Privacy Policy

Last Updated: March 14, 2026

1. Introduction and Controller Identity

This Privacy Policy explains how Inner Haven Meditation (“we”, “our”, or “us”) collects, uses, and safeguards personal data when you visit our website and use our educational resources. The website provides information about online meditation programs and mindfulness education designed for everyday life. We aim to present information in clear language and to give you meaningful choices about cookies and communications.

Data Controller: G & F Beheer B.V., Meerum Terwogtlaan 219, 3056 PP Rotterdam, Netherlands. Contact: [email protected]. If you contact us about privacy, please include sufficient details to help us identify you and the nature of your request. This Policy applies to personal data processed through our site and related contact channels. It does not cover third-party websites you may access through links on our pages.

2. Personal Data We Collect

We collect only the data needed to operate our website, respond to inquiries, and improve the clarity and usefulness of our educational materials.

• Identity and contact data: name, email address, and phone number if voluntarily provided in a contact form or email.
• Form content: program of interest, preferred contact method, and any free‑text comments you share about schedules, expectations, or questions.
• Technical data: IP address, browser type, device/OS information, language, and general location derived from IP (city/region level), which may be collected via standard server logs or analytics tools if you consent.
• Usage data: pages visited, time on page, referring URLs, click paths, and interactions with on‑site elements (e.g., buttons, forms) for improving usability and content clarity.
• Cookies and identifiers: essential cookies that keep the site functioning, optional analytics cookies, and optional marketing identifiers as described in Section 4.
• Conversion events: non‑sensitive indicators such as successful form submissions to evaluate the effectiveness of our information architecture.

We do not intentionally collect special‑category data (health, religion, political opinions), financial account details, or government identification numbers through this site. Please do not include sensitive information in free‑text fields.

3. Why We Process Personal Data and Legal Bases

• Responding to inquiries and providing information: We process contact and form data to answer your questions and share program details. Legal bases: performance of a contract or steps prior to entering into a contract (GDPR Art. 6(1)(b)) and, where applicable, your consent (Art. 6(1)(a)).
• Analytics (optional): With your consent (Art. 6(1)(a)), we analyze aggregated usage patterns to improve content clarity and navigation. IP addresses may be anonymized or truncated where supported.
• Marketing/remarketing (optional): With your consent (Art. 6(1)(a)), we may use marketing cookies to understand interest in specific pages and to measure campaign performance.
• Security and fraud prevention: We maintain server logs and employ protective measures based on our legitimate interests (Art. 6(1)(f)).
• Legal obligations: We may retain limited data necessary to comply with legal, tax, or regulatory requirements (Art. 6(1)(c)).

Automated decision‑making: We do not conduct automated decision‑making or profiling that produces legal or similarly significant effects (GDPR Art. 22).

4. Cookies and Similar Technologies

Cookies are small files placed on your device. We also may use tags or identifiers that help measure page usage. You can manage your preferences at any time using the “Manage cookie preferences” link in our footer or the cookie banner when it appears. Our cookie categories are:

• Essential: required for basic site functions (e.g., session continuity and recording consent). Examples: _site_session (session), cookie_consent (12 months). These operate without additional consent.
• Analytics (consent): used to evaluate site performance and navigation. Examples include Google Analytics 4 identifiers: _ga (2 years), _ga_XXXXXXXXXX (2 years). Data retention for reporting may be set to 14 months.
• Marketing (consent): used to measure advertising effectiveness and, where applicable, to build remarketing or similar audiences. Examples: _gcl_au (90 days), _fbp (90 days), _fbc (90 days when a click identifier is present).

For detailed information about cookie lifespan and management, please refer to our Cookie Policy. You may also adjust browser settings to block or delete cookies. Some features may not function if essential cookies are disabled.

5. Consent, Withdrawal, and Regional Notices

Visitors in the EEA and UK will see a consent interface. Analytics and marketing cookies are disabled until you grant explicit consent. Your selections are stored in the cookie_consent cookie for up to 12 months. You can withdraw or change consent at any time by using “Manage cookie preferences” in our footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.

6. Sharing with Service and Advertising Partners

We do not sell personal data. We share limited data with service providers who help us operate the website, deliver communications, secure infrastructure, and measure performance. These providers are bound by contracts that restrict their use of the data and require appropriate protections.

• Google LLC: Google Analytics 4, Google Ads, and tag delivery services may receive cookie identifiers, page paths, referrers, device data, and conversion events subject to consent. See Google’s Privacy Policy at policies.google.com/privacy.
• Meta Platforms, Inc.: Meta Pixel and related services may receive page view and conversion data, as well as hashed identifiers, where activated by consent. See Meta’s Privacy Policy at facebook.com/privacy/policy.
• Cloud providers and content delivery networks: These may process IP addresses to protect against threats and to deliver content efficiently.

We may disclose information if required by law, regulation, or legal process, or to protect the rights, property, or safety of users and the public.

7. International Data Transfers

When personal data is transferred outside the EEA/UK (for example, to the United States for Google or Meta), we rely on appropriate safeguards such as the EU‑US Data Privacy Framework and its UK Extension, and, where necessary, Standard Contractual Clauses (EU 2021/914) or the UK IDTA. We assess transfer risks and implement supplementary measures where appropriate.

