SUSAN OUBARI, an independent contractor registered under number 512 768 672, having her registered office at 1 Rue de l'Université, 75007, Paris, France, is committed to protecting the personal data of the users (hereinafter the "User" or “Users”) of her website (hereinafter the "Website").

The User may be asked to provide personal data while browsing the Website and using the services offered by SUSAN OUBARI, who undertakes, in her capacity as data Controller, to protect the data collected and processed on the Website in accordance with the applicable laws and particularly with Regulation (EU) 2016/679 of 27 April 2016, known as the "General Data Protection Regulation" or "GDPR", and French Law 78-17 of 6 January 1978, known as the "Data Protection Act" as amended (hereinafter the "Applicable Regulations"). 

The present document constitutes the personal data protection policy implemented by SUSAN OUBARI and its purpose is to provide information on the commitments and practical measures taken to ensure the safety and protection of such personal data (hereinafter the "Policy").

For any questions, you can contact SUSAN OUBARI :

- By email at susan@susanoubari.com
- By post at Susan Oubari, 1 rue de l'Université, 75007 Paris, FRANCE

1. Definitions

The terms and expressions used in this Policy shall have the meanings ascribed to them in the Applicable Regulations, whether used in singular or plural form:

- Personal Data: means any information relating to a natural person who is directly or indirectly identified or identifiable.
- Data Subject: means an identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural, or social identity.
- Controller: means the natural or legal person, public authority, agency, or any other body which, alone or jointly with others, determines the purposes and means of the Processing.
- Processor: means the natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Controller.
- Processing: means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Any terms and expressions not defined in this article and beginning with a capital letter shall have the meaning ascribed to them in SUSAN OUBARI’s General Terms and Conditions (hereinafter the "GTC"). 

2. Personal Data collected and purpose of the Processing 

SUSAN OUBARI may have to process the following Personal Data as a result of the User's consent (Article 6.1.a GDPR), for the purposes of her business and the performance of a contract (Article 6.1.b GDPR), to comply with a legal or regulatory obligation (Article 6.1.c GDPR), or for the purposes of legitimate interests (art 6.1.f GDPR):

- To create the client record (new client form)

• Identifying data (last name, first name, age, mailing address, Instagram account)

• Contact information (email address, emergency contact information)

• Information on the level and sensitivity of the Data Subject

• The Data Subject’s Goals

• Handwritten signature

- To book a private session

• Identifying data (last name, first name)

• Contact information (phone number, email address)

• Preferences as to the location of the session

• Link to the new client form, if applicable 

- To book a group class

• Identifying data (last name, first name, age, Instagram account)

• Contact information (phone number, email address)

• Source of recommendation

• Date and location of previous classes with SUSAN OUBARI, if applicable

• City and country of residence

• French language comprehension

- To register for a training course (application form)

• Identifying data (last name, first name, date of birth, age, mailing address, Instagram account, occupation)

• Contact information (phone number, email address, emergency contact information)

• French language comprehension

• Physical or emotional contraindications to training

• Source of recommendation

• Details on Breathwork experience and practice

• Motivations, fears, and expectations of the Data Subject with respect to their participation in the training

• Description of experience with Reiki, meditation, personal coaching, and any other personal development method, if applicable

• One-year projection of the Data Subject

• Free-format text 

- To purchase replays of sessions offered by SUSAN OUBARI

• Identifying data (first and last name, age, Instagram account)

• Contact information (email address, phone number)

• Source of recommendation

• Date and location of previous classes with SUSAN OUBARI, if applicable

• City and country of residence

• Preferred language for contact (English or French)

The above information is required for any reservation and participation in classes and training courses provided by SUSAN OUBARI. If the User does not wish to provide such information, it may not be for them possible to access to the Products and Services or the functionalities of the Website.

In addition, the forms contain a special section allowing the User to opt to subscribe to the Website's newsletter. The User can unsubscribe from the newsletter at any time. 

- To contact the User (contact section)

• Identifying data (first and last name, age, Instagram account)

• Contact information (email address, phone number)

• Country of residence

• Source of recommendations

• Subject of contact

• Free-format text

- To publish testimonials on the Website

• Identifying information (first and last name)

• Occupation 

• Free-format text

• Photo

- To compile Website performance statistics 

• Browsing and connection data

• IP address

Each form limits the collection of Personal Data to the information that is strictly necessary and indicates by means of an asterisk whether the answers are optional or mandatory.

The information given by the User must be accurate and current. The User is invited to inform SUSAN OUBARI when the Personal Data needs to be updated.

3. Retention period

SUSAN OUBARI shall keep the User’s Personal Data only as long as necessary for the operations for which it was collected and in compliance with the Applicable Regulations. 

