At INFLAMELESS LIVING, we are committed to protecting the privacy and personal data of our users, clients, students, and community members. This Privacy Policy explains how we collect, process, use, store, and safeguard personal information in compliance with the EU General Data Protection Regulation (GDPR), Spanish Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD), and other applicable data protection rules.
1. DATA CONTROLLER (RESPONSABLE DEL TRATAMIENTO)
The person responsible for processing your personal data collected through this website is:
Commercial Name: ELENA MAREN - INFLAMELESS LIVING
Legal Name: Mariana Blaga Blaga, NIF 61087330-C
Website: https://inflameless.com
Fiscal Address: Camino de la Barranquera 37A, San Cristóbal de La Laguna, 38270, Santa Cruz de Tenerife, Canary Islands, Spain
Contact Email: elenamaren.nutri@gmail.com
2. INFORMATION WE COLLECT AND WHY
We collect and process personal data only where necessary to operate our website, provide our digital products and services, manage purchases and accounts, comply with legal obligations, and communicate with users.
A. Account, Course and Purchase Information
When you create an account, register for a course, purchase digital downloads, or join a membership or community space, we may collect your name, email address, password data stored securely through technical safeguards, account details, access history, and order history.
Purpose: To create and manage your account, provide access to purchased products, courses, memberships, or community spaces, manage customer support, and fulfil our contractual obligations.
Legal Basis: Performance of a contract, Article 6.1.b GDPR.
Providing the data required for account creation, purchase, billing, course access, or membership access is necessary to enter into and perform the contract with you. If you do not provide this information, we may not be able to process your purchase or provide the requested services.
B. Payment, Billing and Invoice Information
Transactions are processed securely through our third-party payment provider, Stripe. We do not store, view, or process your full credit card number or raw financial credentials on our own servers.
For billing, accounting, regulatory compliance, and proper tax invoicing, we may collect and process transaction metadata, billing details, invoice information, tax-related information, and purchase records as required by Spanish, Canarian, and other applicable tax rules.
Purpose: To process payments, manage invoices, comply with accounting and tax obligations, and prevent fraud.
Legal Basis: Performance of a contract, Article 6.1.b GDPR; compliance with a legal obligation, Article 6.1.c GDPR; and, where applicable, legitimate interest in fraud prevention and business security, Article 6.1.f GDPR.
C. Website, Cookies and Analytics Information
When you browse our website, we may collect technical information such as your IP address, which may be truncated or anonymised where technically configured, browser type, device information, operating system, pages visited, referring links, approximate location, cookie identifiers, and interaction data.
Purpose: To operate the website, maintain security, understand website usage, improve performance, and measure traffic.
Legal Basis: Consent, Article 6.1.a GDPR, where required for analytics or non-essential cookies; and legitimate interest, Article 6.1.f GDPR, where processing is strictly necessary for website security or basic technical operation.
For more information, please see our Cookie Policy.
D. Email Communications and Newsletters
If you subscribe to our newsletter, download a free resource, join a waitlist, purchase a product, or consent to receive communications from us, we may process your name and email address to send educational content, product updates, onboarding messages, promotional communications, and related information.
Purpose: To send requested communications and, where permitted, marketing or educational emails related to our products and services.
Legal Basis: Consent, Article 6.1.a GDPR, and/or legitimate interest, Article 6.1.f GDPR, where legally permitted for communications related to similar products or services.
You may unsubscribe at any time using the unsubscribe link in our emails or by contacting us.
E. Health-Related or Sensitive Information
Our content is educational and we do not request medical records or health data as a condition of purchase. However, because our services relate to nutrition, inflammation, and lifestyle education, you may voluntarily choose to share health-related information with us by email, forms, course activities, testimonials, or community discussions.
Purpose: To respond to your request, manage the community, provide educational support, moderate community spaces, or deliver the service you requested.
Legal Basis: Your explicit consent, Article 9.2.a GDPR, and, where applicable, performance of a contract or management of your request.
Please avoid sharing sensitive health information unless strictly necessary.
F. Customer Support and Direct Messages
When you contact us by email, forms, or community/private messages, we may process your name, email address, message content, attachments, and any information you choose to provide.
