Privacy and Data Protection Policy
Effective Date: January 2025
Definitions
In this policy, “Karmamood” refers to a sole proprietorship registered in Switzerland. “Worker” means an individual providing services to Karmamood. “Customer” refers to any entity or individual that engages with Karmamood for its services.
Introduction
Karmamood is committed to protecting the privacy and personal data of its users, workers, and customers in compliance with the General Data Protection Regulation (“GDPR”) and applicable Swiss laws. Karmamood ensures the correct and lawful handling of personal data and acts as the data controller for the information it processes.
Data Protection Principles
Karmamood fully adheres to the principles of GDPR. These principles govern the collection, processing, and storage of personal data, and all workers or third parties acting on behalf of Karmamood must comply. Key principles include:
- Lawfulness, Fairness, and Transparency: Karmamood informs individuals in clear and simple terms about the purposes and legal basis of data processing.
- Purpose Limitations: Personal data is collected only for specific, legitimate purposes, as disclosed to the individual. Any other processing requires explicit consent.
- Data Minimisation: Karmamood ensures that data collection is limited to what is necessary for the specified purposes.
- Accuracy: Karmamood takes all reasonable steps to keep personal data accurate and up to date.
- Storage Limitations: Personal data is retained only for as long as necessary to fulfill its purposes, unless otherwise required by law.
- Integrity and Confidentiality: Karmamood protects personal data from unauthorised access, loss, or destruction using appropriate technical and organisational measures.
Data Handling and Processing
For Workers
Karmamood may process personal data of workers for:
- Service management and administration.
- Compliance with legal obligations.
- Communication of relevant business information.
Karmamood may share workers’ data with authorised third parties (e.g., payroll providers) strictly for these purposes.
For Customers
Karmamood processes customer data such as name, contact information, and transaction details to:
- Fulfill contractual obligations.
- Provide requested services.
- Comply with legal obligations.
Data may be shared with third parties when necessary to deliver services or comply with the law. For example, hosting providers, payment processors, and analytics tools.
Third-Party Processors
Karmamood collaborates with carefully selected third-party processors for hosting, communication, and analytics. These include:
- Hosting and Storage: Digital Ocean.
- Email Services: Google Workspace.
- Analytics: Google Analytics and Hotjar.
- File Storage: Dropbox.
All third-party processors comply with GDPR and Swiss data protection laws.
Access and Data Rights
Under GDPR, individuals have the right to:
- Access their personal data.
- Request corrections to inaccurate or incomplete data.
- Request data deletion where applicable.
- Object to certain types of processing.
Requests can be made via email to privacy@karmamood.com. Karmamood will respond within 30 days of receiving a valid request.
Data Transfers Outside Switzerland and the EEA
Karmamood ensures that data transferred outside Switzerland and the European Economic Area (EEA) is protected by appropriate safeguards, such as standard contractual clauses or equivalent mechanisms.
Data Security Measures
Karmamood employs robust measures to safeguard data, including:
- Encryption of data in transit and at rest.
- Access controls to restrict data access to authorised personnel.
- Regular audits and testing of security protocols.
Data Retention
Karmamood retains personal data only for the duration necessary to fulfill the purposes for which it was collected. Retention periods are reviewed annually to ensure compliance.
Marketing Communications
For marketing purposes, Karmamood may use tools like:
- Pipedrive for Customer Relationship Management.
- Klaviyo for email campaigns.
- Google Analytics, Google Tag Manager for campaign tracking.
Consent for marketing communications can be withdrawn at any time by contacting privacy@karmamood.com.
Updates to This Policy
Karmamood reserves the right to update this Privacy and Data Protection Policy as required by changes in law or company practices. Updates will be published on this page with a revision date.