1. INTRODUCTION

1.1. Purpose and Scope of the Privacy Policy

This Privacy Policy (“Policy”) outlines the practices, procedures, and guidelines pertaining to the collection, use, disclosure, storage, and protection of personal data by the website dedicated to Spiritual Healing Therapy Using Islamic Methods (“the Website” or “we” or “our”). This Website offers services including, but not limited to, consultation sessions, product sales, and information dissemination, through multiple platforms such as Zoom, phone, chat, and other digital means. It is imperative for users (“you” or “your”) to understand how their personal data is handled, and this Policy aims to provide comprehensive clarity on the same.

The scope of this Policy extends to all personal data of users residing in Canada and accessing our services within Canadian territories. This Policy is crafted in accordance with Canadian legal standards, including but not limited to the Personal Information Protection and Electronic Documents Act (PIPEDA) and relevant provincial regulations. The intent is to ensure a framework that respects user privacy and safeguards their personal data against any unauthorized access or potential misuse.

1.2. Acceptance of Privacy Terms

By accessing, browsing, or using the Website and its services, you acknowledge that you have read, understood, and agreed to be bound by the terms set out in this Privacy Policy. If you do not agree with these terms, it is recommended that you refrain from further using our services or accessing the Website. Your continued use of the Website after the introduction of any changes to this Policy shall indicate your acceptance of those changes.

1.3. Changes and Updates to Privacy Policy

We recognize the dynamic nature of digital platforms and services, and in order to maintain transparency and uphold the trust of our users, we reserve the right to update or amend this Policy from time to time. All changes will be effective immediately upon being posted on the Website. While we endeavor to notify our users of any significant modifications, it remains your responsibility to review this Policy periodically to stay informed about how we process and protect your personal data.

Should there be any substantial alterations to the Policy that might materially impact your rights or the way we handle personal data, we will make earnest efforts to communicate the same to you through prominent notifications on the Website or other communication means deemed appropriate.

2. DEFINITIONS

2.1. Personal Data or Information

For the purposes of this Privacy Policy, “Personal Data” or “Personal Information” refers to any information, whether recorded in a material form or not, about an identified individual, or an individual whose identity may be inferred or determined from the information, either directly or indirectly. This can encompass a wide range of data, including but not limited to, names, addresses, telephone numbers, email addresses, date of birth, financial details, and other identifiers which are associated with an individual. Such data may be collected when users access our Website, engage in consultation sessions, purchase products, or otherwise interact with our services. It is to be noted that Personal Data does not include information that has been rendered anonymous or aggregated in such a way that it can no longer be used to identify a specific individual, whether in combination with other information or otherwise.

2.2. Processing

“Processing” refers to any operation or set of operations which is performed on Personal Data, regardless of the means (automated or not). This encompasses actions such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. It is imperative to understand that the mere act of accessing our Website may result in certain processing of Personal Data due to the digital nature of our services.

2.3. Consent

“Consent” is a voluntary, specific, informed, and unambiguous indication of the user’s wishes by which they, by statement or clear affirmative action, signify agreement to the processing of their Personal Data. Consent is an integral component of data protection, ensuring users have control over their Personal Data. At various instances, while using our services, you may be prompted to provide your consent for certain data processing activities. It is your right to provide or withhold this consent. Moreover, once provided, consent can be withdrawn at any point, though this might impact the ability to access certain services or functionalities of the Website. It should also be noted that there might be instances where processing is permitted by law without the need for consent, especially when it pertains to contractual obligations or other legal imperatives.

3. COLLECTION OF PERSONAL INFORMATION

3.1. Types of Information Collected

When you access or utilize the services offered by our Website, various types of Personal Information may be collected, depending on the nature of your interaction. The types of information can include:

• Identifying Information: Such as full name, mailing address, email address, phone number, and other similar contact data.
• Transactional Information: Details about products you purchased, consultation sessions booked, their cost, payment method, payment history, and other details linked to your transactions on our Website.
• Technical Data: Information such as IP addresses, browser type, device type, operating system, access times, and referral URLs. This data assists in ensuring the smooth operation of our Website and helps enhance user experience.
• Communication Records: If you reach out to us via email, phone, chat, or other communication modes, we may maintain a record of such correspondence.
• Feedback and Reviews: Should you provide feedback, reviews, or ratings related to our services or products, this information may be collected and stored.

