Understand how your information is collected, used, and processed.
This policy governs how personal data is collected, used, and processed by Kat Michaels and explains how personal data is used by third parties associated with Kat Michaels.
Data Collected, Used, and Processed
I collect, use, and process the personal data of my visitors and clients such as name, email address, and other details with the consent of the visitor or client and/or for the fulfillment of a contract that is entered into with Kat Michaels. I may also use the personal data of my visitors and clients as necessary to fulfill my legitimate interests, providing that those interests are not outweighed by my visitors’ interests, rights, and freedoms. Joining my mailing list, asking about my services, or otherwise submitting a query through my Web site at katmichaels.net constitutes consent. I make every attempt to limit the information gathered at each step to ensure the maximum amount of privacy for each of my visitors and clients.
When a client schedules a session with me, I collect information that is necessary to communicate with that client and to provide the service that is contracted for. Information collected may include the client’s name, email address, mailing address, telephone number, payment information, date of birth, place of birth, time of birth, and related necessary information. Depending on method of payment, payment information may by default include a shipping address, even if that information is not strictly necessary for completion of the contract. Purpose, goals, and expectations for the session are also gathered for the purpose of contract fulfillment, and in some cases may include medical information that is considered sensitive data.
Retention and Sharing of Data
Data gathered is never sold or shared, except with third parties whom I rely upon to process the data for discrete and limited purposes. Third parties relied upon to process information for Web site content management, hosting, booking, domain and email, email marketing, email communication, cookies, analytics, and payment processing include WordPress, WPX Hosting, Book Like A Boss, Hover, Active Campaign, Google Analytics, PayPal, Stripe, and Wix. Those visitors and/or clients who contact me through Facebook, Instagram, or Messenger also consent to the sharing of their data with Facebook and its subsidiaries as well as with Hootsuite for communication and scheduling purposes. Contracts are prepared locally, uploaded to, and signed through PandaDoc. If required for legal, tax, or other similar purposes, data related to scheduling or payment processing may be released to courts, to necessary federal and state agencies, and/or to federal, state, and/or local tax authorities including the United States Internal Revenue Service and the Oregon Department of Revenue. I do not retain payment data such as credit card numbers, expiration dates, and card security or verification codes, though these details may be retained by the payment processor depending on the payment processing method used and permissions granted separately to that processor.
Data provided to me through this Web site or through any other method will remain confidential except as detailed in the paragraph above and except as otherwise required by law. Data will be released in the case that a visitor or client indicates an intention to harm him/herself or others; I am a mandatory reporter and am required to notify the proper authorities if any such indication exists. Data pertaining to client sessions, including sensitive data, is retained for three (3) years; data required for legal, tax, and similar purposes is retained for seven (7) years.
Client queries, reports, and other data pertaining to client sessions are stored locally and are not stored on the Cloud or via any Internet-based storage software. Email communications are excepted from this and are stored on my email server, which is owned by Hover; Facebook, Instagram, and Messenger messages are stored by Facebook and its subsidiary companies, as well as by Hootsuite. I contract with a marketing manager and Web designer who has access to my Web site data and email marketing lists, and I contract with a virtual assistant who has access to Hootsuite and inquiry emails. These contractors do not have access pertaining to client records, payment data, or sensitive data.
Individual Rights Pertaining to Stored Data
Should you prefer, you have the right to have your data modified, archived, and/or deleted depending on type of data and/or my legitimate use for the retention of such data. If you believe that any of the retained data is incorrect, such as name, email address, or other information, you may contact me with instructions regarding the information that you would like updated. In some limited cases, you may be required to provide corroborating paperwork before your information will be updated.
If you prefer to have your data archived and/or deleted, you may contact me using the information shown below. If a request for deletion of data is made, I will archive all data required to be retained for legal, tax, accounting, and related purposes, and I will delete all remaining data that is not required to be retained for such purposes. You will receive an email confirming the archival and/or deletion of your data.
Contact Information for GDPR Data Protection Officer
The GDPR Protection Officer can be reached using either of the following methods.
Attn: GDPR Protection Officer
1271 NE Hwy 99W #433
McMinnville, OR 97128