Privacy Policy

Privacy Policy (Harmonic Circle Academy)

Effective date: 29/01/2026
Last updated: 29/01/2026

This Privacy Policy explains how we collect, use, and protect personal data when you use www.harmoniccircleacademy.org (the “Website”), subscribe to our newsletter, apply to join our offerings, or share a testimonial.

If you are in the EU/EEA or UK, the main legal framework is the GDPR / UK GDPR (including the transparency requirements under Article 13).

1) Quick summary (human version)

  • We collect newsletter data (name, surname, email) via Brevo (double opt-in).
  • We collect application + scholarship form data via Google Forms.
  • We embed YouTube videos (which can trigger data transfer to Google/YouTube when loaded).
  • Bookings/payments happen on third-party platforms (e.g., Sutra, Cal.com) with Stripe handling payments on those platforms.
  • We do not run Google Analytics, ad pixels, remarketing, or profiling.
  • You can request access/deletion via info@harmoniccircleacademy.org and we answer within one month (GDPR standard)

2) Data Controller

Controller (Data Controller): Paolo Rivosecchi
Address: Via Sandro Pertini 10, Vistrorio, 10080, Italia
Email: info@harmoniccircleacademy.org
DPO: No Data Protection Officer appointed.

3) What personal data we collect

A) Data you actively provide

Newsletter (Brevo):

  • First name, last name, email address

Harmonic Circle Application (Google Forms):

  • Full name, email
  • Optional: phone/Telegram/WhatsApp, country/city
  • Timezone, preferred language, participation history (Relationships-Yoga Lab)
  • Motivation text, tier preference, optional “anything else”
  • Confirmation checkbox (“application, not automatic enrollment”)

Scholarship Application (Google Forms):

  • Full name, email, country/timezone, selected offering and desired start time
  • Scholarship range requested, contribution amount (number + currency)
  • Financial context (checkboxes) and short explanations
  • Motivation/commitment reflections, optional contribution ideas
  • Agreement checkbox (trust-based scholarship conditions)

Testimonials (only with explicit consent):

  • Typically name + statement (and optional details you approve)

B) Data collected automatically when you use the Website

  • Technical data (e.g., IP address, device/browser information, timestamps, server logs for security/availability)

4) Why we use your data (purposes) and legal bases

A) Newsletter communications

Purpose: send updates and information about HCA offerings
Legal basis: consent (GDPR Art. 6(1)(a))
Unsubscribe: anytime via the link in each email.

B) Applications, scholarship review, and participation administration

Purpose: review your application, contact you, and administer your participation (if accepted)
Legal basis: contract steps / performance of a contract (GDPR Art. 6(1)(b))

C) Community/service delivery operations

Purpose: communicate about participation logistics (e.g., suggested circle option, onboarding, essential operational messages)
Legal basis: contract (GDPR Art. 6(1)(b)) and/or legitimate interests where strictly necessary for operations

D) Security and integrity of the Website

Purpose: prevent abuse, ensure stability, investigate incidents
Legal basis: legitimate interests (GDPR Art. 6(1)(f))

E) Legal and accounting obligations

Purpose: comply with legal requirements (e.g., invoicing/tax record retention)
Legal basis: legal obligation (GDPR Art. 6(1)(c))

We do not use your data for profiling, automated decision-making with legal/significant effects, or targeted advertising.

5) Newsletter: Brevo (Sendinblue)

We use Brevo to manage newsletter subscriptions (double opt-in) and send newsletters. We also use Brevo’s standard performance metrics such as opens and clicks.

Unsubscribes / suppression (blocklist):
When you unsubscribe, your email is placed on Brevo’s blocklist so you are not contacted again. (This is a common “suppression” practice for compliance and deliverability.)

Brevo provides a Data Processing Agreement (DPA) framework for GDPR processing.

6) Forms: Google Forms

We use Google Forms to collect application and scholarship submissions. Submissions are accessed by our team only for review and administration.

Please avoid entering sensitive personal data (health/therapy notes, etc.) in free-text fields. (We do not request sensitive data via the Website or forms.)

