01
Definitions
Key terms used in this policy are defined below to clarify how personal data and processing are described.
Personal data means any information relating to an identified or identifiable individual. Examples include name, contact details, job title and other information that can be linked to a natural person.
Processing refers to any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, erasure or destruction.
User refers to an individual who interacts with InnerMShift services, including program participants, registrants for events, and visitors to InnerMShift.club.
Service includes mindset development programs, digital resources, workshops, assessments and related communications provided by InnerMShift.
Cookies are small data files placed on a device to store information about a visit. They can enable core site functions, improve performance and support analytics.
02
Data collection
We collect information that is necessary to provide services, to communicate with individuals and to operate the website securely. Collection is limited to data relevant to those purposes.
03
User-provided data
Information you provide directly may include the items listed below when you register, sign up for communications, participate in programs or contact us.
- Full name and professional title
- Contact details including email address, postal address and telephone number
- Organisation name, role and industry sector
- Program-related information such as session feedback, assessment responses and learning preferences
- Billing and payment information when required to process transactions (collected via secure payment providers)
- Communications history, including support requests and correspondence with InnerMShift
04
Automatically collected data
When you visit InnerMShift.club or use our services, we may automatically collect technical and usage data to support operations and improve the experience.
- IP address and approximate geolocation derived from IP
- Device information such as browser type, operating system and device identifiers
- Usage data including pages visited, time on site, clicks and navigation paths
- Analytics data used to measure service performance and usage patterns
- Error and diagnostic logs related to service delivery
- Cookie identifiers and similar tracking vouchers
05
Third-party data
We may receive data about you from third parties where appropriate, for example when you use a third-party payment service or opt in via a partner platform.
- Payment processors supplying transaction confirmations and billing details
- Analytics providers supplying aggregated site usage data
- Professional networking platforms or referrals when you register using those services
06
Purposes of processing
Personal data is processed only for specified, legitimate purposes. The primary purposes include service delivery, administration and improvement.
- To register and manage participant accounts and program enrollments
- To deliver mindset development programs, materials and assessments
- To process payments and fulfil contractual obligations
- To respond to inquiries, provide support and handle communications
- To analyze service usage and improve program content and platform performance
- To send administrative messages and, where consent is given, marketing communications
- To detect, prevent and contribute security incidents and fraud
- To comply with legal obligations and to protect legal rights
07
Legal basis for processing
Where applicable law requires a legal basis for processing personal data, InnerMShift relies on one or more of the bases listed below depending on the context.
- Consent: where you have provided clear consent for a specific processing activity, such as receiving marketing communications.
- Contract performance: processing necessary to perform services or fulfil contractual obligations with a participant or partner.
- Legitimate interests: processing that is necessary for our legitimate interests in operating and improving the service, subject to balancing of interests.
- Legal obligation: processing required to comply with applicable laws or regulatory obligations.
08
Cookies and similar technologies
Cookies and similar technologies are used to provide core functionality, measure performance and, with consent where required, enable certain personalization and marketing features.
We use essential cookies required for site operation, analytics cookies to measure usage, functional cookies to remember preferences and, where applicable, marketing cookies to tailor communications.
Essential: support basic site functionality. Analytics: gather anonymous usage statistics. Functional: remember preferences. Marketing: enable targeted communications where consented.
You can manage cookie preferences via your browser settings and, where presented, through the cookie consent control on the site. Disabling certain cookies may affect site functionality.
Full Cookie Policy
09
Data sharing and disclosure
We share personal data only as necessary to deliver services, comply with obligations or where you have consented. Recipients are bound to protect personal data in line with this policy.
- Service providers who assist with hosting, payment processing, communications and analytics
- Professional advisers such as auditors, legal advisors and accountants where necessary
- Event partners and trainers engaged to deliver program components
- Authorities or regulators when required by law or to respond to lawful requests
- Acquirers or counterparties in the event of a corporate transaction, subject to confidentiality safeguards
- Affiliated organisations that support program delivery under contractual restrictions
10
International transfers
Personal data may be transferred to and processed in countries other than the country in which you reside. Such transfers are made where necessary for service delivery or where a third party processes data on our behalf.
