We know that the handling of your personal data is important to you. For this reason, we take the greatest possible care when handling your personal data and thus ensures a high level of data security. We respect the personal rights of our customers and are aware of the importance of protecting the personal data we receive from you.
Personal data in this sense are all individual details about personal or factual circumstances of an identified or identifiable natural person, such as your name, your telephone number, your address, and other information that you provide to us when you use our offers by you or contact us about you.
Person responsible for data processing
The data controller within the meaning of the GDPR and the DPA is:
Eight Principles Ltd trading as Urban Huna
582, Devonshire House, Honeypot Lane, Stanmore, United Kingdom, HA7 1JS
Collection and storage of personal data as well as type and purpose of their use
a) processing of data for the use of the website
When you access the website via your browser, we only collect personal data that your browser or mobile device automatically transmits to us in order to enable you to visit our website and to ensure stability and security. These can be in particular:
- Your IP address,
- Your device identification, i.e., the unique number of the end device,
- the content, date, and time of the request,
- the time sone of the requesting computer or mobile device,
- the website from which the request was forwarded,
- the requested page,
- the http status code,
- the amount of data transferred,
- browser ID,
- your operating system,
- language and version of the browser software and
The processing of this data serves to ensure a smooth connection of the website, the display of our services and listings, the usability of our services, the evaluation and system security and stability, as well as for other administrative purposes.
We process the transmitted data strictly for the intended purpose, for a period of 90 days, in the interest of being able to detect, limit and eliminate attacks on our websites. After this period has expired, we delete or anonymise the IP address, unless there are separate legal obligations to store it. The legal basis for this processing of your personal data is Art. 6 (1) lit. f GDPR.
b) processing of data when you are contacting us
We offer you the possibility to contact us via email, or contact form. If you contact us, we process the following data from you for the purpose of processing and handling your enquiry: Name, contact details -if provided by you- and your message. The legal basis of the data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations in accordance with Art. 6 (1) b) GDPR and/or our legitimate interest in processing your enquiry in accordance with Art. 6 (1) f) GDPR.
We only process and store personal data that is required for your use of our service offers and the associated events. For this purpose, we collect:
- your name,
- your address,
- your e-mail address,
- your payment data or bank details; and
- the personal and non- personal data that you are voluntarily disclosing.
The legal bases for this processing are Art. 6 (1) a) GDPR, your consent, to fulfil our contractual obligations or to carry out pre-contractual measures. Art. 6 (1) b) GDPR, our legal obligations Art. 6 (1) c) GDPR, and our legitimate interest to protect ourselves and our users from fraud or economic damage Art. 6 (1) f) GDPR.
d) processing of data for the creation of a customer account
If you decide to register an account, you have the advantage that you can view your order history and manage your master data. Also, your account and master data will be stored for future order transactions.
Once you have completed the registration process, your data is stored with us for use in the protected account system. The account system naturally offers you the possibility to make changes to your master data and to use the account functions. You can of course revoke your consent to the use of your master data in the account by contacting us, however your account will then be deactivated.
e) processing of data for contract fulfilment and data management
We process various data within the framework of the provision of our services, workshops, events and coaching sessions as well as for the initiation and processing of the existing contractual relationship between you and us. If you have commissioned us to provide a service, we process your data (if provided: Name, contact details address, bank details and payment data) and all information that is necessary in the context of fulfilling the services, exclusively for the purpose of processing and handling the contractual relationship. Accordingly, the data is processed on the basis of Art. 6 (1) b) GDPR as well as to fulfil our legal obligations pursuant to Art. 6 (1) c) GDPR.
Further, we have integrated the Zoom Video Conferencing tool of Zoom Video Communications, Inc. to conduct our workshops, events and coaching sessions and various types of data are processed when using Zoom. The scope of the data depends on the information you provide before or during participation in our workshops, events and coaching sessions. The legal basis for this is our legitimate interest in effective customer communication in and to fulfil our contract with you in regard to offering our workshops and events.
f) processing of data for order processing
Personal data will continue to be collected and processed if you provide it to us when you place an order in our shop. Which data is collected can be seen from the respective input form and your order is processed using the Digital Product Delivery tool, which is a service of Portal Labs, LLC. We store and use the data provided by you for the purpose of fulfilling the order and making the Digital Download available to you. Accordingly, the data is processed on the basis of Art. 6 (1) b) GDPR as well as to fulfil our legal obligations pursuant to Art. 6 (1) c) GDPR.
g) processing of data for payments
If you make a purchase your payment will be processed via the payment service provider PayPal and payment will be processed through the payment system of PayPal. As such PayPal transmits the following personal data to PayPal S.á.r.l. & Cie, S.C.A. in order to process your payment: Total amount of the order, Reference on the PayPal account, your e-mail address of the PayPal account, Encrypted PayPal account number. The legal basis for the processing of your personal data is the establishment and implementation of the user contract for the use of the service in accordance with Art. 6 (1) b) GDPR.
