1. Data Controller
The data controller responsible for your personal data is:
Kaia Lani, operating as Hawaiian Meditation
Email: hello@hawaiian-meditation.it
2. Data We Collect
2.1 Purchase data
When you buy an ebook, we collect: your name, email address, billing country, and VAT number (if provided). Payment data (card number, CVV) is processed exclusively by Stripe and is never stored by us.
2.2 Newsletter subscription
If you subscribe to our newsletter, we collect your email address and, optionally, your name. This data is stored with our email provider (MailerLite or equivalent).
2.3 Contact form
When you contact us via the form, we collect your name, email address, and the content of your message. This is stored in our email inbox and deleted within 24 months.
2.4 Cookies and analytics
We use technical cookies and, with your consent, analytics cookies. See our Cookie Policy for full details.
2.5 Leilani digital guide
Conversations with Leilani are processed in real-time. We do not store chat history on our servers.
3. Legal Basis for Processing
- Contract performance (Art. 6.1.b GDPR): processing your purchase data to deliver your ebook
- Legitimate interest (Art. 6.1.f GDPR): responding to customer service enquiries
- Consent (Art. 6.1.a GDPR): newsletter subscription; analytics cookies
- Legal obligation (Art. 6.1.c GDPR): retaining invoicing records for tax purposes
4. How We Use Your Data
- To process your purchase and send your download link
- To send transactional emails (order confirmation, resend requests)
- To send the newsletter, if subscribed
- To respond to your customer service enquiries
- To comply with legal and tax obligations
5. Data Sharing and Third Parties
We do not sell your personal data. We share data only with the following trusted processors:
- Stripe (payment processing)
- MailerLite or equivalent (email delivery and newsletters)
- Google Analytics (anonymised analytics, only with consent)
- Hosting provider (server and CDN infrastructure)
6. Data Retention
- Purchase records: 10 years (Italian tax law obligation)
- Newsletter subscribers: Until unsubscription or request for deletion
- Customer service emails: 24 months after resolution
- Analytics data: 14 months
7. Your Rights Under GDPR
You have the right to access, rectification, erasure, restriction, portability, objection, and to withdraw consent at any time.
To exercise any of these rights, email hello@hawaiian-meditation.it. We will respond within 30 days. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).
8. Security
We implement appropriate technical and organisational measures to protect your data, including HTTPS (TLS 1.3), secure server infrastructure, and restricted staff access.
9. International Transfers
Some of our processors may transfer data to the United States. Such transfers are safeguarded by Standard Contractual Clauses (SCCs) approved by the European Commission.
10. Children Privacy
Our website and products are not directed at children under 16. We do not knowingly collect data from minors.
11. Changes to This Policy
We may update this Privacy Policy periodically. Changes will be posted on this page with an updated effective date.
12. Contact
For any privacy-related questions or to exercise your rights:
Email: hello@hawaiian-meditation.it
Response time: Within 30 days (as required by GDPR)