PRIVACY POLICY - BLENDINGMIND (UK&EU)

1. Data Controllers

Blendingmind UK Ltd
124 City Road, London, EC1V 2NX, United Kingdom
Email: blendingmindukltd@gmail.com

David Schiesser (Sole Trader)
Business address: Available upon request
Email: mediumdavidschiesser@gmail.com

These entities act as joint data controllers, determining the purposes and means of processing personal data. Responsibilities are defined internally in accordance with Article 26 GDPR and can be provided upon request.

Summary:

• Website operation and marketing activities are jointly determined by Blendingmind UK Ltd and David Schiesser (Sole Trader).
• Booking and service-related personal data are controlled by the entity providing the respective service (as confirmed in your booking).
• Mandatory consumer protection rights under local law remain unaffected, regardless of UK law.
• All legal disputes relating to this Privacy Policy are subject to the courts of England and Wales, without prejudice to mandatory consumer protections in other jurisdictions.

2. Data Collection

We may collect and process:

• Identity data: Name
• Contact data: Email address
• Payment-related data: Transaction references, proportional calculations (no full card details stored)
• Technical data: IP address, browser, operating system
• Usage data: Pages visited, interactions
• Communication data: Messages via contact forms
• Subscription data: Newsletter sign-ups

We do not knowingly collect special category data or data from children under 13 (UK) / 16 (EU).

3. How We Collect Data

Website contact forms (processed via Formspree, acting as data processor)
Newsletter forms
Direct emails
Manual payment interactions (PayPal, Wise, Bank transfer)
Automated technologies (cookies, server logs)

All booking and service-related data is collected manually via email or secure contact form submission.

Form submissions are transmitted securely to Formspree, which processes the data solely on our behalf in accordance with a Data Processing Agreement where legally required.

3A. Processing via Contact & Booking Forms

When you submit a contact or booking form through our website, the information is transmitted securely and processed on our behalf by Formspree (data processor).

Categories of data processed:

• Name
• Email address
• Booking details
• Message content
• IP address and technical metadata

Processing purposes:

• Managing booking requests
• Contract initiation and performance
• Invoicing
• Fraud prevention and IT security

Legal basis:

• Contract (Article 6(1)(b) GDPR)
• Legitimate interest (Article 6(1)(f) GDPR)
• Consent where required

No automated decision-making under Article 22 GDPR takes place.

4. Purpose & Legal Basis

Purpose                                         Legal Basis

Website operation & security   Legitimate interest

Responding to enquiries          Legitimate interest

Newsletter                                    Consent

Payment processing                 Contract

Analytics & performance          Consent (where applicable)

Legal compliance                       Legal obligation

5. Cookies

Essential cookies: required for secure website functionality, including contact form submission.

Analytics cookies: only activated where consent is provided.

Our contact forms are processed via Formspree. Formspree may use strictly necessary technical mechanisms (including security-related cookies or similar technologies) to:

• Prevent spam and abuse
• Ensure secure form transmission
• Maintain technical integrity of submissions

These mechanisms are classified as strictly necessary under applicable European regulations.

No marketing or behavioural tracking cookies are deployed via Formspree.

Our contact forms are technically processed via Formspree. Formspree may use strictly necessary security-related technologies to ensure secure and spam-protected form submission. These are classified as essential technical mechanisms.

6. Newsletter

• Opt-in (double opt-in)
• IP and timestamp logged
• Unsubscribe anytime via email link
• Data stored only while subscription is active

7. Payments

• Manual via PayPal, Wise, or Bank transfer
• No full card data stored
• PayPal and Wise act as independent controllers
• Payment data may be used for calculating charges within the statutory withdrawal period
• 
  

8. Data Sharing

We may share personal data with:

• GoDaddy (hosting provider – data processor)
• Formspree (form processing provider – data processor)
• Newsletter service providers (data processors)
• PayPal / Wise (independent data controllers)
• Legal or regulatory authorities where required by law

All processors are contractually bound to comply with applicable data protection laws, including GDPR and UK GDPR.

Where personal data is transferred outside the UK, EU, or Switzerland, appropriate safeguards are implemented, including:

• EU Standard Contractual Clauses (SCCs)
• UK International Data Transfer Agreement (IDTA) or Addendum
• Equivalent safeguards under Swiss law

9. International Data Transfers

• Adequacy decisions
• EU Standard Contractual Clauses (SCCs)
• UK International Data Transfer Agreement (IDTA)
• Supplementary measures if required

10. Data Retention

• Contact enquiries: up to 12 months
• Newsletter: until consent withdrawn
• Server logs: up to 30 days
• Transaction & service data: per legal retention and service delivery requirements

11. Automated Decisions & AI

No automated decisions or profiling under Article 22 GDPR.

12. Your Rights

• Access, Rectification, Erasure
• Restriction, Portability, Object
• Withdraw consent anytime

Requests via contact emails above.

13. Complaints

• UK ICO (Information Commissioner’s Office)
• Supervisory authority in your EU Member State, including Germany

14. Data Security

Technical & organizational measures protect personal data from unauthorized access, loss, misuse.

15. Changes

Policy may be updated; latest version always on this website.

16. No Permanent Establishment Representation

The use of third-party technical service providers, including hosting or form processing services, does not constitute the establishment of a permanent establishment, branch, or fixed place of business in any jurisdiction.