Privacy Policy

PRIVACY POLICY – CONSCIOUS BEINGS AB
Effective Date: Jan 1, 2024
(Last Updated: May 12, 2025)

I. INTRODUCTION, SCOPE, AND LEGAL FRAMEWORK

This Privacy Policy (the "Policy") governs the collection, storage, processing, transfer, and management of Personal Data (as defined under the General Data Protection Regulation, GDPR) by Conscious Beings AB, a Swedish corporation, duly incorporated under the laws of Sweden, whose registered office is located at [insert legal address] (hereinafter referred to as “we”, “us”, “our”, “the Company”). By interacting with our services, you (the “User” or “Data Subject”) acknowledge and consent to the terms outlined within this Policy, subject to the jurisdictional limitations, including but not limited to the laws of the European Union (EU), Swedish law, and international data protection norms.

This Policy is designed to comply with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and any other applicable data protection legislation. It seeks to establish a transparent and legally compliant framework, securing the privacy, confidentiality, and integrity of any Personal Data we collect, store, and process, and sets forth the measures implemented to prevent unauthorized access, disclosure, or breach of such data.

II. DEFINITIONS AND INTERPRETATION

1. Personal Data: Any information relating to an identified or identifiable natural person (the "Data Subject"). This includes but is not limited to: name, contact details, transaction history, demographic details, location data, and any other information provided voluntarily, knowingly, and expressly.

2. Data Subject: Any identified or identifiable natural person whose Personal Data is processed by the Company.

3. Data Processing: Any operation or set of operations performed on Personal Data, such as collection, storage, retrieval, use, transfer, and destruction.

III. DATA COLLECTION AND PROCESSING

In the course of its business activities, the Company may collect, process, and store various categories of Personal Data from Data Subjects. The types of Personal Data we collect include, but are not limited to, the following categories:

1. Identification and Demographic Data: Full name, gender, date of birth, nationality, physical address, country of residence, and other related personal details.

2. Contact Information: Email addresses, telephone numbers, physical mailing addresses, and online contact details.

3. Transaction and Payment Information: Any data associated with purchases, services subscribed to, payment methods, transaction confirmations, and payment provider details, including financial data such as account numbers, billing information, and tax identification numbers.

4. Behavioral and Usage Data: Information about how you interact with our services, including data from online sessions, tracking technologies (such as cookies), browser types, IP addresses, device identifiers, and geolocation data, as well as interactions with communications or services offered by us.

5. Sensitive Data (if applicable): Health, spiritual, or emotional data voluntarily disclosed by the Data Subject in connection with services provided by the Company, in accordance with Article 9 of the GDPR (explicit consent required).

IV. LEGAL BASES FOR PROCESSING PERSONAL DATA

The Company processes Personal Data under the following legal bases, in accordance with Article 6 of the GDPR:

1. Consent (Art. 6(1)(a)): Explicit and informed consent provided by the Data Subject. Consent may be withdrawn at any time by the Data Subject, subject to restrictions based on legal obligations.

2. Contractual Necessity (Art. 6(1)(b)): Processing is necessary for the performance of a contract to which the Data Subject is a party, or in order to take steps at the request of the Data Subject prior to entering into a contract.

3. Legal Obligation (Art. 6(1)(c)): Processing is necessary for compliance with a legal obligation to which the Company is subject under applicable law, including but not limited to Swedish law, EU law, and international legal frameworks.

4. Legitimate Interests (Art. 6(1)(f)): Processing is necessary for the purposes of the legitimate interests pursued by the Company or a third party, provided these interests do not override the Data Subject's fundamental rights and freedoms.

5. Vital Interests (Art. 6(1)(d)): Processing is necessary to protect the vital interests of the Data Subject or another individual.

6. Public Task (Art. 6(1)(e)): Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company.

V. DATA RETENTION AND MINIMIZATION PRINCIPLES

The Company adheres to the principle of data minimization and will retain Personal Data only for as long as necessary for the specific purposes for which the data was collected or processed. Personal Data will be deleted or anonymized after such time unless further retention is required for legitimate business purposes or legal compliance.

