Last Update: 11/4/24

At RayNa Scalp Care University, owned by The Head Spa Studio, LLC (referred to as "we," "our," or "us"), we are committed to protecting the personal data of our customers, clients, and website visitors in compliance with the **General Data Protection Regulation (GDPR)** (Regulation (EU) 2016/679). This policy outlines how we collect, use, store, and protect personal data.

1. Scope of this Policy
This policy applies to:
- All personal data collected from users within the European Union (EU) and European Economic Area (EEA).
- The use of our website, [www.theheadspastudio.com](http://www.theheadspastudio.com), services, and products.

2. What is Personal Data?
Under GDPR, "personal data" means any information relating to an identified or identifiable individual. Examples include:
- Name, address, email, and phone number.
- Financial information, such as credit card details.
- IP address and browsing activity.

3. Your Data Protection Rights
As an EU or EEA resident, you have the following rights under GDPR:
1. Right to Access: You can request a copy of your personal data that we hold.
2. Right to Rectification: You can request corrections to inaccurate or incomplete personal data.
3. Right to Erasure ("Right to Be Forgotten"): You can request that we delete your personal data under certain conditions.
4. Right to Restriction: You can request that we restrict the processing of your personal data in specific situations.
5. Right to Data Portability: You can request to transfer your personal data to another controller or receive it in a structured, commonly used, and machine-readable format.
6. Right to Object: You can object to our processing of your personal data for direct marketing purposes or other legitimate interests.
7. Right to Withdraw Consent: If we rely on your consent for processing, you can withdraw it at any time.

To exercise any of these rights, please contact us using the information provided in Section 11.

 4. Lawful Basis for Processing Personal Data
We process your personal data under the following lawful bases:
- Consent: When you have provided explicit consent for a specific purpose (e.g., receiving marketing emails).
- Contract: When processing is necessary to fulfill a contract with you (e.g., course enrollment or order fulfillment).
- Legal Obligation: When processing is required to comply with applicable laws.
- Legitimate Interests: When processing is necessary for our legitimate business interests, provided your rights do not override those interests.

5. Data Collection and Use
We collect personal data through:
- Direct Interactions: When you fill out forms, register for courses, make a purchase, or contact us.
- Automated Technologies: Such as cookies, server logs, and analytics tools.

We use personal data to:
- Provide and improve our services, courses, and website.
- Process orders and payments.
- Communicate updates, marketing, and promotional content (with your consent).
- Comply with legal obligations.

6. Data Retention
We retain personal data only as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. After this period, data will be securely deleted or anonymized.

7. Data Sharing
We do not sell or trade your personal data. However, we may share data with:
- Service Providers: For payment processing, website hosting, and analytics.
- Legal Authorities: When required to comply with applicable laws or legal processes.
- Business Transfers: In the event of a merger, sale, or transfer of business assets.

All third-party providers are contractually obligated to comply with GDPR and protect your data.

8. Data Security
We implement appropriate technical and organizational measures to protect personal data, including:
- Encryption of sensitive information.
- Regular security assessments.
- Limited access to personal data by authorized personnel only.

While we strive to protect your data, no system is entirely secure. Any transmission of personal data is at your own risk.

9. International Data Transfers
If your data is transferred outside the EU/EEA, we ensure:
- Adequate safeguards are in place (e.g., standard contractual clauses).
- The data recipient complies with GDPR or equivalent standards.

10. Cookies and Similar Technologies
Our use of cookies is outlined in our Cookie Policy. When required by GDPR, we obtain your consent before setting non-essential cookies on your device.

11. How to Contact Us
If you have questions, concerns, or wish to exercise your rights under GDPR, please contact us at:

RayNa Scalp Care University  
The Head Spa Studio, LLC  
Email: [support@theheadspastudio.com](mailto:support@theheadspastudio.com)  
Website: [www.theheadspastudio.com](http://www.theheadspastudio.com)

12. Complaints
If you believe we have violated GDPR, you have the right to lodge a complaint with your local data protection authority. In the EU, you can find your national authority [here](https://edpb.europa.eu/about-edpb/board/members_en).

13. Policy Updates
We may update this GDPR Policy from time to time. Changes will be posted on this page with the effective date. Your continued use of our services indicates your acceptance of the updated policy.