Supplemental General Data Protection Regulations (GDPR) Privacy Notice

Last Updated: November 14, 2020

This Supplemental GDPR Privacy Notice (“GDPR Notice”) is for people who are located in the European Economic Area (“EEA”) and supplements our general Privacy Policy. Our processing of personal information of individuals within the EEA is governed by the General Data Protection Regulations (“GDPR”). Under GDPR, we are required to provide you with certain information regarding your personal information. Unless otherwise defined in this GDPR Notice, capitalized terms used herein are defined in our general Privacy Policy.

Data Controller

The data controller for this Website is Know Thyself as Soul (“KTSI”, “we”, “us”, or “our”). For our contact information, see the section in our general Privacy Policy headed Where to Send Questions, Concerns, or Complaints About This Privacy Policy.

You can contact our data protection officer (“DPO”) using our Contact DPO form.

Purpose of processing and legal basis for processing

We process personal information you provide to us voluntarily in order to provide you with information regarding our services, events, and other programming; to respond to your inquiries or to otherwise communicate with you; to register you for our events and programming; and as otherwise described in our general Privacy Policy and Terms of Use. Personal information gathered through cookies is used for the purposes described in the section of our general Privacy Policy headed Our Cookie Statement.

Generally, we process personal information you provide to us through our Website on the basis of consent. When you sign-up to attend or otherwise participate in our events or programming, we may process your personal information pursuant to a contract. We may also process your personal information for our own legitimate interest, including those interests contained in our general Privacy Policy, promoting our services and customizing our Website, or for any other purpose permitted by GDPR or applicable laws, such as when the processing is necessary for us to comply with any legal obligations.

You are under no statutory or contractual requirement or other obligation to provide personal information to us via our Website.

Categories of personal information we collect

Please see the section of our general Privacy Policy entitled What Information We Collect and Process for a description of the categories of personal information we collect and process through our Website.

Categories of recipients that receive personal information

Please see the sections of our general Privacy Policy entitled How We Share Personal Information We Collect and When We May Disclose Information for a description of the categories of recipients to whom we disclose your personal information.

Information regarding the transfer of personal information outside of the European Economic Area (EEA)

KTSI’s main administrative offices are based in North America, and that is where we process personal information collected through our Website. When you provide your personal information to us, you are consenting to the transfer of your personal data outside of the EEA, including to countries that do not have an adequacy decision from the European Commission, which means that the Commission has not determined that the laws of those countries provide legal protection equivalent to European Union data protection laws.

We safeguard your personal information by treating it in accordance with this GDPR Notice and our general Privacy Policy. When we transfer personal information outside of the EEA, we enter into contracts with our data processors that require them to treat personal information in a manner that is consistent with this GDPR Notice and our general Privacy Policy.

Retention period for personal information

How long we retain your personal information varies according to the type of information in question and the purposes for which it is used. We delete personal information within a reasonable period after we no longer need to use it for the purpose for which it was collected (or for any subsequent purpose that is compatible with the original purpose). We may archive personal information for a certain period prior to its final deletion, as part of our ordinary business continuity procedures.

Your right to access, correct, restrict or delete your personal information and to data portability

Subject to certain limitations under GDPR, you have the right to request access to and correction or deletion of your personal information, restrict processing concerning your personal information and/or object to such processing. You also have the right to data portability, which means that you can request that we provide you (or a third party you designate) with a transferable copy of the personal information you have provided to us.

If you wish to exercise any of these rights, or if you have any questions or concerns regarding our processing of your personal information, please contact us as described in the section of our general Privacy Policy entitled Where to Send Questions, Concerns, or Complaints about this Privacy Policy.

If you have a concern regarding our processing of your personal information, you have the right to file a complaint with your national data protection authority (also known as a supervisory authority). You can find your supervisory authority here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.