Privacy Policy

Effective date: 1^st March 2025

Welcome to Journey to Kismet. Your privacy is important to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our services, including our website https://journeytokismet.com (“Website”) and any associated virtual services (“Services”).

By accessing our Website or using our Services, you consent to the data practices described in this Privacy Policy.

1. Introduction

1.1 Purpose of This Policy
At Journey to Kismet, we are committed to protecting your personal data and respecting your privacy. This Privacy Policy outlines:

• What information we collect about you
• How we use and share your information
• Your rights regarding your personal data
• Measures we take to protect your information

1.2 Scope of the Policy
This Privacy Policy applies to all users of our Website and Services, including clients, website visitors, and individuals who interact with our digital content globally.

1.3 Legal Compliance
We comply with applicable data protection laws, including:

• General Data Protection Regulation (GDPR) for European Union (EU) residents
• California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) for California residents
• Personal Information Protection and Electronic Documents Act (PIPEDA) for Canadian users
• Australian Privacy Act for Australian users
• Indonesia’s Personal Data Protection Act (PDP Law) for users in Bali and Indonesia
• Brazil’s General Data Protection Law (LGPD) for Brazilian users

1.4 Updates to This Policy
We may update this Privacy Policy from time to time. The “Effective Date” at the top of this document will be updated accordingly. We encourage you to review this policy periodically for any changes.

2. Definitions

For the purpose of this Privacy Policy:

• “Personal Data” means any information that relates to an identified or identifiable individual, as defined under applicable laws.
• “Processing” means any operation or set of operations performed on personal data, such as collection, storage, use, disclosure, or deletion.
• “Data Controller” refers to Journey to Kismet, which determines the purposes and means of processing personal data.
• “Data Processor” means a third party that processes personal data on behalf of the Data Controller.
• “User”, “Client”, “You” refers to any individual accessing our Website or using our Services.
• “Services” include spiritual mentorship, energy healing, psychic readings, workshops, and membership programs offered by Journey to Kismet.

These definitions align with relevant privacy laws including GDPR, CCPA, PIPEDA, Australian Privacy Act, Indonesia’s PDP Law, and LGPD.

3. Data Controller and Contact Information

3.1 Data Controller Information
The Data Controller responsible for your personal data is:

Journey to Kismet
Website: https://journeytokismet.com
Email: [email protected]

3.2 Data Protection Officer (DPO)
If required by applicable law, we may appoint a Data Protection Officer (DPO) to oversee our data management practices. If applicable, contact information for the DPO will be provided on our Website.

3.3 How to Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us via email at Email: [email protected] or through our Website’s contact form.

4. Data Collection Methods

4.1 Data You Provide Directly
We collect personal data directly from you when you:

• Book Services: Name, email, phone number, and payment information
• Participate in Sessions: Information shared during spiritual, mentorship, or healing sessions
• Join Membership Programs: Data related to membership preferences and usage
• Contact Us: Via email, contact forms, or customer support channels

4.2 Data Collected Automatically
When you use our Website, we may automatically collect information including:

• Technical Data: IP address, browser type, operating system, device information
• Usage Data: Pages visited, time spent on pages, interaction with content
• Cookies and Tracking Technologies: To enhance user experience and analyze website traffic (see our Cookie Policy for details)

4.3 Data from Third Parties
We may receive your personal data from:

• Service Providers: Payment processors (e.g., Stripe, PayPal), booking platforms (e.g., Thinkific), and communication tools (e.g., Zoom)
• Publicly Available Sources: If relevant to our business activities and in compliance with applicable laws

4.4 Sensitive Personal Data
With your explicit consent, we may collect sensitive data, such as:

• Health Information: Relevant to wellness sessions or pre-session consultations
• Spiritual and Emotional Well-Being Data: Disclosures during mentorship or healing sessions

5. Types of Personal Data Collected

We collect the following categories of personal data:

• Identity Data: Full name, title, and demographic information
• Contact Data: Email address, phone number, mailing address
• Financial Data: Payment method details, transaction history
• Profile Data: Service preferences, membership details, feedback, and responses to surveys
• Technical Data: IP address, login data, browser type and version, time zone setting, and device identifiers
• Usage Data: Information about how you use our Website and Services
• Sensitive Data: Health and wellness information provided with explicit consent

We limit our data collection to only what is necessary for legitimate business purposes and compliance with legal requirements.

