Painology’s (Painology.com) Privacy Policy

At Painology, we are committed to protecting the privacy and security of the personal information you entrust to us.  This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal data when you interact with our website, courses, and services. It also explains your rights regarding your personal information and how you can exercise them.

1. CATEGORIES OF PERSONAL INFORMATION

To provide our services and improve your experience, we collect the following categories of personal information:

• Identifying Information: Name, billing address, delivery address, phone number, email address, IP address.

• Financial Information: We do not directly collect or store your payment card details. These are processed securely by third-party payment processors (Stripe or PayPal).

For more information kindly visit: (https://stripe.com/in/privacy) (https://www.paypal.com/us/legalhub/privacy-full)

• Transactional Information: Details about your purchases, including order history and preferences.

• User Content: Any information or posts you create on our website, in our community forums, or through direct communication with us (e.g., emails, survey responses) that relate to our business.

• Technical Information: Data collected automatically by our website and systems, including:

- IP address

- Login information (username, but not password)

- Browser type and version

- Device type and operating system

- Pages you visit and how you interact with them

- Referral source (how you found our website)

- Length of visits and page views

- Time zone settings

• Health Information: You may choose to share information about your health conditions or concerns with us to help us tailor our courses and content to your needs. This information is considered sensitive personal data and will be handled with extra care and security.

• Usage Information: Data about how you use our services, including course progress, preferences, and interactions with our website and platforms.

2. PURPOSE OF COLLECTION

We collect this information for the following purposes:

• To provide and personalise our services: This includes creating and managing your account, processing your orders, delivering courses and content, and providing customer support.

• To improve our website and services: We use your information to analyse website usage, understand user preferences, and develop new features and offerings.

• To communicate with you: This includes sending you transactional emails, updates about new courses or features, and responding to your inquiries.

• To comply with legal obligations: We may process your data to comply with applicable laws and regulations.

3. LEGAL BASIS FOR PROCESSING

We process your personal data on the following legal bases:

• Consent: For certain types of processing, such as sending you marketing communications, we will obtain your explicit consent.

• Contractual Necessity: We need to process your data to fulfil our contractual obligations to you, such as delivering the courses you purchased.

• Legitimate Interests: We may process your data for our legitimate business interests, such as improving our website and services, preventing fraud, and protecting our legal rights, as long as these interests do not override your fundamental rights and freedoms.

4. AUTOMATED DECISION-MAKING

We do not use automated decision-making or profiling that could have a significant impact on you.

5. PURPOSE OF COLLECTION

We collect and use your personal information for various purposes, including:

• Communication: To contact you via email, text message, social media, or other channels about your account, orders, inquiries, and updates regarding our services.

• Record Keeping: To maintain records of your purchases, interactions with our website, and communications with our team.

• Analytics and Improvement: To track how you use our website, understand your preferences, and analyse trends to improve our website, products, and services.

• Marketing and Personalisation: To deliver relevant content and offers based on your interests and communication preferences. This includes sending you newsletters, promotional materials, and other marketing communications (with your consent).

• Contests and Giveaways: To administer prize draws, competitions, and giveaways that you choose to participate in.

• Testimonials and Feedback: To solicit your feedback and testimonials about our products and services, and to use them for promotional purposes with your consent.

• Product and Service Development: To understand your needs and preferences to tailor our future courses and offerings to better meet your requirements.

• Order Fulfilment and Delivery: To process your orders, deliver products and services, and manage your account.

• Advertising and Promotion: To share your information with trusted third-party partners who may offer products or services that align with your interests (with your consent).

• Account Management and Customer Service: To create and manage your account, provide customer support, send administrative emails, respond to inquiries, and enhance the quality of our website and products.

• Security and Legal Compliance: To diagnose and address website errors or malfunctions, investigate suspicious or prohibited activities, and comply with legal processes or requests.

We collect and process your personal information only for the purposes outlined in this Privacy Policy or for other purposes for which we have obtained your explicit consent. We do not sell your personal information.

6. DATA SHARING AND TRANSFER

Third-Party Recipients:

To provide our services and operate our business, we may share your personal information with the following categories of third parties:

• Service Providers: Companies that help us with various aspects of our business, such as website hosting, payment processing, email marketing, customer support, data analysis, and IT services. These providers are contractually obligated to protect your data and only use it for the purposes we specify.

