Privacy policy

The goal of this privacy policy is to give you information on how kimgajraj.com and the company Kim Gajraj AB collect and process your personal data through use of this website and attendance to any of my online or in-person events. 

This website is not intended for children and I do not knowingly collect data from any person under 18 years old. 

Controller

Kim Gajraj AB is the controller and responsible for your personal data. 

Contact details

Full name of legal entity: Kim Gajraj AB
Email address: kim@kimgajraj.com
Postal address: Trollesundsvägen 26B, 124 32 Bandhagen, Sweden

Complaints

You have the right to make a complaint at any time to the Swedish Data Protection Authority (SDPO), Sweden’s supervisory authority for data protection issues (www.datainspektionen.se)

I would, however, like to have the chance to deal with your concerns before you approach the SDPO, so I would appreciate it if you contact me first. 

Your duty to inform of changes

It is important that the personal data I hold about you is accurate and up to date. Please inform me of any changes to your personal information. 

Third-party links

This website may contain links to third-party websites, plug-ins and apps. If you click on those links, you may allow third parties to collect or share data about you. I do not control these third-party sites and am not responsible for their privacy statements. If you click on an external link and leave my website, you are encouraged to check the privacy policy of the site you visit.

What data do I collect about you?

Personal data, or personal information, means any information about a person from which that person can be identified. It does not include anonymous data. I may collect, use, store and transfer different kinds of personal data about you. I only do this to be able to run my business and get my offerings to you. I will never seek to make a profit or get any other benefit to me or my company from using your personal data outside of the necessary usage to operate my business in the way that you have consented to. 

Different kinds of personal data I may collect about you are:

• Identity data: first name, last name, gender and country of residence

• Contact data: the billing address and email address

• Financial data: billing address, email address and payment card (stored by my third-party payment provider)

• Technical data: IP address, login data, browser type and version, operating system and platform, and other technology to the devices you use to access the website. May include time zone and location, browser plug-in types and versions

• Profile data: username, password and other membership information, e.g. the date you became a paying member, date when membership status was updated, your interested, preferences and feedback and survey responses. 

• Usage data: information about how you use my website and services

• Marketing and communications data: your preferences in receiving marketing from me

• Health data: your age, information on health conditions you suffer from that may affect whether or not voice work is right for you.

If you share any personal information about your physical or mental health or your personal development journey, it is understood that you have consented to do this. I do not filter comments or posts on my website or any of my social media channels, so remember that anything you share publicly can be processed and used by third parties. You can always delete anything you regret posting. Contact me at kim@kimgajraj.com if you are having trouble doing this. 

I may also collect, use, and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, I may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if I combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, I will treat the combined data as personal data, which will only be processed in accordance with this privacy policy.

What if you fail to provide personal data?

In some cases, if you don’t provide me with the personal information I need, I may not be able to carry out the service or membership contract I’m trying to enter with you. In this case, you would need to cancel your online membership or your spot on my course or retreat. 

How is your personal data collected?

These are the different ways I might collect data from you:

• Direct interactions. I will receive personal data from you when you enter information into any form or survey on my site, including:

  1. Membership signup;

  2. Sign-up and intake questionnaire for programs, courses, retreats and other events;

  3. Sign-up to my email list

  4. Sign-up to the free 2-week challenge

  5. Competition entrance or in-house surveys

  6. Any way that you give me feedback or contact me
     
     

• Automated technologies or interactions: As you interact with the site, I may automatically collect Technical Data about your equipment, browsing actions and patterns. I may collect this information using cookies, server logs and other similar technologies.
  
  

• Third-parties or publicly available sources. I may also receive technical data about you from various third parties, including:

  1. Website database and hosting from Squarespace, which is based outside the EEA;

  2. Analytics data from Google, which is based outside the EEA;

  3. Survey tools from SurveyMonkey, which is based outside the EEA;

  4. Search engine information from  Google, which is based outside the EEA;

  5. Technical support services from Zendesk, which is based outside the EEA;

  6. Ticket issuing services from Ticket Tailor, which is based outside the EEA;

  7. Scheduling and ticketing services from Acuity Scheduling, which is based outside the EEA; 

  8. Business and editorial organisation services from Trello, which is based outside the EEA

  9. Scheduling services from Calendly, which is based outside the EEA.

  10. Invoicing servicing from Billogram, which is based inside the EEA (Sweden).

  11. Contract sign and send services from Adobe, which is based ouside the EEA.
      
      I may also receive contact data and financial data from provider of technical, payment and delivery services Stripe, which is based outside the EEA.
      
      

How and why I use your personal data

I will only use your personal data when the law allows me to. Usually, I will use your personal data for the following reasons:

• Where I need to perform the membership contract I am about to or have entered into with you.

• Where I need to contact you about a course or retreat you have signed up for or are thinking about signing up for.

• Where I need to assess whether there are any contraindications to you using any of my services.

• Where I need to comply with a legal obligation.

• Where it is necessary for my legitimate interests (or those of a third party) and your fundamental rights and interests do not override those interests.

My marketing practices

I want to make sure you have a choice around how and when I market my services to you. The information below will help you decide what’s right for you:

Promotional offers from me

I may use your identity, contact, usage, profile, marketing and communications data to form a view on what I think you might want or what might be of interest to you. This is how I decide what services and offers are relevant to you, and is known as marketing. Unless you opt out, you will receive marketing information from me if you have requested any information from me, purchased a service from me or signed up to my email list or free 2-week challenge. 