In certain circumstances and at our discretion, we may also offer payment via the payment service provider Stripe Inc. to which you pass on your payment details for payment and payout processing. The legal basis for the processing of your personal information is Art. 6 (1) b) GDPR.
h) processing of data for donations
We store and process information that you give us as part of a donation primarily for the purpose of carrying out the collection of donations that you have instructed us to do. Your donation will be processed through the payment service provider PayPal as described above and the payment data will not be passed on to any other third parties. The data collected is required for carrying out the donation. The user's e-mail address is required to confirm receipt of the donation. The data will not be used for any other purpose. The legal basis for the processing of your personal information is Art. 6 (1) b) GDPR.
i) processing of data for Administration, financial accounting, office organisation, contact management
We may also process your personal data in the context of administrative tasks as well as organisation of our operations, financial accounting and compliance with legal obligations, such as archiving Art. 6 (1) c) GDPR. In this regard, we process the same data that we process in the course of providing our contractual services Art. 6 (1) b) GDPR.
j) processing of data for our newsletter
On our website, you can subscribe to our newsletter. In principle, our newsletter can only be received by the data subject if he or she registers for the newsletter mailing. For legal reasons, your consent is obtained through a tick box before subscribing to the newsletter. This confirmation serves to verify whether the owner of the e-mail address as the data subject has authorised the receipt of the newsletter.
The personal data collected in the context of a registration for the newsletter is used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service or a related registration, as could be the case in the event of changes to the newsletter offer or changes to the technical circumstances. The processing of your e-mail address is thus based exclusively on your consent. You can revoke this consent at any time. To revoke your consent simply using the unsubscribe option at the bottom of every newsletter or by contacting us using email@example.com
The newsletter is sent using ConvertKit of ConvertKit LLC. The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on ConvertKit's servers in the USA. ConvertKit uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, ConvertKit may use this data to optimise or improve its own services, e.g., to technically optimise the dispatch and display of the newsletters or for economic purposes in order to determine from which countries the recipients come. However, ConvertKit does not use the data of our newsletter recipients to write to them itself or to pass it on to third parties.
Transfer of your data to order processors and third parties
In order to process your data, we use special external service providers such as the credit institution entrusted with payment processing, online marketing providers, providers of marketing solutions, providers of web analysis tools and IT service providers. These are carefully selected and commissioned by us, are bound by our instructions, and are regularly monitored.
Duration of storage
We store your personal data for as long as necessary to achieve the respective storage purpose. Afterwards, your data will be deleted by us, unless we are obliged to store it for a longer period of time according to Art. 6 (1) c) GDPR due to tax, commercial or other legal storage or documentation obligations, or you have agreed to a storage beyond this period according to Art. 6 (1) a) GDPR.
We use technical and organisational security measures to ensure that your personal data is protected against loss, incorrect modification, misuse, or unauthorised access by third parties. The security measures are constantly adapted to the improved technical possibilities. All data exchanged between your computer and us over the Internet is encrypted with 256-bit. The encryption is done with SSL technology. This is a technology that encrypts all of your personal data, including your credit card information and other payment information, in such a way that this data cannot be viewed by any unauthorised third party while the data is being transmitted over the Internet. You can recognise the transmission of encrypted data by the display in your browser. Your browser indicates the security of the website by an icon in the form of a padlock or a key in the status bar at the bottom of the window. In addition, a green bar will be displayed in your browser bar to show you that you are connected to our server and can be sure that your data will not end up on a phishing server. If your browser is configured appropriately, you will receive a warning message the first time you access the website. This simply informs you that your data will be protected by the website.