Purpose: To respond to your request, provide support, resolve technical issues, and manage our relationship with you.
Legal Basis: Performance of a contract, Article 6.1.b GDPR, where your request relates to a purchase or service; legitimate interest, Article 6.1.f GDPR, in responding to enquiries and managing customer relationships; and consent, Article 6.1.a GDPR, where applicable.
3. HOW WE SHARE YOUR INFORMATION (THIRD-PARTY PROVIDERS)
We do not sell or rent your personal data.
We may share personal data with service providers that help us operate our website, process payments, provide digital products, manage communications, analyse website usage, host community spaces, and comply with legal obligations. These providers act as independent controllers or processors depending on the service and their own terms.
Examples may include:
Stripe: payment processing, fraud prevention and transaction management.
Google Analytics, if enabled: website traffic measurement, analytics, and performance optimisation, subject to your cookie preferences where required.
Website, hosting, course, community, or e-commerce platform providers: website operation, account access, course delivery, digital downloads, community access, and technical infrastructure.
Email marketing or transactional email providers, if used: delivery of newsletters, customer communications, onboarding emails, purchase confirmations, and product updates.
Professional advisers: accountants, tax advisers, legal advisers, or administrative support providers where necessary.
Competent Public Authorities: including the Agencia Tributaria Canaria, Spanish tax authorities, courts, law enforcement bodies, or other competent authorities, only where legally required or necessary to protect our rights.
4. INTERNATIONAL DATA TRANSFERS
Some of our service providers, such as Stripe, Google, hosting providers, analytics providers, email providers, or community platforms, may process data outside the European Economic Area.
Where personal data is transferred internationally, we rely on appropriate safeguards recognised under the GDPR, such as adequacy decisions adopted by the European Commission, including the EU-U.S. Data Privacy Framework where the provider is certified, Standard Contractual Clauses, or other legally recognised transfer mechanisms.
5. DATA RETENTION PERIODS
We retain personal data only for as long as necessary for the purposes for which it was collected, including providing services, maintaining accounts, complying with legal obligations, resolving disputes, enforcing agreements, and protecting our legitimate interests.
User accounts and digital product access history are retained for as long as your account remains active or as long as necessary to provide access to purchased products, unless you request deletion and no legal obligation requires further retention.
Customer support messages are retained for as long as necessary to respond to your request and manage our relationship with you, and may be retained longer where needed to handle disputes or legal claims.
Newsletter and marketing data are retained until you unsubscribe or withdraw your consent, unless another legal basis applies.
Invoices, transaction records, accounting data, and tax-related records are retained for the periods required by Spanish, Canarian, accounting, tax, and commercial laws.
Technical security logs may be retained for a limited period necessary to maintain website security, prevent fraud, and investigate incidents.
6. YOUR RIGHTS
Under European and Spanish data protection laws, you may exercise the following rights free of charge:
Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate or incomplete personal data.
Erasure: Request deletion of your personal data where legally applicable.
Restriction of Processing: Request that we temporarily restrict the processing of your data.
Portability: Request that certain data be transferred to you or another service provider in a structured, commonly used, machine-readable format.
Objection: Object to processing based on legitimate interests.
Withdrawal of Consent: Where processing is based on your consent, you may withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
Not to be Subject to Automated Decisions: You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you.
To exercise any of these rights, please send an email to elenamaren.nutri@gmail.com with the subject line “Data Protection Right”.
To protect your privacy, we may ask you to provide reasonable information necessary to verify your identity before processing your request. We will not request more information than necessary for this purpose.
If you believe your data privacy rights have been infringed, you have the right to lodge a complaint with the Spanish Data Protection Agency, Agencia Española de Protección de Datos (AEPD), through its official website: www.aepd.es.
7. DATA SECURITY
We use appropriate technical, administrative, and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, disclosure, or destruction. These measures may include SSL/TLS secure connections, access controls, data minimisation, provider security controls, and password protection.
However, no website, platform, or online transmission can be guaranteed to be completely secure. If we become aware of a personal data breach that requires notification under applicable law, we will notify the competent authority and/or affected users where legally required.