It’s crucial to mention that not all the aforementioned data will be collected for every user. The nature and extent of data collection will largely depend on your interaction with our services.

3.2. Means of Collection: Direct and Indirect

The collection of Personal Information can be categorized into two primary methods:

• Direct Collection: When you voluntarily provide us with your Personal Information. Examples of direct collection include, but are not limited to, signing up for an account, booking a consultation session, purchasing a product, subscribing to newsletters, or when reaching out to our support team.
• Indirect Collection: Information that is automatically collected when you access our Website or use our services. This type of collection does not always result from a direct interaction. Examples include cookie usage, logging of your IP address, and accessing certain webpages. It aids in enhancing the functionality of our Website and tailoring user experiences.

We adhere to the principles of data minimization and purpose limitation. This means that we only collect Personal Information that is pertinent, relevant, and necessary for the purposes for which it is to be used. Moreover, we ensure that such collection is compliant with Canadian laws, including PIPEDA, and follows best practices to protect users’ rights and interests.

4. USE OF PERSONAL INFORMATION

4.1. Purpose of Use

The primary reason for collecting Personal Information is to provide, maintain, protect, and improve our services, ensuring a seamless and personalized user experience. Below is a detailed list of the purposes for which Personal Information may be used:

• Service Provisioning: To offer consultation sessions, process product orders, facilitate payment transactions, and deliver products or services as requested by the user.
• Communication: To send updates, promotional materials, newsletters, or other relevant information. Also, to respond to inquiries, comments, or concerns, thereby enhancing user engagement and satisfaction.
• Website Optimization: To analyze user behavior, track website usage patterns, and gauge performance metrics. This aids in refining the design, content, and overall user experience.
• Security Measures: To ensure the integrity and security of our website and services, including the prevention of fraudulent activities, unauthorized access, and other potential security breaches.
• Legal Compliance: To fulfill regulatory, legal, and compliance obligations as stipulated by Canadian law and relevant provincial regulations.
• Feedback & Reviews: To collect and analyze feedback, ratings, or reviews shared by users. This assists in improving the quality of services and addressing any potential areas of concern.

4.2. Consent for Use

Your consent is paramount when it comes to the use of your Personal Information. Before utilizing your data for any purpose not explicitly mentioned during the collection or not inherently required for service provision or legal compliance, explicit consent will be sought.

• Explicit Consent: In cases where sensitive Personal Information is involved or where the use is not intrinsically linked to the service you have chosen, we will obtain your explicit consent. This means you will be provided with a clear option to either agree or disagree with such a use.
• Implied Consent: For other instances, especially where the use of Personal Information is straightforward and inherently tied to the service you’ve opted for, your consent might be implied from your actions. For instance, signing up for a consultation session implies consent for us to use your contact details to set up that session.

You reserve the right to revoke your consent at any time. However, doing so may prevent you from fully experiencing all the services our website offers. Furthermore, there might be situations where we are obligated to use your information due to legal requirements, regardless of consent status.

5. SHARING AND DISCLOSURE OF PERSONAL INFORMATION

5.1. Conditions Under Which Data is Shared

While we prioritize the protection and confidentiality of your Personal Information, there are specific scenarios under which said data might be shared, either within our organizational structure or with external entities. Such sharing is always conducted under strict conditions and with the utmost consideration for data protection. The scenarios under which data might be shared include:

• Internal Organizational Sharing: Some departments or sections within our organization may require access to your data to fulfill service requests, conduct analysis, or for internal operational needs.
• Service Providers: We may collaborate with third-party service providers, contractors, or agencies that assist us in our business operations. Examples include payment processors, IT service providers, and delivery agencies. Such entities only access your data to the extent necessary to perform their tasks and are bound by contractual obligations to ensure data protection.
• Legal & Regulatory Obligations: Under certain conditions, we may be obligated to share your data with regulatory authorities, law enforcement, or in response to legal processes. Such sharing would be in line with Canadian legal requirements, including court orders or other mandatory disclosures.
• Business Transitions: In the event of organizational changes such as mergers, acquisitions, or asset sales, user data may be among the transferred assets. However, users will be notified of such transitions, and the data’s confidentiality will remain protected.