7) External platforms for booking and payments (Sutra, Cal.com, Stripe)

Bookings and/or participation logistics may happen via third-party platforms such as Sutra and Cal.com, and payments are processed via Stripe within those platforms.

  • These providers may act as independent controllers for parts of their processing (especially payment and platform operations), under their own privacy policies.
  • We typically receive only the data necessary to manage participation (e.g., name, email, booking details, payment status, subscription status), depending on the platform settings.

(Where these providers process data outside the EEA/UK, see “International transfers” below.)

8) YouTube embeds

We embed YouTube videos on the Website. When a YouTube video is loaded, information (including technical identifiers) may be transmitted to Google/YouTube. Many organizations implement “privacy-enhanced mode” (youtube-nocookie) and/or a click-to-load solution via consent tools to reduce data transfer before you choose to play the video.

9) Cookies and consent

We use Complianz as our cookie consent tool. Non-essential services (e.g., video embeds that may set cookies/identifiers) should only be activated based on your consent choices.

You can change or withdraw your consent at any time via the cookie settings on the Website.

10) Who we share data with (recipients)

We share personal data only as needed to run the Website and provide our services. This may include:

  • SupportHost (website hosting)
  • Brevo (newsletter)
  • Google (Google Forms)
  • Sutra, Cal.com (external booking / membership management)
  • Stripe (payment processing via external platforms)
  • YouTube/Google (embedded videos)

We do not sell personal information and do not share it for cross-context behavioral advertising.

11) International transfers (worldwide audience)

Some providers may process data outside the EEA/UK (e.g., US-based infrastructure). Where required, transfers are protected using appropriate safeguards, such as:

  • Standard Contractual Clauses (SCCs), and/or
  • adequacy mechanisms such as the EU–U.S. Data Privacy Framework (DPF) (where a provider is certified).

Hosting note: SupportHost states its datacenters are located in Europe and the USA (exact location depends on your hosting configuration).

12) How long we keep data (retention)

We keep personal data only as long as needed for the purposes above:

Newsletter (Brevo):

  • Active subscription: stored until you unsubscribe
  • After unsubscribe: your email is kept on a suppression/blocklist to ensure you are not contacted again.

Applications and scholarship submissions (Google Forms / internal records):

  • While you are an active participant/member: stored for administration and service delivery
  • After you leave: we retain basic participation/contact data (full name, email, participation history) for 12 months.

Invoices/accounting records (Italy):

  • Retained according to Italian tax/accounting requirements (commonly 10 years under Italian Civil Code record-keeping norms).

Server/security logs:

  • Used for uptime/security monitoring and retained according to operational needs and provider settings.

13) Your rights (EU/EEA/UK and similar regimes)

Where GDPR/UK GDPR applies, you can request:

  • access, rectification, erasure, restriction
  • objection to processing (where applicable)
  • data portability (where applicable)
  • withdrawal of consent at any time (for consent-based processing)

How to exercise rights: email info@harmoniccircleacademy.org
Response time: within one month (in most GDPR cases).

Complaints: you can lodge a complaint with your local supervisory authority. If you are in Italy, you may also contact the Garante per la protezione dei dati personali.

14) Security

We apply appropriate technical and organizational measures (e.g., HTTPS, access control, password manager use, regular WordPress updates) to protect personal data.

15) Children

Our services are not directed to children, and we do not knowingly collect personal data from minors.

16) Changes to this policy

We may update this Policy to reflect operational or legal changes. The “Last updated” date indicates the most recent revision.

Regional addendum (worldwide audience)

A) United States (including California)

We do not sell personal information and do not share it for cross-context behavioral advertising (as those terms are used in some US state privacy laws). Because we do not run ad/remarketing tech, “opt-out of sale/share” mechanisms are generally not applicable in practice.

Requests: You can still ask for access/deletion via info@harmoniccircleacademy.org.

Global Privacy Control (GPC): If your browser sends GPC or similar signals, we will treat them as a request to opt out of any sale/share if such processing were ever introduced.

B) Other regions

If local law gives you additional rights (e.g., Brazil, Canada, Japan), you can exercise them through the same contact email, and we will handle requests according to the applicable requirements.