This policy lays out how we may collect, store, use, and share any information that we gather from you when you access and use our Website [https://sofiabustamante.com] (“Website”) and the services we provide to you.

• Through our Website.
• Through any chat, user submission, and electronic messaging features on the Website.
• Through email or newsletter opt-ins, text, or other marketing features you interact with on the Website.
• When you attend an event organised by us
• Through any downloadable products or features on this Website.
• Through your interaction with any of our advertisements including those on third-party websites, applications and services.

You can contact our Data Privacy Manager at:

Post: Sofia Bustamante, 27 Old Gloucester Street, London, WC1N 3AX
FAO: Data Privacy Manager

Email: dataprivacy AT sofiabustamante.com

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

At our discretion, we may change our privacy policy to reflect current acceptable practices. We will take reasonable steps to let users know about changes via our website. If we hold contact details for you and you have not opted out of communications, we will notify you using the contact details we have saved. Your continued use of our service after any changes to this policy will be regarded as acceptance of our practices around privacy and personal information.

This policy is effective as of 21st October 2023.

Please review this Privacy Policy very carefully. By accessing our website, you are agreeing to this and are expressing that you have been given reasonable access to review this Policy prior to your continued use of our Website. This Agreement is binding as of the date you access our Website.

This website may include links to third-party websites, partners (including affiliates), plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Should you not agree to any provision of our Company’s policy you will no longer use, navigate, access or browse our Website. By continuing to use our Website you are agreeing to the practices we lay out in this policy.

This website is not intended for children and we do not knowingly collect data relating to children.

As part of the service we provide you, we may collect Personal Data. Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is, in simpler terms, any information about you that enables you to be identified. We only request personal data relevant to providing you with a service, and only use it to help provide or improve this service. As part of providing a service to you, we ask for the following personal data.

Information we collect include the following categories and kinds of personal information:

• Contact information including full name, address, email address and phone numbers;
• Financial Information including credit and debit card and bank account information;
• Geolocation information;
• Demographic information including gender, age, employment information;
• Internet and website usage data;
• Other identifying information such as IP address, social media usernames, passwords and other information used for authentication and access;

LOG DATA

• Your consumer profile data

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

Aggregated data may include your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit and the web page that referred you to our website, the time and date of your visit, the time spent on each page, and other details.

As you browse our website, our servers may automatically collect standard data provided by your web browser such as the device you are using to access our website. This data may include the device type, operating system, unique device identifiers, device settings, and geo-location data. What we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.

We collect your personal information by fair and lawful means, with your knowledge and consent. We also let you know why we’re collecting it and how it will be used. You are free to refuse our request for this information, with the understanding that we may be unable to provide you with some of your desired services without it.

We will collect your personal information when you voluntarily submit it to us in one or more of the following occasions:

Through direct interaction:

• When you subscribe to our newsletter via our website;
• When you attend an event organized by us;
• When you purchase a product;
• When you subscribe to a membership in person or through our website;
• When you take part in a survey or fill in a form through our websites;

Before you give us information, it is important to pay attention to what information is required and what is optional. By providing us with your information, you agree that it is correct, personal to you (and no one else whose permission has not been given), and complete.

Direct public submission:

Website users may also post or submit content (“Submissions”) on the Website including, but not limited to reviews, comments, testimonials, and discussions.

Please keep in mind that your submissions are transmitted to our Website and disseminated to others at your own risk. The Company has no control over how other third-parties and users interact with your submissions. Please remember this before posting your submissions on our Website.

Through automated technologies or interactions:

As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our cookie policy below
Your information may also be collected from third parties such as our business partners.

HOW WE USE COOKIES

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Please see our cookie policy for more information

PIXELS

Our Website, electronic messaging, and emails may serve files known as web beacons or pixels that allow us, for example, to track users and devices that have accessed our Website or opened our emails. This automated tracking technology allows us to target and personalize marketing messages.
Third-Party Tracking Processes. By continuing to browse our Website, you agree to allow cookies and other tracking technologies from third parties unless your browser refuses them. These cookies may collect personal information or behavior information. This data is frequently used to provide you with targeted internet advertising. We have no control over the third-party privacy policies or their data collection, use, and sharing practices.

For more information on how you can opt-out of certain tracking and internet-based advertising procedures, click here: https://optout.networkadvertising.org/?c=1 .

For more information about how you can opt-out of receiving targeted advertising from many providers, click here: https://optout.networkadvertising.org/?c=1 .

HOW WE USE YOUR PERSONAL DATA

Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it and your fundamental rights do not override those interests.

Your personal data will be used for the following purposes:

• In completing any purpose for which you specifically give the information.
• In communication or contact with you directly.
• In executing any necessary disclosure under the law or required legal process.
• In any additional way we specified at the time of information disclosure.

Website Experience

• In enhancing your user experience on our Website in a personalized, individualized way whenever possible.
• In shortening your website search inquiries and providing more relevant results.
• In any other manner set out in our Website’s Terms of Use and Terms of Purchase (if applicable).

Membership

• Providing and managing your membership with us. Your personal data is required in order for us to enter into a contract with you.
• Providing and managing your access to our Membership Management System.
• Supplying services to you.
• Communicating with you regarding your membership. This may include responding to emails or calls from you.

Marketing

• In advertising to you and our general audience. With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email, telephone and/or post with information, news, and offers on our services. You will not be sent any unlawful marketing or spam.

We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out in any correspondence we send.

We may retain information for a period of six years after your association with us has come to an end. We only retain personal information for as long as necessary to provide a service, or to improve our services in future, or where we are legally required to do so.

While we retain this data, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure, and cannot guarantee absolute data security.

As stated below, you have the right to require us to erase personal data.

