Policy on privacy and use of “cookies” files on the Website
General Information
We care about your privacy. We collect and process your data only when it is necessary for the proper provision of the services we offer.
In accordance with the Regulation of the European Parliament and Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons in connection with the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), commonly referred to as GDPR, we present below the data processing principles used by the Administrator.
Who is the Data Administrator?
The data administrator is:
Healing Institute Foundation registered with the District Court for the City of Warsaw in Warsaw, XIV Economic Division of the National Court Register, located at ul. Szamocka 10c / 50, Warsaw 01-748, VAT ID: 5253002902, KRS: 0001104388, REGON: 528621437.
We will process your Personal Data only to the necessary extent specified below. At the same time, we inform you that regardless of the above agreements, you can exercise your rights under the GDPR.
You can contact us at the email address: hello@healinginstitute.eu
Why do we collect your data? How long do we process it?
We may process your data for the following purposes:
- Communication with You, including responding to inquiries submitted through the contact form, email messages, etc.
Data will be processed based on our legitimate interest as the administrator in the form of communication with you (Article 6(1)(f) of the GDPR). Your personal data will be processed no longer than until you raise an objection or the business purpose for which it was processed ceases to exist. Providing this data is voluntary, but it is necessary for communication with you. Data may also be processed for archival purposes for internal purposes based on the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) until you raise an objection, or the business purpose ceases.
To this end, we will process your data in the following scope:
- email address;
- other personal data that you voluntarily provide to us in the message you send.
- Providing Therapeutic Services as defined in the Regulations
In cases where we are the entity providing you with the Therapeutic Service (as described in our Regulations), we will process your personal data necessary to perform this service. These data will be processed for the duration of the contract regarding Therapeutic Services, for the purpose of concluding and fulfilling the contract (Article 6(1)(b) of the GDPR) and for the duration of the limitation period for claims related to this contract (2 years from the end of the year in which we completed the provision of the Therapeutic Service, Article 6(1)(f) of the GDPR).
Providing data is voluntary, but it is necessary for the conclusion and execution of the contract, which pertains to Therapeutic Services.
To this end, we will process your data in the following scope:
- email address;
- phone number;
- date of birth;
- time and place of birth;
- payment information (including bank account number);
- first and last name;
- image;
- any other data you voluntarily provided to us during the Therapeutic Service.
- Assumptions and Use of the Account
Data necessary for the conclusion and performance of the contract will be processed for the duration of the contract (Article 6(1)(b) of the GDPR) and for the period of limitation for claims related to the contract which provides you access to the account (2 years from the end of the year in which we ceased providing you with access to the Account, Article 6(1)(f) of the GDPR). Providing this data is voluntary, but it is necessary for the conclusion and performance of the contract. Additional data provided for the purpose of facilitating the performance of the contract will be processed no longer than until you raise an objection, or the business purpose based on legitimate interest in customer service ceases (Article 6(1)(f) of the GDPR).
Furthermore, your data may be processed by us when it is necessary to fulfill legal obligations imposed on us as the data administrator (such as issuing and storing invoices) – data will be processed for this purpose for no longer than 6 years (archival obligations concerning accounting documents), unless legal provisions require a longer period (Article 6(1)(c) of the GDPR). Data may also be archived for internal and statistical purposes until you raise an objection, or the business purpose based on the legitimate interest of the Administrator ceases (Article 6(1)(f) of the GDPR), but not for longer than the period mentioned in the previous sentence.
To this end, we will process your data in the following scope:
- First name;
- Last name;
- Email address;
- Payment information when you choose a subscription (payment card information, bank account information, payment details);
- Any other data you voluntarily entered while creating the Account.
- Sending Marketing Information, including About Services, Products, Promotions, Free Content (Newsletter)
Data will be processed based on the legitimate interest of the Administrator for marketing the Administrator’s products and services (Article 6(1)(f) of the GDPR) or based on your consent (Article 6(1)(a) of the GDPR). Your data will be processed no longer than until you raise an objection or withdraw your consent (if you provided it earlier) or the business purpose ceases – depending on which occurs first. Providing data is voluntary, but it is necessary to receive the newsletter.
To this end, we will process your data in the following scope:
- Email address;
- First name;
- Last name.
- Administration and Management of Pages and Groups on Social Media Platforms (including Facebook, Instagram, WhatsApp) in Cases of Data Processing on Social Media, Including Communication with You and Directing Marketing Content to You.
This data will be processed only if you choose to like our profiles on social media or otherwise provide your data, e.g., by posting or commenting. The data will be processed for the duration of the page/group existence or until you raise an objection, which can occur by unchecking the “Like” or “Follow” option, deleting your comment/post, or by any other means provided by the platform/page, or by contacting us.
Please remember that we are the administrator of your personal data only to the extent that you engage in activities related to our profile or group. For other actions within the respective social media platform, the administrator of your personal data is the provider of that platform.