8. Data Retention

• Contact and inquiry data: generally retained for up to 2 years from last interaction to manage follow‑ups and audit trails.
• Analytics reporting data: typically 14 months, with cookie identifiers per their own lifetimes.
• Marketing identifiers: retained in line with their cookie lifetimes (e.g., 90 days for _gcl_au, _fbp, _fbc).
• Server logs: commonly up to 90 days unless needed longer for security or investigation.
• Consent records: up to 3 years for compliance and audit.
• Legal/tax records: per applicable law (often 6–10 years).

9. Your Rights

Subject to regional laws, you may have rights to access your data, correct inaccuracies, request deletion, restrict or object to processing, and receive a copy of data you provided in a portable format. If processing is based on consent, you may withdraw consent at any time. To exercise any rights, email [email protected] with details that help us verify your identity and locate your records.

You may also lodge a complaint with your local supervisory authority. For the EU, see the European Data Protection Board; for the UK, visit the Information Commissioner’s Office (ICO). We appreciate the opportunity to address concerns directly before you escalate them.

10. Children

Our website and educational materials are intended for general audiences and are not directed at individuals under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data to us without appropriate authorization, please contact us so we can delete it promptly.

11. Do Not Track

Some browsers offer a “Do Not Track” (DNT) signal. Our website does not respond to DNT signals. Consent tools and browser privacy settings provide more reliable control over cookies and similar technologies used on this site.

12. Account and Data Deletion Requests

We do not operate customer accounts on this site. If you have submitted personal data via a form and would like it deleted, email [email protected] with the subject line “Data Deletion Request” and provide the email and any other identifiers you used. After verifying your identity, we will delete eligible data within 30 days unless retention is required by law. We may keep minimal records solely to demonstrate compliance with your request.

13. Business Transfers

If our business undergoes a reorganization, merger, acquisition, asset transfer, financing, or insolvency event, personal data may be transferred to a successor entity subject to this Policy. If a change in ownership leads to material changes in how data is used, we will post a notice on the website and, where appropriate, seek renewed consent.

14. California Privacy Notice (CCPA/CPRA)

If you are a California resident, the following applies in addition to this Policy. We collect the following categories of personal information, which we disclose to service providers for business purposes: identifiers (e.g., name, email, IP, device identifiers); internet or network activity information (e.g., page views, interactions); and inferences drawn from usage for advertising effectiveness. We do not sell personal information as defined by the CCPA. We may “share” personal information for cross‑context behavioral advertising where marketing cookies are consented to. You have rights to know, delete, correct, and opt out of sale/sharing. To submit a request, email [email protected] with the subject “California Privacy Request.” We will verify your identity before fulfilling a request. You will not be discriminated against for exercising your rights. Authorized agents may act on your behalf if they provide written authorization and we can verify your identity directly.

15. Virginia Privacy Notice (VCDPA)

If you are a Virginia resident, you may have rights to access, correct, delete, or obtain a copy of personal data you provided, and to opt out of targeted advertising. We do not sell personal data and do not engage in profiling that produces legal or similarly significant effects. To submit a request, email [email protected] with the subject “Virginia Privacy Request.” If we deny your request, you may appeal by emailing us within 30 days with the subject “Appeal of Refusal — Privacy Request.” If unresolved, you may contact the Virginia Attorney General’s office.

16. Nevada Privacy Notice

Nevada residents may submit a verified request to opt out of any sale of personal information under Nevada Revised Statutes Chapter 603A by emailing [email protected] with the subject “Nevada Do Not Sell Request.” We do not currently sell personal information as defined by Nevada law.

17. Changes to This Policy

We may update this Policy to reflect changes in law, technology, or our services. Material changes will be announced via a notice on our homepage at least 14 days before they take effect. The “Last Updated” date at the top of this page will always show the most recent revision. We encourage you to review this page periodically to stay informed about how we protect personal data.

18. Contact

If you have questions about this Privacy Policy or how we handle personal data, please contact us:

• Legal entity: G & F Beheer B.V.
• Address: Meerum Terwogtlaan 219, 3056 PP Rotterdam, Netherlands
• Email: [email protected]

Additional Details About Cookies and Your Choices

To adjust your preferences, click “Manage cookie preferences” in the footer. The panel lets you enable or disable analytics and marketing categories. Selecting “Reject Non‑Essential” will keep only essential cookies active and attempt to clear common analytics or marketing cookies if present. Please note that third‑party providers may set cookies after you visit external websites; our controls apply to cookies set on our domain.

You may also use browser controls: clearing cache and cookies, enabling private browsing modes, limiting third‑party cookies, or installing vendor‑provided opt‑out tools (for example, Google’s Analytics opt‑out add‑on). For a comprehensive overview of our cookies and retention periods, visit the Cookie Policy.

Fair and Educational Use

Our programs and materials are educational and do not provide medical, psychiatric, psychological, or therapeutic services. We avoid prescriptive claims and do not promise specific outcomes. Any reflections or testimonials presented on the site are illustrative of individual experiences and should not be taken as predictive. If you require professional healthcare advice, please seek the guidance of a qualified practitioner.