Privacy Policy

Last Updated: April 11, 2025

Welcome to SoulSync Lab (“we,” “us,” or “our”). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website https://www.soulsynclab.com/ (the “Website”) or use our services, including our contact form and mini-shop for course bookings. This policy complies with the General Data Protection Regulation (GDPR) and applicable Dutch data protection laws.

1. Controller Information

The data controller responsible for your personal data is:​

SoulSync Lab, Banu Sahan
Loes van Marlestraat, 11, 1382 ML, Weesp
Email: info@soulsynclab.com

If you have any questions about this Privacy Policy or our data practices, please contact us at the above email address.

2. Hosting and Domain

Our website is hosted by GoDaddy Operating Company, LLC, 2155 E. GoDaddy Way, Tempe, AZ 85284, USA. In the course of providing hosting services, GoDaddy may process personal data of website visitors, such as IP addresses, access data, and log files.

We have concluded a Data Processing Agreement (DPA) with GoDaddy in accordance with Article 28 GDPR. For data transfers to the United States, GoDaddy relies on the European Commission’s Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection.

Our domain is also registered with GoDaddy Operating Company, LLC. In this context, GoDaddy may process limited personal data related to domain registration, such as the registrant’s name and contact details, in accordance with GoDaddy’s Privacy Policy.

3. Personal Data We Collect

We collect personal data you provide directly, data collected automatically, and data from third parties, as described below:

3.1 Data You Provide

  • Contact Form: When you submit our contact form, we collect your name, email address, phone number, and any other information you choose to provide, e.g., your message content.
  • Shop for Course Bookings: When you book a course through our shop, we collect your name, email address, billing address, phone number, and payment details.
  • Payment Information: Payments are processed securely through WooCommerce Payments, supporting in-person payments, iDeal, Credit/Debit Cards, Google Pay, and Apple Pay. We do not store your full payment card details; these are handled by WooCommerce Payments or their payment processors (e.g., Stripe for Google Pay and Apple Pay). For in-person payments, we may collect limited data to confirm payment.

3.2 Data Collected Automatically

When you visit our Website, we may collect:​

  • Usage Data: IP address, browser type, operating system, pages visited, time spent on the Website, and referring URLs.
  • Cookies and Tracking Technologies: We use cookies and similar technologies to enhance your experience, analyze Website performance, and personalize content. For details, see below.

3.3 Cookies

Our websites use so-called “cookies.” Cookies are small data packages and do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored on your device until you delete them yourself or automatic deletion is carried out by your web browser.

Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party providers within websites (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. shopping cart functionality or video display). Other cookies may be used to analyze user behavior or for advertising purposes.

Cookies that are required to carry out the electronic communication process, to provide certain functions requested by you (e.g. shopping cart function), or to optimize the website (e.g. cookies for measuring web audiences) (necessary cookies) are stored on the basis of Article 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services.

If consent to store cookies and comparable recognition technologies has been requested, processing takes place exclusively on the basis of this consent (Article 6(1)(a) GDPR and Section 25(1) TDDDG); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

Which cookies and services are used on this website can be found in this privacy policy. You can manage cookie preferences through your browser settings or our Cookie Consent Tool.

4. Plugins and Tools

Wordfence

We use Wordfence on this website. The provider is Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter “Wordfence”).

Wordfence is used to protect our website from unwanted access or malicious cyberattacks. For this purpose, our website establishes a permanent connection to Wordfence servers so that Wordfence can compare its databases with access attempts made on our website and block them if necessary.

The use of Wordfence is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the most effective possible protection of its website against cyberattacks. If appropriate consent has been requested, processing takes place exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the Standard Contractual Clauses of the European Commission. Details can be found at: https://www.wordfence.com/help/general-data-protection-regulation/

Borlabs Cookie

Our website uses the consent technology of Borlabs Cookie to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document this consent in a data protection–compliant manner. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter “Borlabs”).

When you access our website, a Borlabs cookie is stored in your browser in which the consents you have given or the withdrawal of these consents are stored. These data are not passed on to Borlabs.

The collected data are stored until you request deletion, delete the Borlabs cookie yourself, or the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on data processing by Borlabs Cookie can be found at: https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/

The use of Borlabs Cookie Consent technology is carried out in order to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6(1)(c) GDPR.

Chatway Live Chat

We use the Chatway Live Chat service to communicate with website visitors in real time. The provider of this service is Chatway (Cloudflare Workers / third-party infrastructure; provider details according to Chatway’s Privacy Policy) (hereinafter “Chatway”).

When you use the live chat, personal data may be processed, including:

  • IP address
  • Date and time of access
  • Chat content and messages
  • Name and email address, if you voluntarily provide this information
  • Technical data such as browser type and operating system

The data is processed for the purpose of responding to inquiries, providing customer support, and improving our services.

The use of Chatway is based on our legitimate interest in efficient customer communication (Article 6(1)(f) GDPR). If consent is requested via our Cookie Consent Tool, data processing takes place exclusively on the basis of your consent (Article 6(1)(a) GDPR). Consent can be withdrawn at any time with effect for the future.

