Version Dated: 5 December 2021
Nid’s NidRa, Nid Ra, Nid’s Nidra, Spirit Law, NidRa Aroma and NidRa Embody are a sole proprietorship of Nadine Seymour (“We/Us”) whose registered office is unit 2, 8 Eustace Street, Manly, NSW, 2095, Australia operates the websites www.nidsnidra.com, www.spiritlaw.net and www.nidraaroma.com and provide the Services (as defined below).
“Services” means all and parts of the following:
- NidRa Embody the wellbeing live events, workshops, community, membership and recordings;
- Spirit Law and NidRa Consulting provide educational information, documentations, videos and live training sessions of foundational business, marketing and legal concepts for entrepreneurs; and
- NidRa Aroma the candles and essential oils with meditation, affirmations and ritual guidance.
We are the controller of any personal information gathered by your use of our websites and Services. Our website is a general audience website, intended for users of all ages. Where we use third parties to process your data, these parties are known as processors of your personal data. We have a contract with these third parties for the provision of these services.
A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.
A data ‘processor’ means the individual or organisation which processes personal data on behalf of the controller.
The Purpose of this Policy
In the course of providing you with our services we will collect and process information that is commonly known as Personal Data. This includes when you may share personal data in contact with us via our website, online forms, email, social media accounts, the telephone, when writing to us directly, in person, or where we provide you with paper based forms for completion or we complete a form with you.
Your personal data is protected by law and we want you to know your individual rights, which include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.
We provide this Policy to help you understand:
- what kind of information we collect in connection with our services,
- the purposes for which we use the information,
- how we may share this information, and
- what we do to retain and safeguard your Personal Data.
The laws applied to this Policy
We have also identified that we have clients across many countries and seek to provide a high standard to care and protect your personal data and privacy. Australia is identified as the named territory where the processing of personal data takes place.
We adopted and aim to comply with the following laws Privacy Act 1988 (Cth, Australia) and the Australian Privacy Principles (APPs); the Personal Data Protection and Electronic Documents Act, SC 2000, c5 (federal, Canada); the Personal Data Protection Act (Alberta, Canada); the Personal Data Protection Act (British Columbia, Canada); all applicable United States federal and state privacy laws, including, but not limited to, the California Online Privacy Protection Act (CalOPPA), Early Learning Personal Data Protection Act (ELPIPA); the General Data Protection Regulations (EU) or (“GDPR”); the Data Protection Act 2018 (UK); Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais) (Law No. 13,709/2018) ("LGPD"), any other applicable privacy legislation (collectively the “Data Acts”).
The Data Acts govern the way that we collect, use, disclose, store, secure and dispose of your Personal Data.
What is ‘Personal Data’?
Personal Data is information or an opinion that identifies a natural person. Examples include an individual’s name, age, address, date of birth, gender and contact details.
Sensitive Data is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
We are legally required to comply with specific data processing requirements for Personal Data.
What data do we collect about you?
All Nid Ra sub-brands will collect and process the following categories of data:
- Personal data such as an individual’s name, address, and contact details, and email address.
- We do not knowingly accept information or attendance of anyone under the age of 18 years old.
NidRa Embody as a provider of wellbeing services, will additionally collect the following categories of data:
- Personal data such as date of birth, gender, and contact details, and email address.
- Special categories of personal data such as health and details on historic injuries or illnesses (physical and physiological), audio, video and audio-visual, photographs, beliefs, and aspects of your health that may affect your participation or our provision of services to you.
NidRa Consulting as an education provider may additionally collect the following categories of data:
- Special categories of personal data including: as spiritual, social, religious, beliefs, associations or memberships, and aspects of your social interactions that may affect your participation or our provision of services to you.
Where reasonable and practicable to do so, we will collect your Personal Data only from you. However, in some circumstances we may be provided with information by third parties. We may use third party suppliers for management of specific services e.g. payment processing, and they may store some of your Personal Data to provide such service to you. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party or that you can access your account to check this information directly yourself.
