Privacy Policy

Last updated: Decemeber 2025

1. Introduction

The Inner Arts Academy (“we,” “our,” or “the Academy”) is committed to protecting your privacy and safeguarding your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website, register for trainings, participate in programs, or otherwise interact with us.

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Spanish and European data-protection laws.

2. Data Controller

Data Controller: The Inner Arts Academy

Founded by Sanela Čović

Email: sanela@theinnerartsacademy.com

Website: www.theinnerartsacademy.com

Location: Spain / European Union

3. Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identification data: name, surname

  • Contact data: email address, phone number

  • Professional data: training background, certifications, practice interests

  • Enrollment and payment data: ID/ passport number/ VAT number/ Tax ID (for invoicing purposes), registration details, invoices, transaction confirmations (payment processing is handled by secure third-party providers; we do not store full payment details)

  • Communication data: emails, messages, application forms, feedback, supervision or training-related correspondence

  • Technical data: IP address, browser type, device information, cookies, and usage analytics

We only collect data that is necessary for legitimate educational, administrative, and communication purposes.

4. Purpose of Processing

Your personal data is processed for the following purposes:

  • To manage registrations, applications, and participation in training programs

  • To provide educational services, supervision, and certification

  • To communicate important information related to programs, schedules, and updates

  • To respond to inquiries and requests

  • To fulfill legal, accounting, and contractual obligations

  • To improve our website, services, and user experience

  • To send newsletters or announcements (only with your explicit consent; you may unsubscribe at any time)

5. Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds:

  • Consent (Article 6(1)(a) GDPR)

  • Performance of a contract (Article 6(1)(b) GDPR)

  • Legal obligation (Article 6(1)(c) GDPR)

  • Legitimate interests pursued by the Academy, provided these do not override your fundamental rights and freedoms (Article 6(1)(f) GDPR)

6. Payment Processing and Third Parties

Payments for trainings, programs, and services are processed securely via third-party payment service providers, such as Stripe or equivalent platforms.

The Academy does not store or process full credit or debit card details.

Payment providers process personal and payment data in accordance with their own privacy policies, security standards, and applicable laws.

The Academy receives limited transaction information (such as payment confirmation, amount, date, and payer details) solely for administrative, accounting, enrollment, and contractual purposes.

6.1 Installment Plans and Ongoing Payment Obligations

Where a participant selects an installment payment plan, the processing of personal data is necessary to administer an ongoing contractual and financial obligation between the participant and the Academy.

Personal data related to installment plans (including identification details, contact information, payment status, and transaction references) is processed for the purpose of fulfilling this obligation.

Installment payments are processed via third-party payment service providers (such as Stripe or equivalent).

The Academy does not store full payment card details and receives only limited information required for administrative, accounting, and contractual compliance.

The legal basis for this processing is the performance of a contract and, where applicable, compliance with legal and accounting obligations.

Personal data associated with installment plans may be retained for the duration of the payment obligation and for any additional period required under applicable tax or regulatory law.

7. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected.

Certain data, such as training records, certification information, invoices, and payment documentation, may be retained for extended periods where required by legal, accounting, taxation, or accreditation obligations.

8. Data Sharing and International Transfers

We do not sell, rent, or trade personal data.

Personal data may be shared only with trusted service providers where necessary, including:

  • Website hosting and email service providers

  • Payment processors

  • Accounting or administrative services

  • Accreditation or certification bodies (where applicable)

If personal data is transferred outside the European Economic Area (EEA), appropriate safeguards are implemented in accordance with GDPR requirements (such as standard contractual clauses).

9. Data Subject Rights

You have the right to:

  • Access your personal data

  • Request rectification of inaccurate or incomplete data

  • Request erasure of personal data, where legally applicable

  • Restrict or object to processing

  • Request data portability

  • Withdraw consent at any time (without affecting the lawfulness of prior processing)

  • Lodge a complaint with a supervisory authority

In Spain, the competent authority is the Agencia Española de Protección de Datos (AEPD).

Requests may be sent to: sanela@theinnerartsacademy.com

10. Data Security

We apply appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. While no system can guarantee absolute security, data protection is taken seriously and reviewed on an ongoing basis.

11. Cookies

Our website may use cookies and similar technologies to support essential functionality, analytics, and user experience. Cookie preferences can be managed through browser settings or any cookie management tools provided on the website.

Where required, consent for non-essential cookies is obtained in advance.

12. Children’s Privacy

Our services are intended for adults only. We do not knowingly collect personal data from individuals under the age of 18.

13. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy to reflect legal, regulatory, or operational changes. The most current version will always be available on our website with the effective date indicated above.

14. Contact

For questions regarding this Privacy Policy or the handling of personal data, please contact:

The Inner Arts Academy

Email: sanela@theinnerartsacademy.com