Privacy Policy

Last updated: [23/04/2025]

This Privacy Policy describes how and when Reiki Heaven (“I”, “me”, “my”) collects, uses, and shares information when you purchase an item, contact me, or use my services through https://www.reikiheaven.com.

By using my website or purchasing a service, you agree to this Privacy Policy. If you do not agree, please do not use my website or services.

1. Information I Collect

To fulfill your order or provide services, I may collect the following personal data:

  • Name

  • Email address

  • Postal address (if applicable)

  • Payment details (processed via third-party providers)

  • Details of the product/service you are ordering

  • Additional personal information you provide voluntarily (e.g., during direct communication or intake forms)

Squarespace may collect data automatically, such as IP addresses or browser information, in accordance with their Privacy Policy.

2. Legal Basis for Collecting and Using Information

Under the General Data Protection Regulation (GDPR), the legal bases I rely on include:

  • Contractual Necessity: To provide my services and fulfill your order.

  • Legitimate Interests: To improve my services, communicate with you, or enforce terms, provided your rights don’t override these interests.

  • Consent: For optional communications such as newsletters (you can withdraw consent at any time).

  • Legal Obligations: To comply with tax laws, court orders, or regulatory requirements.

3. How I Use Your Information

I use your personal information to:

  • Fulfill orders and provide services.

  • Communicate with you regarding orders or inquiries.

  • Comply with legal obligations (e.g., tax record-keeping).

  • Improve and personalize my services.

4. Information Sharing and Disclosure

I will not sell or rent your personal data. I share your information only in limited circumstances:

  • Service Providers: For hosting and payment processing (e.g., Squarespace, Stripe, PayPal). These providers have their own GDPR-compliant privacy policies.

  • Legal Compliance: When required by law, such as to respond to legal requests or prevent fraud.

  • Business Transfers: In the event of a business sale or merger, limited data may be transferred as permitted by law.

5. Data Retention

I retain your personal information only as long as necessary for:

  • Providing services.

  • Compliance with legal, tax, and regulatory obligations.

  • Resolving disputes and enforcing agreements.

Typically, I keep personal data for five (5) years unless longer retention is required by law.

6. International Data Transfers

Your information may be stored or processed outside of the EU, including in the United States, due to the use of Squarespace or other third-party providers.

  • Squarespace and other providers I use apply appropriate safeguards, including Standard Contractual Clauses (SCCs), for such transfers. Note: Privacy Shield is no longer valid under GDPR since July 2020 (remove this reference).

7. Your Rights under GDPR

You have the following rights:

  • Access: To know what personal data I hold about you.

  • Rectification: To correct inaccurate or incomplete data.

  • Erasure (“Right to be Forgotten”): To request deletion of your data in certain circumstances.

  • Restriction: To request limited processing of your data.

  • Objection: To object to processing based on legitimate interests or for direct marketing.

  • Data Portability: To request a copy of your data in a structured format.

  • Complaint: To lodge a complaint with a supervisory authority in your country.

You can exercise these rights by contacting me directly.

8. How to Contact Me

For data protection purposes, I, Maria Ilieva, am the data controller of your personal information. If you have questions or concerns, please contact me at:

Email: chaya.energy@gmail.com

9. Updates to This Policy

I may update this Privacy Policy from time to time. Changes will be posted on this page with the updated revision date. Please review it periodically.