Privacy Policy

01 Introduction

Glowrestore ("we," "us," or "our") operates a website and lifestyle coaching services focused on sleep education and habit formation. We respect your privacy and are committed to processing personal data lawfully, fairly, and transparently.

This Privacy Policy applies to all visitors of glowrestore.world, users who complete contact forms, clients who purchase coaching services, and anyone who otherwise interacts with us. It should be read together with our Cookie Policy and Terms of Use.

We may update this policy periodically. Material changes will be communicated through our website or, where appropriate, by direct notice to registered clients.

02 Data Controller

The entity responsible for your personal data is:

For privacy-specific inquiries, data subject requests, or complaints, please use the contact details above with the subject line "Privacy Request." We aim to acknowledge requests within five business days and respond fully within 30 days, as required by GDPR Article 12.

03 Information We Collect

We collect only information that is adequate, relevant, and limited to what is necessary for the purposes described in this policy.

3.1 Information you provide directly

• Contact details: name, email address, phone number (if provided), and message content submitted via our contact form.
• Coaching information: lifestyle habits, sleep routines, goals, and notes you voluntarily share during consultations.
• Account and billing data: payment-related identifiers processed by our payment providers (we do not store full card numbers).
• Communications: emails, support tickets, and feedback you send to us.

3.2 Information collected automatically

• Device and browser data: IP address, browser type, operating system, device identifiers, and language preferences.
• Usage data: pages visited, time on site, referral URLs, click patterns, and interaction with cookie banners.
• Cookie data: as described in our Cookie Policy and Section 12 below.

3.3 Information from third parties

We may receive limited data from analytics providers, payment processors, or scheduling tools solely to deliver services you have requested. We do not purchase marketing lists or obtain data from brokers without a lawful basis.

04 How We Use Your Information

We use personal data for the following purposes:

1. Service delivery: responding to inquiries, scheduling discovery calls, providing coaching sessions, and delivering educational materials.
2. Contract performance: processing bookings, invoices, refunds, and customer support related to paid programs.
3. Website operation: maintaining security, preventing fraud, debugging errors, and improving site performance.
4. Analytics (with consent): understanding how visitors use our site to improve content and user experience.
5. Legal compliance: meeting tax, accounting, and regulatory obligations; responding to lawful requests from authorities.
6. Legitimate interests: protecting our rights, enforcing terms, and conducting internal audits—balanced against your rights and freedoms.

We do not use your health information to make medical diagnoses, prescribe treatment, or replace professional healthcare. Our services are educational and coaching-oriented only.

05 Legal Basis for Processing

Under GDPR Article 6, we rely on the following legal bases:

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal. Where we rely on legitimate interests, you have the right to object as described in Section 9.

06 Sharing & Processors

We do not sell your personal data. We share information only in these circumstances:

• Service providers (processors): hosting, email delivery, payment processing, analytics (when consented), and scheduling tools bound by data processing agreements.
• Professional advisers: lawyers, accountants, or insurers under confidentiality obligations.
• Legal requirements: when required by law, court order, or to protect rights, safety, and property.
• Business transfers: in connection with a merger or acquisition, with notice where legally required.

All processors are required to implement appropriate security measures and process data only on our documented instructions.

07 International Transfers

Your data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA—for example, to cloud providers in the United States—we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs), adequacy decisions, or equivalent mechanisms approved under GDPR Chapter V.

You may request a copy of applicable safeguards by contacting us using the details in Section 15.

08 Data Retention

We retain personal data only as long as necessary for the purposes collected:

• Contact inquiries: up to 24 months after last communication, unless a coaching relationship continues.
• Client coaching records: duration of engagement plus 7 years for contractual and tax purposes.
• Marketing consents: until withdrawn or 24 months of inactivity.
• Server logs: typically 90 days unless required for security investigations.
• Cookie consent records: 12 months, then refreshed per our Cookie Policy.

When retention periods expire, we securely delete or anonymize data so it can no longer identify you.

09 Your Rights

If you are in the EEA, UK, or other jurisdictions with similar laws, you may have the following rights:

• Access: obtain confirmation and a copy of your personal data.
• Rectification: correct inaccurate or incomplete data.
• Erasure: request deletion where no compelling legal reason exists to continue processing.
• Restriction: limit processing in certain circumstances.
• Portability: receive data in a structured, machine-readable format where processing is automated and based on consent or contract.
• Objection: object to processing based on legitimate interests or for direct marketing.
• Withdraw consent: where processing is consent-based, without affecting prior lawful processing.

To exercise these rights, email us at service@glowrestore.world. We may need to verify your identity before fulfilling requests. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.

10 Children's Privacy

Our services are intended for individuals aged 18 and older. We do not knowingly collect personal data from children under 16 without verifiable parental consent. If you believe we have collected data from a minor, please contact us immediately and we will take steps to delete it.

11 Security Measures

We implement administrative, technical, and physical safeguards including encryption in transit (TLS/HTTPS), access controls, staff training, and regular review of our security practices. No method of transmission over the Internet is 100% secure; we cannot guarantee absolute security but strive to protect your data using industry-standard measures.

In the event of a personal data breach likely to result in risk to your rights, we will notify you and the relevant supervisory authority as required by GDPR Articles 33 and 34.

12 Cookies & Tracking

We use cookies and similar technologies as described in our Cookie Policy. Strictly necessary cookies operate without consent; analytics and marketing cookies require your opt-in via our cookie banner. You may change preferences at any time through browser settings or by clearing stored consent and revisiting our site.

13 Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you. Any analytics we perform is aggregate and does not determine individual eligibility for services.

14 Policy Updates

We may revise this Privacy Policy to reflect changes in law, technology, or our practices. The "Last updated" date at the top indicates the latest revision. Continued use of our website after changes constitutes acknowledgment of the updated policy where permitted by law.

15 Contact Us

For privacy questions, data subject requests, or concerns about this policy: