PPP !

# Privacy Policy **Flow with Sanna** Last updated: 2 January 2026 This Privacy Policy describes how Flow with Sanna ("we", "us", or "our") collects, uses, and discloses your personal data when you visit or use our website [https://impact.me/FlowwithSanna](https://impact.me/FlowwithSanna) (the "Site"), purchase our products or services, or otherwise interact with us (collectively, the "Services"). Flow with Sanna is based in Finland and complies with the EU General Data Protection Regulation (GDPR). --- ## 1. Who We Are (Data Controller) Flow with Sanna is the data controller responsible for your personal data. **Contact details:** Email: [[email protected]](mailto:[email protected]) Location: Finland If you have any questions about this Privacy Policy or how your data is handled, you may contact us using the details above. --- ## 2. Personal Data We Collect We collect personal data depending on how you interact with our Services. ### 2.1 Data You Provide to Us This may include: * Name * Email address * Billing address * Payment confirmation details (payments are processed by third-party payment providers; we do not store full card details) * Account login information (if you create an account) * Communications you send to us (e.g. emails, support requests, form submissions) ### 2.2 Data Collected Automatically When you use our Site, we may automatically collect: * IP address * Browser type and device information * Pages viewed and interactions with the Site * Referring URLs This data is collected through cookies and similar technologies. ### 2.3 Data from Third Parties We may receive personal data from trusted third parties such as: * Website and ecommerce platform providers (e.g. Shopify / Impact) * Payment processors (e.g. Stripe, PayPal) * Email marketing providers * Analytics providers All third-party data is handled in accordance with this Privacy Policy. --- ## 3. Legal Basis for Processing (GDPR) Under GDPR, we process your personal data on the following legal bases: * **Contractual necessity:** to provide purchased products or services * **Consent:** for email marketing and optional cookies * **Legal obligation:** to comply with accounting and tax laws * **Legitimate interest:** to operate, improve, and secure our Services You may withdraw consent at any time by contacting us or using unsubscribe links in our emails. --- ## 4. How We Use Your Personal Data We use your personal data to: * Provide and deliver our digital programs, memberships, classes, and services * Process payments and manage transactions * Communicate with you about your purchases or inquiries * Send marketing emails (only if you have opted in) * Improve and optimize our website and offerings * Maintain security and prevent fraud --- ## 5. Cookies and Tracking Technologies We use cookies and similar technologies to: * Ensure the Site functions correctly * Remember your preferences * Analyze website usage and performance * Support marketing and advertising (where applicable) You can manage or disable cookies through your browser settings. Please note that disabling cookies may affect Site functionality. For Shopify-related cookies, see Shopify’s cookie policy. --- ## 6. Sharing Your Personal Data We may share your personal data with: * Service providers who help us operate our business (e.g. payment processing, hosting, email delivery, analytics) * Platform partners such as Shopify or Impact * Legal or regulatory authorities when required by law We do **not** sell your personal data. --- ## 7. International Data Transfers Some of our service providers are located outside the European Economic Area (EEA). When personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission. --- ## 8. Data Retention We retain personal data only for as long as necessary to: * Fulfill the purposes described in this Privacy Policy * Comply with legal and accounting obligations * Resolve disputes and enforce agreements --- ## 9. Your Rights Under GDPR If you are located in the EU or EEA, you have the following rights: * Right to access your personal data * Right to correct inaccurate data * Right to request deletion of your data * Right to restrict or object to processing * Right to data portability * Right to withdraw consent at any time * Right to lodge a complaint with a supervisory authority In Finland, the supervisory authority is the **Office of the Data Protection Ombudsman**. To exercise your rights, please contact us at [[email protected]](mailto:[email protected]). --- ## 10. Children’s Data Our Services are not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us so we can delete it. --- ## 11. Security We take reasonable technical and organizational measures to protect your personal data. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security. --- ## 12. Third-Party Links Our Site may contain links to third-party websites or platforms. We are not responsible for the privacy practices or content of those third parties. Please review their privacy policies separately. --- ## 13. Changes to This Privacy Policy We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. The updated version will be posted on this page with a revised "Last updated" date. --- If you have any questions about this Privacy Policy, please contact us at **[[email protected]](mailto:[email protected])**.