Understand how your information is collected, used, and processed.
This policy governs how personal data is collected, used, and processed by Kat Michaels and explains how personal data is used by third parties associated with Kat Michaels.
Data Collected, Used, and Processed
I collect, use, and process the personal data of my visitors and clients such as name, email address, and other details with the consent of the visitor or client and/or for the fulfillment of a contract that is entered into with Kat Michaels. I may also use the personal data of my visitors and clients as necessary to fulfill my legitimate interests, providing that those interests are not outweighed by my visitors’ interests, rights, and freedoms. Joining my mailing list, asking about my services, or otherwise submitting a query through my Web site at katmichaels.net constitutes consent. I make every attempt to limit the information gathered at each step to ensure the maximum amount of privacy for each of my visitors and clients.
When a client schedules a session, joins a program, or engages in another service with me, I collect information that is necessary to communicate with that client and to provide the service that is contracted for. Information collected may include the client’s name, email address, mailing address, telephone number, payment information, and related necessary information. Depending on method of payment, payment information may by default include a shipping address, even if that information is not strictly necessary for completion of the contract. Purpose, goals, and expectations for the session are also gathered for the purpose of contract fulfillment, and in some cases may include medical information that is considered sensitive data.
Retention and Sharing of Data
Data gathered is never sold or shared, except with third parties whom I rely upon to process the data for discrete and limited purposes. Third parties relied upon to process information for Web site content management, hosting, booking, database management, domain and email, email marketing, email communication, video meetings, cookies, analytics, and payment processing include WordPress, Memberpress, WPX Hosting, Book Like A Boss, Zapier, Airtable, Hover, Active Campaign, Zoom, Google Analytics, RankMath, PayPal, and Stripe.
Visitors and/or clients who contact me through Facebook, Instagram, or Messenger consent to the sharing of their data with Facebook and its subsidiaries; visitors and/or clients who contact me through Pinterest, Twitter, Minds, or Gab consent to the sharing of their data with those companies. Visitors and/or clients who contact me through Facebook, Instagram, Pinterest, or Twitter also consent to the sharing of their data with Hootsuite and Publer for communication and scheduling purposes. Contracts are prepared locally and are sent via email and/or uploaded to a client portal page on this Web site, at which point they can be downloaded.
If required for legal, tax, or similar purposes, data related to scheduling or payment processing may be released to courts; to necessary federal and state agencies; and/or to federal, state, and/or local tax authorities including the United States Internal Revenue Service and the Oregon Department of Revenue. If it is necessary for such data to be released, all steps will be taken to redact, exclude, and/or otherwise limit the data to just that data that I am legally required to provide or that is necessary for and relevant to the litigation, investigation, audit, or similar circumstances.
I do not retain payment data such as credit card numbers, expiration dates, and card security or verification codes, though these details may be retained by the payment processor depending on the payment processing method used and the permissions granted separately to that processor.
Data provided to me through this Web site or through any other method will remain confidential except as detailed in this section and except as otherwise required by law. Data will be released in the case that a visitor or client indicates an intention to harm him/herself or others; I am a mandatory reporter and am required to notify the proper authorities if any such indication exists. Data pertaining to client sessions, including sensitive data, is retained for five (5) years; data required for legal, tax, and similar purposes is retained for seven (7) years.
Client contracts, reports, and other data pertaining to client sessions are created and stored locally. Videos from coaching sessions, group programs, or other live meetings are created and stored via Zoom. Backups of data are made, encrypted, and stored through Carbonite. Email communications are excepted from this and are stored on my email server, which is owned by Hover; Facebook, Instagram, and Messenger messages are stored by Facebook and its subsidiary companies, as well as by Hootsuite. I occasionally contract with a Web designer and a programmer who have access to my Web site data. These contractors do not have access pertaining to email lists, client records, payment data, or sensitive data.
Individual Rights Pertaining to Stored Data
Should you prefer, you have the right to have your data modified, archived, and/or deleted depending on type of data and/or my legitimate use for the retention of such data. If you believe that any of the retained data is incorrect, such as name, email address, or other information, you may contact me with instructions regarding the information that you would like updated. In some cases, you may be required to verify information and/or provide corroborating paperwork before your information will be updated.
If you prefer to have your data archived and/or deleted, you may contact me using the information shown below. If a request for deletion of data is made, I will archive all data required to be retained for legal, tax, accounting, and related purposes, and I will delete all remaining data that is not required to be retained for such purposes. You will receive an email confirming the archival and/or deletion of your data.
Contact Information for GDPR Data Protection Officer
The GDPR Protection Officer can be reached using either of the following methods.
Attn: GDPR Protection Officer
1271 NE Hwy 99W #433
McMinnville, OR 97128
Last updated 1/22/2021