kexviro.eu ("we", "us", "our") is committed to protecting and respecting the privacy of all individuals who interact with our website and services. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have regarding your data. Please read this document carefully.
1. Who We Are
kexviro.eu operates the website and the Calm Body guided yoga service. For the purposes of applicable data protection law, we act as the data controller responsible for your personal data. If you have any questions about this policy, please use our contact form at kexviro.eu/contact.
2. Data We Collect
We may collect and process the following categories of personal data:
- Contact information: name, email address, and any details you voluntarily submit through our contact form.
- Purchase information: details related to transactions made through our payment processor (we do not store full card details).
- Usage data: IP address, browser type and version, device type, pages visited, time spent on pages, referring URLs, and similar technical data collected automatically.
- Cookie data: preferences and identifiers stored via cookies and similar technologies, as described in our Cookie Policy.
- Communication records: content of any messages you send to us via the contact form or email.
3. Legal Bases for Processing (GDPR — Article 6)
We rely on the following legal bases to process your personal data:
- Contractual necessity (Art. 6(1)(b)): processing necessary to deliver the service you have purchased or to respond to your pre-contractual inquiries.
- Legitimate interests (Art. 6(1)(f)): processing for website security, fraud prevention, internal analytics, and improving our services, where these interests are not overridden by your rights.
- Consent (Art. 6(1)(a)): for optional marketing communications and non-essential cookies, where you have provided freely given, specific, and informed consent.
- Legal obligation (Art. 6(1)(c)): where we are required by law to process or retain your data.
4. How We Use Your Data
Your data is used for the following purposes:
- Responding to your inquiries submitted via the contact form
- Processing and fulfilling service access requests
- Sending service-related communications (order confirmation, support replies)
- Sending optional marketing updates, if you have opted in
- Improving and maintaining the functionality and security of our website
- Complying with legal and regulatory obligations
5. Cookies and Tracking Technologies
We use cookies and similar technologies to operate the website and analyze usage. For detailed information about the types of cookies used and how to manage them, please review our Cookie Policy.
6. Sharing of Personal Data
We do not sell your personal data. We may share data with:
- Service providers acting on our behalf (e.g., payment processors, email delivery platforms, hosting infrastructure). These processors are contractually bound to protect your data and may not use it for their own purposes.
- Legal authorities where we are required by applicable law, court order, or regulatory obligation to disclose data.
- Successors in the event of a merger, acquisition, or sale of assets, subject to standard confidentiality protections.
7. International Data Transfers
Some of our service providers may be located outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place — such as Standard Contractual Clauses approved by the European Commission — to protect your data to the same standards as required within the EEA.
8. Data Retention
We retain personal data only for as long as necessary for the purposes set out in this policy, or as required by law. Contact form submissions are typically retained for up to 24 months. Transaction records may be retained for longer periods to comply with financial regulations. You may request deletion of your data at any time (see Section 9).
9. Your Rights as a Data Subject
Under applicable data protection law, you have the following rights:
- Right of access: to receive a copy of the personal data we hold about you.
- Right to rectification: to request correction of inaccurate or incomplete data.
- Right to erasure ("right to be forgotten"): to request deletion of your data, subject to legal retention requirements.
- Right to restriction of processing: to request that we limit how we use your data in certain circumstances.
- Right to data portability: to receive your data in a structured, machine-readable format.
- Right to object: to object to processing based on our legitimate interests or for direct marketing.
- Right to withdraw consent: where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us via the contact form. We will respond within 30 days.
10. Supervisory Authority
You have the right to lodge a complaint with a supervisory data protection authority if you believe we have not handled your personal data lawfully. The relevant authority depends on your country of residence. Examples include the Information Commissioner's Office (ICO) in the UK, the Commission Nationale de l'Informatique et des Libertés (CNIL) in France, and your national data protection authority within the EU.
11. Children's Privacy
Our services are intended for adults. We do not knowingly collect personal data from individuals under the age of 16. If we become aware that we have collected data from a minor, we will take steps to delete it promptly.
12. Third-Party Links
Our website may contain links to external websites. We are not responsible for the privacy practices of those sites and encourage you to read their individual privacy policies before providing any personal data.
13. Security Measures
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include encrypted data transmission (HTTPS), access controls, and regular security assessments. However, no transmission over the internet is completely secure, and we cannot guarantee absolute security.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Significant changes will be communicated via a notice on our website. We encourage you to review this policy periodically. The effective date at the top of this page reflects the most recent revision.
15. Contact Us
For any data protection queries, requests, or complaints, please use our contact form. We take all privacy inquiries seriously and aim to respond promptly and transparently.