top of page

Privacy Policy
 

I respect your privacy and am committed to protecting your personal data. This privacy policy will inform you about how I handle your personal data when you visit my website (regardless of where you visit it from) and explain your privacy rights and how the law protects you.

Purpose of this privacy policy


This privacy policy is designed to give you information on how I collect and process your personal data through your use of this website. It also covers any data you provide when you contact me or when I offer you my services.

Controller


I, Karolina Palac, am the controller and responsible for your personal data (referred to as "I," "me," or "my" in this privacy policy).

I am the appointed data protection officer overseeing all matters related to this privacy policy. My contact details are provided below.

CONTACT DETAILS


If you have any questions about this privacy policy or my privacy practices, you can contact me in the following ways:

Full name: Karolina Palac
Email address: contact@karolinapalac.com


Postal address: Grosse Neugasse 38, 1040 Wien

1 – What is Personal Data:

Personal data refers to any information that relates to an identified or identifiable natural person. This can include, for example, your contact information, browsing history, or clinical data. It does not include data where the identity has been anonymized (anonymous data).

2 – General Principles for Personal Data Processing by Karolina Palac

I adhere to the following principles when processing your personal data:

  • I will only collect personal data for specified, explicit, and legitimate purposes.

  • I will not collect more personal data than is necessary to achieve those purposes.

  • I will not use your personal data for purposes other than those for which it was collected, except as stated in this policy or with your prior consent.

  • I will not transfer your personal data to third parties, except as stated in this policy or with your prior consent.

  • I will do my best to ensure that your information is up to date by encouraging you to verify your personal data periodically.

  • I will maintain appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, and against all other unlawful forms of processing.

  • Except when stated herein, I will not store your personal data longer than necessary to fulfill the purpose for which it was collected or further processed, or as required by law.

3 – Personal Data I Collect and Process

I may collect and process the following data about you:

  • Data You Give Me:
    You may provide me with information about yourself by filling out forms on my site www.karolinapalac.com (my site) or by corresponding with me via phone, email, or other means. This includes information you provide when you register to use my site, subscribe to updates, request or receive yoga therapy consultation and yoga therapy through my site, participate in social media functions on my site, complete a survey, or report a problem with my site. The information you give me may include your name, address, email address, phone number, next of kin information, financial and credit card details, personal description, and medical history.

  • Data I Collect About You:
    Regarding each of your visits to my site, I may automatically collect the following data:

    1. Technical Data:
      This may include your Internet Protocol (IP) address used to connect your computer to the Internet, login information, browser type and version, time zone settings, browser plug-in types and versions, operating system, and platform.

    2. Behavioral Information:
      I may collect data about your behavior via the use of cookies and similar technologies (such as pixels, tags, and other identifiers) to remember your preferences, understand how my website and app(s) are used, and tailor my marketing offerings. This includes data about your visit, such as the full Uniform Resource Locators (URL) clickstream to, through, and from my site (including date and time); pages you viewed or searches you conducted; page response times; download errors; length of visits to specific pages; interactions with pages (e.g., scrolling, clicks, and mouse-overs); and methods used to navigate away from a page. Additionally, this includes any phone number used to contact my customer service.

  • Data I Receive from Other Sources:
    I may receive data about you from third parties I work closely with, such as medical practitioners, business partners, sub-contractors in technical, payment, and delivery services, analytics providers, and search information providers.

4 – How I Use Your Personal Data

I use the data held about you in the following ways:

Data You Give to Me:
I will use this data:

  • To carry out obligations arising from contracts between us, such as providing yoga therapy consultations and yoga therapy.

  • To provide you with information about other services I offer that are similar to those you've already received or inquired about.

  • To provide you with information about goods or services I believe may interest you. If you are an existing client, I will only contact you via electronic means (email or SMS) with information about services similar to those you have previously received or inquired about.

  • To notify you about changes to my services.

  • To improve my website, products/services, marketing, customer relationships, and experiences.

  • To ensure that content from my site is presented effectively for you and your computer.


Data I Collect About You:
I will use this data:

  • To administer my site and for internal operations including troubleshooting, data analysis, testing, research, statistical and survey purposes.

  • To perform contracts with you, e.g., to contact you about an appointment or collect payment.

  • For legitimate interests such as improving my services.

  • To comply with a legal obligation.

  • To improve my site and ensure content is presented effectively for you and your computer.

  • To allow you to participate in interactive features of my service when you choose to do so.

  • To keep my site safe and secure.

  • To measure the effectiveness of marketing and deliver relevant marketing.

  • To make suggestions and recommendations to you and other users about goods or services that may interest you.