Chatway may use cookies or similar technologies to enable the live chat functionality. The chat service is only activated after you have given your consent via our Cookie Consent Tool (Borlabs Cookie), unless the chat is technically necessary for the requested communication.

Data may be transferred to third countries, in particular the United States. Such transfers take place on the basis of appropriate safeguards, such as the European Commission’s Standard Contractual Clauses, in accordance with Article 46 GDPR.

Chat conversations and related data are stored only for as long as necessary to process your request or to comply with statutory retention obligations and are then deleted.

Further information on data processing by Chatway can be found in Chatway’s Privacy Policy.

5. Analytics Tools and Advertising

Matomo

This website uses the open-source web analytics service Matomo.

With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This allows us, among other things, to find out when which page views were made and from which region they originate. We also record various log files (e.g. IP address, referrer, browsers used, and operating systems) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

The use of this analytics tool is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If appropriate consent has been requested, processing takes place exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

IP Anonymization

We use IP anonymization when analyzing with Matomo. This means that your IP address is shortened before analysis so that it can no longer be clearly assigned to you.

Cookie-Free Analysis

We have configured Matomo so that no cookies are stored in your browser.

Hosting

We host Matomo with the following third-party provider:

GoDaddy Operating Company, LLC, 2155 E. GoDaddy Way, Tempe, AZ 85284, USA

6. Purposes and Legal Bases for Processing

We process your personal data for the following purposes, based on the legal grounds outlined in the GDPR:​

  • To Provide Our Services (Art. 6(1)(b) GDPR): Processing your contact form submissions and course bookings, including payment processing, to fulfill our contract with you.
  • To Communicate with You (Art. 6(1)(b) and (f) GDPR): Responding to your inquiries and providing customer support, based on our legitimate interest in maintaining customer relationships.
  • To Improve Our Website (Art. 6(1)(f) GDPR): Analyzing usage data to enhance Website functionality and user experience, based on our legitimate interest in improving our services.
  • To Comply with Legal Obligations (Art. 6(1)(c) GDPR): Retaining certain data (e.g., transaction records) to meet Dutch tax and accounting requirements.
  • With Your Consent (Art. 6(1)(a) GDPR): Using non-essential cookies or sending marketing emails, where you have explicitly agreed.

7. Sharing Your Personal Data

We may share your personal data with:

  • Service Providers:

    GoDaddy: Hosts our Website and processes data for contact forms, shop functionality, and payments. Manages our domain registration and may process limited contact data.

  • Payment Processors: WooCommerce Payments and its partners (e.g., Stripe for iDeal, Google Pay, and Apple Pay) process payments securely.
  • Legal Authorities: If required by law, such as to comply with Dutch or EU regulations or respond to a court order.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to a successor entity, with appropriate safeguards.

8. International Data Transfers

Your data may be transferred to:​

  • USA: GoDaddy, using Standard Contractual Clauses or equivalent safeguards to ensure GDPR compliance.

9. Data Retention

We retain your personal data only as long as necessary:​

  • Contact Form Data: For 12 months after your inquiry, unless further communication is required.
  • Booking and Payment Data: For 7 years, as required by Dutch tax and accounting laws.
  • Usage Data: For 24 months, to analyze Website performance.

Data is securely deleted or anonymized once the retention period expires, unless further retention is legally required.

10. Your Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:​

  • Access: Request a copy of your data.
  • Rectification: Correct inaccurate data.
  • Erasure: Request deletion of your data, subject to legal obligations.
  • Restriction: Limit how we process your data in certain cases.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests, including marketing.
  • Withdraw Consent: Revoke consent at any time, where processing relies on consent.

To exercise these rights, contact us at info@soulsynclab.com. We will respond within one month, extendable by two months for complex requests. If you are unsatisfied with our response, you may lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at www.autoriteitpersoonsgegevens.nl.

11. Security Measures

We implement technical and organizational measures to protect your data, including:​

  • Encryption of data in transit (HTTPS) and at rest by GoDaddy.
  • Secure payment processing through WooCommerce Payments and its partners.
  • Regular security updates to our Website infrastructure.

Despite these measures, no online system is completely secure. We strive to protect your data but cannot guarantee absolute security.

12. Third-Party Links

Our Website may contain links to third-party websites, such as payment providers, or external websites. We are not responsible for their privacy practices. Please review their privacy policies before sharing personal data.

13. Children’s Privacy

Our Website and services are not directed to individuals under 16. We do not knowingly collect personal data from children. If you believe we have collected such data, please contact us to request its deletion.

14. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the updated policy on our Website with a revised “Last Updated” date. Please review this policy periodically.

15. Contact Us

For questions, concerns, or to exercise your data protection rights, please contact:

SoulSync Lab
Loes van Marlestraat, 11, 1382 ML, Weesp
Email: info@soulsynclab.com