• Professional Advisors: We may share your information with our accountants, lawyers, or other professional advisors as needed to fulfil our legal obligations or protect our rights.

• Governmental Authorities: We may disclose your information if required to do so by law or in response to a valid legal request, such as a court order or subpoena.

• Business Transfers: If we sell or merge our business, your personal information may be transferred to the new owner as part of the transaction. We will take steps to ensure that your privacy rights are protected in such a transfer.

• Partners and Affiliates: We may share your information with trusted partners and affiliates who offer products or services that we believe may be of interest to you. This will only be done with your explicit consent.

7. SPECIFIC THIRD PARTIES

The specific third parties we work with include:

• Payment Processors: Stripe, PayPal (or other processors you use)

• Website Hosting and Development: Taft Systems

• Analytics Providers: Google Analytics, Google Tag Manager

• Social Media Platforms: Platforms where we maintain a presence, such as Facebook, Instagram, YouTube, and others.

8. DATA SHARING FOR SPECIFIC PURPOSES

We may also share your information with third parties for specific purposes, such as:

• To fulfil contractual obligations: We may share your information with third parties to fulfil our contractual obligations to you, such as delivering products or services you have purchased.

• To perform specific functions: We may share your information with third parties to perform specific functions on our behalf, such as processing payments, sending emails, or analysing website usage.

9. YOUR CONTROL OVER DATA SHARING

You can control how we share your information for marketing purposes by updating your communication preferences in your account settings or by contacting us directly. Please note that we may still need to share your information for other purposes, such as those outlined in this Privacy Policy.

10. INTERNATIONAL TRANSFERS

As we utilise third-party services for payment processing and website hosting, your personal information may be transferred and processed outside of the United Kingdom. Specifically:

• Payment Processors: We use Stripe and/or PayPal to process payments. Your payment information may be transferred to and processed by these companies in accordance with their respective privacy policies.

• Website Hosting: Our website is hosted by Taft Systems, which is based in the United States. Therefore, your personal information may be transferred to and processed in the United States.

We ensure that any transfers of personal data outside of the UK are done in compliance with applicable data protection laws. By using our services, you consent to the transfer of your personal information to countries outside of the UK, in accordance with this Privacy Policy and applicable data protection laws.

11. SALE OF PERSONAL INFORMATION

We do not sell your personal information to third parties for monetary or other valuable consideration. This includes the sale of information for advertising or marketing purposes.

12. DATA SUBJECT RIGHTS

You have the following rights regarding your personal data:

1) Right to Access: You have the right to request a copy of the personal information we hold about you. You can access some of your data by logging into your account on the Painology website. For further access requests, please contact us through our Contact Us page.

2) Right to Rectification: If you believe that any of your personal information we hold is inaccurate or incomplete, you have the right to request that we correct or update it. Please contact us through our Contact Us page with the necessary corrections.

3) Right to Erasure: You have the right to request that we erase your personal information in certain circumstances. Please contact us through our Contact Us page to make such a request.

4) Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information in certain circumstances. This may include situations where you contest the accuracy of your data or object to our processing activities. Please contact us through our Contact Us page to request a restriction on processing.

5) Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format. Currently, you can export certain data, such as your contact information, via CSV export. For other types of data or formats, please contact us through our Contact Us page.

6) Right to Object: You have the right to object to the processing of your personal information for direct marketing purposes. You can exercise this right by clicking the "unsubscribe" link in any marketing email or by contacting us through our Contact Us page.

7) Right to Withdraw Consent: If you have given us consent to process your personal information for a specific purpose, you have the right to withdraw your consent at any time. You can do so by contacting us through our Contact Us page.

13. HOW TO EXERCISE YOUR RIGHTS

To exercise any of your data subject rights, please contact us in writing through our Contact Us page. We will respond to your request within 30 days of receipt.

Please note that certain rights, such as the right to erasure or data portability, may be subject to limitations or exceptions under applicable data protection laws.

14. DATA RETENTION

Retention Periods:

We retain different types of personal data for varying periods, depending on the nature of the data and the purposes for which it was collected. We will not retain your personal information for longer than is necessary for the purposes for which it was collected or as required by applicable laws or regulations.