Data I Receive from Other Sources:


I may combine this data with data you provide to me and data I collect about you. I will use this combined data for the purposes outlined above.

 

5 – Where I Store and Process Your Personal Data

As a general principle, your personal data is stored and processed within the European Economic Area (EEA). However, it may also be processed by staff operating outside the EEA who work for me or one of my suppliers. Such staff may be involved in processing your payment details, among other things. By submitting your personal data, you consent to this transfer, storage, or processing. In the event that your personal data is transferred to third countries (outside the EEA), I ensure compliance with applicable legislation and regulations concerning such transfers and will implement relevant legal and security safeguards before proceeding with the transfer.

All information you provide to me is stored on secure servers. Any payment transactions will be encrypted. If I provide you with a password to access certain areas of my site, you are responsible for keeping this password confidential, and I request that you do not share it with anyone else.

Please note that the transmission of information over the internet is not completely secure. While I will do my best to protect your personal data, I cannot guarantee the security of data transmitted to my site. Any transmission is at your own risk. Once I receive your information, I will use strict procedures and security features to try to prevent unauthorized access.

 

6 – Data Security

I have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorized way, altered, or disclosed. In addition, I limit access to your personal data to employees, agents, contractors, and other third parties who need it for business purposes. These individuals will only process your personal data in accordance with my instructions and are bound by confidentiality agreements.

I have also established procedures to deal with any suspected data breaches. If a breach occurs, I will notify you and any relevant regulator as required by law.

7 – My Disclosure of Your Personal Data to Third Parties

As a general principle, I collect and process data to facilitate or improve the services or offerings I provide. I do not sell your personal data or share it with third parties, except to the extent stated in this privacy policy.

I may disclose your personal data to third parties to the extent required by law, court order, or a decision rendered by a competent public authority, as well as for law enforcement purposes. Additionally, I may share your personal data with the following third parties:

  • Third-party vendors that perform services on my behalf, including billing, sales, marketing, IT support, advertising, analytics, research, customer service, data storage (including cloud storage), customer diary software validation, security, fraud prevention, payment processing, and legal services. These vendors have access to your personal data only to perform these services but are prohibited from using your data for any other purposes.

  • Third parties in the event of any merger, sale, joint venture, assignment, transfer, or other disposition of all or part of my business assets or stock (including, without limitation, in connection with bankruptcy or similar proceedings).

  • Other third parties only with your explicit consent.

When I disclose your personal data to a third party, I take all reasonable steps to ensure that these third parties are bound by confidentiality and privacy obligations to protect your personal data. This disclosure is made in compliance with legal requirements, and I enter into data processing agreements with the relevant third parties to ensure that your personal data is only processed in accordance with my instructions, applicable laws, and for the purposes specified by me. I also ensure that adequate security measures are in place to protect your data.

I will seek your explicit opt-in consent before sharing your personal data with any third party for marketing purposes.

8. Change of Purpose

I will only use your personal data for the purposes for which it was originally collected. If I determine that I need to use your data for another reason, I will ensure that the new purpose is compatible with the original one. If you would like clarification on how the new purpose aligns with the original one, please feel free to contact me.

If I need to use your personal data for a completely unrelated purpose, I will notify you and provide a clear explanation of the legal grounds that allow me to do so.

Please note that, in some cases, I may process your personal data without your prior knowledge or consent, if this is required or permitted by law.

9. Retention of Your Personal Data

I will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. The length of time I keep your data depends on the specific reasons for its collection and use.

Personal data related to the services I provide will generally be kept for a period of seven (7) years from the date of the last service provided. However, in some cases, I may retain your data for longer if it is required for legitimate purposes, such as:

  • Offering you personalized benefits or direct marketing (with your consent), or

  • Defending or pursuing legal claims, where retaining the data is necessary for legal reasons.

In certain cases, I may anonymize your personal data (so that it can no longer be linked to you) for research or statistical purposes. Once anonymized, this data may be used indefinitely, and you will not be further notified.

10. Cookies
I use cookies and similar technologies, including pixels, tags, and other identifiers, to enhance your experience on my website(s) and app(s). These technologies help me remember your preferences, understand how my website(s) and app(s) are used, and customize my marketing offerings.

What Are Cookies?
A cookie is a small text file placed on your computer or mobile device when you visit a website. Cookies allow me to:

  • Recognize your device.

  • Store your preferences and settings.

  • Track the pages you’ve visited on www.karolinapalac.com.

  • Improve your user experience by delivering tailored content and measuring the effectiveness of advertising.

  • Perform website analytics and research.

  • Enhance security and assist with administrative functions.