Data Disclosure. We only share your information pursuant to this policy and are dedicated to protecting your privacy.

External Third Parties as set out in the Glossary.
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We share your data with external third parties that are based both inside the EEA and outside of the EEA. We will only transfer your personal data to countries outside of the EEA that the European Commission has deemed to provide an adequate level of personal data protection. More information is available from the European Commission.

If any personal data is transferred outside of the EEA, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR.

In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

We use third-party services for:

• Analytics tracking
• Membership management (where relevant)
• Email marketing
• Payment processing
• Email

In particular, we contract with the following third parties to supply certain services, which in turn allows us to provide our service to you:

THE ROCKET SCIENCE GROUP, LLC (MAILCHIMP)
Data submitted by: Sofia Bustamante, or You
Accessed by: Sofia Bustamante
Main uses: Email marketing
Registered address: The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA
Privacy Policy: https://mailchimp.com/legal/privacy/?_ga=2.194943400.489466289.1526477681-210828119.1526383203

STRIPE, INC
Data submitted by: You
Accessed by: Sofia Bustamante
Main uses: Processing one off payments
Registered address: Stripe, Inc. 185 Berry Street, Suite 550 San Francisco, CA 94107
The entity that provides Services in Europe is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin.
Privacy Policy: https://stripe.com/gb/privacy

We do not otherwise share or supply personal information to third parties. We do not sell or rent your personal information to marketers or third parties.

In addition to your rights under the GDPR, when you submit personal data to us, you may be given options to restrict our use of your personal data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails. More info below.)

Personal data that you may have voluntarily submitted when subscribing for a membership will be accessible and updateable, as and when our Membership Program begins. Details as to how to update your data will be provided here.

Personal data that we have collected for email marketing purposes or for sending you our Newsletter, through Mailchimp, can also be updated by you through the “Update subscription preferences” link included in the footer of every one of these communications.

• You are generally able to disable or refuse to accept cookies on your browser.
• If you do not want us to share your data with third parties, you can unselect that box from any data sharing options when that process is presented to you. You may also email us at dataprivacy AT sofiabustamante.com with the request.
• If you do not want to receive marketing and advertising emails including other forms of communication from the Company, you can unselect that box from any data sharing options when that process is presented to you. If you have received an email from us with an unsubscribe option, you may also follow the link and unsubscribe from the marketing material through that process.
• Similarly, should you prefer that we don’t contact you anymore for either of these reasons, you can let us know by following the “Unsubscribe from this list” link provided in the footer of every email we send you through Mailchimp.

For more information from the Network Advertising Initiative on opting-out of targeted advertisements, click here: https://optout.networkadvertising.org/?c=1 .

Nevada Residents Privacy Rights. For Nevada residents who desire to exercise their right to opt-out of the sale of their data, please send the request to dataprivacy AT sofiabustamante.com

California Resident Privacy Rights. If you are a California resident the California Consumer Privacy Act (CCPA) affords consumers more control over how we may collect and use your data. For more information review the CCPA here: https://oag.ca.gov/privacy/ccpa .
California residents have the following rights:

• Right to know information collected;
• Right to delete information (with exceptions);
• Right to opt-out of the sale of their data; and,
• Right to non-discrimination for exercising these rights.

If you are a California resident and have questions about or wish to exercise one of these rights, please send the request to dataprivacy AT sofiabustamante.com

According to the GDPR you can, at any time, ask us to delete the personal information we have collected from you under the “right to erasure”. You should understand that, in some circumstances, this will prevent us from providing you the services you have contracted with us. This request should be made by email addressed to dataprivacy AT sofiabustamante.com

Barring any lawful obligations or exceptions provided by the GDPR or other laws or regulations, we will strive to comply with your request within the time frame legally provided. If, for any reason, we understand we should refuse your request to have your data deleted, our decision will be communicated to you with a justification, as provided by the GDPR.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.

All subject access requests should be made in writing. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

If your information has changed or you would simply like to review it, you may access and review your personal information by logging into our Website and visiting your account profile page, once our membership accounts are available.

Alternatively you may submit a change request to the Company by email at dataprivacy AT sofiabustamante.com

Please note the Company has the right to refuse to update or delete your personal data if the Company believes such change would violate any law or legal process or if we have reason to believe the requested change is incorrect.

We take data security very seriously. However, with fast-evolving technologies, we cannot guarantee the complete safety and security of your data, but we do put safeguards in place and follow the latest data security strategies.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Please bear in mind that your data security is also your responsibility. You are not allowed to share your password or account information with anyone, especially those you do not know.

Any submission or transmission, whether direct or automated, of your personal data to us is done so at your own risk. The Company is not liable to you for any circumvention of our privacy protections or security systems on our Website.

Under the GDPR, you have the following rights, which we will always work to uphold:

• The right to be informed about our collection and use of your personal data.
• The right to access the personal data we hold about you.
• The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
• The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have.
• The right to restrict (i.e. prevent) the processing of your personal data.
• The right to object to us using your personal data for a particular purpose or purposes.
• The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
• Rights relating to automated decision-making and profiling. We do not use your personal data in this way.

This Privacy Policy should tell you everything you need to know, but you can always contact us to find out more.

Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

LAWFUL BASIS

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

Consent means you have explicitly given us permission to process your personal data. In such circumstances we will have asked you a specific question and you will have entered information or ticked a tick-box to indicate your consent.

THIRD PARTIES

EXTERNAL THIRD PARTIES

• Any member of our group, which means our subsidiaries or related companies.
• Campaign partners
• Service providers acting as processors based in the UK or EU who provide IT and system administration services.
• Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the UK and EU who provide consultancy, banking, legal, insurance and accounting services.