5.2. Third-party Service Providers and Partners

Our commitment to safeguarding your Personal Information extends to our interactions with third-party service providers and partners. To that end:

• Contractual Agreements: Any third-party service providers or partners with access to your data are bound by strict contractual agreements that mandate data protection measures consistent with this policy and Canadian data protection laws.
• Limited Access: These entities are granted data access strictly based on necessity. They are not allowed to use the data for any purpose other than the explicitly agreed-upon service.
• Data Protection Standards: We engage with third-party service providers that adhere to high data protection standards, ensuring that they incorporate robust security measures and respect user privacy rights.

It is worth noting that our website may contain links to other external websites or services. We are not responsible for the privacy practices or content of these external sites. Users are advised to review the privacy policies of any third-party sites they visit.

6. DATA STORAGE AND RETENTION

6.1. Duration of Data Retention

The duration for which we retain your Personal Information is predicated on several factors. These encompass the nature of the information, the purpose for its collection, and legal or regulatory obligations:

• Service-Related Duration: Personal Information required to facilitate services, such as consultation sessions or product deliveries, is retained as long as necessary to fulfill these services. Following this, there may be an additional retention period based on internal operational and auditing needs.
• Legal & Regulatory Compliance: Canadian law, including specific provisions within PIPEDA and relevant provincial legislations, may dictate certain retention periods. In cases where legal retention periods are prescribed, we are bound to hold your data for the stipulated timeframe.
• User Account: If you establish an account on our website, the associated data will be retained as long as the account remains active. Upon deactivation or closure of your account, data is retained for a minimal period necessary for backup, auditing, and potential legal purposes.
• Data Minimization Principle: Consistent with Canadian privacy principles, we adhere to the ethos of data minimization. This means that Personal Information is not retained longer than necessary for the purposes for which it was collected, unless mandated by law.

6.2. Secure Storage Measures

The storage and management of your Personal Information is approached with paramount care:

• Digital Security: All electronic Personal Information is stored on secure servers, protected by state-of-the-art encryption techniques, firewalls, and other technological and procedural safeguards.
• Physical Security: Any hard-copy documentation containing Personal Information is stored in secure facilities, accessible only to authorized personnel.
• Third-party Storage: In instances where third-party services are employed for data storage, we ensure that such providers maintain security measures consistent with this policy and Canadian data protection standards.

Regular audits and reviews are conducted to ensure the efficacy of our storage measures, and any vulnerabilities detected are addressed promptly.

7. DATA SECURITY

7.1. Measures to Protect Data

Your Personal Information’s security is of paramount importance. We have implemented various measures to safeguard your data:

• Encryption: Data transmitted between your device and our servers, especially sensitive data like payment details, is encrypted using industry-standard encryption protocols.
• Access Control: Strict access controls are enforced to ensure that only authorized personnel can access stored Personal Information. Such access is granted based on roles and responsibilities, ensuring that data is only available to those who genuinely require it for their tasks.
• Regular Updates: Our IT infrastructure is regularly updated to guard against potential vulnerabilities, ensuring the use of the latest security patches and updates.
• Employee Training: Our staff undergoes regular training to ensure they are up-to-date with the latest data protection practices and are aware of their responsibilities concerning data confidentiality.

