Amor Pachamama Website Data Collection and Privacy Policy.
 
Your privacy is important to us.
This Privacy Policy covers what we collect and how we use, disclose, transfer and store your information.

Contacts
If there are any questions regarding this Privacy Policy you may contact us using the information below.

Amor Pachamama

[email protected]

What information do we collect?
You may visit our site anonymously.
If you choose to register on our website, the following categories of data will be processed:

“Account data”
When you register for an account on our site, place an order or respond to a survey, basic contact details are collected such as your e-mail address, postal, address, phone number and other identifiable information.

“Medical History and Relevant Data”
As part of the onboarding process and to support any Services rendered to you, we shall ask you to submit confidential information about your past medical history so that we may properly coach you and recommend, or preclude, certain treatments in the future.

What do we use your information for?
Any of the information we collect from you may be used for one or more of the following purposes:
1. To personalize your experience (the information will help Amor Pachamama better respond to your individual needs);
2. To improve our website (Amor Pachamama continually strives to improve our website offerings based on the information and feedback we receive from our customers);
3. To identify you as a contracting party;
4. To enable secure login for you on our website;
5. To establish a primary channel of communication with you; and
6. To send periodic e-mails (The e-mail address you provide for order processing, may be used to send you information and updates pertaining to your engagement with Amor Pachamama.

Legal basis

EU General Data Protection Regulation (GDPR)
The processing of your data is either based on your consent or in case the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract, cf. GDPR art. 6(1)(a)-(b).

If the processing is based on your consent, you may at any time withdraw your consent by contacting us using the contact information in the contact clause above.

In order to enter into a contract regarding the purchase of Amor Pachamama, you must provide us with the required personal data. If you do not to provide us with all the required information, it will not be possible to deliver the Service.

California Online Privacy Protection Act Compliance
Because Amor Pachamama values your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute any personal information to outside parties without your consent except as stated in clause 7.

As part of the California Online Privacy Protection Act, all users of our website may make any changes to their information at any time by logging into their account and navigating to the “profile page”.

How do we protect your information?
Amor Pachamama implements the following technical, physical and organizational measures to maintain the safety of your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized use, unauthorized modification, disclosure or access and against all other unlawful forms of processing.

1. Availability
Our website utilizes the extensive features of the cloud environment to ensure high availability with a traffic manager for automatic geographical failover on data center level disasters.

No personal data is stored permanently outside Amor Pachamama’s cloud platforms. The physical security is thereby maintained by Amor Pachamama’s subcontractors.

2. Integrity
To ensure integrity, all data transits are encrypted to align with best practices for protecting confidentiality and data integrity. E.g. all supplied credit card information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway provider’s database only to be accessible by those who are authorized to access such systems and who are required to keep the information confidential.

3. Confidentiality
All personnel are subject to full confidentiality and any subcontractors and subprocessors are required to sign a confidentiality agreement if not full confidentiality is part of the main agreement between the parties.

Whenever personal data is accessed by authorized personnel the access is only possible over an encrypted connection. When accessing the data in a database, the IP number of the person accessing the data must also be pre-authorized to obtain access.

4. Transparency
Amor Pachamama will at all times keep you informed about changes to the processes to protect data privacy and security, including practices and policies. You may at any time request information on where and how data is stored, secured and used. Amor Pachamama will also provide the summaries of any independent audits of the Service.

5. Isolation
All access to personal data is blocked by default, using a zero privileges policy. Access to personal data is restricted to individually authorized personnel.

The overall responsibility for data security lies with Amor Pachamama’s Data Protection Officer who educates and updates all personnel on the data security measures outlined in Amor Pachamama’s security handbook and this Privacy Policy.

6. Monitoring
‍Amor Pachamama uses security reports to monitor access patterns and to proactively identify and mitigate potential threats. Administrative operations, including system access, are logged to provide an audit trail if unauthorized or accidental changes are made.

7. Personal Data breach notification
In the event that your data is compromised, Amor Pachamama will notify you and competent Supervisory Authority(ies) within 72 hours by e-mail with information about the extent of the breach, affected data, and Amor Pachamama’s action plan for measures to secure the data and limit any possible detrimental effect on the data subjects.

“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with your enrolment on this website.

8. Do we disclose any information to outside parties?
Amor Pachamama does not sell, trade or otherwise transfer to outside parties any personally identifiable information except to those licensed healthcare professionals who will be involved in any and all Services rendered to you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential.

We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property, or safety.

9. Legally required disclosure
Amor Pachamama will not disclose the customer’s data to law enforcement except when instructed by you or where it is required by law. When governments make a lawful demand for customer data from Amor Pachamama, Amor Pachamama strives to limit the disclosure. Amor Pachamama will only release specific data mandated by the relevant legal demand.

If compelled to disclose your data, Amor Pachamama will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.

10. Request for rectification, restriction or erasure of the personal data

Rectification
You may at any time obtain without undue delay rectification of inaccurate personal data concerning you.

Restriction of processing personal data
You may at any time request Amor Pachamama to restrict the processing of personal data when one of the following applies:

a.if you contest the accuracy of the personal data, for a period enabling Amor Pachamama to verify the accuracy of the personal data;
b.if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or
c.if Amor Pachamama no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims.

Erasure
You may without undue delay request the erasure of personal data concerning you, and Amor Pachamama shall erase the personal data without undue delay when one of the following applies:

a. if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b. if you withdraw your consent on which the processing is based, and where there is no other legal ground for the processing;
c. if you object to the processing in case the processing is for direct marketing purposes;
d. if the personal data have been unlawfully processed; or
e. if the personal data have to be erased for compliance with a legal obligation in EU or national law.

11. Data retention

Data retention policy
Your data shall be retained for up to five full fiscal years from completion of Services rendered to you.

Data retention for compliance with legal requirements
You cannot require Amor Pachamama to change any of the default retention periods.

12. Cooperation
Amor Pachamama will cooperate with you in order to ensure compliance with applicable data protection provisions, e.g. to enable you to effectively guarantee the exercise of data subjects’ rights (right of access, rectification, erasure, blocking, opposition), to manage incidents including forensic analysis in case of security breach.

13. Your consent
By using our site, you consent to this Privacy Policy.

14. Changes to our Privacy Policy
If we decide to change our Privacy Policy, we will post those changes on this page, and/or update the Privacy Policy modification date below.

This Privacy Policy was last modified on October 23, 2023