Privacy Policy

Last updated:

1. Data Controller Information

The data controller responsible for your personal data under the General Data Protection Regulation (GDPR) and the Dutch Implementation Act (Uitvoeringswet Algemene verordening gegevensbescherming, UAVG) is:

Shinedyn
Ceintuurbaan 237HS, 1074 CX Amsterdam, Netherlands
Phone: +31 20 370 7873
Email: service@shinedyn.world
Website: https://shinedyn.world

For questions about how we process personal data, you may contact us using the details above. We do not use automated decision-making or profiling that produces legal or similarly significant effects.

2. Data We Collect

We may collect and process the following categories of personal data:

  • Contact Information: name, email address, and message content submitted through our contact form.
  • Technical Data: IP address, browser type and version, operating system, referring URL, pages visited, time and date of access, and time spent on pages.
  • Cookie Data: information collected through cookies and similar tracking technologies as described in our Cookie Policy.
  • Communication Data: records of correspondence when you contact us via email or phone.

3. Purposes of Data Processing

We process your personal data for the following purposes:

  • Responding to Inquiries: to process and reply to messages submitted through our contact form or sent via email (legal basis: consent, Article 6(1)(a) GDPR).
  • Service Provision: to schedule and deliver posture awareness coaching sessions (legal basis: performance of a contract, Article 6(1)(b) GDPR).
  • Website Operation: to ensure the proper technical functioning of our website (legal basis: legitimate interest, Article 6(1)(f) GDPR).
  • Analytics: to understand how visitors use our website and to improve our content and services (legal basis: consent, Article 6(1)(a) GDPR).
  • Legal Compliance: to comply with applicable legal obligations (legal basis: legal obligation, Article 6(1)(c) GDPR).

4. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Contact form submissions: retained for 12 months from the date of your inquiry, after which they are securely deleted.
  • Technical and analytics data: retained for a maximum of 26 months.
  • Communication records: retained for 24 months from the last interaction.
  • Cookie consent preferences: retained for 12 months.

When retention periods expire, data is securely deleted or anonymized in accordance with applicable regulations.

5. Your Rights Under GDPR and the UAVG

As a data subject in the Netherlands and the European Union, you have the following rights under the GDPR and the UAVG:

  • Right of Access (Article 15): you may request confirmation of whether we process your personal data and, if so, access to that data.
  • Right to Rectification (Article 16): you may request correction of inaccurate personal data without undue delay.
  • Right to Erasure (Article 17): you may request deletion of your personal data under certain circumstances.
  • Right to Restriction (Article 18): you may request that we restrict the processing of your data in specific situations.
  • Right to Data Portability (Article 20): where processing is based on consent or contract and carried out by automated means, you may request to receive your personal data in a structured, commonly used, machine-readable format, or have it transmitted to another controller where technically feasible.
  • Right to Object (Article 21): you may object to the processing of your personal data based on legitimate interests, including direct marketing. We will cease processing unless we demonstrate compelling legitimate grounds.
  • Right to Withdraw Consent (Article 7(3)): where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing prior to withdrawal. To withdraw consent for cookies, use the options described in our Cookie Policy.
  • Right not to be subject to automated decision-making (Article 22): we do not make decisions based solely on automated processing that significantly affect you.

To exercise any of these rights, please contact us at service@shinedyn.world. We will respond within one month, which may be extended by a further two months where necessary due to complexity; we will inform you of any extension and the reasons.

We may ask you to verify your identity before responding. There is no fee for exercising your rights unless a request is manifestly unfounded or excessive, in which case we may charge a reasonable administrative fee or refuse the request in accordance with the GDPR.

6. Data Sharing and Third Parties

We do not sell, trade, or rent your personal data to third parties. We may share data with:

  • Service providers (processors): hosting, email, analytics, and IT support providers who process data on our behalf under written data processing agreements (Article 28 GDPR).
  • Professional advisers: lawyers, accountants, or insurers where necessary and subject to confidentiality obligations.
  • Legal authorities: when required by law, regulation, court order, or legal process.

Any third-party processors we engage are required to maintain appropriate security measures, process data only according to our instructions, and assist us in fulfilling data subject rights. A list of processor categories is available on request.

7. International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If any data transfer outside the EEA occurs, we ensure adequate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

8. Data Security and Breach Notification

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, in line with Article 32 GDPR. These measures include:

  • Encryption of data in transit using SSL/TLS protocols.
  • Regular security assessments and updates.
  • Access controls limiting data access to authorized personnel only.
  • Secure data storage with regular backup procedures.

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the Autoriteit Persoonsgegevens within 72 hours where required, and inform you without undue delay when the breach is likely to result in a high risk to you.

9. Children's Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately so we can take appropriate steps.

10. Supervisory Authority and Complaints

We encourage you to contact us first if you have concerns about our data practices. If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP), the supervisory authority in the Netherlands under the UAVG:

Autoriteit Persoonsgegevens
Bezuidenhoutseweg 30, 2594 AV The Hague, Netherlands
Website: https://autoriteitpersoonsgegevens.nl

You may also seek a judicial remedy before the competent courts in the Netherlands.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We encourage you to review this page periodically. The "Last updated" date at the top indicates the most recent revision.

12. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Shinedyn
Ceintuurbaan 237HS, 1074 CX Amsterdam, Netherlands
Email: service@shinedyn.world
Phone: +31 20 370 7873