Effective Date: Jun. 07, 2023
Introduction
Coaching Loft ("we," "our," "us") is committed to protecting and respecting your privacy. This GDPR Compliance Document outlines our practices concerning the collection, use, and sharing of your personal data in accordance with the General Data Protection Regulation (GDPR). This document supplements our Privacy Policy and Terms of Service.
Data Controller and Contact Information
Coaching Loft – Dubai Knowledge Village, P.O.Box 500195 Dubai, UAE
Owner and Data Controller: Wassim Karkabi
Email: [email protected]
Lawful Basis for Processing
Coaching Loft processes personal data based on one or more lawful basis as defined in Article 6 of the GDPR. These include the necessity of processing for the performance of a contract, compliance with legal obligations, consent obtained from the data subject, and legitimate interests pursued by Coaching Loft or a third party.
We process your data based on the following legal grounds:
- Consent: When you provide consent for us to process your data.
- Contract: When processing is necessary for the performance of a contract with you.
- Legal Obligation: When processing is necessary to comply with a legal obligation.
- Legitimate Interests: When processing is necessary for our legitimate interests, provided that your interests and fundamental rights do not override those interests.
Data Collection
We collect personal data when you:
- Sign up for an account.
- Use our services.
- Contact us for support.
- Participate in surveys or promotions.
The types of personal data we collect include:
- Name
- Email address
- Phone number
- Payment information
- Usage data (e.g., IP address, browser type, pages visited)
Consent
By ticking the consent box during sign-up, you agree to our processing of your personal data as outlined in this policy. You can withdraw your consent at any time by contacting us at [email protected].
Purposes of Data Processing
Coaching Loft processes personal data for the following purposes:
- Providing coaching services to users
- Managing user accounts and profiles
- Facilitating communication between users and coaches
- Processing payments and managing billing using a third-party provider
- Responding to user inquiries, support requests, and feedback
- Conducting analytics and improving our platform's functionality
- Complying with legal obligations and regulatory requirements
Data Use
We use your personal data to:
- Provide and maintain our services.
- Process transactions and send related information.
- Communicate with you, including responding to your inquiries and sending updates.
- Improve our services and develop new features.
- Prevent fraud and ensure the security of our services.
User Account Information
Types of Data Collected:
- Name
- Username
- Email address
- Password (hashed)
- Telephone number(s)
- Gender
- Time zone
- Address (optional)
- Avatar image (optional)
Purpose of Processing:
- User identification and authentication
- In-app display of user activity
- Sending system notifications and messages
- Managing subscription payments
Legal Basis:
- Performance of a contract (Terms of Service)
- Legitimate interests (service delivery and user support)
Usage Data
Types of Data Collected:
- Login activity (browser, IP address, timestamps)
- In-app activity logs
- Visits to public-facing website and blog
Purpose of Processing:
- Support, troubleshooting, and debugging
- Performance tuning
Legal Basis:
- Legitimate interests (service improvement and security)
Coaching Data
Types of Data Collected:
- Action items
- Metrics and data
- Coaching session notes
- Journal entries
- File uploads, links, and embedded media
- Appointments and calendar data feeds
- Coaching engagements and templates
- Other in-app settings
Purpose of Processing:
- Providing and maintaining coaching services
Legal Basis:
- Performance of a contract (Terms of Service)
Cookies
We use cookies to enhance the user experience by storing preferences and providing necessary site functionality. For detailed information, please refer to our Cookie Policy.
Your Rights
Under the GDPR, you have the following rights concerning your personal data:
Right to Access
You have the right to request access to the personal data we hold about you.
Right to Rectification
You have the right to correct any inaccurate or incomplete personal data.
Right to Erasure (Right to be Forgotten)
You have the right to request the deletion of your personal data.
Right to Restrict Processing
You have the right to request the restriction of processing your personal data under certain conditions.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller.
Right to Object
You have the right to object to the processing of your personal data in certain circumstances.
Right to Withdraw Consent
Where processing is based on consent, you have the right to withdraw your consent at any time.
To exercise any of these rights, please contact us at [email protected].
Data Security
We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, use, disclosure, alteration, or destruction. All data exchanges between you and our application are encrypted using TLS encryption. The platform is hosted with cloud infrastructure providers that hold SOC 2 Type 2 and ISO 27001 certifications, among others. These certifications ensure protections such as dedicated security staff, strictly managed physical access control, and video surveillance.
Data Sharing and Transfers
We share your personal data with third-party service providers only as necessary to provide our services, including hosting, payment processing, customer service, analytics, and communications. These third-party providers are subject to strict data processing terms and are prohibited from using your data for any other purposes.
Data Retention
We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Upon termination of your account, all your data will be permanently deleted from our systems.
International Data Transfers
In the course of providing our services, personal data may be transferred to and processed in countries outside the European Union (EU) or European Economic Area (EEA). Any such transfers will be conducted in compliance with the GDPR, utilizing appropriate safeguards, such as standard contractual clauses or approved mechanisms for data transfers.
Data Breach Notification
Coaching Loft has established robust procedures for detecting, assessing, and promptly responding to any personal data breaches. In the event of a data breach that poses a risk to individuals' rights and freedoms, we will notify the relevant supervisory authority and affected individuals without undue delay, as required by the GDPR.
Changes to this GDPR Compliance Document
Coaching Loft may periodically review and update this GDPR-related documentation to reflect changes in our practices, legal requirements, or regulatory frameworks. Users will be informed of any material changes through appropriate means, such as notifications or updated documentation on our website.
This comprehensive GDPR-related documentation aims to provide transparency and assurance regarding Coaching Loft's commitment to protecting the privacy and personal data of our users. For any further inquiries or information, please contact us using the provided contact details.
Contact Us
If you have any questions, concerns, or complaints about this GDPR Compliance Document or our data practices, please contact us at:
Coaching Loft – Dubai Knowledge Village, P.O.Box 500195 Dubai, UAE
Email: [email protected]
We are committed to addressing any concerns promptly and transparently.