Privacy Policy
INTRODUCTION
At Naturalistico, we are committed to protecting your privacy and safeguarding your personal data. We understand the importance of maintaining the confidentiality of information entrusted to us and are dedicated to processing your data with transparency and fairness in strict accordance with applicable data protection laws.
This Privacy Policy outlines how we collect, use, store, protect, and disclose personal information in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the California Consumer Privacy Act ("CCPA"), the Canadian Personal Information Protection and Electronic Documents Act ("PIPEDA"), and other applicable privacy laws. We have designed this policy to provide clear and comprehensive information about our data handling practices, enabling you to make informed decisions about sharing your personal information with us.
We encourage you to read this Privacy Policy carefully to understand our practices regarding your personal data and how we will treat it. By using our services, website, or educational platform, or otherwise providing us with your personal information, you acknowledge that your personal data will be processed in accordance with this Privacy Policy.
1. DATA CONTROLLER
Your personal data is collected by Naturalistico, a company registered in USA with its registered office located at 1887 Whitney Mesa Dr #3377 Henderson, NV 89014, United States of America.
By Article 24 of the GDPR, Naturalistico acts as the data controller for all personal data processed under this policy. This means we determine the purposes and means of processing your personal data and are responsible for implementing appropriate technical and organizational measures to ensure and demonstrate compliance with data protection principles.
We have appointed a Data Protection Officer ("DPO") who is responsible for overseeing questions with this Privacy Policy and ensuring our ongoing compliance with data protection laws. Our DPO provides advice on data protection obligations, monitors compliance, and acts as a contact point for data subjects and supervisory authorities.
You can contact our Data Protection Officer at any time by email at [email protected] or by writing to our registered address with the reference "For the attention of the Data Protection Officer."
2. DATA COLLECTION AND PURPOSES
2.1 Types of data we collect
Naturalistico collects and processes personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. In line with the principle of data minimization, we strive to collect only the information required to provide our educational services effectively.
We primarily collect data directly from you through various interactions:
- When you register for an account: We collect information necessary to create and maintain your educational profile and provide access to our learning platform.
- When you enroll in courses: We collect information necessary to process your enrollment, provide educational content, and track your learning progress.
- When you visit our website and use our platform: We automatically collect certain information about your device, browsing actions, and learning patterns using cookies and similar technologies.
- When you contact our support team: We record the nature of your inquiry, correspondence, and actions taken to resolve your query.
- When you participate in assessments: We collect your responses, scores, and completion data for certification purposes.
- When you use discussion forums: We collect your posts, interactions, and communications with other learners and instructors.
- When you provide feedback or complete surveys: We collect your opinions, experiences, and suggestions to improve our educational services.
The personal data we collect may include:
- Identity information: Full name, title, gender, age, date of birth, educational background, professional information, and other identifiers necessary for account management and age verification.
- Contact information: Email address, postal address, telephone number, and social media handles for communication, support, and service delivery.
- Account credentials: Username, password, and security information for platform access and account protection.
- Educational data: Course enrollment history, learning progress, assessment results, completion status, certificates earned, and learning preferences.
- Payment information: Billing details, payment method information, transaction history, and invoicing data (note: we do not store complete payment card details).
- Communication records: Correspondence with support team, forum posts, peer interactions, instructor communications, and feedback submissions.
- Technical information: IP address, login information, browser type and version, device information, operating system, time zone settings, and other technical data collected when accessing our platform.
- Usage data: Information about how you use our platform, including pages viewed, time spent on content, learning patterns, feature usage, and interaction history.
- Assessment data: Quiz responses, assignment submissions, exam results, and other evaluation materials necessary for certification.
2.2 Special categories of personal data
Naturalistico does not intentionally collect any special categories of personal data (also known as sensitive personal data) as defined under the GDPR, which includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, or data concerning a person's sex life or sexual orientation.
However, given the nature of our holistic and esoteric educational content, some course materials or discussions may touch upon philosophical beliefs or wellness practices. If you voluntarily share such information in course discussions or feedback, we will treat it as sensitive personal data and process it in accordance with applicable laws.
2.3 Children's data
Our educational services are intended for use only by individuals who have reached the age of majority in their country of residence (typically 18 years or older, but may vary depending on local laws). We do not knowingly collect or process personal data from individuals who have not reached the legal age of majority applicable in their jurisdiction without appropriate parental consent where required by law.
If we become aware that we have collected personal data from someone who has not reached the applicable age of majority without proper verification or parental consent where required, we take steps to remove that information from our servers promptly.
