Zolvarenphitghun

Document reference ·

Privacy Policy

This extended policy explains how personal data is collected, why it is processed, how long it is stored, which safeguards apply, and how you can exercise statutory rights. The site publishes general educational material about sleep routines and focus planning; this document is independent from that editorial content.

  • Transparency
  • Lawful bases
  • Retention
  • Your rights

Overview and scope

This policy applies to visitors of https://zolvarenphitghun.world, recipients of email correspondence initiated through our contact channels, and clients who purchase consulting time, educational downloads, or structured programs. The operator is an educational business, not a healthcare provider; we do not collect protected health information through this public website by design.

It does not govern third-party platforms that we may link to for payment processing unless those platforms act strictly as processors on documented instructions.

We describe processing in plain language while aligning headings with concepts used in the EU General Data Protection Regulation (GDPR), the UK GDPR, the Data Protection Act 2018, and United States state privacy statutes including the California Consumer Privacy Act (CCPA) as amended by the CPRA. Where regional law grants stronger protections, those protections prevail.

Plain summary. We collect only what we need to operate a small educational studio, reply to messages, deliver paid services, and—if you consent—measure anonymous traffic. We do not sell personal information, and we do not use your health data because we do not collect clinical records through this website.

Categories of personal data

The table below is a structured overview. Additional narrative detail follows in the next sections.

Category Examples Source
Identity and contact Name, email address, phone number if you provide it You
Correspondence Free-text messages, scheduling notes, attachments you send You
Transaction Purchase references, invoices, delivery confirmations You and payment processors
Technical IP address, user agent, approximate location derived at region level Your device and our hosting logs
Cookie preferences Stored consent decisions for optional analytics or marketing tags Your browser storage
Contact form submissions Fields include name, email, message body, and a record that you ticked the privacy consent checkbox. We do not require sensitive categories of data; please avoid sending medical documents through the form.
Consulting clients If you purchase sessions, we retain scheduling emails, calendar invitations, and internal notes that describe agreed objectives. Notes are operational, not diagnostic, and you may request export or deletion subject to legal retention duties.

Purposes and lawful bases

Under GDPR Article 6, we rely on different lawful bases depending on context. Where consent is required—for example, non-essential cookies—we obtain it through the cookie interface and you may withdraw it without affecting the lawfulness of earlier processing.

  • Contract performance. Delivering purchased guides, honoring session bookings, and sending transactional receipts.
  • Legitimate interests. Operating secure infrastructure, detecting fraud, understanding aggregate readership of informational articles, and improving navigation flows, balanced against your rights.
  • Legal obligation. Retaining accounting records, responding to lawful requests from public authorities, and cooperating with courts when necessary.
  • Consent. Optional analytics, marketing measurement, or advertising-related tags when permitted, including measurement that may support compliant online advertising in the United States; newsletters if we introduce them; and any feature that falls outside strict necessity.

Storage periods

Retention follows a tiered schedule so data is not kept indefinitely. Marketing contact lists, if created, refresh on a documented cycle with explicit unsubscribe mechanisms.

  1. General inquiries that do not become clients: up to twenty-four months in the primary mailbox, then deletion or anonymization unless litigation is pending.
  2. Client project files: duration of the engagement plus seven years where tax law requires invoice preservation, unless a shorter period is mandated.
  3. Server logs: rolling thirty to ninety days unless extended for a documented security investigation.
  4. Cookie consent logs: twelve months from the last interaction with the banner, then refreshed.

Recipients and international transfers

We engage subprocessors for hosting, email delivery, analytics (when enabled), and payment capture. Agreements include confidentiality clauses and, where GDPR applies, Standard Contractual Clauses or equivalent mechanisms. A current list of categories is available on request; commercial contract terms may restrict public naming of specific vendors.

Because the studio is located in the United States, data you submit may be processed in the United States or in other regions where our providers maintain data centers. We assess jurisdiction and supplementary measures before onboarding new tools.

Security measures

Controls include encrypted transport (HTTPS), role-based access to administrative interfaces, unique credentials, separation of production and staging environments, and periodic review of vendor security documentation. Employees and contractors with access sign confidentiality commitments.

Incident reporting. If you believe an unauthorized disclosure involving your data occurred, email us promptly with the subject line “Security Notice” so we can investigate and, where required, notify regulators and affected individuals.

Your rights

Depending on applicable law, you may have the right to access, rectify, erase, restrict processing, object, port data, or withdraw consent. California residents may request disclosure of categories and specific pieces of personal information collected, and may opt out of certain sharing (we do not sell personal information). Colorado, Virginia, and other US states grant analogous rights with local variations.

  • Step 1 — Request. Email the controller address from an account you control and describe the right you wish to exercise.
  • Step 2 — Verification. We confirm identity proportionately to the risk of the request; excessive or repetitive requests may incur a reasonable fee where permitted.
  • Step 3 — Response. We answer within thirty days where GDPR applies, or within the timeframe required by your state statute, and explain any extension.

EU and UK residents may lodge a complaint with a supervisory authority. We nevertheless encourage you to contact us first so we can resolve issues cooperatively.

Cookies and local storage

Strictly necessary cookies support security and remember your cookie choices. Optional analytics or marketing cookies load only after you opt in through the banner or granular settings. Technical details appear in the Cookie Policy, including the localStorage key tdde_cookie_prefs_v1 used to store aggregated consent flags on your device.

Automated decision-making

We do not perform automated profiling that produces legal or similarly significant effects. If that changes, we will update this policy, provide meaningful information about the logic involved, and obtain consent where required.

Children

Services are directed to adults. We do not knowingly collect personal information from children under sixteen. If you believe a minor submitted data, contact us for prompt deletion.

Changes to this policy

We revise this document when processing activities, vendors, or legal requirements change. Material updates will be highlighted in the hero reference date on this page and, when practical, summarized near the contact form or blog index.

Contact

For privacy questions or rights requests: mailuse@zolvarenphitghun.world. Postal correspondence may be sent to the controller address listed in the hero panel.