Personal Data relating to the management of the User's account and to the transactions carried out on the Website shall be kept for the time required for the proper management of the contractual relationship, then archived for two (2) years, except for billing data which shall be kept for the legal retention period of ten (10) years.

Personal Data relating to transactions carried out through the online payment module available on the Website shall not be collected or processed by SUSAN OUBARI.

SUSAN OUBARI uses third-party payment service providers whose privacy policies are available at the following links: https://stripe.com/en-ca/privacy and https://fastspring.com/privacy.

4. Recipients

In the context of a strict confidentiality and access management policy, only recipients who have been duly authorized by SUSAN OUBARI are allowed access to the information provided by the User.

- In-house recipients

The Personal Data collected may be used by members of SUSAN OUBARI’s virtual team.

- Outside Processors and service providers

The Personal Data collected can also be sent to Processors and service providers of SUSAN OUBARI, within the limits provided by the Applicable Regulations and in accordance with the present Policy, particularly to guarantee Users an optimal experience during their time spent on the Website. 

These Processors may have to process the Personal Data on behalf of SUSAN OUBARI and upon her instructions, particularly in the context of online payment, advertising, safety, or for statistical and survey purposes. 

STRIPE : Fournisseurs de solutions de paiement en ligne
FASTSPRING , STRIPE : Online payment solution providers
ACUITY SCHEDULING : Online class booking platform
WAIVER FOREVER : Online form platform
SKYPE, ZOOM : Live streaming of classes and webinar
SQUARESPACE : Website developer
MAILCHIMP : Emailing management

- Third parties authorized by law, such as judicial or administrative authorities

- Anonymized transmission

SUSAN OUBARI may share anonymized or aggregated data with third parties other than those identified, for statistical purposes, and such third parties shall not be able to identify the Data Subject in any way. 

5. Transfer and hosting your personal data

In order to deliver and guarantee an optimal quality of service on the Website, SUSAN OUBARI may have to transfer Personal Data outside the territory of the European Union.

In such a case, SUSAN OUBARI guarantees that such transfers shall be made to States that benefit from an adequacy decision adopted by the European Commission and have shown they provide an adequate level of protection within the meaning of article 45 of the GDPR.

In the absence of an adequacy decision, SUSAN OUBARI may transfer Personal Data outside the European Union to Processors under the conditions set forth in Article 46 of the GDPR, particularly through the development of standard contractual clauses approved by the European Commission. 

6. Security mesures implemented

SUSAN OUBARI undertakes to ensure the security and integrity of the User's Personal Data. 

For this purpose, SUSAN OUBARI has implemented and maintains technical and organizational measures for the security of the Website and its information system that are tailored to the nature of the Personal Data and the risks involved in their treatment.

These measures are designed:

- To protect the User's Personal Data from destruction, loss, alteration, and disclosure to unauthorized third parties,

- To ensure that, in the event of a physical or technical incident, the User's Personal Data is returned to being available and accessible in a timely fashion.

7. User’s rights

In accordance with the Applicable Regulations, the User may exercise at any time the right of access, rectification, portability, and erasure of their Personal Data, as well as the right to restrict or object to Processing, by contacting SUSAN OUBARI at the following email address: susan@susanoubari.com.

The User also has the right to bring the matter before any competent supervisory authority, such as CNIL, if they consider that the Processing of their Personal Data violates the requirements of the Applicable Regulations.

Before providing the requested data, SUSAN OUBARI reserves the possibility of asking the User for certain information, particularly the User’s full name, email address, telephone number, proof of identity, specifics of the request.

SUSAN OUBARI is required to reply to the User within at most thirty (30) days, except if a large number of requests are made simultaneously, or when the search for information requires additional time.

8. Cookie Management

A cookie is a text file that may be stored on an Internet user’s computer, tablet, or smartphone upon visiting and using a website. 

The storage of cookies on an Internet user’s terminal may or may not require prior consent.

Cookies that are strictly necessary for the Website to function properly do not require prior consent.

The following are examples of cookies that require a consent request:

- Cookies relating to advertising-related operations

- Social network cookies generated by share buttons

- Some audience measurement cookies

Using the "Customize cookies" tab on the Website's cookies banner, the User can block the placement of certain cookies and will be informed that some of the Website’s features will be altered or no longer accessible. 

The User is informed that it is possible to deactivate and/or delete cookies from the terminal by managing the browser settings.

9. Modification of the Policy

This Policy may be modified based on the evolution of our services and the Website, as well as to comply with changes in the law, case law, and CNIL’s decisions and recommendations, or to adapt to changes in business practices.

The applicable version of the Privacy Policy is the one that applies on the date on which the User’s uses the Website and the services more generally.