Links to Other Websites
We do not provide any personally identifiable customer information to these sites.
Why do we collect your Personal Data?
Personal Data is collected in many ways including interviews, online calls, text message, online chat, correspondence, by telephone, by email, via our website, webinars, events, promotions, campaigns, from our websites, from media and publications, from other publicly available sources, from cookies and from third parties, including but not limited to social media platforms such as Facebook, Instagram, and LinkedIn. We don’t guarantee website links or policy of authorised third parties.
Our primary purpose to collect and process this Personal Data is to provide our services to you and to personalise your experience with us. We may also use your Personal Data for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing or email as below.
When we collect Personal Data we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it. By providing this personal data to us you are consenting our use in the manner set out in this Policy. If you object to the collection, sharing and use of your personal data we may be unable to provide you with our services.
Sensitive Data will be used by us only:
- For the primary purpose for which it was obtained,
- For a secondary purpose that is directly related to the primary purpose,
- With your consent; or where required or authorised by law.
We do not sell or pass your personal information onto third parties.
We take and keep notes about our appointments, documents and notes are stored as digital records only and saved in Google Drive. They provide TLS standard encryption to protect your Personal Data and a two-step authentication process. We may keep your records on remote digital devices that are encrypted and password protected. Storage of these files is necessary as a legal requirement by our insurer Aon.
We use Acuity Scheduling to manage our client bookings. This software requires you to complete the following information for your account: name, contact email and telephone number. You may update the details in Acuity Scheduling at any time by logging into the account or emailing us.
If you pay using an online transaction such as credit card we use Stripe and Paypal. These third-party payment facilitators are PCI DSS v 3.2.1 compliant to ensure your financial data is secure and we can never access your full payment details. Acuity Scheduling stores card information only if you choose. We do not have access to this information.
We use email, SMS texts, Kajabi app, and WhatsApp to communicate with you. Emails directly with you are stored in our account with Google unless part of the Service Provision (see below). Any telephone or online calls may be recorded with your permission and stored in your clients records as a digital file. We have followed Google’s security check-list for security on all our files, communications and calendars.
WhatsApp is a secure end-to-end encrypted service. If you prefer not to communicate using this or SMS texts you may request Telegram app or not to communicate via messenger services. You choose to download Kajabi’s app and your profile settings in your Kajabi account.
Embody clients online and NidRa Consulting sessions including group online sessions and webinars are hosted via Zoom. You do not need an account for this, but it will require you to register a name when logging in.
If you contact us via our website, you may provide us with personal data when completing online health or contact forms. This form is hosted by Kajabi.
We use Google Analytics to give us an idea of where our website traffic data comes from and how people use our website. We link this use to Google Ads which allows us to understand those interested in our services and how we can design adverts that will interest that audience and encourage them to purchase our services. We also use Google Signals that tracks your use across devices and platforms to better target your interests if you have a Google account. Google Analytics may have cookies used to track traffic to and around our website. See above for how to change your settings in Google.
We may promote our services to you using the information you provide to us, including email, WhatsApp or text. If you wish to receive promotional offers please opt in by completing the form on our website, on social media to Nid Ra or by emailing [email protected] to request to be added.
If you opt in to receive our emails you will receive:
- NidRa Embody monthly with wellbeing tips, service updates and offerings, and a free guidance meditation mp3 to download from us
- Spirit Law or NidRa Consulting a monthly free webinar reminder and links to videos for the email list on current updates for entrepreneurs.
You can unsubscribe from this at any time from within one of these emails or contacting us at [email protected] gmail.com. Our emails are sent from Kajabi which stores information that you submit in your forms.
The blog emails are sent automatically by Mailchimp, which will store information that you have submitted to receive these emails. You can check your account and unsubscribe at any time.
If you follow us on any social media platforms, your privacy settings in your social media account control what you share with others. Please be aware that our settings are to ‘Public’ where you leave reviews, comments and we will tag you where appropriate. Where appropriate, on our retreats and during our services we may take photographs and/ or videos of you and may be used on social media and marketing of our services. Please contact us at any time should you wish to change or amend any posts on social media by us.
