Free Course About me Contact

Privacy Policy – The Spine Code

Effective Date: January 12, 2025

1. Introduction

The Spine Code ("we," "us," "our") values your privacy and is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR / AVG) and other applicable privacy laws.

This Privacy Policy explains:

  • What personal data we collect
  • How we use and store your data
  • Who we share it with
  • What rights you have

By using our services, you acknowledge that you have read and understood this policy.

2. Data Controller

Vitality with Kevin, trading as The Spine Code
BertHradisstraat 44, 6467 AXΒ 
Kerkrade, Netherlands
KvK: 75696622
Email: [email protected]

We are the data controller responsible for your personal data.

3. What Personal Data We Collect

We only process personal data that you voluntarily provide or that is automatically collected through your use of our services.

Data You Provide:

  • Name (first and last name)
  • Email address
  • Payment information (credit card details are processed securely by Stripe/PayPal; we do not store full card numbers)
  • Account login details (username, encrypted password)
  • Communication records (support emails, questions, feedback)
  • Billing address (for invoicing purposes)
  • Phone number (optional, only if provided for coaching sessions)

Data We Collect Automatically:

  • Usage data: Course progress, login times, pages visited, videos watched
  • Device information: IP address, browser type, operating system, device type
  • Cookies and tracking data: See Section 8 for details

Sensitive Data:

We do not intentionally collect sensitive personal data (such as health data, religious beliefs, or political opinions). However, if you voluntarily share such information in communications with us (e.g., describing health issues before a coaching session), we will handle it with extra care and confidentiality.

4. Purpose of Data Processing

We process your personal data for the following purposes:

a) Contract Performance (Legal Basis: GDPR Art. 6(1)(b))

  • Providing access to purchased products and services
  • Creating and managing your user account
  • Delivering course content and materials
  • Processing payments and generating invoices
  • Providing customer support

b) Legal Obligations (Legal Basis: GDPR Art. 6(1)(c))

  • Tax and accounting compliance (7-year retention for invoices under Dutch law)
  • Responding to legal requests from authorities

c) Legitimate Interest (Legal Basis: GDPR Art. 6(1)(f))

  • Improving our services and user experience
  • Analyzing usage patterns and course effectiveness
  • Preventing fraud and abuse
  • Protecting the security of our platform

d) Consent (Legal Basis: GDPR Art. 6(1)(a))

  • Sending marketing emails and newsletters (only if you've opted in)
  • Using marketing cookies and tracking (only with your explicit consent)

You can withdraw consent at any time by clicking "unsubscribe" in emails or adjusting cookie settings.

5. Who We Share Your Data With

We never sell your personal data to third parties.

We only share your data when necessary to provide our services or when legally required.

Third-Party Service Providers (Data Processors):

All our service providers are contractually bound to protect your data and comply with GDPR.

Provider Purpose Location
Kajabi Course hosting & platform USA (GDPR-compliant via SCCs)
Stripe Payment processing USA (GDPR-compliant)
PayPal Payment processing USA (GDPR-compliant)
Google Workspace Email & business communication USA (GDPR-compliant)
Google Analytics Website analytics (anonymized) USA

International Data Transfers:

Some of our service providers store data on servers outside the European Economic Area (EEA), particularly in the United States.

These transfers are protected by:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • GDPR compliance commitments from service providers
  • Adequate security measures

Legal Disclosures:

We may disclose your data if required by law or to:

  • Comply with legal processes (court orders, subpoenas)
  • Protect our rights, property, or safety
  • Prevent fraud or illegal activity

6. Data Retention

We retain your personal data only as long as necessary for the purposes stated above.

Retention Periods:

Data Type Retention Period
Account data While your account is active + 30 days after closure
Tax/billing data 7 years (required by Dutch tax law)
Marketing data Until you unsubscribe + 30 days
Course progress While you have access to the course
Support communications 2 years after last interaction

After these periods, data is permanently deleted unless longer retention is legally required.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or destruction.

Security Measures Include:

  • Encryption: Data is encrypted in transit (SSL/TLS) and at rest
  • Access controls: Only authorized personnel have access to personal data on a need-to-know basis
  • Secure servers: Hosted by GDPR-compliant providers with high security standards
  • Regular backups: To prevent data loss
  • Security monitoring: Continuous monitoring for suspicious activity

However, no system is 100% secure. While we take all reasonable precautions, we cannot guarantee absolute security. You are responsible for keeping your login credentials confidential.

8. Cookies & Tracking Technologies

This website uses cookies to ensure proper functionality and improve user experience.

Types of Cookies We Use:

1. Strictly Necessary Cookies (No Consent Required)

  • Essential for website operation (login, navigation, security)
  • Cannot be disabled without affecting functionality

2. Functional Cookies (No Consent Required)

  • Remember your preferences (language, settings)
  • Improve user experience

3. Analytical Cookies (Consent Required)

  • Google Analytics (anonymized) to understand website usage and improve content
  • Help us see which pages are most visited and how users navigate

4. Marketing Cookies (Consent Required)

  • Facebook Pixel, Google Ads (only if you consent)
  • Used for retargeting and measuring ad effectiveness

Managing Cookies:

You can manage your cookie preferences through:

  • Our cookie banner (appears on first visit)
  • Your browser settings (to block all cookies, though this may affect functionality)

For more details, see our separate Cookie Policy [link to cookie policy page].

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

βœ… Right of Access (Art. 15 GDPR)

Request a copy of all personal data we hold about you.

βœ… Right to Rectification (Art. 16 GDPR)

Correct any inaccurate or incomplete data.

βœ… Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)

Request deletion of your personal data (subject to legal retention obligations).

βœ… Right to Restriction of Processing (Art. 18 GDPR)

Limit how we use your data in certain circumstances.

βœ… Right to Data Portability (Art. 20 GDPR)

Receive your data in a structured, machine-readable format to transfer to another service.

βœ… Right to Object (Art. 21 GDPR)

Object to data processing based on legitimate interest (e.g., marketing).

βœ… Right to Withdraw Consent (Art. 7(3) GDPR)

Unsubscribe from marketing emails or withdraw cookie consent at any time.

βœ… Right Not to Be Subject to Automated Decision-Making (Art. 22 GDPR)

We do not use automated decision-making or profiling that significantly affects you.

How to Exercise Your Rights:

Send your request to: [email protected]

Include:

  • Your full name and email address used for your account
  • Clear description of your request
  • Proof of identity (to prevent unauthorized access)

Response Time: We will respond within 30 days (or 60 days for complex requests, with explanation).

No Fees: Exercising your rights is free, unless requests are manifestly unfounded or excessive.

Right to Lodge a Complaint:

If you believe we have violated your privacy rights, you have the right to file a complaint with:

Autoriteit Persoonsgegevens (Dutch Data Protection Authority)
🌐 www.autoriteitpersoonsgegevens.nl
πŸ“§ [email protected]

10. Children's Privacy

Our services are not intended for individuals under 18 years of age.

We do not knowingly collect personal data from minors without parental consent.

If you believe we have inadvertently collected data from a minor, please contact us immediately at [email protected], and we will delete it promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our practices
  • Legal or regulatory requirements
  • New features or services

The latest version will always be available on this page.

Significant changes will be communicated via:

  • Email notification to registered users
  • Prominent notice on our website

Last Updated: January 12, 2025

12. Contact Us

For questions, requests, or concerns about your personal data or this Privacy Policy:

πŸ“© Email: [email protected]
🌐 Website: www.thespinecode.com
πŸ“ Address:Β Berthradisstraat 44, 6467 AX Kerkrade, Netherlands

We aim to respond to all privacy inquiries within 2 business days.