6. Legal Basis for Data Processing

We process personal data under the following legal bases:

• Consent: When you provide consent for processing your data (e.g., accepting cookies, agreeing to receive marketing communications)
• Contractual Necessity: To fulfill our obligations under our service agreements with you
• Legal Obligation: To comply with legal requirements (e.g., financial record-keeping, responding to lawful requests)
• Legitimate Interests: Where processing is necessary for our legitimate business interests, balanced against your rights (e.g., improving our Services)

For GDPR compliance, we ensure that sensitive data is processed only with explicit consent or where legally justified. Under CCPA/CPRA, we clarify that we do not sell personal data. Compliance with PIPEDA, Australian Privacy Act, Indonesia’s PDP Law, and LGPD is also maintained.

7. Purpose of Data Collection and Use

We use your personal data for the following purposes:

• Service Delivery: To manage bookings, conduct sessions, and provide personalized spiritual mentorship and healing services
• Communication: To send confirmations, updates, newsletters, and marketing communications (with consent)
• Payment Processing: To facilitate secure financial transactions
• Analytics and Improvements: To analyze Website usage and enhance our Services
• Legal Compliance: To comply with applicable laws, regulations, and legal requests

We ensure that data processing is limited to the specified purposes and only retained for as long as necessary.

8. Consent Management

8.1 Obtaining Consent

• We obtain your consent before collecting, processing, or sharing your personal data where required by law.
• Consent is collected through:
  • Booking Forms: Agreement to our terms and privacy policy during booking
  • Checkboxes: Affirmative action during online interactions (e.g., subscribing to newsletters)
  • Digital Signatures: Where applicable, for explicit consent

8.2 Withdrawing Consent

• You may withdraw your consent at any time by contacting us at Email: [email protected].
• Withdrawal of consent may affect your ability to use certain Services. For example, opting out of data processing may prevent us from providing tailored mentorship or healing sessions.

8.3 Impact of Withdrawing Consent

• Even if consent is withdrawn, we may retain certain personal data if required by law or to protect our legitimate interests.
• We will inform you of any implications if withdrawing consent affects service delivery.

8.4 Special Categories of Data

• For sensitive data (e.g., health information or spiritual well-being details), we always request explicit consent before collection and processing.

9. Data Sharing and Disclosure

9.1 Sharing with Service Providers
We share your personal data with trusted third parties to facilitate our Services, including:

• Payment Processors: To process financial transactions securely (e.g., Stripe, PayPal)
• Booking and Learning Platforms: Such as Thinkific, for managing courses and sessions
• Communication Tools: Zoom, for virtual sessions and consultations
• Analytics Providers: To analyze Website usage and improve user experience

9.2 Legal and Regulatory Disclosures
We may disclose your personal data:

• To Comply with Laws: When required by law, legal processes, or court orders
• To Protect Rights and Safety: In case of fraud, security issues, or to protect our rights, your safety, or the safety of others

9.3 Business Transfers
In the event of a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred as part of the business transaction. You will be notified of any changes in ownership or use of your personal data.

9.4 No Sale of Personal Data

• Under CCPA/CPRA, we do not sell personal data.
• We do not exchange your data for financial or other valuable consideration with third parties.

9.5 Third-Party Privacy Practices

• This Privacy Policy does not cover the privacy practices of third-party services.
• We encourage you to review the privacy policies of any third-party services you interact with through our Website.

10. International Data Transfers

10.1 Cross-Border Data Transfers

• As Journey to Kismet operates internationally, your personal data may be transferred to and stored in countries outside your own, including Indonesia, the EU, the US, Australia, Canada, and Brazil.