• Transaction Data: Retained for a minimum period of 7 years, in accordance with Swedish accounting law and EU tax regulations.

• Marketing and Communication Data: Retained until consent is withdrawn or until the Data Subject objects to processing for direct marketing purposes.

• Sensitive Data: Retained only as long as is necessary for the specific services or agreements in place, with explicit prior consent.

VI. RIGHTS OF THE DATA SUBJECT UNDER GDPR

As a Data Subject, you are entitled to certain rights regarding your Personal Data. These rights are granted under the GDPR, and you may exercise them by contacting the Company using the details provided below. These rights include:

1. Right of Access: You may request confirmation as to whether Personal Data is being processed and request access to that data (Art. 15).

2. Right to Rectification: You have the right to request correction of inaccurate or incomplete data (Art. 16).

3. Right to Erasure (Right to be Forgotten): You may request the deletion of your Personal Data under certain conditions (Art. 17).

4. Right to Restriction of Processing: You may request restriction of processing of your Personal Data in specific circumstances (Art. 18).

5. Right to Data Portability: You have the right to request that your Personal Data be transferred to another controller, in a structured, commonly used, machine-readable format (Art. 20).

6. Right to Object: You may object to the processing of your Personal Data on grounds related to your particular situation, particularly when processing is based on legitimate interests or for direct marketing purposes (Art. 21).

7. Right to Withdraw Consent: If processing is based on consent, you may withdraw consent at any time, with the understanding that this does not affect the lawfulness of processing prior to the withdrawal (Art. 7(3)).

To exercise any of these rights, please contact us using the information provided below.

VII. DATA SECURITY AND PROTECTION

We implement appropriate technical, organizational, and procedural measures to safeguard Personal Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include, but are not limited to:

• Encryption of data transmission (SSL/TLS)

• Access Control policies and regular audits

• Data Anonymization and Pseudonymization where applicable

• Employee Training on data protection and privacy compliance

While we take all reasonable precautions to secure data, it is important to note that no system can guarantee complete security. By continuing to use our services, you acknowledge and accept the residual risks associated with data processing.

VIII. DISCLOSURE TO THIRD PARTIES

We do not sell or rent Personal Data. However, we may share Personal Data under the following conditions:

1. Authorized Service Providers: Third-party providers who assist with technical, financial, or operational aspects of our services, such as payment processors, web hosting services, and email delivery services. All third-party service providers are bound by data protection contracts and required to implement data security measures in compliance with GDPR.

2. Legal Compliance: We may disclose Personal Data if required to do so by law, court order, or in response to a legitimate governmental request.

3. Corporate Transactions: In the event of a merger, acquisition, or sale of all or part of the Company's assets, Personal Data may be transferred as part of the transaction, subject to applicable law.

4. Data Transfers Outside the EEA: If Personal Data is transferred outside the European Economic Area (EEA), we will ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or Privacy Shield certification.

IX. COOKIES AND TRACKING TECHNOLOGIES

The Company uses cookies and similar technologies to enhance the User experience, analyze website usage, and provide targeted advertising. By using our website, you consent to the use of these technologies in accordance with our Cookie Policy.

X. AUTOMATED DECISION-MAKING

The Company does not engage in automated decision-making or profiling that significantly affects individuals, nor do we employ technologies that create legal consequences or similarly significant effects for Data Subjects based solely on automated processing.

XI. CHANGES TO THIS PRIVACY POLICY

The Company reserves the right to modify this Privacy Policy at any time, without prior notice. Changes will be posted on this page and will take effect immediately upon publication. It is the Data Subject's responsibility to periodically review this Policy for updates.

XII. CONTACT INFORMATION

For any questions, concerns, or requests regarding this Privacy Policy or your Personal Data, please contact our Data Protection Officer at:

Data Protection Officer
Conscious Beings AB
Email: Info@consciousbeings.life

XIII. SUPERVISORY AUTHORITY

Should you believe your privacy rights have been violated, you have the right to lodge a complaint with the Swedish Data Protection Authority (IMY) or any relevant Data Protection Authority in the EU.