the rights afforded to you are:
- A right of access: you have the right to obtain:
- confirmation as to whether personal data concerning you is processed or not, and, if processed, to obtain
- access to such data and a copy thereof, accessible via the ‘My Data’ section of your Account Settings in the Product.
- A right to rectification: you have the right to obtain the rectification of any inaccurate personal data concerning you. Rectification is possible via your Account Settings.
- A right to erasure: in some cases, you have the right to obtain the erasure of personal data concerning you. You can delete your account, and its associated data, via your Account Settings. After request, we will anonymise your data such that it can not be used to identify you as an individual. However, this is not an absolute right and Total Mindfulness may have legal or legitimate grounds for keeping such data.
- A right to restriction of processing: in some cases, you have the right to obtain restriction of the processing of your personal data.
- A right to data portability: you have the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format.
- A right to object to processing: you have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you when such processing is based on the legitimate interest of Total Mindfulness. We may, however, invoke compelling legitimate grounds for continued processing.
- A right to report a complaint with the competent supervisory authority: you have the right to contact the supervisory authority to complain about our personal data protection practices.
- A right to give instructions concerning the use of your data after your death: as required by applicable law, you may have the right to give us instructions concerning the use of your personal data after your death.
To exercise one or more of these rights, you can email firstname.lastname@example.org.
You may access your personal data to modify or update at any time via your account settings, or by emailing email@example.com.
We will respond to your request in a reasonable timeframe in accordance with applicable law.
- A right of access: you have the right to obtain:
We use information held about you in the following ways, to:
- provide you with the Product;
- answer your questions or requests for information or handle your complaints;
- ensure that content provided by the Product is presented in the most effective manner for you and for your computer or other device;
- provide you with electronic communications, such as email, to the extent that you have provided consent to receive such communications under applicable law;
- carry out our obligations arising from any agreements entered into between you and us;
- allow you to participate in interactive features of the Product, when you choose to do so;
- notify you about updates or changes to Product features and content; and
- understand your broad, non-specific geographic location to help us identify groups of users by general geographic market.
In accordance with GDPR, we provide the following information regarding its Article 6 legal bases for personal data processing:
- The performance of the contract (our Terms & Conditions) between you and us for the data processing relating to your use of our Product;
- Our legitimate business interest, more specifically, in:
- collecting data regarding your general usage activities for the purpose of improving our user experience;
- requesting that you partake in Product surveys in order to better understand your needs and expectations;
- providing you with customer service communications regarding your account, or any other matters directed to customer service staff, in order to have clear and easy communication with you and to respond to all your requests;
- collecting data related to unplanned downtime or errors in the Product; and
- complying with our legal obligations, such as maintaining accurate financial records.
We may disclose your personal data to third parties as follows:
- If our service providers (like hosting, maintenance, market analytics, and payment service providers) require this data to provide services to us. We require each of our service providers to agree to maintain the confidentiality and security of your personal data.
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If we, or substantially all of our assets, are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation such as to comply with a summons, or similar legal process, or in order to enforce or apply our agreements with you; or to protect the rights, property, or safety of Total Mindfulness, our customers, or others. This includes exchanging data with other companies and organisations for the purposes of fraud protection and credit risk reduction.
The retention periods applied by Total Mindfulness comply with applicable legislation in effect on the date hereof, namely, for data:
- relating to your account: such data will not be retained beyond your request that your account be deleted;
- collected based on your consent to receive our electronic communications: we will use such data until you delete your account, withdraw consent, or applicable law requires that such data is no longer used;
- collected in the context of requests/queries: such data will be kept for the period necessary to process and reply to such requests or queries; and
- stored as session cookies, kept for a period of 12 months.
Other data will be kept as long as necessary for the purposes pursued and in compliance with our legal obligations, including the applicable statute of limitations.
To the extent that you have provided appropriate consent under applicable law to certain processing activities, such consent can be withdrawn at any time by emailing firstname.lastname@example.org.
Our Product includes social media features, such as the Facebook Like button, and widgets, such as the “Share This” button. These features may collect your Internet Protocol address, which page you are visiting on our Product, and may set a cookie to enable the feature to function properly. Social media features and widgets are hosted by a third party or hosted directly on our Product. Your interactions with these features are governed by the privacy statement of the company providing it.
Members have the ability to post content to one or more discussions. All such members may request and obtain removal of such posted content by visiting their Account Settings, or contacting us at email@example.com and specifically identifying the content to be removed. Please be advised that any such removal does not ensure complete or comprehensive removal of all traces of the content posted.
The service providers or other third parties listed above to whom we may disclose your personal data may be domiciled abroad. In such case, we require them to take, in accordance with applicable legislation, all organisational and technical measures that permit ensuring an adequate level of protection of your personal data, such the use of Standard Contractual Clauses approved by the European Commission.
We are responsible for the processing of personal data received, and subsequent transfers to a third party acting as an agent on its behalf.