1. Data controller
The data controller responsible for processing personal data described in this policy is:
Kneesbeaut
116 Bellevue Square, Bellevue, WA 98004, USA
Phone: +1 425-709-9000
Email: touch@kneesbeaut.world
Website: kneesbeaut.world
For privacy-related requests, contact us using the details above with the subject line “Privacy Request.” We will respond within the timelines required by applicable law.
2. Scope and informational purpose
This Privacy Policy applies to visitors of our website, recipients of our educational materials, and prospective clients who contact us about hydration reminder consulting. Our website provides general informational content about workplace hydration systems. We do not offer medical services, and we do not intentionally collect special categories of health data through standard contact forms.
3. Categories of personal data we collect
3.1 Data you provide directly
When you submit the contact form, we may process your name, email address, message content, and confirmation that you agreed to data processing. Please avoid including sensitive health information in free-text fields.
3.2 Data collected automatically
When optional analytics cookies are enabled, we may collect technical data such as IP address (often truncated), browser type, device category, referring URL, pages viewed, and approximate session duration. Strictly necessary cookies support core functions such as remembering cookie preferences.
3.3 Data from business interactions
If you engage our consulting or educational services, we may process billing contact details, correspondence, meeting notes related to project scope, and contractual records. Such data is limited to what is relevant for delivering agreed services.
4. Purposes and legal bases for processing
We process personal data only where a legal basis applies under the GDPR and comparable frameworks:
- Contract and pre-contractual steps: Responding to inquiries, preparing proposals, and delivering purchased educational products or consulting sessions.
- Legitimate interests: Operating and securing our website, improving content relevance, preventing fraud, and maintaining business records, balanced against your rights.
- Consent: Optional analytics/marketing cookies and certain marketing communications where required. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
- Legal obligation: Retaining records for tax, accounting, or regulatory requirements where applicable.
5. How we use your data
Personal data is used to: respond to messages; schedule consultations; deliver educational resources; issue invoices where applicable; analyze aggregated website usage when you opt in; maintain security logs; and comply with law. We do not use contact form data to make automated decisions that produce legal or similarly significant effects.
6. Data retention periods
Retention periods depend on the data category:
- Contact form submissions: up to twenty-four months after last meaningful correspondence unless a longer period is required for active contracts.
- Contract and billing records: typically seven years from the end of the financial year in which the transaction occurred, or as required by Washington State and federal record-keeping rules.
- Cookie preference records: stored locally in your browser until cleared; server-side copies, if any, retained up to twelve months.
- Analytics logs (when enabled): raw logs up to fourteen months, then aggregated or deleted.
- Security incident logs: up to thirty-six months where needed for investigation and defense of legal claims.
When retention periods expire, we delete or anonymize data unless further storage is legally required.
7. Security measures
We implement appropriate technical and organizational safeguards, including HTTPS transport encryption for website communications, access controls for internal systems, principle of least privilege for staff accounts, periodic review of vendor security practices, and procedures for responding to suspected breaches. No method of transmission over the Internet is completely secure; we encourage you to use strong passwords for any client portals we provide.
8. Recipients and international transfers
We may share data with trusted processors that host our website, provide email delivery, or support analytics—only under written agreements requiring confidentiality and appropriate safeguards. Some processors may be located outside your country. Where required, we rely on Standard Contractual Clauses or equivalent mechanisms for transfers from the EEA/UK to the United States.
We do not sell personal data. We do not share contact details with unrelated third parties for their independent marketing without your explicit consent.
9. Your rights
Depending on your location, you may have the following rights:
- Access to copies of your personal data
- Rectification of inaccurate data
- Erasure in certain circumstances
- Restriction of processing
- Data portability for data processed by automated means based on consent or contract
- Objection to processing based on legitimate interests
- Withdrawal of consent for optional cookies and marketing
- Lodge a complaint with a supervisory authority (for EEA residents, typically your local data protection authority)
U.S. residents in certain states may have additional rights under state privacy laws, including the right to know categories of data collected and to request deletion subject to statutory exceptions. We will verify requests using reasonable methods.
10. Children
Our services are directed to business clients and adults. We do not knowingly collect personal data from children under sixteen. If you believe a child provided data, contact us for prompt deletion.
11. Third-party links
Our pages may link to external resources for educational reference. Those sites maintain independent privacy practices. Review their policies before submitting personal data.
12. Advertising and conversion measurement
When you consent to analytics or marketing cookies, we may measure visits from advertising campaigns to improve ad relevance and landing page clarity. We do not use advertising data to infer medical conditions or to retarget based on sensitive health categories. Campaign URLs should match the content on the linked page. You may withdraw cookie consent through our banner or browser settings.
13. Changes to this policy
We may update this Privacy Policy to reflect legal, technical, or business developments. Material changes will be indicated by updating the date in the hero section. Continued use of the website after changes constitutes acknowledgment where permitted by law.
14. Contact and supervisory authorities
Questions about this policy or your data rights should be sent to touch@kneesbeaut.world or our postal address listed above. EEA-based individuals may also contact their local supervisory authority if they believe processing violates applicable law.