Third-party marketing

I will never sell your personal details to third parties. Some third party platforms do assist me with my marketing, but they are not permitted to use your personal information in any way other than helping me to provide you with a better service. 

Opting out

You can opt out of receiving marketing at any time by clicking the unsubscribe link at the bottom of any email. 

Cookies

Cookies are files with small amounts of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer's hard drive.

Like with many sites, I use "cookies" to collect information. You can set your browser to refuse all cookies or notify you when websites set or access cookies. If you do this, parts of the kimgajraj.com website may become inaccessible or not work properly. 

Change of purpose

I will only use your personal data for the purposes it was collected for. If I reasonably consider I need to use it for another reason, and that reason is compatible with the original purpose, I will do so. If you want an explanation of why I think the new purpose is compatible with the original purpose, please email kim@kimgajraj.com.

If I need to use your personal data for an unrelated purpose, I will notify you to ask for your consent or to explain the legal basis that allows me to do so without it. 

Please note that I may process your personal data without your knowledge or consent, where I am required to do this by law. 

Disclosures of your personal data

I may need to use third parties to help me provide services to you. Although I strive to ensure that any access to your personal data by those parties is blocked, I may not always be able to do so, and where this is the case, I may not be able to block access to your data without affecting the services I need to deliver to you. These third parties are listed below.

External third parties such as Google, SquareSpace, SurveyMonkey, TicketTailor, Mailchimp, Stripe, Trello, Acuity Scheduling and Zendesk, all of which are based outside the EEA. 

I may also delegate parts of my processes to trusted collaborators, in order to ensure the website and service functionality. Such collaborators may access databases or personal information, in coherence with their roles in the workflow.

I require all third parties to respect the security of your personal data and to treat it in accordance with the law. I do not allow third-party providers to use your data for their own purposes and only permit them to process your data for specific purposes in the ways I have instructed them to. 

International transfers

My external parties are based outside the EEA, so processing your data will involve sending it outside of the EEA. When I do this, I will make sure it is protected in at least one of the following ways:

• I will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. You can read more about this here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
  
  

• With certain service providers, I may use specific contracts approved by the European Commission that are designed to make sure your personal information has the same protection as it does in Europe. More info here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

Data security

I have adequate security measures in place to prevent your personal data being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. I also only share your personal information with any agents, contractors or other other parties who really need to know it. If this happens, they will only access and process your data as per my instructions. I have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where I am legally required to do so. 

Data retention

I will only keep your personal data for as long as reasonably necessary to fulfil any purposes I collected it for, including those needed to satisfy any legal, regulatory, tax, accounting or reporting requirements. I may keep your data for a longer period in the event of a complaint or if I reasonably feel there is a possibility of litigation with respect to my relationship with you. 

To consider how long to keep your data, I consider the amount, nature and sensitivity of the personal data, the potential risk of harm for unauthorised use or disclosure, the purposes for processing your personal data, and whether I can achieve those purposes through other means, and the necessary legal, regulatory, tax, accounting or reporting requirements.

If you want to know details of how long I keep data for different reasons, you can contact kim@kimgajraj.com. In some circumstances you can ask me to delete your data. There is more information on this in the “legal rights” section below. I may sometimes anonymise your data and use it for statistical purposes. In this case I may use the information indefinitely without notice to you. 

Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. 

You have the right to:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party), and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information, which overrides your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

• If you want us to establish the data’s accuracy.

• Where our use of the data is unlawful, but you do not want us to erase it.

• Where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims.

• You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
  
  

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information that you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain membership services to you. We will advise you if this is the case.

No fee usually required

You will not have to pay a fee to access your personal data or exercise any of your other rights. However, I may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, I could refuse to comply with your request in these circumstances.

What I may need from you

I may need to request specific information from you to help confirm your identity and ensure your right to access your personal data (or access any of your other rights). This is a security measure to make sure I don’t disclose your information to someone who doesn’t have the right to access it. I may also contact you for more information in relation to your request as a way to speed up the response. 

Time limit to respond

I try to respond to all legitimate requests within one month. Occasionally it could take longer, if your request is particularly complex or you’ve made a large number of requests. 

Glossary of basic legal terms

Legitimate interest means the interest of my business in conducting and managing my business to enable me to give you the best service/product and the best and most secure experience. I make sure to consider and balance any potential impact on you (both positive and negative) and your rights before I process your personal data for my legitimate interests. I do not use your personal data for activities where my interests are overridden by the impact on you (unless I have your consent or are otherwise required or permitted to by law). You can obtain further information about how I assess my legitimate interests against any potential impact on you in respect of specific activities by contacting me at kim@kimgajraj.com.

Performance of contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

• Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
  
  

• Consent means your explicit affirmative action to permit the processing of your personal data.

Third parties

External third parties

• Service providers acting as processors based in the EU and US who provide IT and system administration services.
  
  

• Professional advisers acting as processors or joint controllers, including lawyers, bankers, auditors, and insurers based in the EU, UK, and the USA who provide consultancy, banking, legal, insurance, and accounting services.
  
  

• Swedish tax authorities, regulators, and other authorities acting as processors or joint controllers based in Sweden who require reporting of processing activities in certain circumstances.