Privacy Policy

1. Introduction

Spinesievevital ("we," "us," or "our") is committed to protecting the privacy and personal data of individuals who visit our website at spinesievevital.world (the "Website") and who interact with our services. This Privacy Policy explains how we collect, use, store, share, and protect your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Finnish Data Protection Act (1050/2018), and other applicable international data protection laws.

By accessing or using our Website, submitting a contact form, or engaging with our educational products and consulting services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please discontinue use of the Website and refrain from submitting personal data to us.

We provide general informational content about herbal tea recipes and non-medical blending guidance. This Privacy Policy applies exclusively to data processing activities related to our Website and associated services operated from our registered office in Helsinki, Finland.

2. Data Controller

The data controller responsible for the processing of your personal data is:

Spinesievevital
Mannerheimintie 20
00100 Helsinki, Finland
Email: assist@spinesievevital.world
Phone: +358 10 765 1000

As the data controller, we determine the purposes and means of processing personal data collected through the Website. For any questions or concerns regarding data protection, you may contact us using the details above. We will respond to privacy-related enquiries within 30 days as required by GDPR Article 12.

3. Personal Data We Collect

We collect personal data through various interactions with our Website. The categories of data we may collect include:

3.1 Information You Provide Directly

• Contact form data: When you submit our contact form, we collect your name, email address, message content, and GDPR consent confirmation.
• Consultation enquiries: If you request a personalized blending plan or educational program information, we may collect additional details about your flavor preferences and blending experience that you voluntarily provide.
• Purchase information: When you acquire digital educational products, we collect billing name, email address, and payment-related information processed through our third-party payment provider.

3.2 Information Collected Automatically

• Technical data: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
• Usage data: Pages visited, time spent on pages, click patterns, referral URLs, and date and time of access.
• Cookie data: Information stored through cookies and similar technologies as described in our Cookie Policy.

3.3 Information We Do Not Collect

We do not intentionally collect special categories of personal data as defined in GDPR Article 9, including data concerning health, racial or ethnic origin, political opinions, religious beliefs, or biometric data. Our services relate to general herbal tea preparation and do not require health-related information. Please do not include sensitive personal data in contact form messages.

4. Legal Basis for Processing

Under GDPR, we must have a lawful basis for processing your personal data. We rely on the following legal bases:

• Consent (Article 6(1)(a)): When you submit our contact form, you provide explicit consent for us to process your name, email, and message to respond to your enquiry. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
• Contractual necessity (Article 6(1)(b)): Processing necessary to fulfill a contract or take pre-contractual steps when you purchase educational products or enroll in consulting programs.
• Legitimate interests (Article 6(1)(f)): Processing for website security, fraud prevention, analytics to improve our content, and internal record-keeping, provided these interests are not overridden by your fundamental rights.
• Legal obligation (Article 6(1)(c)): Processing required to comply with applicable laws, including tax regulations and responses to lawful requests from public authorities.

5. Purposes of Data Processing

We process personal data for the following specific purposes:

• Responding to contact form submissions and customer enquiries within our stated response timeframe of two business days.
• Delivering personalized non-medical herbal tea blending guidance and educational program materials upon request or purchase.
• Processing transactions for digital educational products and maintaining purchase records.
• Improving Website functionality, user experience, and content relevance through aggregated analytics.
• Ensuring Website security, detecting unauthorized access attempts, and preventing fraudulent activity.
• Complying with legal obligations under Finnish and European Union law.
• Communicating service updates, policy changes, and relevant informational content to individuals who have opted in to receive such communications.

We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects on individuals.

6. Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law. Our standard retention periods are:

• Contact form submissions: Retained for 24 months from the date of submission, after which data is securely deleted or anonymized.
• Consultation and program records: Retained for 36 months following the last interaction to maintain service continuity and reference previous guidance provided.
• Purchase and transaction records: Retained for 7 years in accordance with Finnish accounting and tax legislation (Kirjanpitolaki 1336/1997).
• Analytics data: Aggregated and anonymized analytics data may be retained indefinitely. Identifiable analytics data is retained for a maximum of 26 months.
• Cookie consent records: Retained for 12 months from the date consent was given or updated.
• Server logs and security records: Retained for 90 days unless required for ongoing security investigations.