10.2 Legal Basis for Transfers

• We ensure that international data transfers comply with applicable laws, including:
  • GDPR: By using Standard Contractual Clauses (SCCs) or obtaining explicit consent
  • PIPEDA and Australian Privacy Act: Through appropriate safeguards and contractual obligations
  • Indonesia’s PDP Law and Brazil’s LGPD: By following regulatory requirements for data transfers

10.3 Data Transfer Mechanisms

• When transferring data internationally, we implement security measures such as:
  • Data Encryption: During transfer and storage
  • Contractual Clauses: With third-party processors to ensure data protection
  • Data Minimization: Transferring only necessary data

10.4 Risks of International Transfers

• You acknowledge that data stored or processed outside your country of residence may be subject to foreign laws and accessible by foreign governments or law enforcement agencies.

11. Data Retention Policy

11.1 Retention Periods
We retain your personal data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, including:

• Service Data: Retained for the duration of your relationship with us and for a reasonable period thereafter
• Financial Data: Maintained in compliance with accounting and tax regulations (e.g., 7 years for financial records under certain jurisdictions)
• Sensitive Data: Retained only as long as explicitly permitted by your consent

11.2 Criteria for Retention
The duration of data retention is determined by:

• Legal and Regulatory Requirements: Compliance with applicable laws
• Business Needs: For record-keeping, legal defense, and analysis purposes
• User Requests: Such as deletion requests under GDPR or CCPA

11.3 Data Deletion Procedures

• When data is no longer needed, we securely delete or anonymize it.
• Secure disposal methods include digital shredding and secure erasure from databases.

12. Data Security Measures

12.1 Technical and Organizational Measures
We implement robust security measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction, including:

• Data Encryption: Both in transit (e.g., SSL/TLS) and at rest
• Access Controls: Restricting access to personal data to authorized personnel only
• Regular Security Audits: To identify and address vulnerabilities

12.2 Breach Notification Procedures

• In the event of a data breach that affects your personal data, we will:
  • Notify you and relevant authorities as required by applicable laws (e.g., GDPR, CCPA)
  • Provide timely information on the nature of the breach, affected data, and recommended actions

12.3 User Responsibilities

• You are responsible for maintaining the security of your account credentials.
• We recommend using strong passwords and not sharing your login details with others.

13. Cookies and Tracking Technologies

13.1 Use of Cookies

• We use cookies and similar tracking technologies to enhance your experience on our Website. These may include:
  • Essential Cookies: Required for Website functionality
  • Analytics Cookies: To analyze Website traffic and usage patterns (e.g., Google Analytics)
  • Functional Cookies: To remember your preferences
  • Marketing Cookies: If applicable, to deliver targeted advertisements

13.2 Managing Cookies

• You can manage your cookie preferences through your browser settings.
• Most browsers allow you to refuse or delete cookies, but this may affect your use of our Website.

13.3 Third-Party Cookies

• Third-party services (e.g., Zoom, Thinkific) may also use cookies in line with their own privacy policies.
• We advise reviewing these policies independently to understand their practices.

14. User Rights and Choices

14.1 Rights Under GDPR (For EU Residents)

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request corrections to inaccurate or incomplete data
• Right to Erasure: Request the deletion of your data (“Right to be Forgotten”)
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Request your data in a structured, commonly used format
• Right to Object: Object to processing based on legitimate interests
• Automated Decision-Making: Request human intervention where decisions are automated

14.2 CCPA/CPRA Rights (For California Residents)

• Right to Know: About personal data collected, used, and disclosed
• Right to Delete: Request deletion of your personal data
• Right to Opt-Out: Of the sale of personal data (not applicable as we do not sell data)
• Non-Discrimination: No discrimination for exercising your rights

14.3 Additional Rights

• PIPEDA (Canada): Access, correction, and withdrawal of consent
• LGPD (Brazil) & Indonesia’s PDP Law: Similar rights as above, including revocation of consent

14.4 Exercising Your Rights

• To exercise your rights, contact us at Email: [email protected].
• We will respond to requests in accordance with applicable laws, typically within 30 days.