Disclosure of data
In general, and unless otherwise mentioned in this policy, we will not share your data. However, if we do so we will only pass on your personal data to third parties if:
- you have given your express consent to this in accordance with Art. 6 (1) a) GDPR,
- this is legally permissible and necessary for the fulfilment of a contractual relationship with you according to Art. 6 (1) b) GDPR,
- if there is a legal obligation for the disclosure according to Art. 6 (1) c) GDPR,
- the disclosure is necessary in accordance with Art. 6 (1) f) GDPR for the protection of legitimate business interests and for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
- If we commission third parties with the processing of personal data, this is done on the basis of a contract processing agreement in accordance with Art. 28 of the GDPR.
Your data subject rights
Upon request, we will provide you at any time and free of charge with information about all personal data that we have stored about you.
b) Correction, deletion, restriction of processing (blocking), objection
If you no longer agree with the storage of your personal data or if this data has become incorrect, we will arrange for the deletion or blocking of your data or make the necessary corrections (insofar as this is possible according to the applicable law) on the basis of a corresponding instruction. The same applies if we are only to process data in a restrictive manner in the future. You have the right to object in particular in cases where your data is required for the performance of a task that is in the public interest or in our legitimate interest, as well as profiling based on this. You also have such a right of objection in the event of data processing for the purpose of direct advertising.
c) Right to revoke consent with effect for the future
You may revoke your consent at any time with effect for the future. Your revocation will not affect the lawfulness of the processing up to the time of revocation.
d) Data portability
If data is processed on the basis of a contract, pre-contractual negotiations, consent or with the help of automated procedures, you have the right to data portability. Upon request, we will provide you with your data in a common, structured, and machine-readable format so that you can transfer the data to another data controller if you wish.
f) Exercise of your data subject rights and right of appeal
To assert these rights, please contact us. The same applies if you have questions about data processing in our company. You also have the right to lodge a complaint with a data protection supervisory authority. The Information Commissioner`s Office (ICO) is the for Urban Huna relevant authority in matters of data protection. You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO in the first instance.
Our web site contains so-called hyperlinks to websites of other providers. When you activate these hyperlinks, you will be redirected from our web site directly to the web site of the other provider. You will recognise this by the change of URL, among other things. We cannot accept any responsibility for the confidential handling of your data on these third-party web sites, as we have no influence on whether these companies comply with data protection regulations. Please inform yourself about the handling of your personal data by these companies directly on these web sites.
It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.
Automated Decision Making
Automated decision making is not used at Urban Huna.
Processing of special categories of data
No special categories of data are processed at Urban Huna.
Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so within your account or by contacting us using firstname.lastname@example.org. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.
Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal data, notably where such requests would not allow us to provide our service to you anymore.
We are present in various "social media" platforms in order to communicate with our users, interested parties and users registered there and to be able to inform them about our offers there. We would like to point out that you use these platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating).
In addition, your data may be processed for market research and advertising purposes. For example, usage profiles can be created from your usage behaviour and the resulting interests. This allows, for example, advertisements to be placed within and outside the platforms that presumably correspond to your interests. Cookies are usually stored on your computer for this purpose. Independently of this, data that is not directly collected from your devices may also be stored in the usage profiles (especially if you are a member of the respective platforms and are logged in to them).
We, as the provider of this information service, do not collect and process any data from your use of our service beyond this.
The processing of users' personal data is based on our legitimate interests in providing users with effective information and communicating with users pursuant to Art. 6 (1) f) GDPR. If you are asked by the respective providers for consent to data processing, the legal basis for processing is Art. 6 (1) a), Art. 7 GDPR.
If you are a member of a social network and do not want the network to collect data about you via our website and link it to your stored membership data with the respective network, you must
- log out of the respective network before visiting our website,
- delete the cookies on your device and
- close and restart your browser.
After logging in again, however, you will once more be recognisable to the network as a specific user. In the case of requests for information and the assertion of user rights, we would also like to point out that these can most effectively be asserted with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, you can contact us using email@example.com.
Content Management System
We also use the Content Management System (CMS) of WordPress to publish and maintain the created and edited Content and texts on our website and to provide the forms used. This means that all content and texts submitted to us by users for publication is transferred to WordPress. In addition to texts, this also includes, for example your data in our forms. This represents a legitimate interest within the meaning of Art. 6 (1) f) GDPR.
Personal data and children
Our services are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal data from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.
Your contact for data protection
If you have any questions regarding the collection, processing, or use of your personal data, or if you wish to request information, correct, block, or delete data, or revoke any consent you have given, please contact us using firstname.lastname@example.org.