Upon expiration of the applicable retention period, personal data is permanently deleted from our active systems and backups in accordance with our data destruction procedures.

7. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to third parties for marketing purposes. We may share personal data with the following categories of recipients when necessary:

• Service providers: Hosting providers, email delivery services, payment processors, and analytics platforms that process data on our behalf under strict data processing agreements compliant with GDPR Article 28.
• Professional advisors: Legal counsel, accountants, and auditors who require access to data for advisory purposes bound by confidentiality obligations.
• Public authorities: When required by law, court order, or governmental regulation, we may disclose personal data to Finnish or EU regulatory bodies.

All third-party processors are required to implement appropriate technical and organizational measures to protect personal data and process it only according to our documented instructions. A list of our primary sub-processors is available upon request by contacting us at assist@spinesievevital.world.

8. International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we transfer personal data to countries outside the EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission under Decision 2021/914.
• Adequacy decisions confirming that the recipient country provides an adequate level of data protection.
• Binding Corporate Rules where applicable for multinational service providers.

You may request a copy of the safeguards applied to international transfers by contacting us at the address provided in Section 2.

9. Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. Our security practices include:

• HTTPS encryption (TLS 1.2 or higher) for all data transmitted between your browser and our servers.
• Access controls limiting personal data access to authorized personnel on a need-to-know basis.
• Regular security assessments and vulnerability testing of our Website infrastructure.
• Encrypted storage of sensitive data at rest using industry-standard encryption algorithms.
• Employee training on data protection principles and secure handling of personal data.
• Incident response procedures for detecting, reporting, and mitigating data breaches within 72 hours as required by GDPR Article 33.
• Regular backup procedures with encrypted backup storage and tested recovery processes.

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security but commit to notifying affected individuals and the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu) of any data breach that poses a risk to your rights and freedoms.

10. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

• Right of access (Article 15): Request confirmation of whether we process your personal data and obtain a copy of that data.
• Right to rectification (Article 16): Request correction of inaccurate or incomplete personal data.
• Right to erasure (Article 17): Request deletion of your personal data when it is no longer necessary, consent is withdrawn, or processing is unlawful.
• Right to restriction (Article 18): Request limitation of processing under certain circumstances.
• Right to data portability (Article 20): Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Right to object (Article 21): Object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent, without affecting prior lawful processing.
• Right to lodge a complaint: File a complaint with the Finnish Data Protection Ombudsman at tietosuoja.fi or your local supervisory authority in the EEA.

To exercise any of these rights, please contact us at assist@spinesievevital.world with sufficient information to verify your identity. We will respond within 30 days, with a possible extension of 60 additional days for complex requests as permitted under GDPR Article 12(3).

11. Cookies and Tracking

Our Website uses cookies and similar tracking technologies to enhance functionality and analyze usage patterns. For comprehensive information about the types of cookies we use, their purposes, and how to manage your preferences, please refer to our dedicated Cookie Policy.

Non-essential cookies, including analytics and marketing cookies, are only activated after you provide consent through our cookie consent banner. You may update your preferences at any time by clicking "Cookie Settings" in the banner or clearing your browser cookies and revisiting the Website.

12. Children's Privacy

Our Website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16 years of age. If we become aware that we have collected personal data from a child under 16 without verified parental consent, we will take steps to delete that information promptly. If you believe a child has provided personal data to us, please contact us at assist@spinesievevital.world.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our data processing practices, legal requirements, or Website functionality. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify you via email or a prominent notice on the Website. We encourage you to review this Privacy Policy regularly to stay informed about how we protect your personal data.

14. Contact Information

For any questions, concerns, or requests related to this Privacy Policy or our data processing practices, please contact us:

Spinesievevital
Mannerheimintie 20, 00100 Helsinki, Finland
Email: assist@spinesievevital.world
Phone: +358 10 765 1000

You also have the right to contact the Finnish Data Protection Ombudsman:
Office of the Data Protection Ombudsman
Lintulahdenkuja 4, 00530 Helsinki, Finland
Website: tietosuoja.fi