Privacy policy.
Thank you for your interest in my Privacy Policy. This Privacy Policy applies to my website, www.nischa.me operated by me, Nischa (Nischa LLC, Business Center 1, M Floor, The Meydan Hotel, Nad Al Sheba, Dubai, U.A.E.) acting as the data controller, and the third parties I’m using to provide the website (“we”, “us”, “our”).
Background
This Privacy Policy describes our privacy practices in plain language, keeping legal and technical jargon to a minimum, to make sure you understand the information provided. However, to achieve this objective I would like to explain to you the following three concepts.
a) What is Personal Data? Personal Data is any information that relates to an identified or identifiable living individual. Different pieces of information, which are collected together can lead to the identification of a particular person and also constitute Personal Data.
b) What is Processing? "Processing" means and covers virtually any handling of data.
c) What law applies? I act as the data controller in accordance with the UK`s Data Protection Act (“DPA”) and the EU’s General Data Protection Regulation (“GDPR”).
General Principles
a) Purpose and legal basis of processing
In accordance with the Law No. 45 and GDPR we need to have both a purpose and a legal basis to process Personal Data. The purposes are:
providing the website and its functions and contents,
responding to contact requests and communicating with my clients, followers, and website users,
providing my services, quizzes, courses and
security measures.
Of course, we can only do that if we have at least one of the following legal bases or in other words lawful reasons to do so. Unless specifically described below, we typically link the above purposes to one of the following:
consent,
to fulfill our services and carry out contractual obligations,
to fulfill our legal obligations, and
to protect our legitimate interests.
b) Security
My website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, login data, or contact requests that you send to us. We have also implemented numerous security measures (“technical and organizational measures”) for example encryption or need-to-know access, to ensure the most complete protection of Personal Data processed through my website.
Nevertheless, Internet-based data transmissions can always have security gaps, so absolute protection cannot be guaranteed. In this sense, databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion.
Upon becoming aware of a data breach, I will notify all affected individuals whose Personal Data may have been compromised as expeditiously as possible after which the breach was discovered.
c) Retention and Storage
I retain your Personal Data as necessary in connection with the purposes described in this Privacy Policy.
d) Minors
I do not request Personal Data from minors and children and do not knowingly collect such data or pass it on to third parties.
e) Automated decision-making
Automated decision-making including profiling does not take place.
f) Do Not Sell
I do not sell your Personal Data.
g) Special Category Data
Unless specifically required and consent is obtained, for a particular service, I do not process special category data.
h) International Transfer
In the course of my website operation, we process data. We usually do not transfer Personal Data to countries outside the UK and the EEA. However, if we do, I will make sure that the processing of your Personal Data is governed by Processing Agreements that include Standard Contractual Clauses for a high level of data protection.
i) Sharing and Disclosure
We will not disclose or otherwise distribute your Personal Data to third parties unless this is a) necessary for the performance of my services, b) you have consented to the disclosure, c) or if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or other legal investigations or other legal proceedings at home or abroad or to fulfill our legitimate interests.
j) Marketing
If you have given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.
Direct Marketing generally takes the form of email but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe or opt out. The legal basis for processing is the initiation of a contract, our legitimate interest, and your consent.
k) Economic analyses and market research
For business reasons, we analyze the data we have on business transactions, contracts, inquiries, etc., whereby the group of persons concerned may include contractual partners, interested parties, customers, visitors, and users of our online offer.
The analyses are carried out for the purpose of business evaluations, marketing, and market research (e.g., to determine customer groups with different characteristics). The analyses serve us alone and are not disclosed externally unless they are anonymous analyses with summarised, i.e., anonymized values. Furthermore, we take the privacy of users into consideration and process the data for analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g., as summarised data). For further information, please also refer to my Cookie Policy.
Data collection and processing
a) Data that is collected automatically
i) Log files. Each time you visit my website, a number of general data and information is transmitted - even if you use my website for purely informational purposes. I only collect the general data and information that your browser transmits to my website’s server. This data and information collected are technically necessary for the display of my website to you and serve the stability, security, and danger or threat prevention in the event of attacks on my website, such as:
IP address
date and time of access to the website
type and version of browser used
operating system used and its interface
the website from which an accessing system arrives at my website (so-called referrer)
sub-websites that are accessed via an accessing system on my website,
Internet service provider of the accessing system.
This data is deleted after the storage is no longer necessary for error analysis or danger or threat prevention. The legal basis for this data processing is my legitimate interest. When analyzing these general data and information, I do not draw any conclusions about you as a data subject.
ii) Content Delivery Network. We use a Content Delivery Network (CDN) to distribute our online content. Our CDN is a network of regionally distributed servers of our technical service providers connected via the Internet. When our website is visited, your device`s browser transmits information to these service providers, which is collected in corresponding server log files. Server log files are generally anonymized and then transmitted without any personal reference. Server log files include, in particular, i) details of the browser and operating system used, ii) the previously visited pages (so-called referral URL), iii) the IP address of the device used, iv) the name of the Internet provider, as well as v) the date, time of all page views including the amount of data transmitted. The legal basis for processing is our legitimate interest.
iii) Content Management System. We use the Content Management System (CMS) of Squarespace, to publish and maintain the created and edited Content and texts on my website. This means that all content and texts submitted to us by users for publication is transferred to Squarespace. The legal basis for this processing is my legitimate interest.
iv) Cookies. We use so-called cookies on our website. Cookies are small text files that are stored on your respective device (PC, smartphone, tablet, etc.) and saved by your browser. For further information please refer to our Cookie Policy. The legal basis for the use of cookies is your consent as well as our legitimate interest.
