Privacy Policy - Seventh Heaven: Toronto Wellness Heritage

Privacy Policy for Seventh Heaven: Toronto Wellness Heritage

Effective Date: [Insert Date]

Website: seventhheaventoronto.com

Seventh Heaven: Toronto Wellness Heritage ("we," "us," "our," or "the Company") is committed to protecting your privacy. This comprehensive Privacy Policy ("Policy") explains in detail how we collect, use, disclose, and safeguard your personal information when you visit our website, seventhheaventoronto.com (the "Site"), interact with our services, or engage with us as a client or prospective client of our wellness heritage services.

This Policy is designed to comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) for individuals within the European Economic Area (EEA). Please read this Policy carefully. By accessing or using our Site and services, you consent to the practices described herein. If you do not agree with our policies and practices, please do not use our Site or services.

1. Definitions

For the purposes of this Privacy Policy:

  • "Personal Data" means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • "Processing" means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  • "Data Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
  • "Data Subject" is any identified or identifiable natural person whose Personal Data is processed by the Data Controller.

2. Information We Collect

We collect several types of information from and about users of our Site and services, which may include:

2.1. Information You Provide Directly to Us

  • Contact and Identity Information: Such as your full name, email address, postal address, phone number, and date of birth when you fill out contact forms, book consultations, sign up for newsletters, or create an account.
  • Health and Wellness Information: In the context of providing personalized wellness heritage services, you may choose to share sensitive information regarding your health history, lifestyle, wellness goals, and heritage background. This is considered "Special Category Data" under GDPR and is processed only with your explicit, affirmative consent.
  • Financial Information: Payment card details or other financial information necessary to process transactions for our services. Note: we use secure, third-party payment processors and do not store full payment card details on our servers.
  • Communications: Records of your correspondence with us, including emails, chat messages, and call recordings (where applicable and with notice).
  • User Content: Any information, comments, reviews, or other content you post publicly on our Site or provide to us privately.

2.2. Information Collected Automatically

When you navigate our Site, certain information is collected automatically:

  • Usage Data: Information about your interaction with the Site, including pages visited, time spent on pages, clickstream data, and other navigation patterns.
  • Device and Technical Information: Your IP address, browser type and version, operating system, device type, unique device identifiers, and mobile network information.
  • Location Data: General geographic location derived from your IP address or, with your explicit permission, more precise location data from your mobile device.
  • Cookies and Tracking Technologies: We use cookies, web beacons, and similar tracking technologies. For detailed information, please see our Cookie Policy section (Section 10).

2.3. Information from Third Parties

We may receive limited information about you from third-party sources, such as social media platforms (if you interact with us there), analytics providers, advertising networks, and publicly available databases, in compliance with applicable laws.

3. Legal Basis for Processing (GDPR Compliance)

For individuals in the EEA, our legal basis for collecting and using your Personal Data depends on the specific context in which we collect it. We rely on the following legal bases under the GDPR:

  • Consent: Where you have given us clear, specific, and informed consent to process your Personal Data for one or more specific purposes (e.g., sending marketing newsletters, processing Special Category health data). You may withdraw consent at any time.
  • Contractual Necessity: Processing necessary for the performance of a contract with you or to take steps at your request before entering into a contract (e.g., providing the wellness services you have purchased).
  • Legal Obligation: Processing necessary for compliance with a legal obligation to which we are subject (e.g., tax and accounting regulations).
  • Legitimate Interests: Processing necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your fundamental rights and freedoms. This includes:
    • Providing, securing, and improving our Site and services.
    • Preventing fraud and ensuring network and information security.
    • Analysing the use of our services for business intelligence.
    • Direct marketing of similar services to existing clients (with an opt-out provided).

