Understand how your information is collected, used, and processed.
This policy governs how personal data is collected, used, and processed by Kat Michaels and explains how personal data is used by third parties associated with Kat Michaels.
Data Collected, Used, and Processed
I collect, use, and process the personal data of my visitors and clients such as name, e-mail address, and other details with the consent of the visitor or client and/or for the fulfillment of a contract that is entered into with Kat Michaels. I may also use the personal data of my visitors and clients as necessary to fulfill my legitimate interests, providing that those interests are not outweighed by my visitors’ interests, rights, and freedoms.
Joining my mailing list, asking about my services, or otherwise submitting a query through either of my Web sites at KatMichaels.net and/or KatMichaels.group constitutes consent. I make every attempt to limit the information gathered at each step to ensure the maximum amount of privacy for each of my visitors and clients.
I use analytics software for the purposes of tracking Web site traffic and performance, source data, and promotions. Through my analytics software, I obtain personal data such as city, state or territory, country, and browser used. I do not access demographics data through my analytics software.
When a client schedules a session with me, I collect information that is necessary to communicate with that client and to provide the service that is contracted for. Information collected may include the client’s name, e-mail address, mailing address, telephone number, payment information, date of birth, place of birth, time of birth, and related necessary information.
Depending on method of payment, payment information may by default include a shipping address, even if that information is not strictly necessary for completion of the contract. Purpose, goals, and expectations for the session are also gathered for the purpose of contract fulfillment, and in some cases may include medical information that is considered sensitive data.
Retention and Sharing of Data
Data gathered is never sold or shared, except with third parties upon whom I rely to process the data for discrete and limited purposes. Third parties relied upon to process information for Web site content management, hosting, booking, domain and e-mail, e-mail marketing, e-mail and instant communication, cookies, analytics, and payment processing include WordPress, WooCommerce, WPX Hosting, Book Like A Boss, Hover, ActiveCampaign, Voxer, Zoom, Google Analytics, PayPal, and Stripe.
Those visitors and/or clients who contact me through Facebook or Instagram also consent to the sharing of their data with Facebook and its subsidiaries as well as with Hootsuite for communication and scheduling purposes.
If required for legal, tax, or other similar purposes, data related to scheduling or payment processing may be released to courts, to necessary federal and state agencies, and/or to federal, state, and/or local tax authorities including the United States Internal Revenue Service and the Oregon Department of Revenue.
I do not retain payment data such as credit card numbers, expiration dates, and card security or verification codes, though these details may be retained by the payment processor depending on the payment processing method used and permissions granted separately to that processor.
Data provided to me through this Web site or through any other method will remain confidential except as detailed in the paragraph above and except as otherwise required by law. Data will be released in the case that a visitor or client indicates an intention to harm him/herself or others; I am a mandatory reporter and am required to notify the proper authorities if any such indication exists.
Data pertaining to client sessions, including sensitive data, is retained for three (3) years following the cessation of the client relationship; data required for legal, tax, and similar purposes is retained for seven (7) years following the cessation of the client relationship. I generally retain all channeled guidance reports, energy work reports, and communications for the duration of the client relationship, unless the client requests otherwise, in writing.
Client queries, reports, and other data pertaining to client sessions are stored locally and are not stored on the Cloud or via any Internet-based storage software. E-mail communications are excepted from this and are stored on my email server, which is owned by Hover; Facebook, Instagram, and Messenger messages are stored by Facebook and its subsidiary companies, as well as by Hootsuite. Video coaching sessions are stored by Zoom.
I contract with a marketing manager and Web designer who has access to my Web site data, registration data, and e-mail marketing lists. Contractors do not have access to payment data or sensitive data.
Individual Rights Pertaining to Stored Data
Should you prefer, you have the right to have your data modified, archived, and/or deleted depending on type of data and/or my legitimate use for the retention of such data. If you believe that any of the retained data is incorrect, such as name, e-mail address, or other information, you may contact me with instructions regarding the information that you would like updated. In some limited cases, you may be required to provide corroborating paperwork before your information will be updated.
If you prefer to have your data archived and/or deleted, you may contact me using the information shown below. If a request for deletion of data is made, I will archive all data required to be retained for legal, tax, accounting, and related purposes, and I will delete all remaining data that is not required to be retained for such purposes. You will receive an email confirming the archival and/or deletion of your data.
Contact Information for GDPR Data Protection Officer
The GDPR Protection Officer can be reached using either of the following methods.
Attn: GDPR Protection Officer
1271 NE Hwy 99W #433
McMinnville, OR 97128