Privacy Policy for Mental Self-Defence

Effective Date: December 27, 2024

Table of Contents

1. Introduction

2. Information We Collect

3. How We Use Your Information

4. Data Sharing and Disclosure

5. Data Security

6. Data Retention

7. Your Rights

8. International Data Transfers

9. Children's Privacy

10. Cookies and Similar Technologies

11. Third-Party Links

12. Data Breach Notification

13. Automated Decision-Making

14. Changes to This Privacy Policy

15. Contact Us

1. Introduction

Mental Self-Defence ("we", "us", "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, share, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

We collect and process the following types of personal information:

- Personal contact information (e.g., name, email address)

- Demographic information (e.g., age, profession)

- Newsletter subscription details

- Coaching session information (e.g., appointment times, session notes)

- Survey, quiz, and form responses

- Website usage data and analytics

We are committed to data minimization and only collect information necessary for providing our services.

3. How We Use Your Information

We process your personal data for the following purposes:

- Delivering our newsletter and coaching services

- Personalizing content and recommendations

- Improving our services and developing new offerings

- Communicating with you about our services

- Conducting research and analysis

- Complying with legal obligations

Our lawful bases for processing your data include:

- Consent: We obtain your explicit consent for newsletter subscriptions and certain data processing activities.

- Contract: We process data necessary for performing our contract with you for coaching services.

- Legitimate Interests: We may process data for our legitimate business interests, such as improving our services, where it doesn't override your rights and freedoms.

- Legal Obligation: We may process data to comply with legal requirements.

4. Data Sharing and Disclosure

We may share your personal information with:

- Service providers who assist in delivering our newsletter and coaching services (e.g., email service providers, scheduling software)

- Legal and regulatory authorities when required by law

- Anonymous, aggregated data for research purposes

We do not sell your personal information to third parties.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. We are committed to privacy by design principles in our data processing activities.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. For newsletter subscriptions, we retain your data until you unsubscribe.

7. Your Rights

Under the GDPR, you have the following rights:

- Right to access your personal data

- Right to rectification of inaccurate data

- Right to erasure ("right to be forgotten")

- Right to restrict processing

- Right to data portability

- Right to object to processing

- Right to withdraw consent

To exercise these rights, please contact us using the information provided in the "Contact Us" section. We will respond to your request within one month.

8. International Data Transfers

If we transfer your data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions. Please refer to Substack privacy policy for further information.

9. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect or process data from children.

10. Cookies and Similar Technologies

We use cookies and similar technologies on our website. For detailed information, please refer to Substack’s policy.

11. Third-Party Links

Our newsletter and website may contain links to third-party websites. We are not responsible for the privacy practices or content of these sites. We encourage you to review their privacy policies.

12. Data Breach Notification

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay.

13. Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new Privacy Policy on our website or through our newsletter.

15. Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to file a complaint, please contact us at:

andy.john.phillips@icloud.com

You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO).