Privacy Policy

1. Data Controller

The data controller responsible for the processing of your personal data is:

Purifyvibrant
Vesleslåttvegen 19
3580 Geilo, Norway
Phone: +47 94 79 27 28
Email: assist@purifyvibrant.world

As the data controller, we determine the purposes and means of processing personal data collected through this website and in connection with our consulting, educational, and program services. If you have questions about this policy or wish to exercise your data protection rights, please contact us using the details above.

2. Scope of This Policy

This Privacy Policy applies to all personal data processed by Purifyvibrant in connection with:

• Visits to our website at purifyvibrant.world
• Submissions through our contact form
• Email, telephone, and in-person communications
• Purchases of educational products and enrollment in programs
• Consulting engagements and related contractual relationships
• Cookie and similar tracking technologies as described in our Cookie Policy

This policy does not apply to third-party websites linked from our pages. We encourage you to review the privacy policies of any external sites you visit.

3. Categories of Personal Data We Collect

3.1 Data You Provide Directly

When you interact with us, you may voluntarily provide the following categories of personal data:

• Identity data: Full name, job title, organization name
• Contact data: Email address, telephone number, postal address
• Communication data: Content of messages, inquiries, and correspondence
• Transaction data: Purchase history, payment references, billing information for educational products and consulting services
• Consent records: Documentation of your GDPR consent choices, including cookie preferences and contact form consent

3.2 Data Collected Automatically

When you visit our website, certain technical data may be collected automatically through cookies and similar technologies, subject to your consent where required:

• Technical data: IP address (anonymized where possible), browser type and version, operating system, device type
• Usage data: Pages visited, time spent on pages, referral source, click patterns
• Cookie data: Preferences stored in cookies and local storage as described in our Cookie Policy

3.3 Data We Do Not Collect

We do not intentionally collect special categories of personal data as defined under GDPR Article 9, including health data, biometric data, or information revealing racial or ethnic origin, political opinions, religious beliefs, or trade union membership. Our services focus on organizational team development and do not require or request such information. If you voluntarily share sensitive information in a message, we will delete it unless retention is legally required.

4. Purposes and Legal Bases for Processing

We process personal data only when we have a valid legal basis under GDPR Article 6. The table below outlines our primary processing activities:

• Responding to inquiries (Legal basis: Consent / Legitimate interest): When you submit our contact form or email us, we process your name, email, and message content to respond to your request. Contact form processing relies on your explicit consent via the GDPR checkbox. General email inquiries may be processed under legitimate interest in responding to business communications.
• Delivering services (Legal basis: Contract performance): When you engage our consulting services or purchase educational products, we process data necessary to fulfill our contractual obligations, including scheduling, delivery, invoicing, and account management.
• Website functionality (Legal basis: Legitimate interest / Consent): Strictly necessary cookies enable core site features. Analytics and marketing cookies require your consent before activation.
• Legal compliance (Legal basis: Legal obligation): We may process and retain data as required by Norwegian accounting law, tax regulations, and other applicable legal obligations.
• Improving our services (Legal basis: Legitimate interest / Consent): Aggregated, anonymized usage data helps us understand how visitors interact with our informational content. Individual tracking requires consent.

5. Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law:

• Contact form submissions: Retained for twelve months from the date of submission, unless an ongoing business relationship develops
• Client and contract data: Retained for the duration of the engagement plus five years to comply with Norwegian accounting and limitation period requirements
• Marketing consent records: Retained for as long as consent is active, plus three years after withdrawal for audit purposes
• Cookie consent preferences: Stored locally on your device and retained until you clear browser data or change preferences
• Server logs: Technical access logs retained for ninety days unless required for security incident investigation
• Invoicing and payment records: Retained for five years in accordance with the Norwegian Bookkeeping Act

When retention periods expire, personal data is securely deleted or anonymized so it can no longer be associated with an identifiable individual.

6. Data Sharing and Third Parties

We do not sell your personal data. We may share data with the following categories of recipients when necessary and proportionate:

• Service providers: Hosting providers, email delivery services, payment processors, and analytics platforms that process data on our behalf under written data processing agreements compliant with GDPR Article 28
• Professional advisors: Accountants, legal counsel, and auditors who are bound by confidentiality obligations
• Public authorities: When required by law, court order, or regulatory request

All third-party processors are selected based on their ability to provide appropriate technical and organizational security measures. Where data is transferred outside the European Economic Area, we ensure adequate safeguards such as Standard Contractual Clauses approved by the European Commission.

7. Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• HTTPS encryption for all data transmitted between your browser and our website
• Access controls limiting personal data access to authorized personnel with a legitimate need
• Regular review of security practices and software updates
• Secure storage of client files with encryption at rest where technically feasible
• Staff training on data protection principles and incident response procedures
• Documented procedures for identifying, reporting, and responding to data breaches within the 72-hour notification window required by GDPR

While we take reasonable precautions, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but commit to promptly addressing any identified vulnerabilities.

8. Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal data. You may exercise these rights by contacting us at assist@purifyvibrant.world:

• Right of access (Article 15): Request confirmation of whether we process your data and obtain a copy of the personal data we hold about you
• Right to rectification (Article 16): Request correction of inaccurate or incomplete personal data
• Right to erasure (Article 17): Request deletion of your personal data when it is no longer necessary, consent is withdrawn, or processing was unlawful
• Right to restriction (Article 18): Request that we limit processing of your data under certain circumstances
• Right to data portability (Article 20): Receive your data in a structured, commonly used, machine-readable format where processing is based on consent or contract
• Right to object (Article 21): Object to processing based on legitimate interests, including profiling and direct marketing
• Right to withdraw consent: Withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal
• Right to lodge a complaint: File a complaint with Datatilsynet, the Norwegian Data Protection Authority, at www.datatilsynet.no

We will respond to valid requests within one month of receipt. This period may be extended by two additional months for complex requests, in which case we will inform you of the extension and reasons within the initial month.

9. Children's Privacy

Our website and services are directed at organizations and adult professionals. We do not knowingly collect personal data from individuals under the age of 16. If we become aware that we have collected data from a minor without appropriate parental consent, we will take steps to delete that information promptly.

10. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects individuals. Any analytical tools we employ process aggregated, anonymized data and do not result in automated decisions about specific individuals.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or service offerings. Material changes will be communicated through a notice on our website. The effective date at the top of this page indicates when the policy was last revised. We encourage you to review this page periodically.

12. Contact for Privacy Matters

For any questions, concerns, or requests related to this Privacy Policy or our data processing practices, please contact:

Purifyvibrant — Privacy Inquiries
Vesleslåttvegen 19, 3580 Geilo, Norway
Email: assist@purifyvibrant.world
Phone: +47 94 79 27 28