15. Special Considerations for Sensitive Data

15.1 Types of Sensitive Data Collected
With your explicit consent, we may collect and process sensitive personal data, including:

• Health Information: Shared during pre-session consultations or sessions
• Spiritual and Emotional Well-Being Data: Disclosures made during spiritual mentorship, healing sessions, or workshops
• Session Notes: Records of your experiences and feedback during our services

15.2 Legal Basis for Processing Sensitive Data

• Explicit Consent: Required under GDPR, LGPD, and Indonesia’s PDP Law
• Processing is only carried out when necessary for service delivery, with your clear and informed consent

15.3 Security Measures for Sensitive Data

• Enhanced Protection: Sensitive data is encrypted and stored securely
• Access Controls: Only authorized personnel have access to sensitive data
• Minimization Principle: We only collect sensitive data necessary for providing personalized and effective services

15.4 Client Rights for Sensitive Data

• You may withdraw consent to the processing of sensitive data at any time.
• Requests for data deletion or restriction can be made by contacting us at [email protected].

16. Children’s Privacy

16.1 Services Not Intended for Minors

• Our Services are not designed for or directed towards individuals under the age of 18.
• We do not knowingly collect or process personal data from children.

16.2 Data Handling If Collected Inadvertently

• If we become aware that personal data of a minor has been collected without parental consent, we will:
  • Delete the Data: As soon as possible
  • Notify Relevant Authorities: If required by law

16.3 Parental Rights

• If you believe that we might have collected data from a minor, please contact us immediately at [email protected].

17. Marketing and Communication Preferences

17.1 Marketing Communications

• With your consent, we may use your personal data to send you marketing communications, including:
  • Newsletters: Updates on services, promotions, and events
  • Special Offers: Personalized offers based on your interests

17.2 Consent and Opt-In Requirements

• For compliance with GDPR, CCPA, and other laws, marketing communications are only sent with explicit opt-in consent.

17.3 How to Opt-Out

• You may opt-out of receiving marketing communications at any time by:
  • Clicking the “Unsubscribe” link in our emails
  • Contacting us directly at [email protected]

17.4 Non-Marketing Communications

• You may still receive non-marketing communications such as service-related messages, booking confirmations, and administrative notices.

18. Third-Party Links and Services

18.1 Links to External Sites

• Our Website may contain links to third-party websites or services that are not operated by Journey to Kismet.
• We have no control over and assume no responsibility for the content, privacy policies, or practices of these external websites.

18.2 Interactions with Third-Party Services

• If you access third-party services through our Website (e.g., via Zoom for sessions or Thinkific for courses), your personal data may be processed according to those providers’ privacy policies.

18.3 Recommendations

• We recommend reviewing the privacy policies of any third-party services before providing them with your personal data.

19. Changes to the Privacy Policy

19.1 Right to Update This Policy

• We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings.
• Any updates will be posted on this page with an updated “Effective Date”.

19.2 Notification of Changes

• For significant changes, we will notify you through:
  • Email Communication: Sent to the address you provided
  • Website Notices: Visible on our Website’s home page

19.3 Acceptance of Changes

• Continued use of our Website and Services after policy changes are implemented indicates acceptance of the updated Privacy Policy.

19.4 Historical Versions

• Previous versions of the Privacy Policy may be made available upon request.

20. Contact Information and Complaints

20.1 Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

• Journey to Kismet
• Email: [email protected]
• Website: https://journeytokismet.com

20.2 Data Protection Officer (DPO)

• If required under applicable law, a Data Protection Officer (DPO) may be appointed to handle privacy-related matters. Contact details for the DPO (if applicable) will be provided on our Website.

20.3 Filing a Complaint

• If you believe your privacy rights have been violated, you have the right to file a complaint:
  • With Us Directly: At [email protected]
  • With Data Protection Authorities:
    • EU Residents: With your local Data Protection Authority (DPA)
    • California Residents: With the California Attorney General’s Office
    • Canada: With the Office of the Privacy Commissioner of Canada (OPC)
    • Australia: With the Office of the Australian Information Commissioner (OAIC)
    • Indonesia: With the Ministry of Communication and Informatics (KOMINFO)
    • Brazil: With the National Data Protection Authority (ANPD)

20.4 Response Time

• We will respond to all inquiries and complaints within 30 days, in accordance with applicable legal requirements.