Privacy Policy
1. Introduction
Infrasweat (“we”, “us”, or “our”) values and respects the privacy of every individual who visits or interacts with our website, infrasweat.com. We are deeply committed to upholding the highest standards of data protection and privacy compliance in accordance with applicable laws, including the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use infrasweat.com and engage with our services.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all personal data processed via the website infrasweat.com or services provided therein. For individuals located in the European Economic Area (EEA) or the United Kingdom, we act as the “Data Controller” of your personal data, which means we determine the purposes and means of processing. If you have any questions concerning your personal data, please contact us at [email protected].
3. Categories of Personal Data We Process
We may collect and process the following categories of personal data:
a. Usage Data
Information automatically collected when users access or interact with infrasweat.com, including browser type, IP address, access times, referring URLs, pages visited, session duration, and interaction logs.
b. Account Data
Personal information provided during account creation or reservation, including full name, postal address, email address, and phone number.
c. Profile Data
User preferences, service usage behavior, class schedules, wellness goals, and purchase history.
d. Communication Data
Records of correspondence such as support requests, inquiries, and contact form submissions.
e. Technical Data
Device information including operating system, device identifiers, network configuration, and screen resolution.
f. Transaction Data
Payment details (processed through secure third-party providers), service purchases, billing addresses, and order histories.
g. Preference Data
Marketing preferences, opt-in consents, and responses to promotional communications or surveys.
4. Legal Bases for Processing Personal Data
We rely on the following legal bases for processing your personal data:
– Contract Performance: Where processing is necessary to fulfill obligations under a contract with you (e.g. booking a session).
– Consent: For sending marketing communications or non-essential cookies, we obtain and rely upon your informed consent.
– Legitimate Interests: For fraud prevention, maintaining the security of our services, business analytics, service improvement, and responding to inquiries.
– Legal Obligations: Where required to comply with applicable law or regulatory obligations.
5. Your Rights Under Data Protection Law
Subject to applicable laws, you have the following rights:
– Right of Access – You may request access to your personal data and a copy of the information we hold about you.
– Right to Rectification – You may request corrections to incomplete or inaccurate personal data.
– Right to Erasure – You may request deletion of your personal data, subject to contractual and legal limitations.
– Right to Restrict Processing – You may request temporary suspension of processing where a dispute exists regarding accuracy or legality.
– Right to Data Portability – You may request that we transfer your data to another service provider, where feasible.
– Right to Object – You may object to processing based on our legitimate interests or direct marketing. We will cease such processing unless we can demonstrate compelling legitimate grounds.
To exercise any of these rights, please email us at [email protected].
6. Security Measures
We implement appropriate technical and organizational measures to protect your personal data, including:
– Encryption of stored and transmitted data using industry-standard protocols.
– Role-based access control to restrict personnel access based on job responsibilities.
– Regular system backups and secure data recovery solutions.
– Regular staff training and internal audits to ensure data protection awareness and compliance.
While we take all reasonable precautions, no system is entirely secure. Users are advised to protect their login credentials and report suspected unauthorized use promptly.
7. International Data Transfers
Some of our third-party service providers may be located outside your jurisdiction. Where personal data is transferred internationally, we ensure adequate safeguards are in place, such as:
– Standard Contractual Clauses approved by the European Commission;
– Compliance with regional data protection standards;
– Encrypted transfer protocols and secure storage.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:
– Account Data: retained while your membership or account remains active.
– Communication Records: retained for 24 months for quality and support purposes.
– Transaction Data: retained for 7 years to comply with accounting and tax obligations.
– Usage and Technical Data: anonymized or deleted within 36 months for analytical purposes.
Where data is no longer necessary, we securely delete or anonymize it.
9. Cookie Policy
The infrasweat.com website uses cookies and similar technologies to enhance user experience and provide functionality. Our cookies fall into the following categories:
– Essential Cookies: Required for the operation of the website (e.g. log-in, security).
– Functional Cookies: Enable personal features such as language preferences and saved bookings.
– Analytics Cookies: Monitor site performance and usage to help us improve (e.g. Google Analytics).
– Performance Cookies: Measure service performance and troubleshoot issues.
10. Cookie Management and Legal Compliance
To comply with GDPR and CCPA requirements, we:
– Provide a cookie banner when you first visit infrasweat.com to request explicit consent for non-essential cookies.
– Allow you to manage cookie preferences via a cookie settings tool on our website.
– Offer the ability to withdraw or modify your consent at any time.
California residents may also opt out of the “sale” of personal information under the CCPA using our Do Not Sell My Personal Information link, where applicable.
11. Children’s Privacy
Infrasweat.com is not intended for children under the age of 13, and we do not knowingly collect personal data from minors without parental consent. If we become aware that a child under 13 has provided us with personal data, we will take steps to delete such information promptly. If you believe we may have collected such data, please contact us at [email protected].
12. Policy Updates and User Notification
We reserve the right to update this Privacy Policy to reflect changes in law, our practices, or service enhancements. We encourage users to review this policy periodically. In cases of material changes, we will notify users through prominent notices on infrasweat.com and, where appropriate, via direct communication such as email.
13. Contact Us
If you have any questions or requests related to this Privacy Policy, your personal data, or our data processing practices, please contact us at:
Email: [email protected]
We aim to respond to all inquiries promptly and in accordance with applicable law.
By using infrasweat.com, you acknowledge and agree to the terms outlined in this Privacy Policy. We are committed to privacy, transparency, and legal compliance to ensure your trust and protection.