For Users in the EU, UK, and Switzerland (GDPR/UK GDPR)

We rely on the following legal bases to process your personal information:

•      Consent: Where you have given explicit permission for a specific purpose. You may withdraw consent at any time by contacting us.

•      Performance of a Contract: Where processing is necessary to fulfill our obligations to you or to take steps at your request before entering a contract.

•      Legitimate Interests: Where processing is reasonably necessary for our business interests, such as marketing, analytics, and improving our Services, provided these interests do not override your rights.

•      Legal Obligations: Where we must process data to comply with applicable law, respond to legal process, or defend legal claims.

•      Vital Interests: Where processing is necessary to protect the life or safety of any person.

For Users in Canada (PIPEDA)

We process your information with your express or implied consent, or where permitted by law without consent (for example, for fraud prevention, legal compliance, business transactions, or where data is publicly available).

4. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information. We may share your information in the following limited circumstances:

Service Providers

We share data with trusted third-party vendors who perform services on our behalf under written contracts that prohibit them from using your data for any other purpose. These include:

•      Billing & Payments: PayPal, Stripe

•      Appointment Scheduling: Acuity Scheduling (Squarespace)

•      Analytics: WordPress Stats

•      Video Communications: Zoom

Business Transfers

In the event of a merger, acquisition, sale of assets, or similar business transaction, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

Legal Requirements

We may disclose your information where required to do so by law, court order, or governmental authority, or where we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

5. COOKIES & TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies (such as web beacons and pixels) to maintain site security, save preferences, enable basic functions, and support analytics and advertising. Third-party service providers may also use these technologies on our Site to deliver personalized content and advertising.

To the extent that these technologies constitute a “sale” or “sharing” of data as defined under applicable US state laws, you may opt out as described in Section 12. For full details and opt-out instructions, see our Cookie Notice at tarotandyou.com/cookie-policy.

6. DATA RETENTION

We retain your personal information only as long as necessary to fulfill the purposes described in this Policy, or as required by law (such as for tax, accounting, or legal compliance). When we no longer need your information, we will delete or anonymize it. If deletion is not immediately possible (such as data in backup archives), we will securely isolate the data until deletion is possible.

7. DATA SECURITY

We have implemented reasonable technical and organizational security measures to protect your personal information. However, no internet transmission or electronic storage is 100% secure. While we do our best to protect your data, transmission of personal information to and from our Services is at your own risk. You should only access our Services within a secure environment.

8. CHILDREN’S PRIVACY

We do not knowingly collect, solicit, or market to individuals under 18 years of age (or the equivalent minimum age in your jurisdiction). By using our Services, you represent that you meet this age requirement. If we learn that we have collected personal information from a minor, we will promptly deactivate the account and delete the data. If you believe we have collected data from a minor, please contact us at info@tarotandyou.com.

9. YOUR PRIVACY RIGHTS

EEA, UK, Switzerland & Canada 

If you are located in these regions, you may have the right to:

•      Access and obtain a copy of your personal information

•      Request correction or deletion of your personal information

•      Restrict or object to our processing of your personal information

•      Request data portability (where applicable)

•      Not be subject to solely automated decision-making that produces significant effects

To exercise these rights, contact us using the details in Section 13. If you are in the EEA or UK and believe we are unlawfully processing your data, you may lodge a complaint with your local data protection authority. Swiss residents may contact the Federal Data Protection and Information Commissioner.

Withdrawing Consent

Where we rely on your consent to process your information, you may withdraw it at any time by contacting us. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal.

Marketing Opt-Out 

You may unsubscribe from marketing emails at any time by clicking the unsubscribe link in any marketing email or by contacting us directly. You will still receive essential service-related communications.

Account & Data Requests

To review, update, or delete your account information, contact us using the details in Section 13 or visit https://tarotandyou.com/contact. Upon a valid deletion request, we will deactivate your account and remove your data from active systems, subject to any legal retention obligations.

Cookies

Most web browsers accept cookies by default. You may set your browser to refuse or remove cookies, though this may affect certain features of our Site. See our Cookie Notice for details: tarotandyou.com/cookie-policy.

10. DO-NOT-TRACK SIGNALS

Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature. Because no uniform standard for recognizing DNT signals currently exists, we do not respond to DNT signals at this time. If a binding standard is adopted in the future, we will update this Policy accordingly.

California law requires us to disclose our DNT practices. As noted above, we do not respond to DNT signals at this time.

11. u.s. STATE PRIVACY RIGHTS

If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have additional rights under applicable state privacy laws, including the right to:

•      Know whether we are processing your personal data

•      Access your personal data

•     Correct inaccuracies in your personal data

•      Request deletion of your personal data

•      Obtain a copy of personal data you previously shared with us

•      Non-discrimination for exercising your privacy rights

•      Opt out of targeted advertising, sale of personal data, or profiling for significant decisions

Depending on your state, additional rights may apply, including rights related to access of data categories, third-party disclosure lists, profiling review, and sensitive data limitations. See applicable state laws for details.

personal Information Categories (Past 12 Months)

The table below reflects categories of personal information as defined under California and other applicable US state privacy laws:

How to Exercise Your U.S. State Rights 

Our Site may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites and encourage you to review their privacy policies before providing any personal information.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The updated version will be indicated by a revised date at the top of this page. For material changes, we will provide notice by posting a prominent notice on our Site or by emailing you directly. We encourage you to review this Policy periodically. 

Email: info@tarotandyou.com

Website: https://tarotandyou.com/contact