7.2. Breach Notification Procedures

In the unfortunate event of a data breach, we are committed to acting swiftly:

• Detection and Investigation: We maintain systems to detect potential data breaches. Upon detection, an immediate investigation is launched to ascertain the nature and extent of the breach.
• Notification: If the breach poses a risk to your rights and freedoms under Canadian law, you will be notified without undue delay. The notification will provide details about the breach, potential consequences, and measures taken to mitigate its effects.
• Regulatory Reporting: Consistent with Canadian data protection obligations, relevant regulatory bodies will be informed of significant data breaches in a timely manner.
• Remediation: We will take all necessary steps to mitigate the effects of the breach and ensure that such an incident does not recur in the future.

8. RIGHTS OF THE DATA SUBJECTS

8.1. Right to Access

Every individual has the right to access their Personal Information held by our organization. This encompasses:

• Requesting a Copy: Users can request a detailed summary or a copy of the Personal Information we hold about them. This allows you to confirm the accuracy of your data and verify its use in alignment with this policy.
• Reasonable Intervals: While users can make recurrent requests, the frequency should be within reasonable intervals to ensure operational viability.
• Response Time: Upon receiving a request for access, we aim to provide the necessary information without undue delay and, at the latest, within one month of receipt. This timeframe might be extended in complex or multiple request situations, but you will always be informed of any delay.
• No Fee for Access: The first request for access in a given year is typically provided free of charge. However, for subsequent requests or those that are manifestly unfounded or excessive, we may charge a reasonable fee based on administrative costs.

8.2. Right to Rectification

Individuals have the right to rectify any inaccurate or incomplete Personal Information:

• Updating Information: If you believe any of the Personal Information we hold about you is incorrect or incomplete, you can request its amendment. We are committed to maintaining accurate records and will act promptly to rectify any discrepancies.
• Timeframe for Rectification: Upon receiving a rectification request, the necessary corrections will be made without undue delay, with most being addressed within one month.

8.3. Right to Erasure or “Right to be Forgotten”

You have the right to request the erasure of your Personal Information in specific circumstances:

• Criteria for Erasure: Valid reasons include the data no longer being necessary for the purposes it was collected, withdrawing consent (where applicable), or objecting to processing, among others. Specific legal obligations or reasons of public interest may override the erasure request.
• Processing the Request: If the criteria for erasure are met and no legal exemptions apply, we will remove the pertinent data from our records without undue delay.

8.4. Right to Restrict Processing

Individuals have the right to restrict the processing of their data in certain situations:

• Valid Grounds: This might be exercised when the accuracy of data is contested, processing is unlawful, or if the data is no longer needed but the individual requires it for legal reasons.
• Effect of Restriction: During the restriction period, we will store the data but not process it, barring exceptions such as with the individual’s consent or for legal reasons.

8.5. Right to Data Portability

This right allows individuals to move, copy, or transfer Personal Information from our system to another:

• Mechanism: Upon request, and where technically feasible, we will provide your data in a structured, commonly used, and machine-readable format.
• Scope: This right applies to data provided by the user and processed through automated means, based on consent or the execution of a contract.

9. COOKIES AND TRACKING TECHNOLOGIES

9.1. Use of Cookies on the Website

Our website utilizes cookies, which are small text files stored on your device, to enhance user experience, gather analytics, and deliver tailored services:

• Types of Cookies: This includes essential cookies required for website functionality, performance cookies for analytics, targeting cookies for marketing, and functionality cookies to remember user choices.
• Purpose: Cookies help us understand user behavior, preferences, and areas of interest, enabling us to provide a more personalized online experience.

9.2. Types of Cookies Used

Given the varied roles of cookies, our website employs:

• Session Cookies: Temporary cookies that last only for the session’s duration. They are deleted once you close the browser.
• Persistent Cookies: These remain stored on your device until they expire or until you delete them. They help remember user preferences over time.
• Third-party Cookies: These are set by third parties, such as analytics or advertising companies. They might track users across different websites and gather comprehensive data.

