This policy is written to align with the EU General Data Protection Regulation (GDPR) and the UK GDPR. Bracketed items in [gold] must be completed by you before publishing. This document is provided for informational purposes and is not legal advice — have a qualified data-protection professional or attorney review it before you rely on it, particularly because this practice handles wellness and health-related information.
1. Who We Are (Data Controller)
For the purposes of the GDPR, the data controller responsible for your personal data is:
Name / Trading name:[Your legal name / business name]
Practice: Soular Genetic Nutrition™ (SGN)
Address:[Your business address]
Contact email:[your privacy contact email]
If you have any questions about this policy or how your data is handled, contact us at the email above.
2. The Personal Data We Collect
Depending on how you interact with us, we may collect:
Identity & contact data — name, email address, and any details you provide when subscribing to our mailing list, booking a session, or contacting us.
Booking data — appointment times and any information you choose to share when scheduling.
Payment data — when you purchase a service or product, payment is processed by our payment provider (see Section 6). We do not store your full card details on our website.
Wellness & consultation information — if you choose to share information about your health, history, birth data (for chart work), or wellbeing as part of a consultation. This may include special-category data under Article 9 GDPR (see Section 4).
Technical data — IP address, browser type, and usage data collected automatically when you visit the site (see Section 9 on cookies).
3. How and Why We Use Your Data (Purposes & Legal Bases)
Under the GDPR we must have a lawful basis for processing your data. We rely on the following:
To send you our newsletter and updates — legal basis: your consent (Art. 6(1)(a)). You may withdraw consent at any time by unsubscribing.
To provide sessions, services, and respond to your enquiries — legal basis: performance of a contract (Art. 6(1)(b)) or steps taken at your request before entering a contract.
To process payments — legal basis: performance of a contract and our legal obligations.
To meet legal and accounting obligations — legal basis: legal obligation (Art. 6(1)(c)).
To keep our site secure and improve it — legal basis: our legitimate interests (Art. 6(1)(f)), balanced against your rights.
4. Special-Category (Health) Data
Some information shared during wellness consultations may qualify as special-category data under Article 9 of the GDPR. Where we process such data, we do so only:
with your explicit consent (Art. 9(2)(a)), which you may withdraw at any time; and
for the specific purpose of providing the wellness service you have requested.
Important: Soular Genetic Nutrition™ is an educational and contemplative wellness practice and is not a medical service. Information shared is used to support that practice and is never a substitute for professional medical care.
5. How Long We Keep Your Data
We keep personal data only as long as necessary for the purposes described above:
Mailing list data — until you unsubscribe or ask us to delete it.
Consultation records — for [e.g. X years], or as required by professional or legal obligations.
Financial records — for the period required by applicable tax and accounting law.
6. Who We Share Your Data With (Processors)
We do not sell your personal data. We share it only with trusted service providers who process it on our behalf, under data-processing agreements. These may include:
Email marketing:[e.g. MailerLite / ConvertKit] — to manage our mailing list and send our newsletter.
Payments:[e.g. Stripe] — to process transactions securely.
Bookings:[e.g. Calendly / Cal.com] — to schedule sessions.
Website hosting:[e.g. Netlify / Cloudflare] — to host and serve this site.
Some of these providers may process data outside the EU/EEA. Where they do, appropriate safeguards (such as Standard Contractual Clauses) are in place.
7. Your Rights Under the GDPR
You have the right to:
Access the personal data we hold about you;
Rectify inaccurate or incomplete data;
Erase your data ("right to be forgotten");
Restrict or object to processing;
Data portability — receive your data in a portable format;
Withdraw consent at any time, where processing is based on consent;
Lodge a complaint with a supervisory authority.
To exercise any of these rights, contact us at [your privacy contact email]. We will respond within one month.
8. Complaints
If you are in the EU/EEA, you may lodge a complaint with your national data protection authority. If you are in the UK, you may contact the Information Commissioner's Office (ico.org.uk). [If you operate from Costa Rica, also reference the Agencia de Protección de Datos de los Habitantes (PRODHAB).]
9. Cookies & Tracking
This site uses only the cookies necessary for it to function, plus any set by embedded services (such as booking or video tools) when you interact with them. [If you later add analytics or marketing cookies, you must add a cookie-consent banner and update this section.]
10. Changes to This Policy
We may update this policy from time to time. The "last updated" date at the top reflects the most recent version.