Flow State for Readers - Coaching & Training

HUMANS IN FLOW - SENIOR FLOW VR

PRIVACY POLICY (GDPR)

Effective date: 02 February 2026

HUMANS IN FLOW (“HIF”, “we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect your personal data when you visit our website, contact us, or book our services.

Data controller:

HUMANS IN FLOW (Entreprise individuelle - micro-entreprise)

GARCEZ - 230 Avenue de Fabron, Bat C2, Nice, France

Email: zander@humansinflow.global

SIRET: 917 467 037 00037

Website: https://www.humansinflow.global

1. PERSONAL DATA WE COLLECT

Depending on how you interact with us, we may collect:

A) Identity and contact data

- Name, email address, phone number, postal address

- Relationship to the Participant (e.g., family member, caregiver, institution contact)

B) Booking and service data

- Booking details (date/time/location), service type, invoices/receipts

- Notes relevant to safe service delivery (e.g., mobility constraints, preferred seated/reclining position, comfort settings)

C) Health-related information (special category data)

- Only where you choose to share it and where it is necessary for safe facilitation (e.g., seizure history, severe vertigo, major contraindications, care instructions)

D) Communications

- Messages sent by email/phone/approved messaging apps and operational notes

E) Technical data (website use)

- IP address, device/browser information, pages visited, and interaction data (typically via cookies/analytics, where enabled)

2. HOW WE USE YOUR PERSONAL DATA (PURPOSES)

We use your personal data to:

- Respond to enquiries and communicate with you

- Create and manage bookings and deliver services

- Provide customer support and handle complaints

- Ensure safety and adapt sessions to comfort and accessibility needs

- Manage administration, accounting, and legal obligations

- Improve our website and services (analytics only where enabled/consented)

- Send service-related messages (booking confirmations, changes, reminders)

We do not sell your personal data.

3. LEGAL BASES FOR PROCESSING (GDPR)

We process personal data on the following legal bases:

- Contract: to perform our contract with you and deliver booked services

- Legitimate interests: to operate and improve our services, prevent fraud, and ensure service quality (balanced against your rights)

- Consent: for optional cookies/analytics and any marketing communications where required

- Legal obligation: to comply with accounting/tax and other legal requirements

- Vital interests: in rare cases where processing is necessary to protect someone’s life

Special category (health) data is processed only where necessary for safety and delivery, and typically on the basis of explicit consent and/or where necessary to protect vital interests, in accordance with GDPR.

4. WHO WE SHARE YOUR DATA WITH

We may share personal data with:

- Concierge Partners / Third-Party Providers (only what is necessary to fulfil a booking, e.g., reservation name, accessibility needs, dietary constraints)

- Payment and invoicing providers (if used)

- IT/hosting and website providers

- Professional advisers (accountant, legal adviser) where necessary

- Authorities where required by law

Third-Party Providers process your data under their own policies when you contract with them directly.

5. INTERNATIONAL TRANSFERS

If any service providers process data outside the European Economic Area, we use appropriate safeguards (such as adequacy decisions or Standard Contractual Clauses) as required by GDPR.

6. DATA RETENTION

We keep personal data only as long as necessary:

- Booking/invoicing records: retained for the period required by French accounting/tax rules

- Enquiry messages: retained for a reasonable period to manage follow-up

- Safety notes: retained only as needed for safe delivery and then deleted or anonymised where possible

- Website analytics: retained according to analytics settings and your cookie choices

7. YOUR RIGHTS (GDPR)

Subject to GDPR conditions and exceptions, you have the right to:

- Access your personal data

- Rectify inaccurate data

- Erase data (“right to be forgotten”)

- Restrict processing

- Data portability

- Object to processing based on legitimate interests

- Withdraw consent at any time where processing is based on consent

- Lodge a complaint with the French supervisory authority (CNIL)

To exercise rights, contact: zander@humansinflow.global. We may request proof of identity to protect your data.

8. SECURITY

We use reasonable technical and organisational measures to protect personal data (access controls, limited sharing, secure storage, and vendor security where applicable). No method of transmission or storage is 100% secure.

9. CHILDREN

Our services are designed primarily for adults and seniors. If we process children’s data (e.g., a family booking), we do so only as necessary for the booking and with appropriate consent.

10. MARKETING

We will only send marketing communications where permitted by law and/or where you have consented. You can opt out at any time by contacting us.

11. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. The effective date above shows when it was last updated.

12. CONTACT

For privacy questions or requests:

Email: zander@humansinflow.global