Afroletics Privacy Policy

Last updated: [insert date]

This Privacy Policy explains how we process personal data when you visit our website, use our online offers or take part in Afroletics activities.

1. Controller and contact

The controller in the sense of the EU General Data Protection Regulation (GDPR) is:

Isaac Kyere GmbH
Katzlerstr. 15
10829 Berlin
Germany

E mail: [email protected]

You can contact us at this address for all questions regarding data protection.

2. What data we process

We only process personal data that is necessary for the purposes described below.

2.1 Website visit

When you visit our website, our system automatically records

  • IP address

  • date and time of access

  • pages viewed and files requested

  • amount of data transferred

  • browser type and version

  • operating system and device type

  • referrer URL

This data is technically necessary to display the website and to ensure stability and security.

2.2 Customer account and bookings

If you create or receive a customer account and book Afroletics offers, we process in particular

  • name

  • e mail address

  • password (stored only in encrypted form)

  • country and language

  • booked products and services

  • participation history (classes, events, trainings)

Without this data we cannot provide access to your account, bookings and digital content.

2.3 Payment data

Payments are processed through external payment providers and the Kajabi checkout system.

We receive and store only the information that is necessary to assign the payment to your booking, for example

  • payment status

  • payment method (for example card or PayPal)

  • part of the card number or transaction ID

We do not store full card or account numbers on our own servers. The responsible payment provider processes these as an independent controller or as a processor under its own data protection rules.

2.4 Communication and support

If you contact us for example by e mail, contact form or social media message, we process

  • your contact details

  • the content of your message

  • follow up information from the later communication

We use this data to process your request and for internal documentation.

2.5 Newsletters and marketing communication

If you subscribe to an Afroletics newsletter, we process

  • your e mail address

  • language and region, if provided

  • information about whether you open our mails or click on links (only if we use such tracking and if this is permitted)

We send newsletters only with your consent or based on a legal permission and you can unsubscribe at any time, for example via the link at the end of each mail.

2.6 Afroletics activities and events

For participation in classes, workshops, events and instructor trainings we process in particular

  • registration and booking data

  • attendance information

  • information related to your membership status (for example VIM or VIM plus)

  • information about your progress in trainings and certifications

If you sign a training liability waiver or other participation document, we process the information contained in this document.

2.7 Social media pages

We operate pages on social media platforms, for example Instagram or YouTube. When you visit these pages, the platform providers also process personal data in their own responsibility. The respective platform privacy policies apply.

3. Purposes and legal bases

We process your personal data on the following legal bases under the GDPR:

  • Contract performance and pre contractual steps (Art. 6(1)(b) GDPR)
    To provide our website, customer accounts, bookings, digital content, memberships and participation in Afroletics activities.

  • Consent (Art. 6(1)(a) GDPR)
    For example for newsletters, optional cookies or marketing tracking, where required. You can withdraw consent at any time with effect for the future.

  • Legal obligations (Art. 6(1)(c) GDPR)
    For example to comply with tax, commercial and other regulatory requirements.

  • Legitimate interests (Art. 6(1)(f) GDPR)
    For example to ensure IT security, prevent misuse, improve our offers, respond to enquiries from interested persons and maintain our social media presence. We pay attention to a fair balance between our interests and your rights.

4. Cookies and analytics

Our website and the services we use may work with cookies and similar technologies.

  • Technically necessary cookies are needed to operate the website, keep you logged in and provide the shopping cart and checkout functions. These cookies are set based on our legitimate interest in a functional website.

  • Additional cookies for statistics, performance or marketing are only used if you have given consent through a cookie banner or similar solution, where this is required by law.

Details about the cookies used, their providers and storage periods are provided in a separate cookie notice or in the cookie banner.

If we use web analytics tools, we do so to better understand how our website is used and to improve it. Where possible, we use pseudonymisation and shorten IP addresses.

You can control the use of cookies through your browser settings and through the consent tools we provide. If you block or delete cookies, this may limit the functionality of some services.

5. Recipients and data transfers

We only pass on your data to third parties if this is necessary for the purposes described above, if there is a legal obligation to do so or if you have given your consent.

Typical recipients are:

  • hosting and infrastructure providers

  • Kajabi as technical platform for the checkout and e learning areas

  • payment providers and banks

  • email and newsletter service providers

  • providers of video conferencing or livestream tools for online classes

  • IT service providers and consultants

Some of these service providers may be located outside the European Union or the European Economic Area. In this case we ensure that a suitable level of data protection is guaranteed, for example through standard contractual clauses of the EU Commission or an adequacy decision.

We do not sell customer data to third parties.

6. Storage duration

We store personal data only for as long as necessary for the respective purpose.

  • For customer accounts, we store your data for as long as the account exists and you have not requested deletion.

  • For contracts and bookings, we keep data for the duration of the contractual relationship and beyond for the periods required by tax and commercial law.

  • For newsletter mailing, we store your data until you unsubscribe or we discontinue the newsletter and then keep evidence of your consent for the statutory limitation period.

  • Server logs are usually stored for a short period for security and troubleshooting and then deleted or anonymised.

If the purpose ceases to apply and there are no legal retention obligations, we delete or anonymise the data.

7. Your rights

Under the GDPR you have the following rights in relation to your personal data:

  • Right to access: you can request information about what data we process about you.

  • Right to rectification: you can request correction of incorrect or incomplete data.

  • Right to erasure: you can request deletion of your data, for example if the data is no longer needed or has been processed unlawfully.

  • Right to restriction of processing: in certain cases you can request that we restrict processing.

  • Right to data portability: if we process data based on your consent or a contract and by automated means, you can request that we provide that data in a structured, commonly used and machine readable format.

  • Right to object: you can object to processing based on legitimate interests, for reasons arising from your particular situation. You can object to direct marketing at any time.

  • Right to withdraw consent: where processing is based on your consent, you can withdraw this consent at any time with effect for the future.

To exercise your rights, you can contact us at [email protected]. We may request additional information to confirm your identity.

You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged infringement. The supervisory authority responsible for us is currently the Berlin Commissioner for Data Protection and Freedom of Information.

8. Obligation to provide data

You are not legally obliged to provide personal data. However, some data is necessary in order to conclude a contract with us or to use specific features of the website.

If you do not provide the data we identify as required during registration, booking or checkout, we may not be able to provide the corresponding services.

9. Data security

We use appropriate technical and organisational security measures to protect your data against loss, misuse and unauthorised access. These measures are regularly reviewed and adapted in line with technological progress.

Access to customer accounts is protected by a password. You are responsible for keeping your password confidential and for choosing a secure password.

10. Changes to this Privacy Policy

We may adjust this Privacy Policy from time to time, for example if we introduce new services, use new providers or if legal requirements change.

The current version is always available on our website. If the changes are substantial, we will inform you in an appropriate way.