2.4 Purposes of processing
Naturalistico processes your personal data for specific, explicit, and legitimate purposes related to our educational mission. We have outlined these purposes below:
2.4.1 Educational service delivery
- Providing access to course content and learning materials
- Tracking learning progress and completion status
- Administering assessments and issuing certifications
- Facilitating instructor-learner and peer-to-peer interactions
- Personalizing learning experiences based on progress and preferences
- Providing technical support for platform usage
2.4.2 Administrative management
- Processing course enrollments and managing registrations
- Creating and maintaining learner accounts and profiles
- Processing payments and managing billing
- Generating and issuing invoices and receipts
- Maintaining educational records and transcripts
- Verifying identity for certification purposes
- Managing refund requests and processing returns
2.4.3 Customer relationship management
- Providing learner support and assistance
- Managing feedback and course reviews
- Conducting satisfaction surveys and educational assessments
- Administering loyalty programs and learner recognition
- Notifying learners about course updates, new content, and platform changes
- Responding to inquiries and fulfilling learner requests
2.4.4 Quality assurance and improvement
- Monitoring course effectiveness and learning outcomes
- Analyzing learning patterns to improve educational content
- Conducting educational research and development
- Ensuring academic integrity and preventing fraud
- Maintaining educational standards and accreditation requirements
2.4.5 Marketing and platform development
- Analyzing platform usage to enhance user experience
- Developing new courses and educational features
- Conducting market research for educational services
- Delivering relevant educational content recommendations
- Measuring effectiveness of educational programs
- Promoting relevant courses and learning opportunities to existing learners
3. LEGAL BASIS FOR PROCESSING
Under applicable data protection laws, we must have a lawful basis for processing your personal data. We rely on different legal bases depending on the specific processing activity:
3.1 Contractual necessity
We process your personal data where it is necessary for the performance of our educational services contract with you or to take steps at your request prior to enrollment. This includes:
- Processing course enrollments and delivering educational content
- Creating and managing your learner account and profile
- Providing customer support related to our educational services
- Processing payments and managing course access
- Administering assessments and issuing certifications
- Communicating about course-related matters and platform updates
3.2 Legitimate interests
We process your personal data when necessary for our legitimate educational and business interests, provided these interests do not override your fundamental rights and freedoms. Our legitimate interests include:
- Improving and developing our educational programs and platform
- Ensuring platform security and preventing fraud
- Conducting educational research and analytics
- Managing learner relationships and providing personalized education
- Marketing educational services to existing learners
- Analyzing usage patterns to enhance learning experiences
- Enforcing our terms of service and educational policies
3.3 Legal obligation
We process your personal data when necessary to comply with legal obligations, including:
- Maintaining educational records as required by law
- Complying with tax and financial reporting requirements
- Responding to lawful requests from authorities
- Meeting educational accreditation and certification standards
- Complying with consumer protection laws
- Fulfilling data protection and privacy law requirements
3.4 Consent
We process your personal data based on your specific, informed consent for certain activities, such as:
- Sending marketing communications about new courses and educational opportunities
- Using non-essential cookies and tracking technologies
- Sharing educational achievements on social platforms
- Participating in educational research studies
- Receiving personalized course recommendations
Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.
4. DATA HOSTING AND SECURITY
4.1 Data storage location
All personal data collected by Naturalistico is hosted on secure servers located within jurisdictions that provide adequate data protection standards. We carefully select hosting providers that comply with strict data protection requirements and implement appropriate security measures.
4.2 Security measures
We implement comprehensive technical and organizational measures to ensure appropriate security for personal data processing. These measures protect against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
Our security framework includes:
- Encryption and data protection: End-to-end encryption for data transmission and strong encryption for data at rest
- Access controls: Role-based access controls ensuring only authorized personnel can access personal data
- Authentication systems: Multi-factor authentication for administrative access and secure login systems
- Regular security assessments: Periodic vulnerability assessments, penetration testing, and security audits
- Continuous monitoring: 24/7 security monitoring and incident detection systems
- Backup and recovery: Regular encrypted backups and tested disaster recovery procedures
- Staff training: Comprehensive data protection and security awareness training for all personnel
- Documentation: Detailed security policies, procedures, and incident response plans
4.3 Data breach procedures
In the event of a personal data breach, we have established comprehensive procedures to detect, assess, contain, and respond to incidents. If a breach is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible.
If the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected individuals directly unless we have implemented appropriate protection measures that render the personal data unintelligible to unauthorized persons.