When transfers occur, appropriate safeguards are implemented such as data processing agreements, standard contractual clauses, or transfer mechanisms recognized under applicable law. Technical measures, including encryption, are used where appropriate.
11
Data retention
We retain personal data only as long as necessary for the purposes described, and to satisfy legal, tax or accountability requirements.
Account and profile data are retained while your account is active and for a reasonable period thereafter to meet administrative, legal or security requirements, typically up to seven years for business records.
Communications and support correspondence are retained for a period necessary to address inquiries and to maintain service history, commonly up to three years unless otherwise required.
System logs and diagnostic data are retained for operational and security purposes, normally for a period such as 12 months, subject to adjustment for security incidents or legal requirements.
Upon valid requests for deletion, we will remove personal data held in active systems unless retention is necessary for legal compliance, legitimate business interests or to complete a transaction. Residual copies may remain in backups for a limited period.
12
Security measures
InnerMShift implements administrative, technical and physical safeguards to protect personal data from unauthorized access, loss or misuse. Security measures are reviewed periodically and updated as needed to reflect evolving risks.
- Encryption of data in transit using TLS and encryption of stored sensitive data where appropriate
- Access controls and role-based permissions to limit internal access to personal data
- Regular security assessments, patch management and staff training on data protection practices
13
Your rights
Depending on your jurisdiction and the applicable law, you may have rights in relation to your personal data. These rights can be exercised as described below.
- Right of access: obtain confirmation of processing and a copy of personal data held about you
- Right to rectification: request correction of inaccurate or incomplete data
- Right to erasure: request deletion of personal data where lawful grounds permit
- Right to restriction: request restriction of processing in certain circumstances
- Right to data portability: receive a copy of certain personal data in a structured, machine-readable format
- Right to object: object to processing based on legitimate interests or direct marketing
- Right to withdraw consent: where processing is based on consent, you can withdraw consent at any time
- Right to lodge a complaint with a supervisory authority if you consider your rights have been infringed
14
EU Data Protection (GDPR)
If you are located in the European Union or are an EU resident, the GDPR may apply to processing of your personal data by InnerMShift in certain circumstances.
Where GDPR applies, InnerMShift acts as a data controller for the personal data processed in connection with our services. The rights described in this policy reflect key GDPR rights available to EU data subjects.
- Access and transparency regarding the categories of personal data processed
- Rectification and erasure rights under applicable conditions
- Data portability for certain categories of data processed by automated means
- The right to restrict or object to processing in defined situations
If you consider your GDPR rights have not been respected, you may contact us or lodge a complaint with a relevant supervisory authority in your EU member state.
15
How to exercise your rights
To exercise your rights, contact us at [email protected] with a clear description of your request and sufficient information to verify your identity. We may request additional information to locate relevant records and to verify the requester.
[email protected]
We will review and respond to rights requests in accordance with applicable law. In most cases we aim to respond within 30 days; in complex cases or where verification is required, an extension may be necessary and we will communicate timelines.
16
Marketing communications
We may send marketing communications about events, programs or publications where you have opted in. Marketing processing is based on consent or legitimate interest as permitted by applicable law. You can manage preferences at any time.
To unsubscribe from marketing messages, use the unsubscribe link in the communication or contact [email protected]. Unsubscribe requests will be processed promptly and reflected across our systems.
17
Children's privacy
Our services are intended for professionals and are not directed to children under 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, contact [email protected] to request deletion.
18
Third-party links
The site may contain links to third-party sites and services that operate under their own privacy policies. This policy does not apply to the practices of external sites. Please review third-party privacy notices before providing personal data.
19
Changes to this policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be posted on InnerMShift.club with an updated effective date. Continued use of services after changes indicates acceptance of the revised policy.