4. How We Use Your Information

We use the information we collect for the following business purposes:

  • To provide, operate, maintain, and improve our Site and wellness heritage services.
  • To process and complete transactions, and send related information, including confirmations, invoices, and administrative messages.
  • To communicate with you, respond to your inquiries, and provide customer support.
  • To personalize your experience, including tailoring wellness recommendations based on your heritage and health information (with your explicit consent).
  • To send you promotional communications, offers, and updates about our services, where you have consented to receive them.
  • To monitor and analyze trends, usage, and activities in connection with our Site for business analytics and marketing purposes.
  • To detect, prevent, and address technical issues, security incidents, fraud, or other malicious activity.
  • To comply with legal obligations, resolve disputes, and enforce our agreements.

5. How We Share and Disclose Your Information

We do not sell, rent, or trade your Personal Data. We may share your information in the following limited circumstances:

  • Service Providers: With trusted third-party vendors, consultants, and service providers who perform services on our behalf (e.g., payment processing, data analysis, email delivery, hosting, customer service). These parties are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which we disclose it to them.
  • Professional Advisors: With our professional advisors, such as lawyers, accountants, and insurers, where necessary.
  • Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend our rights or property, (iii) act in urgent circumstances to protect the personal safety of users or the public, or (iv) protect against legal liability.
  • Business Transfers: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company. You will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your Personal Data.
  • With Your Consent: We may share your information for any other purpose disclosed to you at the time we collect the information, with your explicit consent.

International Transfers: We are based in Canada. Your information may be transferred to and processed in countries other than your own. When we transfer Personal Data out of the EEA or the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

6. Data Security

We implement appropriate technical and organizational security measures designed to protect the security of your Personal Data. These include encryption (SSL/TLS for data in transit), access controls, secure server infrastructure, and regular security assessments. However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

7. Data Retention

We retain your Personal Data only for as long as is necessary for the purposes set out in this Policy, unless a longer retention period is required or permitted by law (e.g., tax, accounting, or legal requirements). To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it, and whether we can achieve those purposes through other means.

When we no longer need to process your Personal Data, we will securely delete or anonymize it.

8. Your Data Protection Rights (GDPR & Other Jurisdictions)

Depending on your location, you may have the following rights regarding your Personal Data:

  • Right of Access: To request copies of your Personal Data we hold.
  • Right to Rectification: To request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): To request deletion of your Personal Data under certain conditions.
  • Right to Restrict Processing: To request that we restrict the processing of your Personal Data under certain conditions.
  • Right to Data Portability: To request transfer of your data to another organization or to you, in a structured, machine-readable format.
  • Right to Object: To object to our processing of your Personal Data, particularly where we rely on legitimate interest as the legal basis, including for direct marketing purposes.
  • Right to Withdraw Consent: Where we rely on consent, you have the right to withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular in your country of residence, if you believe our processing of your Personal Data violates applicable law.

To exercise any of these rights, please contact us using the details in Section 13. We will respond to your request within one month, in compliance with GDPR requirements. We may need to verify your identity before fulfilling your request.

9. Children's Privacy

Our Site and services are not directed to individuals under the age of 16 ("Children"). We do not knowingly collect Personal Data from Children. If you are a parent or guardian and become aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from a Child without verification of parental consent, we will take steps to remove that information from our servers.

10. Cookies and Similar Technologies

We use cookies and similar tracking technologies to track activity on our Site and hold certain information. Cookies are small data files placed on your device.

  • Essential Cookies: Necessary for the Site to function and cannot be switched off.
  • Performance/Analytics Cookies: Allow us to count visits and traffic sources to measure and improve Site performance.
  • Functional Cookies: Enable enhanced functionality and personalization.
  • Targeting/Advertising Cookies: Set by our advertising partners to build a profile of your interests and show relevant ads.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site. You can also manage your cookie preferences via our Cookie Consent Banner upon first visiting the Site.

11. Third-Party Links

Our Site may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. We encourage you to review this Policy periodically for any changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, or if you wish to exercise your data protection rights, please contact our Data Protection Officer at:

Seventh Heaven: Toronto Wellness Heritage
[Insert Mailing Address]
Email: privacy@seventhheaventoronto.com
Phone: [Insert Phone Number]

We use cookies to enhance your browsing experience and analyze site traffic. By continuing to use this site, you consent to our use of cookies.