9.3. Managing and Opting Out of Cookies

Users have full control over the cookies we set:

• Browser Settings: Most web browsers allow you to manage cookies through their settings. This lets you delete or block cookies, but note that doing so might impact website functionality.
• Opt-Out Tools: For third-party cookies related to advertising and analytics, several industry-wide opt-out tools are available.
• Cookie Notices: Upon your first visit, a cookie notice will be displayed, allowing you to accept or reject specific categories of cookies.

10. DATA TRANSFERS OUTSIDE OF CANADA

10.1. Circumstances of International Data Transfer

In the age of global digital connectivity, certain operational requirements may necessitate the transfer of Personal Information outside of Canada. Such circumstances include:

• Third-party Service Providers: Some of our trusted third-party service providers may be based or operate servers outside of Canada. This could encompass cloud storage solutions, analytics tools, or software as a service (SaaS) applications, among others.
• Operational Necessities: Certain organizational processes or user requests might inherently demand cross-border data transfers, such as international communications or transactions.
• Legal Obligations: Sometimes, legal or regulatory conditions might oblige us to share specific data sets with foreign entities.

10.2. Measures to Ensure Data Protection Outside Canada

We are profoundly conscious of the sensitive nature of international data transfers, and as such, have implemented stringent measures to safeguard Personal Information:

• Standard Contractual Clauses: Where data is transferred to countries that might not have data protection laws equivalent to Canada’s, we use standard contractual clauses as endorsed by the Canadian regulatory authorities, binding both parties to maintain stringent data protection standards.
• Due Diligence: We perform extensive due diligence on all our third-party service providers, ensuring they comply with data protection norms that meet or exceed Canadian standards.
• Privacy Shield and Other Frameworks: If transferring data to U.S.-based entities, we ensure that they are participants in the Privacy Shield Framework or its successor programs, which ensures compliance with Canadian data protection standards.
• Consent: We will obtain explicit consent from users prior to any international transfer of their Personal Information, apprising them of the potential risks associated with data transfers to countries without comparable data protection laws.

11. CHILDREN’S PRIVACY

11.1. Age Restrictions and Data Collection

Our website and its associated services are not targeted toward children, and we do not intentionally collect Personal Information from individuals under the age of 18:

• Verification Measures: To ensure compliance, users might be asked to provide their date of birth or other age verification methods before accessing certain sections of our website or when providing Personal Information.
• Inadvertent Collection: If we become aware that we have inadvertently gathered Personal Information from someone under 18 without appropriate consent, we will take immediate steps to delete such information.

11.2. Parental Consent Procedures

In situations where the age of the user is between 13 and 18, and the nature of services provided necessitates the collection of Personal Information:

• Explicit Consent: We will seek explicit consent from the user’s parent or legal guardian before collecting, using, or disclosing their Personal Information.
• Verification of Parental Consent: This might be achieved through various mechanisms, such as signed consent forms, verification through credit card transactions, or utilizing online verification tools.
• Revoking Consent: Parents or guardians have the right to revoke their consent and request the deletion of their child’s Personal Information at any point, following which we will act without undue delay to ensure compliance.

12. THIRD-PARTY LINKS AND SERVICES

12.1. Third-Party Websites and Privacy Practices

Our website may contain links to external websites, applications, or platforms that are not under our control. These third-party entities have their own privacy policies and data collection practices:

• Independence of Third Parties: Such third-party sites operate independently of our website, and as such, their privacy practices may differ significantly from ours. It’s imperative for users to be diligent and review the privacy policies of any external website before providing their Personal Information.
• No Endorsement Implied: The inclusion of links to external sites does not constitute an endorsement, guarantee, or representation of the content, accuracy, or privacy practices of said third-party websites. We bear no responsibility or liability for the actions, content, products, or services of such sites and their proprietors.

12.2. Disclaimer of Responsibility

While we endeavor to curate and provide valuable resources and links, it’s crucial to understand the delineation of our responsibility:

• No Control Over Third Parties: We do not have control over, nor do we actively monitor the privacy practices or content of third-party websites. Thus, any personal data disclosed or transactions conducted on these sites fall outside the ambit of this Privacy Policy.
• User Discretion: Users are urged to exercise caution and discretion when navigating away from our website and sharing Personal Information on third-party platforms. We encourage individuals to be familiar with the privacy policies of every website that collects Personal Information.