5. DATA RECIPIENTS AND SHARING
Naturalistico is committed to protecting your personal data and does not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your data only with the following categories of recipients under strict contractual obligations:
5.1 Educational service providers
- Learning Management System (LMS) providers
- Video hosting and streaming services for course content
- Assessment and certification platforms
- Educational content delivery networks
- Student information system providers
5.2 Technical service providers
- Cloud hosting and infrastructure providers
- IT support and system administration services
- Cybersecurity and data protection services
- Backup and disaster recovery providers
- Analytics and performance monitoring tools
5.3 Business service providers
- Payment processors and financial services
- Customer relationship management platforms
- Email and communication service providers
- Survey and feedback collection tools
- Marketing and advertising platforms (with appropriate consent)
5.4 Professional advisers
- Legal counsel and law firms
- Auditors and accounting firms
- Educational consultants and accreditation bodies
- Insurance providers
- Business consultants
5.5 Regulatory and legal entities
We may disclose personal data to authorities when:
- Required by applicable law or regulation
- In response to valid legal process or court orders
- To protect our rights, property, or safety
- To prevent fraud or illegal activities
- For national security or public safety reasons
5.6 Business transfers
In the event of a merger, acquisition, or sale of assets, personal data may be transferred to successors, provided appropriate data protection safeguards are maintained.
All third parties are bound by strict contractual obligations to protect your data and use it only for specified purposes.
6. DATA RETENTION
We retain personal data only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and protect our legitimate interests. Our retention periods are based on:
- The nature and sensitivity of the personal data
- Legal and regulatory requirements
- The purposes for which we process the data
- Our legitimate business interests
- Your rights and expectations
6.1 Educational records
- Active learner accounts: Retained during the relationship and for up to 7 years after account closure to maintain educational transcripts and certification records
- Course completion data: Retained indefinitely to verify educational achievements and certifications
- Assessment results: Retained for 10 years to support certification verification and academic integrity
- Learning progress data: Retained for 5 years after course completion for educational research and improvement
6.2 Financial and transaction data
- Payment information: Retained for 7 years in accordance with tax and accounting requirements
- Invoices and receipts: Retained for 7 years for tax and financial compliance
- Refund records: Retained for 3 years after processing
6.3 Communication and support data
- Customer support communications: Retained for 3 years after case resolution
- Marketing communications: Retained for 3 years from last active engagement or until consent is withdrawn
- Forum posts and discussions: Retained for the duration of the course plus 2 years for educational continuity
6.4 Technical and usage data
- Website analytics: Anonymized data retained indefinitely; identifiable data retained for 26 months
- Security logs: Retained for 1 year for security monitoring and incident investigation
- Cookie data: Retained according to cookie-specific retention periods (detailed in Section 9)
When retention periods expire, we securely delete or anonymize personal data so it can no longer be associated with identifiable individuals.
7. YOUR RIGHTS
Under applicable data protection laws, you have important rights regarding your personal data. We are committed to facilitating the exercise of these rights:
7.1 Right to access
You can request a copy of the personal data we hold about you, including information about how we use it, who we share it with, and how long we retain it.
7.2 Right to rectification
You can request correction of inaccurate personal data and completion of incomplete information.
7.3 Right to erasure ("right to be forgotten")
You can request deletion of your personal data in certain circumstances, such as when:
- The data is no longer necessary for the original purposes
- You withdraw consent (where consent was the legal basis)
- You object to processing based on legitimate interests
- The data has been unlawfully processed
Note: This right may be limited by our legal obligations to retain educational records and certifications.
7.4 Right to restriction of processing
You can request limitation of how we process your personal data in specific circumstances, such as when you contest data accuracy or object to processing.
7.5 Right to data portability
You can receive your personal data in a structured, machine-readable format and request its transfer to another service provider where technically feasible.
7.6 Right to object
You can object to processing based on legitimate interests, direct marketing, or research purposes. We will stop processing unless we have compelling legitimate grounds that override your interests.
7.7 Rights related to automated decision-making
You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently engage in such automated decision-making for our educational services.
7.8 How to exercise your rights
To exercise these rights, contact us at [email protected] or write to our registered address. We may require identity verification to protect your privacy and security.
We will respond within one month, with possible extensions of up to two additional months for complex requests. Most requests are processed free of charge, though we may charge reasonable fees for excessive or unfounded requests.
8. JURISDICTION-SPECIFIC RIGHTS
8.1 Rights for California residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
Right to know: You can request information about the categories and specific pieces of personal information we collect, use, disclose, and sell.
Right to delete: You can request deletion of your personal information, subject to certain exceptions.
Right to opt-out: You have the right to opt-out of the sale of your personal information. Note: We do not sell personal information.
Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
Right to correct: You can request correction of inaccurate personal information.
Right to limit sensitive personal information: You can request limitation of our use of sensitive personal information.
To exercise CCPA rights, contact us at [email protected] or call our toll-free number. We will verify your identity before processing requests.
8.2 Rights for Canadian residents (PIPEDA)
Canadian residents have rights under PIPEDA and applicable provincial privacy laws:
Right to access: You can request access to personal information we hold about you and information about how it's used.
Right to correct: You can request correction of inaccurate or incomplete personal information.
Right to withdraw consent: You can withdraw consent for certain processing activities.
