PRIVACY POLICY

Birjiwan

Last updated: [19/5/2026]

This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit birjiwan.co or use our services. It complies with Regulation (EU) 2016/679 (GDPR), Spanish Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD),and applicable guidance from the Spanish Data Protection Agency (AEPD).

The data controller responsible for the processing of your personal data is:

• Name: Camille Jean (trading as Birjiwan)

• NIE: Y5778663L

• Address: Camí de sa Font 7, 07195 Galilea, Illes Balears, Spain

• Email: birjiwan@gmail.com

• Website: www.birjiwan.co

For any matter related to the processing of your personal data, including the exercise of your rights, you can contact us at the email address above.

Data Controller

What data we collect

Depending on how you interact with us, we may collect:

• Identification and contact data: name, surname, email, country/city of residence, telephone (if provided);

• Booking and payment data: services purchased, dates, amounts, billing information (payment card details are handled directly by our payment processor and we do not store full card numbers);

• Health data (special category): information you voluntarily share with us in a health questionnaire or otherwise about pre-existing physical or mental health conditions, pregnancy, medication, or other matters relevant to your safe participation in classes;

• Communications data: messages you send us, your participation in classes (e.g. presence in a Zoom session), your interactions with our newsletter or marketing emails;

• Technical data: IP address, browser type, device type, language preferences, pages visited, collected automatically through cookies and similar technologies (see our Cookie Policy);

• Account data (if applicable): username, password (stored in encrypted form), preferences.

If you provide us with personal data of third parties (for example, in a gift purchase), you confirm you have their consent and that you have informed them of this Privacy Policy.

Why we process your data, and on what legal basis

You can withdraw any consent you have given at any time, without affecting the lawfulness of processing carried out before withdrawal. Withdrawing consent for service-related processing may prevent us from delivering the service.

Special-category data: health information

Some of our services involve practices that can affect your physical and mental health. Where you share information about your health (e.g. through a pre-class questionnaire), we treat this as special-category data under Article 9 of the GDPR.

We process this data exclusively for the purpose of ensuring your safety during practice and only with your explicit consent, given through a clear affirmative action (e.g. ticking a specific consent box). We do not use health information for marketing or any unrelated purpose, we do not share it with third parties except where strictly necessary (e.g. emergency services), and we delete it when it is no longer needed for the stated purpose.

You can withdraw your consent at any time by emailing birjiwan@gmail.com.

How long we keep your data

After the applicable period, data is deleted or anonymised, except where it must be retained to defend potential legal claims, in which case it is blocked and not used for any other purpose.

Who we share your data with

We share your data only with the third parties strictly necessary to provide the service or comply with the law. These include:

• Hosting and website providers: [Squarespace.com];

• Email and communications: [Google Workspace];

• Newsletter and marketing tools: [FloDesk];

• Booking and scheduling platforms: [Acuity];

• Video conferencing: [Zoom Video Communications, Inc.];

• Payment processors: [Stripe];

• Accounting and invoicing: your gestoría or accounting software;

• Public authorities and law enforcement when required by law (tax authorities, courts,AEPD, etc.).

We have entered into data processing agreements with our processors as required by Article 28 of the GDPR.

International data transfers

Some of our processors are based outside the European Economic Area (EEA), in particular in the United States (e.g. Zoom, Google, Stripe, certain marketing tools). Where this is the case, transfers are protected by appropriate safeguards under the GDPR, including:

• EU-US Data Privacy Framework for processors certified under it;

• Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable;

• Additional supplementary measures where necessary.

You can request information about the specific safeguards in place for any given transfer by contacting us at birjiwan@gmail.com.

Security of your data

We implement appropriate technical and organisational measures to protect your data against loss, unauthorised access, alteration, or disclosure, including:

• Encrypted (HTTPS) communications between your device and our servers;

• Encrypted storage where applicable;

• Access controls and authentication;

• Regular review of security practices.

No system is fully secure, and we cannot guarantee absolute security. In the event of a personal data breach affecting your rights, we will notify you and the AEPD as required under Articles 33 and 34 of the GDPR.

Your rights

You have the following rights under the GDPR:

• Right of access: to obtain confirmation of whether we are processing your data, and to receive a copy;

• Right of rectification: to have inaccurate data corrected;

• Right of erasure ("right to be forgotten"): to have your data deleted where the legal grounds apply;

• Right to restriction of processing: to limit how we use your data in certain circumstances;

• Right to object: to object to processing based on legitimate interest, including direct marketing;

• Right to data portability: to receive your data in a structured, commonly used format;

• Right to withdraw consent at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at birjiwan@gmail.com with sufficient information to identify you and the right you wish to exercise. We will respond within one month, in line with Article 12 of the GDPR.

If you are not satisfied with our response, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at https://www.aepd.es.

Automated decision-making

We do not make automated decisions, including profiling, that produce legal or similarly significant effects on you.

Children's data

Our services are not directed at children under 14, and we do not knowingly collect their data. Participation in classes by anyone under 18 requires consent of a parent or legal guardian (see our Terms and Conditions).

Changes to this Policy

We may update this Privacy Policy to reflect changes in our practices or in applicable law. The current version is always available on the Website, with the date of last update indicated at the top. Where changes materially affect your rights, we will notify you in advance.If you have any questions about this Privacy Policy or how we handle your data, please contact us at birjiwan@gmail.com.