🔒 Privacy Policy

1) Introduction and Scope

Welcome to Active Woman ("we," "our," or "us"), operated by Individual Entrepreneur Rizvi Rafanan in Costa Rica. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, use our services, or purchase our educational courses.

By accessing or using our website, you agree to the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our services. This policy applies to all visitors, users, and customers of the Active Woman educational platform.

We are committed to protecting your privacy and ensuring transparency in our data practices. This document provides detailed information about our privacy practices in accordance with applicable Costa Rican data protection laws and international best practices.

2) Information We Collect

2.1 Personal Information

We may collect the following categories of personal information:

• Contact Information: Name, email address, phone number, and mailing address when you voluntarily provide it through our order forms or contact pages.
• Account Information: If you create an account, we collect username, password (encrypted), and account preferences.
• Payment Information: We do not store complete credit card details. Payment processing is handled by secure third-party payment processors who comply with PCI DSS standards.
• Communication Data: Records of your correspondence with us, including emails, chat messages, and customer service inquiries.

2.2 Automatically Collected Information

When you visit our website, we automatically collect certain information through cookies and similar technologies:

• Device Information: IP address, browser type, operating system, device type, and screen resolution.
• Usage Data: Pages visited, time spent on pages, links clicked, referring websites, and search terms used to find our site.
• Location Data: General geographic location based on IP address (country, city level).
• Cookies and Tracking: We use cookies to enhance user experience, remember preferences, and analyze website traffic.

2.3 Course Interaction Data

For educational purposes and platform improvement, we collect:

• Course access logs and progress tracking
• Download history and material usage patterns
• Quiz and assessment responses (if applicable)
• User-generated content such as comments or forum posts

3) How We Use Your Information

We use the collected information for the following legitimate business purposes:

3.1 Service Provision

• Processing and fulfilling your course orders
• Providing access to purchased educational materials
• Delivering customer support and responding to inquiries
• Sending order confirmations and account-related notifications
• Maintaining and improving our educational platform

3.2 Communication

• Sending educational content updates and course materials
• Providing information about new courses or features (with opt-out option)
• Sharing wellness tips and educational articles (if subscribed)
• Conducting surveys to improve our educational offerings

3.3 Analytics and Improvement

• Analyzing website usage patterns to improve user experience
• Monitoring platform performance and technical issues
• Understanding which educational content is most valuable to users
• Conducting research to enhance our educational methodology

3.4 Legal and Security

• Complying with legal obligations and regulatory requirements
• Enforcing our Terms and Conditions
• Detecting and preventing fraud, abuse, or security incidents
• Protecting the rights, property, or safety of our users or the public

4) Legal Basis for Processing (GDPR Compliance)

For users in the European Economic Area (EEA), our legal basis for collecting and using personal information depends on the specific context:

• Contract Performance: Processing necessary to fulfill our contract with you (providing purchased courses).
• Consent: Processing based on your explicit consent (marketing communications, optional features).
• Legitimate Interests: Processing necessary for our legitimate business interests (fraud prevention, platform improvement), provided these interests don't override your rights.
• Legal Obligation: Processing required to comply with applicable laws.

You have the right to withdraw consent at any time where we rely on consent as the legal basis.

5) Data Sharing and Disclosure

We do not sell your personal information. We may share your data in the following circumstances:

5.1 Service Providers

We engage trusted third-party service providers to perform functions and provide services:

• Payment Processors: To process transactions securely
• Email Service Providers: To deliver course materials and communications
• Hosting Services: To store and serve our website content
• Analytics Providers: To understand website usage (Google Analytics, etc.)
• Customer Support Tools: To manage inquiries and support tickets

All service providers are contractually obligated to protect your data and use it only for specified purposes.

5.2 Business Transfers

If Active Woman is involved in a merger, acquisition, or asset sale, your personal information may be transferred. We will provide notice before your personal information is transferred and becomes subject to a different Privacy Policy.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our legal rights, users, or the public.

6) International Data Transfers

Your information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those in your jurisdiction.

Our primary operations are in Costa Rica, but we use service providers that may operate in other countries, including the United States and European Union. When we transfer personal data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for countries with equivalent data protection
• Certification under relevant privacy frameworks (where applicable)

By using our services, you consent to the transfer of your information to Costa Rica and other jurisdictions as described above.

7) Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption: SSL/TLS encryption for all data transmission
• Access Controls: Restricted access to personal data on a need-to-know basis
• Secure Storage: Encrypted databases and secure server infrastructure
• Regular Audits: Security assessments and vulnerability testing
• Staff Training: Privacy and security awareness training for team members

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

8) Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Account Information: Retained while your account is active plus 2 years after closure for legal compliance
• Purchase Records: Retained for 7 years for tax and accounting purposes
• Communication History: Retained for 3 years for customer service quality
• Usage Data: Anonymized after 2 years; raw logs deleted after 1 year
• Marketing Data: Retained until you unsubscribe or request deletion

When personal information is no longer needed, we securely delete or anonymize it in accordance with our data retention schedule.

9) Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

9.1 Right to Access

You have the right to request copies of your personal information that we hold.

9.2 Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal information.

9.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal information in certain circumstances, subject to legal retention requirements.

9.4 Right to Restrict Processing

You have the right to request that we limit the processing of your personal information.

9.5 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used format and transmit it to another controller.

9.6 Right to Object

You have the right to object to processing based on legitimate interests or direct marketing.

9.7 Right to Withdraw Consent

Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

9.8 Right to Complain

You have the right to lodge a complaint with a data protection authority if you believe your rights have been violated.

To exercise any of these rights, please contact us using the information provided in the Contact section. We will respond within 30 days of receiving your request.

10) Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience:

10.1 Types of Cookies We Use

• Essential Cookies: Required for basic website functionality (login, shopping cart)
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us understand how visitors interact with our website
• Marketing Cookies: Used to deliver relevant advertisements (if applicable)

10.2 Cookie Management

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, disabling essential cookies may affect website functionality.

10.3 Third-Party Cookies

Some of our service providers may use cookies on our behalf. We do not control these cookies and recommend reviewing the privacy policies of these third parties.

11) Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete that information promptly.

Parents and guardians have the right to review, delete, or refuse further collection of their child's personal information.

12) Third-Party Links

Our website may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to third-party sites. We strongly advise you to review the privacy policies of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

13) Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. We will notify you of any material changes by:

• Posting the updated policy on this page with a revised "Last Updated" date
• Sending an email notification to registered users (for significant changes)
• Displaying a prominent notice on our website

We encourage you to review this Privacy Policy periodically. Your continued use of our services after any changes constitutes acceptance of the updated policy.

14) Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Active Woman — Data Protection Contact
Individual Entrepreneur: Rizvi Rafanan
📍 Centro Colaborativo
Avenida Central, Edificio Metropolis
San José, Costa Rica 10104

📧 Email: support@activewoman.cr
📱 Phone: +506 8800 5867
📞 Alternative: +506 8352 9471
✉️ Direct: rizvi.rafanan@activewoman.cr

We will respond to all privacy-related inquiries within 30 days. For formal data protection requests, please include "Privacy Request" in your subject line.