Right to complain: You can file complaints with the Privacy Commissioner of Canada or relevant provincial privacy commissioners.
8.3 Rights for other jurisdictions
We respect privacy rights under all applicable laws and will work with you to address any privacy concerns regardless of your location.
9. COOKIE MANAGEMENT POLICY
Cookies are small text files stored on your device when you visit our website. We use various types of cookies to enhance your learning experience and improve our educational platform.
9.1 Essential cookies
These cookies are necessary for our educational platform to function properly:
- Authentication and session management
- Security and fraud prevention
- Load balancing and performance optimization
- User preference storage
Retention: Session duration or up to 24 hours Legal basis: Legitimate interest (essential for service delivery)
9.2 Functional cookies
These cookies enhance your learning experience:
- Language and accessibility preferences
- Learning progress tracking
- Course customization settings
- Platform personalization
Retention: Up to 13 months Legal basis: Legitimate interest or consent
9.3 Analytics cookies
These cookies help us understand how learners use our platform:
- Usage patterns and learning analytics
- Course effectiveness measurement
- Platform performance monitoring
- Educational research data
Retention: Up to 26 months Legal basis: Legitimate interest or consent
9.4 Marketing cookies
These cookies enable personalized educational recommendations:
- Course recommendation engines
- Educational content personalization
- Marketing campaign effectiveness
- Retargeting for educational content
Retention: Up to 13 months Legal basis: Consent
9.5 Managing cookie preferences
You can manage cookies through:
- Our cookie consent banner and preference center
- Browser settings and controls
- Third-party opt-out tools
- Direct contact with our support team
Disabling certain cookies may limit your access to some platform features and personalized learning experiences.
10. INTERNATIONAL TRANSFERS
We may transfer your personal data outside your country of residence to provide our educational services. When we do so, we implement appropriate safeguards:
10.1 Adequacy decisions
We may transfer data to countries deemed adequate by relevant authorities, such as those recognized by the European Commission.
10.2 Standard contractual clauses
For transfers to countries without adequacy decisions, we use Standard Contractual Clauses approved by the European Commission or equivalent mechanisms.
10.3 Additional safeguards
We implement supplementary measures such as:
- Technical safeguards (encryption, access controls)
- Contractual protections beyond standard clauses
- Regular monitoring and auditing
- Impact assessments for high-risk transfers
10.4 Specific transfer locations
Our services may involve transfers to:
- United States: For cloud hosting and educational technology services, protected by Standard Contractual Clauses and additional safeguards
- Other countries: As necessary for educational service delivery, always with appropriate protection measures
11. AUTOMATED DECISION-MAKING AND PROFILING
We may use automated processing for certain educational purposes:
11.1 Educational profiling
- Learning path recommendations: Based on your progress, interests, and learning goals
- Course suggestions: Personalized recommendations for relevant educational content
- Skill assessments: Automated evaluation of certain types of coursework
- Progress tracking: Automated monitoring of learning milestones and achievements
11.2 Safeguards and rights
- You can request human review of automated decisions
- You can object to automated processing in certain circumstances
- We provide transparency about automated decision-making logic
- You maintain the right to challenge automated decisions
12. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy to reflect changes in our practices, services, or legal requirements. Significant changes will be communicated through:
- Prominent website notices
- Email notifications to registered users
- Updated effective dates and change summaries
- Additional consent requests where required by law
Your continued use of our services after policy updates constitutes acceptance of the revised terms, unless additional consent is required.
13. CONTACT INFORMATION AND COMPLAINTS
13.1 General inquiries
For questions about this Privacy Policy or to exercise your rights:
Email: [email protected]
Postal Address: Naturalistico 1887 Whitney Mesa Dr #3377 Henderson, NV 89014, United States of America.
Data Protection Officer: Contact via the same email with "DPO" in the subject line.
13.2 Supervisory authorities
You have the right to lodge complaints with relevant supervisory authorities:
EU/EEA residents: Your local Data Protection Authority or the Irish Data Protection Commission
- Website: www.dataprotection.ie
- Email: [email protected]
- Phone: +353 57 868 4757
California residents: California Attorney General's Office
- Website: oag.ca.gov/privacy/ccpa
- Phone: 1-800-952-5225
Canadian residents: Office of the Privacy Commissioner of Canada
- Website: www.priv.gc.ca
- Phone: 1-800-282-1376
- Email: [email protected]
13.3 Response commitments
We commit to:
- Acknowledging receipt of inquiries within 48 hours
- Providing substantive responses within 30 days (or as required by applicable law)
- Working cooperatively with supervisory authorities
- Implementing corrective measures when appropriate
- Maintaining records of all privacy-related communications
Last Updated: May 27, 2025 © 2025 Naturalistico. All rights reserved.