v) When you watch my videos. On my website, we implement videos of the video portal "YouTube" of the company Google LLC. When you call up a page that has an embedded video, a connection is established to Google's servers, and in the process the content is displayed on the website by notifying your browser. According to Google's information, in "extended data protection mode" your data - in particular which of our Internet pages you have visited as well as device-specific information including the IP address - is only transmitted to the YouTube server in the USA when you watch the video. By clicking on the video, you consent to this transmission.
vi) reCAPTCHA. We also use Google’s reCAPTCHA from Google LLC to check whether data input is made by a human being or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. The legal basis for using reCAPTCHA is our legitimate interest.
b) Data from third-party sources
We may obtain data about you from third-party sources, such as from social networks, and other third parties. We may use this data to better analyze your user behavior to improve our ability to provide you with relevant marketing information and services and to prevent and combat fraud.
c) Data that is collected directly
i) Contacting me. If you contact me, your transmitted Personal Information will be automatically stored for the purpose of processing the request or replying to you. Data processing for the purpose of contacting me is carried out on the basis of your voluntarily given consent or the initiation of a contractual service.
ii) Social Media. I’m present on social media on the basis of my legitimate interest (currently YouTube, Instagram, TikTok, Facebook, Twitter, and LinkedIn). If you contact me via social media, I and the relevant social media platform are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. The legal basis is my legitimate interest, your consent, or, in some cases, the initiation of a contractual service, if any.
iii) Downloading my publications and resources
When you go ahead and download my publications and resources, your IP address is requested and logged for documentation purposes only. This is a mere technical process and is required to make my publications and resources available for download to your device or depending on your browser available for viewing. The legal basis for this storage is the provision of a contract and our legitimate interest.
iv) Courses
My courses are provided using the services of Podia Labs, Inc. In accordance with Podia Labs’ Privacy Policy, your data is stored at Podia Labs, in their databases and applications on a secure server with up-to-date security standards. The legal basis for the use of the Podia Labs service is the establishment and implementation of the user contract for the use of my courses.
It is also possible for you to register for an account. For this purpose, you can choose a password together with your e-mail address, both of which will enable you to log in more easily without having to enter your data again when you make a future purchase. We store the data you enter to set up a customer account through which your orders are recorded, executed, and processed. We will hold your data for further orders as long as you have your account with us. The legal basis for the data processing is our contract and the fulfillment of our legal obligations.
v) When using our services
The protection of your data is particularly important to me in the performance of my services. We therefore only want to process as much Personal Data (for example, your name, address, e-mail address, or telephone number) as is absolutely necessary. Nevertheless, we rely on the processing of certain personal data, in order to fulfill our contractual obligations to you or to carry out pre-contractual measures. This processing of personal data will always be carried out in accordance with Law No. 45 and the GDPR and in accordance with our separate privacy policy.
vi) Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks as well as the organization of our operations, and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are our legal obligations and our legitimate interest.
Cooperation with processors
We use content or service offers of third-party providers on the basis of my legitimate interests in order to integrate their content and services on my website. This usually requires that the third-party provider becomes aware of your IP address so that the content and services can be displayed on your device.
Google Fonts
We integrate the fonts of the provider Google LLC, whereby the user's data is used solely for the purpose of displaying the fonts in the user's browser. The integration is based on my legitimate interest in a technically secure, maintenance-free, and efficient use of fonts, their uniform display, and taking into account possible licensing restrictions for their integration. The legal basis for this processing is our legitimate interest.
Marketing
a) General Marketing
Insofar as you have also given me your consent to process your Personal Data for marketing and advertising purposes, I`m entitled to contact you for these purposes via the communication channels you have given your consent to.
b) Affiliate Marketing
I also participate in Affiliate Programs. Affiliate programs are designed to provide a means for website owners to earn advertising fees by advertising and linking. As such my website may contain affiliate marketing links, which means we may get paid commission on sales of those products or services I write about. You will never be charged a fee through one of my affiliate links, however, you may get a discounted rate of the relevant affiliate’s services and I will make a small commission. My editorial content is not influenced by advertisers or affiliate partnerships.
Your Rights and Privileges
a) Privacy Rights
You can exercise the following rights:
Right to information
Right to rectification
Right to object to processing
Right to deletion
Right to data portability
Right of objection
Right to withdraw consent
Right to complain to a supervisory authority
Right not to be subject to a decision based solely on automated processing
If you have any questions, please contact us.
b) Updating your information
If you believe that the information, I hold about you is inaccurate or request its rectification, deletion, or object to its processing, please do so by contacting me.
c) Withdrawing your consent
You can withdraw consent you have given at any time by contacting me.
d) Access Request
In the event you want to make a Data Subject Access Request, please contact us. I will respond to requests regarding access and correction as soon as reasonably possible. Should I not be able to respond to your request within thirty (30) days, I will tell you why and when I will be able to respond to your request. If I`m unable to provide you with any Personal Data or to make a correction requested by you, I will tell you why.
e) Complaint to a supervisory authority
You have the right to complain about our processing of Personal Data to a supervisory authority responsible for data protection. The supervisory authority in the UAE is: The UAE Data Office, (https://u.ae/).
Changes
I may update this Privacy Policy from time to time. If I make changes to this Privacy Policy or we materially change our use of your Personal Data, I will revise the Privacy Policy accordingly.
Questions?
If you have any questions about the processing of your Personal Data, please contact me.
Effective Date
This Privacy Policy was last updated on Wednesday, 13th September 2023.
Owner and Data Controller: Nisha Shah of 95 Marsh Ln, Edgware, Stanmore HA7 4TH