13. USER CONSENT

13.1. Active Consent Collection Measures

One of the bedrock principles underpinning our data collection and processing activities is obtaining informed and explicit consent from our users:

• Explicit Opt-In: Wherever we collect Personal Information, we ensure that users actively opt-in. This means they must take a definitive action, such as ticking a box, to give their consent, rather than relying on pre-ticked boxes or inactivity.
• Informed Decision: Prior to collecting consent, we provide users with clear and comprehensive information about the nature and purpose of data collection, the intended use, possible third-party sharing, and their rights concerning their Personal Information.
• Granular Consent: Where different types of data or processing activities are involved, we offer granular options for consent, allowing users to choose specifically what they are comfortable with.

13.2. Withdrawal of Consent

Recognizing the dynamic nature of consent, we have systems in place to allow users to withdraw their consent seamlessly:

• Easy Opt-Out: Users have the option to withdraw their consent at any time, and the process for withdrawal will be as straightforward as the process for granting consent.
• Immediate Action: Upon receipt of a withdrawal request, we will act expeditiously to cease any further processing of the user’s Personal Information for the purpose they had previously consented to.
• Channels for Withdrawal: Multiple channels, such as email, website interfaces, or customer service portals, are available for users to communicate their intent to withdraw consent.

14. COMPLIANCE WITH CANADIAN PRIVACY LAWS

14.1. Adherence to PIPEDA and Provincial Laws

Our commitment to privacy goes beyond mere compliance with regulations. However, as a foundational measure:

• PIPEDA Compliance: We adhere to the Personal Information Protection and Electronic Documents Act (PIPEDA) – the federal privacy law for private-sector organizations in Canada. This governs our collection, use, and disclosure of Personal Information in the course of commercial activities.
• Provincial Laws: In provinces where there are equivalent provincial laws in effect, such as Alberta’s Personal Information Protection Act (PIPA) or British Columbia’s PIPA, we ensure compliance with those legislations as well. Where provincial laws are substantially similar to PIPEDA, such as Quebec’s Act Respecting the Protection of Personal Information in the Private Sector, we ensure that our practices align with the most stringent requirements.
• Regular Audits and Updates: We routinely conduct internal audits to assess and ensure our adherence to PIPEDA and other relevant privacy laws. Our processes, policies, and practices are continuously updated to reflect changes in the law and best practices.

14.2. Redress Mechanisms

In the unlikely event of any discrepancies or grievances regarding our data handling practices:

• Internal Review: We encourage users to contact our Data Protection Officer (details provided in Section 15) for any concerns related to their Personal Information. We commit to investigating and resolving complaints about our collection or use of your Personal Information promptly.
• Cooperation with Regulatory Authorities: In cases where a user’s concerns are not addressed satisfactorily internally, we will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints.
• Alternative Dispute Resolution (ADR): As an added layer of assurance, we are open to engaging in alternative dispute resolution procedures in cases of unresolved privacy complaints. Our goal is to ensure transparency, fairness, and appropriate redress for all our users.

15. CONTACT AND COMPLAINTS

15.1. Procedures for Submitting Complaints or Inquiries

For a systematic and efficient handling of complaints or inquiries:

• Written Submissions: We encourage users to submit their complaints or inquiries in writing, either via email or postal mail, to ensure clarity and precision.
• Detailed Information: Please provide as much detail as possible regarding the nature of your concern, including any previous correspondences or interactions with our team, so that we can address your concerns promptly and effectively.
• Acknowledgment of Receipt: Upon receiving a complaint or inquiry, we will acknowledge receipt within five (5) business days.
• Resolution Timeline: We strive to address and resolve all complaints within thirty (30) days of receipt. In instances where this timeline cannot be met due to the complexity of the issue, we will keep the complainant updated regarding the progress and expected resolution timeline.