Some cookies are stored in your browser cache, while those related to Flash technologies are saved in your Adobe Flash Player files.

What Are Pixels?
Pixels are tiny electronic tags embedded in websites, online ads, or emails. They are used to:

  • Collect data on website usage, such as ad impressions, clicks, and email open rates.

  • Measure the popularity of specific ads or content.

  • Access user cookies for more personalized functionality.

Managing Cookies and Other Technologies


As I continue to adopt new technologies, I may collect information through other methods as well. You can adjust your settings to receive notifications when a cookie is being set or updated, or to block cookies altogether.

To manage cookies in your browser, consult the “Help” section of your browser for specific instructions. If you want to manage Flash technologies (including Flash cookies and local storage), you can use Adobe’s Flash management tools available on their website.

Please be aware that if you choose to block, disable, or manage cookies, you may not be able to access certain features or offerings on my website(s) or app(s). For example, to complete a purchase or access specific services, you may need to accept cookies from my site(s).

 

YOUR RIGHTS


You have the following rights regarding your personal data:

Request Access: You have the right to request a copy of the personal data I hold about you. This is known as a "data subject access request." It allows you to check that your data is being processed lawfully.

Request Correction: You can request that I correct any inaccurate or incomplete personal data I hold about you. I may need to verify the accuracy of the new data you provide.

Request Erasure: You can ask me to delete or remove your personal data when there is no valid reason for me to continue processing it. You also have the right to request erasure if:

  • You have successfully exercised your right to object to processing (see below),

  • Your data has been processed unlawfully, or

  • I am required to erase your data to comply with the law.

However, there may be specific legal reasons why I cannot comply with your request, and I will inform you of these reasons if applicable.

Object to Processing: You can object to the processing of your personal data when I am relying on legitimate interests (or those of a third party), and you feel that processing impacts your rights and freedoms. You also have the right to object when your personal data is processed for direct marketing purposes. In some cases, I may demonstrate that I have compelling legitimate grounds to continue processing your data, which override your rights and freedoms.

Request Restriction of Processing: You can ask me to suspend the processing of your personal data in the following cases:

  • If you want me to confirm the data’s accuracy,

  • If the data is being processed unlawfully but you don’t want it erased,

  • If you need the data for legal claims, even if I no longer require it,

  • If you have objected to the processing, but I need to verify whether I have overriding legitimate grounds to use it.

Request Data Transfer: You have the right to request the transfer of your personal data to you or a third party in a structured, commonly used, machine-readable format. This applies only to automated data that you provided consent for or data that is necessary to perform a contract with you.

Withdraw Consent: If I rely on your consent to process your data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of processing before you withdrew consent. Please note that withdrawing consent may impact your ability to access certain products or services, and I will inform you of this at the time of withdrawal.

No Fee Required


You will not be charged for accessing your personal data or exercising any of your other rights. However, I may charge a reasonable fee if your request is unfounded, repetitive, or excessive. Alternatively, I may refuse to comply with your request in these cases.

What I May Need From You


To process your request, I may need specific information to confirm your identity and ensure I’m providing your data to the right person. This is a security measure to protect your personal data. I may also contact you for further information to expedite the process.

Time Limit to Respond
I aim to respond to all legitimate requests within one month. If your request is particularly complex or you’ve made several requests, it may take longer. In such cases, I will notify you and keep you updated.

Updating and Deleting Your Personal Data
I encourage you to update your personal data with me whenever there are changes. You have the right to delete your data from my records, unless I am required to retain it by law.

You also have the right to object to the processing of your personal data for direct marketing purposes. You can unsubscribe from marketing communications by clicking the "unsubscribe" link at the bottom of any marketing email you receive from me.

 

MISCELLANEOUS


Third-Party Websites, Plug-ins, and Services
My website(s) and app(s) may contain links to third-party websites, plug-ins, or services (such as social media login options). If you choose to interact with these third parties, you may disclose your personal information to them. I am not responsible for the content or practices of these third parties. Their collection, use, and disclosure of your personal data will be subject to their own privacy policies, which you should review.

Use by Children
My services are not intended for children under the age of sixteen (16). If I learn that a child under this age has provided personal data, I will take steps to delete it. Minors must obtain express consent from a parent or guardian before providing any personal data. If you are a parent or guardian and discover that your child has provided personal data to me, please contact me so I can delete it.

Changes to My Privacy Policy
I may update this Privacy Policy periodically to reflect changes in my services, legal obligations, or to address customer feedback. Please review it regularly.

If I make significant changes, I will notify you either by posting a notice on my website or by sending you a direct notification.

Effective as of 01/03/2025

bottom of page