Privacy Policy

Last updated:

1. Introduction

This Privacy Policy describes how Flourishskeleton ("we," "us," or "our") collects, uses, stores, and protects personal data when you visit our website at flourishskeleton.world or interact with our outdoor nature education services. We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) where applicable, and other relevant international data protection laws.

By using our website or submitting information through our contact form, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please refrain from using our website or providing your personal data.

2. Data Controller Information

The data controller responsible for your personal data is:

  • Company Name: Flourishskeleton
  • Address: 799 Haight St, San Francisco, CA 94117, United States
  • Phone: +1 415-654-2661
  • Email: hello@flourishskeleton.world
  • Website: flourishskeleton.world

For any questions regarding this Privacy Policy or to exercise your data protection rights, please contact us using the information provided above.

3. Categories of Personal Data We Collect

We collect and process the following categories of personal data depending on how you interact with our website and services:

3.1 Data You Provide Directly

  • Contact Information: Name and email address submitted through our contact form.
  • Communication Content: The content of messages you send us, including inquiries about consulting services, educational products, or programs.
  • Consent Records: Records of your consent to data processing, including GDPR consent checkbox submissions and cookie preferences.

3.2 Data Collected Automatically

  • Technical Data: IP address, browser type and version, operating system, device type, and screen resolution.
  • Usage Data: Pages visited, time spent on pages, referral source, click patterns, and navigation paths within our website.
  • Cookie Data: Information stored through cookies and similar technologies as described in our Cookie Policy.

3.3 Data We Do Not Collect

We do not intentionally collect sensitive personal data such as health records, medical information, financial account details, government identification numbers, or biometric data. Our services are educational in nature and do not require such information. Please do not submit sensitive personal data through our contact form.

4. Purposes and Legal Bases for Processing

We process your personal data only for specific, legitimate purposes. The table below outlines our processing activities and their corresponding legal bases under GDPR Article 6:

4.1 Responding to Inquiries

Purpose: To read, process, and respond to messages submitted through our contact form.

Legal Basis: Legitimate interest (Article 6(1)(f)) in communicating with prospective clients and fulfilling information requests; consent (Article 6(1)(a)) where you have provided explicit GDPR consent via our contact form checkbox.

Data Used: Name, email address, message content, consent record.

4.2 Website Operation and Security

Purpose: To ensure the proper functioning, security, and stability of our website.

Legal Basis: Legitimate interest (Article 6(1)(f)) in maintaining a secure and functional online presence.

Data Used: Technical data, IP address, session information.

4.3 Analytics and Improvement

Purpose: To understand how visitors use our website and to improve content, navigation, and user experience.

Legal Basis: Consent (Article 6(1)(a)) obtained through our cookie consent mechanism for analytics cookies.

Data Used: Usage data, anonymized analytics data.

4.4 Marketing Communications

Purpose: To deliver relevant educational content and measure the effectiveness of our outreach efforts.

Legal Basis: Consent (Article 6(1)(a)) obtained through our cookie consent mechanism for marketing cookies.

Data Used: Usage data, cookie preferences, interaction data.

4.5 Legal Compliance

Purpose: To comply with applicable laws, regulations, and legal processes.

Legal Basis: Legal obligation (Article 6(1)(c)) and legitimate interest (Article 6(1)(f)).

Data Used: Any data necessary to fulfill legal requirements.

5. Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law. Our retention periods are as follows:

  • Contact Form Submissions: Retained for 24 months from the date of submission, after which they are securely deleted unless an ongoing business relationship exists.
  • Active Client Communications: Retained for the duration of the business relationship plus 36 months following the last interaction.
  • Cookie Consent Records: Retained for 12 months from the date consent was given or updated.
  • Analytics Data: Retained in anonymized or aggregated form for up to 26 months.
  • Server Logs and Technical Data: Retained for 90 days for security and troubleshooting purposes.
  • Legal Hold Data: Retained as long as required by applicable legal proceedings or regulatory requirements.

When retention periods expire, personal data is securely deleted or anonymized so that it can no longer be associated with an identifiable individual.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to third parties. We may share your data with the following categories of recipients only when necessary and under appropriate safeguards:

  • Hosting Providers: Companies that provide web hosting and infrastructure services necessary to operate our website. These providers process data on our behalf under data processing agreements.
  • Analytics Providers: Third-party analytics services that help us understand website usage, activated only with your consent through our cookie banner.
  • Email Service Providers: Services used to send and receive communications related to your inquiries.
  • Legal Authorities: Government bodies, courts, or law enforcement agencies when required by applicable law or valid legal process.

All third-party processors are contractually obligated to process personal data only according to our instructions and in compliance with applicable data protection laws. We require them to implement appropriate technical and organizational security measures.

7. International Data Transfers

Our website is operated from the United States. If you access our website from the European Economic Area (EEA), United Kingdom, or other regions with data protection laws, your personal data may be transferred to and processed in the United States or other countries that may not provide the same level of data protection as your jurisdiction.

Where international transfers occur, we implement appropriate safeguards including Standard Contractual Clauses approved by the European Commission, adequacy decisions where applicable, and supplementary measures to ensure your data receives an adequate level of protection.

8. Security Measures

We implement technical and organizational measures designed to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption for all data transmitted between your browser and our servers.
  • Access controls limiting personal data access to authorized personnel only.
  • Regular review of data processing practices and security procedures.
  • Secure storage of contact form submissions with restricted access.
  • Cookie consent management to ensure non-essential tracking occurs only with permission.
  • Procedures for identifying, reporting, and responding to potential data breaches.

While we take reasonable steps to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.

9. Your Rights Under GDPR and Applicable Laws

Depending on your location, you may have the following rights regarding your personal data:

  • Right of Access: Request confirmation of whether we process your personal data and obtain a copy of that data.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data when it is no longer necessary, when you withdraw consent, or when processing is unlawful.
  • Right to Restriction: Request that we limit processing of your personal data under certain circumstances.
  • Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible.
  • Right to Object: Object to processing based on legitimate interests, including profiling and direct marketing.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: File a complaint with a supervisory authority in your country of residence if you believe your data protection rights have been violated.

To exercise any of these rights, contact us at hello@flourishskeleton.world or +1 415-654-2661. We will respond to your request within 30 days as required by GDPR, or within the timeframe specified by applicable local law. We may need to verify your identity before processing your request.

10. California Consumer Privacy Rights

If you are a California resident, you may have additional rights under the CCPA, including the right to know what personal information we collect, the right to delete personal information, the right to opt out of the sale of personal information, and the right to non-discrimination for exercising your privacy rights. We do not sell personal information as defined by the CCPA.

11. Children's Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us immediately.

12. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. All decisions regarding responses to inquiries and service recommendations are made by human team members.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website after changes constitutes acknowledgment of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

  • Flourishskeleton
  • 799 Haight St, San Francisco, CA 94117, United States
  • Phone: +1 415-654-2661
  • Email: hello@flourishskeleton.world