- Posting Comments
Regarding the data visible on our site when a comment is posted, this data is processed for the purpose of executing the contract, which is the service we provide that allows adding comments (Article 6(1)(b) of the GDPR).
To this end, we will process your data in the following scope:
- First name;
- Last name;
- Username;
- Other data voluntarily entered by you in the published comment.
- Provision of Access to Materials
This data will be processed to fulfill our agreement, the subject of which is to ensure you access to the Materials (Article 6(1)(b) of the GDPR). Your data will be processed for the duration of the contract regarding the Materials, for its conclusion and execution (Article 6(1)(b) of the GDPR), as well as for the duration of the limitation period for claims related to this contract (2 years from the end of the year in which your access to the Materials ended) (Article 6(1)(f) of the GDPR).
To this end, we will process your data in the following scope:
- First and last name;
- Email address;
- Username;
- Payment information (including bank account number);
- Any other personal data voluntarily entered by you on the Platform.
- Establishment, Defense, and Enforcement of Claims
Data will be processed for the limitation period for claims based on the legitimate interest of the Administrator to defend against claims, as well as to establish and pursue claims (Article 6(1)(f) of the GDPR).
To whom may we transfer your data?
We only share your data with other entities when it is necessary. If necessary, your data may be transferred to entities with which we collaborate to achieve our goals: hosting companies, IT companies/data management providers, accounting service providers, newsletter service providers, cloud service providers, subcontractors, platforms facilitating the scheduling of meetings and online events, customer management software providers, entities collaborating in the execution of the contract, and other entities supporting us in the achievement of processing goals.
In some cases, we may transfer personal data to countries outside the European Economic Area. In the event of a necessary transfer, it will be based on standard contractual clauses accepted by the data recipient or, if applicable, the Data Privacy Framework (executive decision of the Commission specifying the principles for transferring personal data to the USA).
We do not plan to transfer personal data to countries other than the USA. Data recipients may only be entities that have been verified for implementing safeguards ensuring the security and integrity of the processed personal data. Furthermore, data recipients, namely LearnWorlds (CY) Ltd., Zoom Video Communications, Inc., Google LLC, and GetResponse Inc., have self-certified and are included on the list of entities participating in the Data Privacy Framework.
What rights do you have?
In connection with the GDPR, you have the right to:
- Access your personal data;
- Rectify your personal data;
- Delete your personal data;
- Restrict the processing of your personal data;
- Object to the processing of your personal data;
- Transfer your personal data; withdraw consent; withdrawing consent does not affect the lawfulness of processing carried out before its withdrawal.
If you believe that your personal data is being processed unlawfully, you have the right to lodge a complaint with the President of the Personal Data Protection Office. However, we encourage you to contact us first to clarify any doubts.
You can exercise your rights by contacting us via email at hello@healinginstitute.eu or by sending a regular letter to our correspondence address.
Applied security measures.
We implement advanced security measures aimed at ensuring the safety and integrity of personal data that we process in our ongoing activities. We use IT security measures (appropriate workstation security, antivirus and firewall implementation), organizational measures (authorization systems, binding data protection policies, procedures for selecting trusted processors), and physical measures (appropriate security for the data processing area).
The applied security measures are regularly verified for their proper implementation and effectiveness. If it is determined that the measures in place are insufficient, we implement new solutions to ensure adequate security of the data we process.
Cookie Policy.
This website uses cookies. We use cookies to personalize content and advertisements, to provide social media features, and to analyze traffic on our site. Information about how you use our website is shared with our social media, advertising, and analytics partners. Partners may combine this information with other data received from you or obtained during your use of their services.
Cookies are small text files that may be used by websites to enable users to use pages more efficiently.
The law states that we can store cookies on a user’s device if they are necessary for the functioning of this site. For all other types of cookies, we need the user’s permission.
This website uses various types of cookies. Some cookies are placed by third-party services that appear on our pages.
You can withdraw your consent at any time through the Cookie Declaration on our website.
Social media plugins.
Joint administration.
The administrator of data processed for statistics collected on the Facebook platform is the Healing Institute Foundation registered with the District Court for the City of Warsaw in Warsaw, XIV Economic Division of the National Court Register, located at ul. Szamocka 10c / 50, Warsaw 01-748, VAT ID: 5253002902, KRS: 0001104388, REGON: 528621437, Facebook Ireland Limited, located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, hereinafter referred to as the Joint Administrator, and LearnWorlds (CY) Ltd., located at Gladstonos 120, Foloune Building, 2nd Floor, B1, Limassol, 3032, Cyprus, hereinafter referred to as the Joint Administrator.
These data are processed on the basis of joint administration by the aforementioned entities. Detailed rules regarding the joint administration of data, including information about the rights you have, are described on the page “Information about page statistics.” The Administrator processes data based on the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), which involves analyzing user activity and preferences in order to improve the functionalities used and the services provided. For matters concerning personal data, you can contact both the Administrator and the Joint Administrator. Contact details for the Administrator can be found above in the privacy policy.
Effective Date: November 19, 2024