Privacy Policy

1. Introduction

Conscious Innovation Lab OÜ (“we”, “our”, or “us”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy outlines how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR).

Contact Information:
Conscious Innovation Lab OÜ
Sakala 7-2
10141 Tallinn, Estonia
Email: info@mypalmleaf.com


Data Protection Officer (DPO): Stephan Oesterreicher
Email: info@mypalmleaf.com

2. Data We Collect

We collect the following personal data to provide our services:

  • Name.
  • Billing address.
  • Email address.
  • Phone number.
  • Payment details.
  • Thumbprint (for locating your palm leaf).
  • Gender and country of birth (for locating your palm leaf).

3. Purpose of Data Processing

We process your personal data for the following purposes:

  • Order Fulfillment: To process and deliver orders made via our website.
  • Finding Your Palm Leaf: Thumbprints, gender, and country of birth are collected solely to locate your specific palm leaf.
  • Newsletters: To send newsletters and updates (only with your consent).
  • Analytics and Website Improvement: To improve the website and user experience using tools like Google Analytics and Facebook Pixel.
  • Legal Compliance: To comply with applicable tax and financial regulations.

4. Legal Basis for Processing

We process your data based on the following legal grounds:

  • Consent: For newsletters and any marketing communications.
  • Contractual Necessity: To fulfill orders and deliver services.
  • Legitimate Interests: To analyze website performance and ensure its functionality.
  • Legal Obligations: For compliance with tax reporting and other legal requirements.

5. Third-Party Services

We use third-party service providers to process your data securely and efficiently, including:

  • Hosting Providers: AWS, Google Cloud, monday.com.
  • Email Marketing Tools: Mailchimp.
  • Payment Processors: PayPal, Stripe.
  • Analytics and Tracking: Google Analytics, Facebook Pixel

Each of these providers complies with GDPR and ensures data protection through appropriate safeguards.

6. International Data Transfers

To locate your palm leaf, we transfer personal data (thumbprint, gender, country of birth) without name to India. These transfers are made under Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your user experience. These include:

  • Google Analytics: For analyzing website traffic and user behavior.
  • Facebook Pixel: For personalized marketing and tracking conversions.

You can manage cookie preferences through our cookie consent banner or adjust settings in your browser.

8. Data Retention

We retain personal data for the following durations:

  • General customer data (e.g., name, email, billing address): 6 years.
  • Thumbprints (used for locating palm leaves): 4 weeks after the general reading.

Data is deleted or anonymized once it is no longer required for the purposes stated.

9. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  1. Right to Access: Request access to the personal data we hold about you.
  2. Right to Rectification: Correct inaccuracies in your data.
  3. Right to Erasure: Request the deletion of your data (“right to be forgotten”).
  4. Right to Restrict Processing: Limit the processing of your data under certain circumstances.
  5. Right to Data Portability: Receive your data in a structured, machine-readable format.
  6. Right to Object: Object to the processing of your data for legitimate interests or marketing purposes.
  7. Right to Withdraw Consent: Withdraw consent for data processing at any time.
  8. Right to Lodge a Complaint: File a complaint with your local data protection authority if you believe your rights have been violated.

To exercise any of these rights, please contact us at info@mypalmleaf.com.

10. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling tools.

11. Data Security

While we currently do not implement specific technical security measures (e.g., encryption), we make every effort to handle personal data securely and only share it with trusted third parties. We are working toward implementing more robust security measures in the near future.

12. Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal or operational requirements. Any updates will be posted on this page, and where appropriate, we will notify you directly.

Last Updated: Nov 22, 2024

Book Reading