Legal

Privacy Policy

1. Introduction and Data Controller

This Privacy Policy describes how Flourishvibehip ("we," "us," or "our") collects, uses, stores, shares, and protects personal data when you visit our website at flourishvibehip.world, use our contact forms, enroll in educational programs, or engage with our layout review and educational services related to workspace posture architecture.

The data controller responsible for your personal information is:

Flourishvibehip
1301 S Weller St, Seattle, WA 98144, United States
Email: hello@flourishvibehip.world
Phone: +1 800-445-6937

We are committed to processing personal data in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) where applicable, and other relevant international data protection laws. This policy applies to all visitors and users of our website and services regardless of geographic location.

2. Personal Data We Collect

We collect personal data through various interactions with our website and services. The categories of data we may collect include:

2.1 Information You Provide Directly

  • Contact form submissions: name, email address, message content, and GDPR consent confirmation
  • Layout review inquiries: workspace photographs, room dimensions, furniture measurements, and descriptions of daily work routines
  • Program enrollment: billing information, payment details processed through third-party payment processors, and enrollment preferences
  • Communication records: email correspondence, phone call notes, and video session recordings when explicitly agreed upon

2.2 Information Collected Automatically

  • Device and browser information: IP address, browser type and version, operating system, device type, and screen resolution
  • Usage data: pages visited, time spent on pages, click patterns, referral URLs, and navigation paths within our website
  • Cookie and tracking data: as described in our Cookie Policy, including analytics and marketing cookies when consent is provided
  • Technical logs: server access logs, error reports, and performance metrics

2.3 Information from Third Parties

  • Payment processors providing transaction confirmation data
  • Analytics providers supplying aggregated website usage statistics
  • Advertising platforms providing campaign performance metrics when marketing cookies are enabled

3. Purposes of Data Processing

We process your personal data for the following specific purposes, each supported by an appropriate legal basis under GDPR:

3.1 Responding to Inquiries

When you submit a contact form or reach out via email or phone, we use your name, email, and message content to respond to your request. Legal basis: performance of pre-contractual measures (Article 6(1)(b) GDPR) and legitimate interest in communicating with prospective clients (Article 6(1)(f) GDPR).

3.2 Delivering Consulting and Educational Services

Workspace photographs, measurements, and layout review notes are processed to provide educational layout suggestions and program content. Legal basis: performance of a contract (Article 6(1)(b) GDPR).

3.3 Website Operation and Security

Technical logs and strictly necessary cookies ensure website functionality, prevent fraud, and maintain security. Legal basis: legitimate interest in operating a secure website (Article 6(1)(f) GDPR).

3.4 Analytics and Improvement

With your consent, analytics cookies help us understand how visitors use our site so we can improve content and navigation. Legal basis: consent (Article 6(1)(a) GDPR).

3.5 Marketing Communications

With your explicit consent, we may send educational newsletters or program announcements. You may withdraw consent at any time. Legal basis: consent (Article 6(1)(a) GDPR).

3.6 Legal Compliance

We may process data to comply with legal obligations, respond to lawful requests from authorities, or establish, exercise, or defend legal claims. Legal basis: compliance with legal obligation (Article 6(1)(c) GDPR) and legitimate interest (Article 6(1)(f) GDPR).

4. Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law:

  • Contact form submissions: retained for 24 months after the last communication, then securely deleted
  • Layout review records and workspace materials: retained for 36 months after service completion to support follow-up inquiries, then deleted unless you request earlier removal
  • Program enrollment and payment records: retained for 7 years to comply with tax and accounting regulations
  • Marketing consent records: retained for the duration of consent plus 3 years for compliance documentation
  • Analytics data: aggregated and anonymized after 26 months; raw data deleted per analytics provider schedules
  • Server logs: retained for 90 days for security monitoring, then automatically purged
  • Cookie consent preferences: stored locally on your device until you clear browser data or withdraw consent

When retention periods expire, data is securely deleted or anonymized so it can no longer be associated with you.

5. Data Sharing and Third Parties

We do not sell your personal data. We share data only in the following circumstances:

5.1 Service Providers

We engage trusted third-party processors who assist in website hosting, email delivery, payment processing, analytics, and customer relationship management. All processors are bound by data processing agreements requiring GDPR-compliant handling of your data.

5.2 Legal Requirements

We may disclose personal data when required by law, court order, or governmental regulation, or when necessary to protect the rights, property, or safety of Flourishvibehip, our users, or the public.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity. We will notify affected users and ensure continued protection under equivalent privacy standards.

5.4 International Transfers

Your data may be processed in the United States and other countries where our service providers operate. For transfers outside the European Economic Area, we implement appropriate safeguards including Standard Contractual Clauses approved by the European Commission.

6. Security Measures

We implement technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction:

  • HTTPS encryption for all data transmitted between your browser and our servers
  • Access controls limiting employee access to personal data on a need-to-know basis
  • Regular security assessments and vulnerability monitoring of our website infrastructure
  • Encrypted storage for sensitive layout review materials and payment-related records
  • Employee training on data protection practices and confidentiality obligations
  • Incident response procedures for detecting, reporting, and addressing data breaches within 72 hours as required by GDPR

While we strive to protect your personal data, no method of electronic transmission or storage is completely secure. We encourage you to use strong passwords and protect your account credentials.

7. Your Rights Under GDPR and Applicable Laws

Depending on your location, you may have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data when no longer necessary for the purposes collected, when you withdraw consent, or when processing is unlawful
  • Right to Restrict Processing: Request limitation of processing while disputes are resolved
  • Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
  • Right to Withdraw Consent: Withdraw consent at any time for processing that relies on consent, without affecting the lawfulness of prior processing
  • Right to Lodge a Complaint: File a complaint with your local data protection authority if you believe your rights have been violated

To exercise any of these rights, contact us at hello@flourishvibehip.world. We will respond within 30 days. We may request identity verification before processing your request.

California residents may additionally have rights under the CCPA including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information.

8. Children's Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us immediately.

9. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. Material changes will be communicated by updating the date at the top of this page and, where appropriate, by notifying registered users via email. We encourage you to review this policy regularly. Continued use of our website after changes constitutes acceptance of the updated policy.

10. Contact Information

For questions, concerns, or requests related to this Privacy Policy or our data processing practices, please contact:

Flourishvibehip — Data Protection Contact
1301 S Weller St, Seattle, WA 98144, United States
Email: hello@flourishvibehip.world
Phone: +1 800-445-6937

We aim to resolve all privacy-related inquiries within 30 days of receipt.