Detoxmystrengthi

Personal data · Transparency

Current as of

Privacy Policy

This Policy describes how Detoxmystrengthi collects, uses, stores, and protects personal data when you browse https://detoxmystrengthi.world/, purchase educational materials, or communicate with our Copenhagen studio. The website provides general informational content about stress balance programming only; it is not a clinical service. Content is presented to align with transparent, non-clinical advertising expectations in Denmark and the EU.

Controller in Denmark GDPR-aligned practices No sale of personal data

Section 01

Scope and roles

This Policy applies to Personal data processed through our public website, intake forms, email correspondence, calendar scheduling tools, video conferencing rooms we control, and cloud workspaces provisioned for paid engagements. If you participate as an employee of a corporate client, both your employer and our studio may act as independent controllers or joint controllers depending on the contract; the relevant agreement prevails for conflicting instructions.

Individuals who merely read articles without signing in leave fewer traces; submitting a contact form creates a record tied to the identifiers you volunteer. We do not operate a public social network and do not ask for government identification through the site.

Nothing in this Policy turns informational web pages into medical advice. Do not send symptom journals or diagnostic imagery unless a separate secure channel has been agreed in writing for a narrowly defined reason.

Section 02

Controller and representatives

The primary data controller is Detoxmystrengthi, registered for business correspondence at Vesterbrogade 6C, 1620 København, Denmark. We have not appointed an EU representative outside Denmark because our main establishment remains in Denmark; should expansion require an Article 27 representative, contact details will be posted here and in invoices.

For GDPR-related requests, email online@detoxmystrengthi.world with subject “Privacy request” or mail the postal address above. We may ask reasonable security questions to confirm identity before disclosing records. Authorized agents must provide signed authorization on letterhead or a power of attorney reference we can verify.

Section 03

Data we process

Identity and contact data may include your name, pronouns if you share them, organization, role, postal address, telephone number, email addresses, time zone, and language preference. Communication content includes free-text messages, optional attachments (kept only while relevant), notes from sessions when you purchase programs, and billing references. Technical data encompasses IP address, approximate region derived by the CDN, user agent string, device type, referring URL, interaction timestamps, and error logs. Financial data is limited to transaction references, last four digits of payment cards when provided by the processor, and accounting tax identifiers required on invoices.

Non-essential cookies or similar identifiers are placed only after you opt in through the cookie banner; local storage may remember your choices so the site need not interrupt you on every visit.

We avoid collecting special categories of data (for example detailed health history) through the marketing site. If you voluntarily disclose sensitive facts in an email, we treat the message with higher confidentiality and may delete exerpts unrelated to the contracted deliverable.

Voice or video recordings arise only when both parties document consent per engagement. Retention for coaching-style archives never exceeds the schedule in your statement of work unless law requires longer preservation.

Section 04

Purposes and legal bases

Responding to inquiries
Article 6(1)(b) for pre-contractual discussions or Article 6(1)(f) for legitimate interest in professional courtesy replies when no contract follows.
Contract performance
Article 6(1)(b) for delivering sessions, transferring learning assets, issuing credentials, and managing renewals.
Legal and tax compliance
Article 6(1)(c) for invoicing, VAT, sanctions screening where mandated, and responding to lawful requests from courts or data protection authorities.
Security monitoring
Article 6(1)(f) to defend networks against abuse, replay attacks, and credential stuffing attempts.
Optional analytics
Article 6(1)(a) consent collected via the cookie module; you may withdraw consent without detriment aside from losing aggregated insight features on our side.

Section 05

Retention and deletion

Marketing leads cooler than twenty-four months without a reply to our last good-faith message are erased or irreversibly anonymized, except where a narrow subset must persist for intellectual property assignments or warranty disputes. Completed contracts ordinarily remain seven years aligned with Danish bookkeeping expectations. Incident logs containing IP addresses rotate within ninety days unless a ticket remains open. Backup tapes roll forward on a staggered schedule; deletion from active databases may precede purging from cold backups by up to thirty days.

When you request erasure but statutory retention blocks complete deletion, we suppress further processing unrelated to compliance and confirm which categories must stay latent until the clock expires.

Section 06

Recipients and subprocessors

Categories of recipients include payment service providers, electronic signature vendors, email transport services, cloud file storage, calendar automation, webinar platforms, and accountants. Contracts contain data processing terms, confidentiality clauses, and audit cooperation language. We do not monetize mailing lists by selling them to third-party advertisers.

If we restructure through merger or asset sale, Personal data may transfer to a successor under safeguards requiring the same level of protection described here. You will receive prominent notice and opt-out choices where regulators expect them before the transfer affects you materially.

Section 07

International transfers

Data normally resides within the European Union or countries granted adequacy. When a U.S.-based vendor processes data, we rely on the EU-U.S. Data Privacy Framework certification where applicable or Standard Contractual Clauses supplemented by transfer impact assessments describing supplementary measures such as encryption in transit and role-based access control.

Section 08

Your rights and how to exercise them

Under the GDPR you may obtain confirmation of processing, receive a machine-readable copy of data you supplied where portability applies, rectify inaccuracies, demand erasure in defined circumstances, restrict processing while disputes resolve, object to reliance on legitimate interests, and not be subject to solely automated decisions producing legal effects. We respond within one month, extendable by two further months for complex requests, and communicate any delay with reasoning.

You may lodge a complaint with Datatilsynet at https://www.datatilsynet.dk/ or with the supervisory authority in your habitual residence. Exercising rights is free unless requests become manifestly unfounded or excessive.

Section 09

Security and breach notification

We maintain role-based access, strong password policies, multi-factor authentication for administrative consoles where available, vendor security reviews, periodic permission audits, and employee confidentiality training. Personal devices used under bring-your-own-device policies must enable disk encryption and remote wipe before accessing client workspaces.

Should a breach likely risk your rights, we notify Datatilsynet within seventy-two hours where feasible and inform affected individuals without undue delay when the risk is high. Notifications describe the incident nature, likely consequences, and remedial steps.

Section 10

Automation and profiling

We do not assign wellness scores through automated profiling on the public website. Email automation may tag records as “trial participant” or “alumni cohort” for internal routing; those labels are human-reviewed before outreach. If future products introduce analytics that qualify as profiling under GDPR Article 22, this Policy will spell out logic, significance, and human oversight steps before launch.

Section 11

Children and sensitive data

Programs are aimed at adults capable of entering contracts. If we learn we collected a minor’s data without appropriate authority, we delete it promptly after verifying the facts. Schools or youth organizations wishing to adapt materials must appoint a guardian institution that consents on behalf of participants.

Section 12

Changes and contact

Material updates receive a revised effective date at the top of this page and, where consent forms change, we email prior clients before the new terms govern ongoing services. Immaterial edits, such as typographical corrections or clarified subprocessors, may post without direct notice but remain chronologically discoverable through your saved PDF exports.

Questions about processing should be directed to online@detoxmystrengthi.world or +45 33 14 82 66. Keep requests concise; attach prior ticket numbers if you are following up on an active engagement.