Quotes for Services
If you contact us for a quote or request details on the services we provide, we consider ourselves as having a legitimate business interest to provide you with further information about our products and services. You may request that we stop this at any time with the contact details below.
We will also use your personal data to manage your account, perform statistical analysis on the data we collect, for business forecasting purposes and to develop new and market existing products and services.
Data Retention/ Disclosure of Information
We may release personal data where we believe that it is appropriate in a number of circumstances, including the following:
- Third parties where you consent to the use or disclosure;
- Where required or authorised by law;
- To enforce or apply our agreements with you;
- To protect the rights, property or safety of us, our clients or others; and
- With your consent following specific notice or request from us.
Security of Personal Data
Your Personal Data is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.
When your Personal Data is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Data. However, most of the Personal Data is or will be stored in client files which will be kept by us for the Duration Period.
If you have received Services with us we will store your data for seven (7) years from your last appointment with us (“Duration Period”), as required by our insurers (Aon) for any potential claims.
You may have access to this information stored, but this falls under the circumstances where your Right to Request Erasure may be denied. Please see the ICO guidance on this exception: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/
You have legal rights about your personal data. You grant use of your data under the contract and terms herein through your active conduct and use of our services. At any time you have the right to know what personal data relates to you that is held by us, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. You can also request the deletion of their personal data.
You may request the following at any time about your data held by us with regards to the services that we provide:
- The right to be informed about the personal data being processed;
- The right to rectification of your personal data
- The right to erasure of your personal data
- The right to restrict processing of your personal data
- The right to data portability (to receive an electronic copy of your personal data)
- The right to object to the processing of your personal data
- The right to access your personal data
In accordance with the General Data Protection Regulations (“GDPR”), you may request a copy of all data that we store about you at no cost at [email protected] gmail.com . In order to protect your Personal Data we may require identification from you before releasing the requested information. Repeated, unfounded or excessive requests may be challenged by us.
There are some limited circumstances that may limit the information that we can provide to you in a request, for example, public interest, law enforcement, legal and or health related matters.
Please also bear in mind that we rely on third parties for some of your information in the flow of data. It may take us the full calendar month permitted to provide a full response to your request.
If you require further information on your Individual Rights or you wish to exercise your Individual Rights, please contact [email protected] gmail.com
Maintaining the Quality of Your Personal Data
It is important to us that your Personal Data is up to date. We will take reasonable steps to make sure that your Personal Data is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.
International Data Transfers
Our services are available internationally. We control and manage Personal Data in Australia. We may transfer data outside of Australia to our suppliers to provide the service to you.
Where we require consent, your rights and what you are consenting to will be clearly communicated to you. Where you provide consent, you can withdraw this at any time by contacting our Data Privacy Representative at [email protected] gmail.com
Such parties are not permitted to use your personal data for any other purpose than for what has been agreed with us. These parties are also required to safeguard your personal data through the use of appropriate technical and organisational data security measures and are prohibited from disclosing or sharing your data with other third parties without our prior authorisation, or unless as required by law. Please contact our data privacy representative for further information on the measures undertaken to safeguard your data.
Data Privacy Representative
To ensure data privacy and protection has appropriate focus within our organisation we have a Data Privacy Officer who is the sole trader of Nids Nidra.
The Data Privacy Officer is Nid Ra, who may be contacted at: [email protected] gmail.com
Enquiries and Complaints
Unit 2, 8 Eustace Street, Manly, NSW, 2095, Australia
If you are dissatisfied with how our Data Privacy Officer handles your matter. You have the right to complain to the Office of Australia’s Information Commissioner (OAIC). The OAIC may be contacted via its website which is https://www.oaic.gov.au/ , by live chat or by calling their helpline on +61 1300 363 992.
Version: 5 December 2021
Please let us know any questions that you have about how we care for your personal information.