PRIVACY POLICY - BLENDINGMIND (UK&EU)

1. Data Controllers

Blendingmind UK Ltd
124 City Road, London, EC1V 2NX, United Kingdom
Email: blendingmindukltd@gmail.com

David Schiesser (Sole Trader)
Business address: Available upon request
Email: mediumdavidschiesser@gmail.com

These entities act as joint data controllers in accordance with Article 26 GDPR. All mandatory consumer protection rights under local law remain unaffected. Legal disputes are subject to the courts of England and Wales.

2. Data Collection

We may collect and process:

• Identity data: Name
• Contact data: Email address
• Payment-related data: Transaction references, proportional calculations (no full card details stored)
• Technical data: IP address, browser, operating system
• Usage data: Pages visited, interactions
• Communication data: Messages via contact forms
• Subscription data: Newsletter sign-ups

We do not knowingly collect special category data or data from children under 13 (UK) / 16 (EU).

3. How We Collect Data

We may collect personal data through the following channels:

• Website contact forms (processed via Formspree, acting as data processor)
• Newsletter sign-up forms
• Direct email communications
• Manual payment interactions (PayPal, Wise, or bank transfer)
• Manual invoicing and accounting administration using Xero
• Automated technical processes such as cookies and server logs

All booking and service-related data is collected manually via email or secure contact form submission.

Where a service is purchased, limited personal data necessary for invoicing and financial administration (such as name, email address, billing details, and transaction references) may be recorded within our accounting system Xero solely for financial administration, bookkeeping, and compliance with applicable tax and accounting obligations.

Form submissions are transmitted securely to Formspree, which processes the data solely on our behalf in accordance with a Data Processing Agreement where legally required.

3A. Processing via Contact & Booking Forms

When you submit a contact or booking form through our website, the information is transmitted securely and processed on our behalf by Formspree (data processor).

Categories of data processed:

• Name
• Email address
• Booking details
• Message content
• IP address and technical metadata

Processing purposes:

• Managing booking requests
• Contract initiation and performance
• Invoicing
• Fraud prevention and IT security

Legal basis:

• Contract (Article 6(1)(b) GDPR)
• Legitimate interest (Article 6(1)(f) GDPR)
• Consent where required

No automated decision-making under Article 22 GDPR takes place.

4. Purpose & Legal Basis

PurposeLegal BasisWebsite operation & securityLegitimate interestResponding to enquiriesLegitimate interestNewsletterConsentPayment processingContractAnalytics & performanceConsent (where applicable)Legal complianceLegal obligation

5. Cookies

• Essential cookies: required for site operation, hosting, and secure form submission (Formspree)
• Analytics cookies: only activated where consent is provided

Our website may embed YouTube videos using privacy-enhanced “nocookie” embeds (https://www.youtube-nocookie.com/embed/VIDEO_ID). YouTube may collect visitor information (IP address, browser, device, pages visited). Consent is required for cookies set by YouTube in EU jurisdictions.

6. Newsletter

• Opt-in (double opt-in)
• IP and timestamp logged
• Unsubscribe anytime via email link
• Data stored only while subscription is active

7. Payments

• Manual via PayPal, Wise, or Bank transfer
• No full card data stored
• PayPal and Wise act as independent controllers
• Payment data may be used for calculating charges within the statutory withdrawal period

8. Data Sharing

We may share personal data with the following service providers where necessary for the operation of our services:

• GoDaddy (website hosting provider – data processor)
• Formspree (secure form processing provider – data processor)
• Xero (cloud-based accounting and invoicing platform – data processor)
• Newsletter service providers where applicable (data processors)
• PayPal and Wise (independent payment data controllers)

Xero processes limited invoicing and accounting information on our behalf solely for bookkeeping, financial administration, and compliance with applicable tax and accounting regulations.

We may also disclose data to legal or regulatory authorities where required by law.

All processors are contractually bound to comply with applicable data protection legislation including the UK GDPR, EU GDPR, and related international data transfer safeguards.

9. International Data Transfers

• Adequacy decisions
• EU Standard Contractual Clauses (SCCs)
• UK International Data Transfer Agreement (IDTA)
• Supplementary measures if required

10. Data Retention

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations.

Typical retention periods include:

Contact enquiries: up to 12 months
Newsletter subscriptions: until consent is withdrawn
Server logs: up to 30 days
Transaction, invoicing, and service data: retained in accordance with applicable accounting and tax record-keeping obligations, typically between 6 and 10 years depending on jurisdiction.

11. Automated Decisions & AI

• No automated decisions or profiling under Article 22 GDPR.

12. Your Rights

• Access, Rectification, Erasure
• Restriction, Portability, Object
• Withdraw consent anytime

Requests can be sent to the emails listed in Section 1.

13. Complaints

• UK ICO (Information Commissioner’s Office)
• Supervisory authority in your EU Member State, including Germany

14. Data Security

• Technical & organizational measures protect personal data from unauthorized access, loss, misuse.

15. Changes

• Policy may be updated; latest version always on this website.

16. No Permanent Establishment Representation

The use of third-party technical or administrative service providers, including hosting services, form processing services, or cloud-based accounting platforms (such as GoDaddy, Formspree, or Xero), does not constitute the establishment of a permanent establishment, branch, or fixed place of business in any jurisdiction.

All such providers act solely as independent service providers or data processors and do not represent operational presence, management control, or decision-making authority on behalf of the data controllers.