Shiningbeaut
Legal

Privacy Policy

Last updated: . This Privacy Policy describes how Shiningbeaut collects, uses, stores, and protects personal data when you visit shiningbeaut.world or interact with our services.

1. Data Controller Information

The data controller responsible for processing your personal data is:

Shiningbeaut
Hyllie Boulevard 19
215 32 Malmö, Sweden
Email: service@shiningbeaut.world
Phone: +46 10 744 18 70

For any questions regarding this Privacy Policy or the processing of your personal data, you may contact us using the details above. We aim to respond to privacy-related inquiries within 30 days as required under the General Data Protection Regulation (GDPR).

2. Scope and Applicability

This Privacy Policy applies to all personal data collected through our website at shiningbeaut.world, including when you browse our home workout guides, submit contact forms, purchase educational products, or interact with our cookie consent mechanism. It does not apply to third-party websites that may be linked from our pages.

We are committed to complying with the GDPR (Regulation (EU) 2016/679), the Swedish Data Protection Act (Dataskyddslagen), and other applicable international data protection legislation. As a business operating from Sweden within the European Union, we adhere to the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

3. Categories of Personal Data We Collect

Depending on how you interact with our website, we may collect the following categories of personal data:

3.1 Information You Provide Directly

  • Contact form data: Name, email address, message content, and GDPR consent confirmation when you submit our contact form.
  • Program inquiries: Information you voluntarily share when requesting details about consulting services, educational products, or workout programs.
  • Purchase information: Name, email, billing address, and payment-related data when you acquire digital products or services from us.

3.2 Information Collected Automatically

  • Technical data: IP address, browser type and version, operating system, device type, and referring URL.
  • Usage data: Pages visited, time spent on pages, click patterns, and navigation paths through our website.
  • Cookie data: Information stored through cookies and similar technologies as described in our Cookie Policy.

3.3 Information We Do Not Collect

We do not intentionally collect special categories of personal data as defined under Article 9 of the GDPR, including data concerning health, racial or ethnic origin, political opinions, religious beliefs, or biometric data. Our home workout content is general and informational; we do not request health records or medical histories.

4. Purposes of Data Processing

We process personal data only for specified, explicit, and legitimate purposes. The primary purposes include:

  • Responding to inquiries: Processing contact form submissions to answer your questions about our home workout guides, educational programs, and consulting services.
  • Service delivery: Providing purchased educational products, digital guides, and program materials you have acquired.
  • Website functionality: Ensuring our website operates correctly, including cookie consent management and security measures.
  • Analytics and improvement: Understanding how visitors use our content to improve user experience and develop better educational materials, subject to your cookie preferences.
  • Marketing communications: Sending relevant information about our services where you have provided consent, with the ability to opt out at any time.
  • Legal compliance: Fulfilling obligations under applicable laws, responding to lawful requests from authorities, and protecting our legal rights.

Under the GDPR, we rely on the following legal bases for processing your personal data:

  • Consent (Article 6(1)(a)): When you submit our contact form with the GDPR consent checkbox, accept analytics or marketing cookies, or subscribe to communications.
  • Contract performance (Article 6(1)(b)): When processing is necessary to fulfill a contract with you, such as delivering purchased educational products.
  • Legitimate interests (Article 6(1)(f)): For website security, fraud prevention, and improving our services, balanced against your rights and freedoms.
  • Legal obligation (Article 6(1)(c)): When processing is required to comply with applicable laws, such as tax or accounting requirements.

6. Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Contact form submissions: Retained for up to 24 months after the last correspondence, unless a longer period is required for ongoing service relationships.
  • Customer and purchase records: Retained for 7 years to comply with Swedish accounting and tax legislation.
  • Cookie and analytics data: Retained according to periods specified in our Cookie Policy, typically between 1 and 26 months depending on cookie type.
  • Marketing consent records: Retained for the duration of the marketing relationship plus 3 years after opt-out for compliance documentation.

When retention periods expire, personal data is securely deleted or anonymized so it can no longer be associated with an identifiable individual.

7. Data Sharing and Third Parties

We do not sell your personal data. We may share data with the following categories of recipients when necessary:

  • Service providers: Hosting providers, email delivery services, payment processors, and analytics platforms that assist in operating our website and services. These processors act on our instructions and are bound by data processing agreements.
  • Legal authorities: When required by law, court order, or governmental regulation.
  • Professional advisors: Lawyers, accountants, or auditors where necessary for legitimate business purposes.

Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or adequacy decisions.

8. Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption for all data transmitted between your browser and our servers.
  • Access controls limiting personal data access to authorized personnel only.
  • Regular security assessments and updates to our systems and software.
  • Secure storage practices for digital records and backup systems.
  • Staff training on data protection principles and GDPR compliance.

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We encourage you to use strong passwords and protect your own devices when accessing our services.

9. Your Rights Under GDPR

As a data subject within the EU/EEA, you have the following rights regarding your personal data:

  • Right of access (Article 15): Request confirmation of whether we process your data and obtain a copy of that data.
  • Right to rectification (Article 16): Request correction of inaccurate or incomplete personal data.
  • Right to erasure (Article 17): Request deletion of your personal data where legally applicable.
  • Right to restriction (Article 18): Request limitation of processing under certain circumstances.
  • Right to data portability (Article 20): Receive your data in a structured, commonly used, machine-readable format.
  • Right to object (Article 21): Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at service@shiningbeaut.world. We will respond within one month, extendable by two additional months for complex requests. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at imy.se.

10. Children's Privacy

Our website and services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. The updated version will be posted on this page with a revised date. We encourage you to review this policy regularly. Material changes will be communicated through prominent notice on our website where appropriate.

12. Contact Us About Privacy

For privacy-related questions, data subject requests, or concerns about how we handle your personal data:

Shiningbeaut
Hyllie Boulevard 19, 215 32 Malmö, Sweden
Email: service@shiningbeaut.world
Phone: +46 10 744 18 70