Privacy Policy
Last updated:
This Privacy Policy explains how Spinalnew, operating at spinalnew.world and from Heikkiläntie 10, 00210 Helsinki, Finland, collects, uses, stores, and protects personal data when you purchase or use our nutrition coaching products, including the Discovery Session, Monthly Coaching, and Complete Program.
1. Data Controller
The data controller responsible for your personal data is Spinalnew. For privacy-related enquiries, contact us at info@spinalnew.world or by phone at +358504902815. Our registered business address is Heikkiläntie 10, 00210 Helsinki, Finland.
2. Scope of This Policy
This policy applies to personal data processed through our website, booking flows, coaching sessions, customer support, invoicing, and any related communication about nutrition coaching services. It does not apply to third-party websites linked from our pages unless explicitly stated.
3. Categories of Personal Data We Collect
Depending on your interaction with our coaching products, we may process the following categories of data:
- Identity and contact data: name, email address, telephone number, and postal address when provided.
- Booking and contract data: selected coaching package, session dates, payment references, and correspondence about scheduling.
- Coaching-related information: dietary preferences, goals, lifestyle notes, and session summaries you choose to share for service delivery.
- Technical data: IP address, browser type, device information, and cookies as described in our Cookies Policy.
- Communication records: messages submitted through contact forms, emails, and call notes where relevant to your request.
We do not require you to submit special categories of data. Please avoid sharing sensitive health details unless necessary for your coaching goals and only with your explicit consent.
4. Purposes and Legal Bases for Processing
We process personal data only where a legal basis under the EU General Data Protection Regulation (GDPR) applies:
- Contract performance: to deliver coaching products you purchase, manage appointments, and provide agreed materials.
- Legitimate interests: to improve service quality, secure our systems, prevent fraud, and communicate operational updates, balanced against your rights.
- Legal obligation: to retain accounting records and comply with applicable Finnish and EU regulations.
- Consent: for optional marketing messages or non-essential cookies where you have given clear consent, which you may withdraw at any time.
5. Processing Related to Coaching Products
Discovery Session: We use your contact details and session notes to conduct the introductory meeting, propose suitable next steps, and issue invoices. Notes are retained only as long as needed for follow-up or with your continued coaching engagement.
Monthly Coaching: We process recurring scheduling data, messaging content between sessions, and progress reflections to provide ongoing support. Access is limited to assigned coaches and administrative staff with a need to know.
Complete Program: We maintain a structured record of milestones, resource access, and feedback across the twelve-week period. Upon completion, core contractual records remain for statutory periods while detailed coaching notes may be archived or deleted according to retention rules below.
6. Sharing and Recipients
We do not sell personal data. We may share data with trusted processors who assist us under written agreements, such as hosting providers, email services, payment processors, and calendar tools. Processors may only use data on our instructions and must implement appropriate security measures. We may disclose data where required by law, court order, or competent authority.
7. International Transfers
Where processors are located outside the European Economic Area, we ensure appropriate safeguards such as Standard Contractual Clauses or adequacy decisions. You may request further information about transfer mechanisms by contacting us.
8. Retention Periods
We retain personal data only as long as necessary for the purposes described:
- Contract and invoice data: typically seven years to meet Finnish accounting requirements.
- Coaching session notes: up to twenty-four months after your last active session unless you request earlier deletion and no legal hold applies.
- Contact form enquiries without purchase: up to twelve months unless a longer period is justified by ongoing communication.
- Marketing consents: until withdrawal of consent plus a short suppression record to honour opt-out requests.
- Server logs and security data: generally up to ninety days unless needed for incident investigation.
9. Security Measures
We implement technical and organisational measures appropriate to the risk, including access controls, encrypted connections (HTTPS) across spinalnew.world, staff training, and limited access to coaching records. No method of transmission over the internet is completely secure; we encourage strong passwords on your accounts with third-party tools we recommend.
10. Your Rights Under GDPR
As a data subject in the EU/EEA, you have the right to:
- Access your personal data and obtain a copy in a commonly used format where feasible.
- Rectify inaccurate or incomplete data.
- Erase data where processing is no longer necessary, consent is withdrawn, or processing was unlawful, subject to legal exceptions.
- Restrict processing in certain circumstances.
- Data portability for information you provided based on consent or contract, processed automatically.
- Object to processing based on legitimate interests or for direct marketing.
- Withdraw consent at any time without affecting the lawfulness of prior processing.
- Lodge a complaint with the Office of the Data Protection Ombudsman in Finland if you believe your rights were violated.
To exercise these rights, contact info@spinalnew.world with sufficient detail to identify your request. We respond within one month, extendable where complex.
11. Children
Our coaching products are intended for adults. We do not knowingly collect data from children under sixteen without parental authority. If you believe a child provided data without consent, contact us for prompt deletion.
12. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal or similarly significant effects. Coaching recommendations involve human professional judgement.
13. Third-Party Links and Embeds
Our site may embed maps or link to external resources. Those providers process data under their own policies. Review their terms before interacting.
14. Changes to This Policy
We may update this Privacy Policy to reflect product changes or legal developments. Material updates will be indicated by revising the date above. Continued use of our services after publication constitutes notice of the update where permitted by law.
15. Contact
Spinalnew
Heikkiläntie 10, 00210 Helsinki, Finland
Phone: +358504902815
info@spinalnew.world