This Privacy Policy explains how The Inner Arts Academy (“the Academy,” “we,” “us,” or “our”) collects, uses, stores, and protects personal data when you visit our website, apply for or participate in trainings, supervision, programs, events, or otherwise engage with our services.

We are committed to processing personal data responsibly and in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable European and Spanish data-protection laws.

Data Controller:
The Inner Arts Academy
Founder: Sanela Čović
Email: sanela@theinnerartsacademy.com
Website: www.theinnerartsacademy.com
Location: Spain / European Union

This Privacy Policy applies to:

• Website visitors

• Applicants and participants in trainings, programs, supervision, and events

• Individuals who contact the Academy or subscribe to communications

• Customers who purchase services or products

It does not apply to third-party websites or services that may be linked from our site.

We may collect and process the following categories of personal data:

• Identification data: name, surname

• Contact data: email address, phone number (where provided)

• Professional and educational data: applications, qualifications, training history, certification records

• Enrollment and participation data: registration details, attendance records, supervision participation

• Payment-related data: payment status, transaction references, billing details received from payment providers

• Communication data: emails, messages, forms, feedback, and correspondence

• Technical data: IP address, browser type, device information, cookies, and website analytics

We collect only data that is relevant, necessary, and proportionate for the purposes described in this Policy.

Personal data is processed for the following purposes:

• Managing applications, enrollment, participation, supervision, and certification

• Delivering educational and professional training services

• Administering payments, installment plans, and contractual obligations

• Communicating program-related information, updates, and administrative notices

• Responding to inquiries and requests

• Meeting legal, accounting, taxation, and accreditation requirements

• Improving website functionality and user experience

• Sending newsletters or announcements, where explicit consent has been provided

Personal data is processed on one or more of the following legal bases:

• Consent – where you have given explicit permission

• Performance of a contract – where processing is necessary to deliver services or manage enrollment and payments

• Legal obligation – where required by law (e.g. accounting or taxation)

• Legitimate interests – where processing is necessary for the Academy’s legitimate interests and does not override your fundamental rights

Payments for services are processed securely via third-party payment service providers, such as Stripe or equivalent platforms.

• The Academy does not store or process full credit or debit card details.

• Payment providers process personal and payment data in accordance with their own terms, privacy policies, and security standards.

• The Academy receives limited transaction information (such as payment confirmation, amount, date, and payer details) for administrative, accounting, and contractual purposes only.

Where a participant selects an installment payment plan, personal data is processed as necessary to administer an ongoing contractual and financial obligation between the participant and the Academy.

• Data processed may include identification details, contact information, payment status, and transaction references.

• Installment payments are processed via third-party payment providers.

• The legal basis for this processing is the performance of a contract and compliance with legal and accounting obligations.

Personal data related to installment plans may be retained for the duration of the payment obligation and any additional period required by applicable law.

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected.

Certain records—including training participation, certification, invoices, and payment documentation—may be retained for longer periods where required by legal, accounting, taxation, or accreditation obligations.

We do not sell or rent personal data.

Personal data may be shared only with trusted service providers where necessary, such as:

• Website hosting and email service providers

• Payment processors

• Accounting or administrative services

• Accreditation or certification bodies (where applicable)

If data is transferred outside the European Economic Area (EEA), appropriate safeguards are applied in accordance with GDPR requirements.

Under GDPR, you have the right to:

• Access your personal data

• Request correction of inaccurate or incomplete data

• Request erasure of personal data, where legally applicable

• Restrict or object to processing

• Request data portability

• Withdraw consent at any time (without affecting prior lawful processing)

• Lodge a complaint with a supervisory authority

In Spain, the supervisory authority is the Agencia Española de Protección de Datos (AEPD).

Requests may be submitted to: sanela@theinnerartsacademy.com

We apply appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. While no system can guarantee absolute security, the Academy takes data protection seriously and reviews safeguards regularly.

Our website may use cookies and similar technologies to support essential functionality, analytics, and user experience.

Where required, consent for non-essential cookies is obtained through a cookie banner. Cookie preferences can be managed via browser settings or site tools.

Further information is available through our cookie notice displayed on the website.

The Academy’s services are intended for adults only. We do not knowingly collect personal data from individuals under the age of 18.

The Academy may update this Privacy Policy from time to time to reflect legal, regulatory, or operational changes. The current version will always be published on the website with the effective date indicated above.

For questions regarding this Privacy Policy or the handling of personal data, please contact:

The Inner Arts Academy
Email: sanela@theinnerartsacademy.com