Euthymia by Ana Lopes
chess_queen

Legal

Privacy Policy

Last updated: March 2025

1. Who controls your data

The data controller is Ana Lopes, operating as Euthymia.
Company Registration No.: [to be confirmed]
VAT No.: IE [to be confirmed]
Registered address: [to be confirmed], Ireland
Contact: info@liveeuthymia.com

2. What data we collect

  • Account data: name, email, phone number, address
  • Health data: health assessment forms (special category data under GDPR Art. 9)
  • Usage data: check-in history, class bookings, programme progress
  • Payment data: transaction records (card details processed by Stripe, never stored by us)
  • Communication data: emails and messages you send us
  • Technical data: IP address, browser type, device information (via analytics cookies if consented)

3. Legal basis for processing

  • Contract performance (Art. 6(1)(b)): to deliver the services you purchase
  • Legal obligation (Art. 6(1)(c)): financial records, tax compliance
  • Legitimate interests (Art. 6(1)(f)): improving services, preventing fraud
  • Consent (Art. 6(1)(a) and Art. 9(2)(a)): health assessment data, marketing emails, analytics cookies

4. How we use your data

  • Managing your membership and class bookings
  • Sending session reminders and programme updates
  • Processing payments via Stripe
  • Personalising coaching recommendations
  • Sending NPS surveys to improve our service (quarterly, to active members)
  • Complying with legal obligations

5. Who we share your data with

  • Supabase (EU region) - database and authentication hosting
  • Stripe - payment processing
  • Resend - transactional email delivery
  • Vercel - application hosting and analytics
  • Google - Maps autocomplete (location entry only, no personal data)

We do not sell your data to third parties.

6. Data retention

  • Account and activity data: retained while your account is active, then 2 years after cancellation
  • Payment records: 7 years (legal requirement)
  • Health assessments: duration of membership plus 1 year
  • Marketing consent records: until withdrawn plus 3 years

7. Your rights under GDPR

  • Access: request a copy of your personal data
  • Rectification: correct inaccurate data
  • Erasure: request deletion ("right to be forgotten")
  • Restriction: limit how we process your data
  • Portability: receive your data in a machine-readable format
  • Objection: object to processing based on legitimate interests
  • Withdraw consent: at any time where processing is consent-based

To exercise any right, email info@liveeuthymia.com. We will respond within 30 days.

8. Cookies

We use strictly necessary cookies for authentication, and optional analytics cookies (Vercel Analytics). See our Cookie Policy for full details.

9. Data transfers outside the EU

Some of our service providers (Stripe, Vercel, Resend) process data in the United States. These transfers are safeguarded by Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Complaints

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Irish data protection authority, the Data Protection Commission (DPC), at www.dataprotection.ie.