15. CRITERIA FOR DETERMINING RETENTION

We consider the following factors when determining data retention periods:

• Legal Requirements: We retain certain data, such as financial transaction details, for a minimum of six years to comply with accounting and tax regulations (HMRC requirements in the UK).

• Business Needs: We retain data as long as it is necessary to provide our services, process transactions, manage subscriptions, provide customer support, send invoices, and fulfil other legitimate business purposes.

• Your Consent: If we are processing your data based on your consent, we will retain it until you withdraw your consent.

16. SPECIFIC RETENTION PERIODS

While we strive to delete your personal data as soon as it is no longer needed, some data may be retained for longer periods due to legal or regulatory requirements, or for legitimate business purposes such as dispute resolution or fraud prevention.

17. DATA SECURITY

We are committed to protecting the security of your personal information and have implemented appropriate technical and organisational measures to safeguard it. These measures include:

• Secure Socket Layer (SSL) Encryption: We use industry-standard SSL encryption to protect your data during transmission between your browser and our website.

• Access Controls: We restrict access to your personal information to authorised personnel who require it to fulfil their job responsibilities. Access is granted on a need-to-know basis and is regularly reviewed.

• Password Protection: We require you to create a strong password to protect your account information. We recommend using a combination of upper and lowercase letters, numbers, and symbols for maximum security.

• Regular Security Reviews: We regularly review our security measures and procedures to ensure they are up-to-date and effective in protecting your data from unauthorised access, disclosure, alteration, or destruction.

18. THIRD-PARTY SECURITY

We work with trusted third-party service providers who assist us in operating our website and providing our services. These providers have their own security measures in place to protect your data.

• Taft Systems: Our website platform provider, Taft Systems, conducts regular security audits of their platform and implements security measures to protect the data stored within their systems. Please refer to their privacy policy at https://taftsystems.com/privacy-policy105438 for more information on their specific security practices.

19. YOUR ROLE IN DATA SECURITY

While we strive to protect your personal information, it's important to remember that no system is 100% secure. We encourage you to:

• Keep your password confidential: Do not share your password with anyone, and avoid using easily guessable passwords.

• Be aware of phishing scams: Be cautious of emails or messages that appear to be from Painology but ask for your personal information or login credentials. We will never ask for your password in an unsolicited communication.

• Log out of your account: When you finish using our website, always log out of your account, especially if you are using a shared or public computer.

20. DATA BREACH NOTIFICATION

In the unlikely event of a data breach, we will promptly notify you and the relevant authorities as required by applicable data protection laws.

21. COOKIES AND SIMILAR TECHNOLOGY

We use cookies and similar technologies to provide, secure, and improve our website and services. Cookies are small files that are stored by your web browser on your computer or mobile device. They allow us to remember your preferences and settings, track your activity on our website, and personalise your experience.

For more information, kindly visit: https://www.gohighlevel.com/cookies-policy

“HighLevel” uses cookies to track and target the interests of users to enhance the experience on their website. Third-party cookies are also used for advertising purposes. These cookies can be used to collect information about your visits to other websites.

Here is a list of the cookies used by HighLevel:

• _gcl_au - Google Analytics

• msgsndr_id - LeadConnector Analytics

• _gid, gatUA-115177999-2, gatUA-115177999-1, _ga - Google Analytics [28-31]

• _tt_enable_cookie, _ttp - TikTok Advertisement

• _fbp - Facebook Advertising

• _ga_HSZW8WNR22, ga1X0XQRMB4F - Google Analytics

• _ttp - TikTok Advertisement

• test_cookie - Google Advertising

You can control how cookies are used on your browser by visiting the cookie consent manager or your browser settings.

21. CHANGES TO THE PRIVACY POLICY

We may update our Privacy Policy from time to time. If we make any material changes, we will notify you by email (sent to the e-mail address specified in your account) or through a notice on the Website before the change becomes effective. We encourage you to review the Privacy Policy periodically for any updates. Your continued use of the Website or Services after any modifications to the Privacy Policy constitutes your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

23. EFFECTIVE DATE

This Privacy Policy is effective as of 26th June 2024