Dlixanarvap, located at 1095 Avenue of the Americas, New York, NY 10036, United States, determines why and how personal data is processed when you use this website or correspond with our studio. Reach the privacy desk at online@dlixanarvap.world or by telephone at +1 212-391-1663. Written postal inquiries receive acknowledgements when delivery can be matched to an identifiable request.
Material scope
This Privacy Policy applies to personal data collected through pages hosted on dlixanarvap.world, downloadable planners linked from those pages, scheduling correspondence initiated via published addresses, and billing artefacts produced when you purchase optional coaching formats described on the Plans page.
Non-clinical posture
Walking-coaching materials remain educational. We do not operate telemedicine services. Avoid transmitting diagnostic imagery or regulated health-record identifiers through casual email unless a separate business associate arrangement explicitly permits such exchanges.
Categories of personal data
Depending on how you engage with us, processing may involve one or more of the following clusters. Not every visitor supplies each cluster.
Identity & contact fields
Full name, email address, telephone digits when provided voluntarily, organization name on invoices, and postal codes needed for tax documentation.
Communication content
Free-text descriptions inside contact forms, attachments you choose to send, bullet agendas prepared ahead of consulting conversations, and anonymized workshop reflections unless you sign attribution releases.
Technical telemetry
Pseudonymised IP addresses, HTTP referrer hints, device category inferred from user-agent strings, coarse geographic approximation derived from network routing, and server troubleshooting logs produced during technical debugging.
Preference signals
Cookie consent choices persisted locally, marketing suppression lists, language selections when localized mirrors launch, and newsletter pacing preferences if you opt into episodic digests.
Purposes & indicative lawful bases
European Economic Area visitors benefit from transparency around Articles 6 and 9 GDPR. Because we avoid processing special-category health data by default, Article 9 triggers rarely arise unless you voluntarily disclose such content inside unstructured messages.
| Processing activity | Purpose summary | Typical lawful basis |
|---|---|---|
| Routing contact form submissions | Deliver informational replies and clarify coaching boundaries before optional purchases. | GDPR Art. 6(1)(b) preparatory steps / Art. 6(1)(f) studio correspondence |
| Optional analytics cookies | Understand aggregate navigation friction after obtaining consent. | GDPR Art. 6(1)(a) consent aligned with ePrivacy expectations |
| Invoicing & refunds | Satisfy accounting obligations and evidence refund eligibility. | GDPR Art. 6(1)(c) legal obligation / contractual necessity |
| Fraud monitoring | Detect abusive throughput on forms or credential stuffing attempts. | GDPR Art. 6(1)(f) legitimate interests with balancing tests documented internally |
Retention schedule highlights
Retention balances accountability against data minimization. Actual horizons may extend when litigation holds or supervisory inquiries remain outstanding.
| Dataset | Default horizon | Deletion mechanics |
|---|---|---|
| General inbox threads | Twenty-four months after last substantive reply | Mailbox purge routines plus redundant backup rotation |
| Tax-relevant invoices | Seven years where NY SALT guidance applies | Secure archival vault with restricted ACLs |
| Origin server logs | Ninety rolling days unless escalated for abuse review | Automated truncation pipelines |
| Consent receipts | Twenty-six months from capture | Detached from behavioural identifiers after fourteen months when feasible |
Recipients & subcontracting
Infrastructure partners facilitate hosting, encrypted transactional email, calendar invites, and optional analytics dashboards. Contracts impose confidentiality duties, breach-notification cooperation windows, and instructions limiting repurposing. We do not monetize personal data through list brokerage or behavioural advertising marketplaces.
- Hosting & edge distribution: Processes HTTP payloads necessary to render HTTPS assets.
- Productivity suites: May temporarily cache attachments when staff collaborate internally.
- Payment facilitators: Receive tokenized instrument metadata strictly for settlement.
International transfers
Servers predominantly reside in the United States. When personal data originating from the EEA, Switzerland, or the United Kingdom reaches U.S. processors lacking adequacy decisions, we rely on Standard Contractual Clauses supplemented by transfer impact assessments noting government-access safeguards available under Executive agreements.
Security posture
Measures evolve alongside vendor releases and threat intelligence. Representative controls include TLS 1.2+ across public endpoints, segregated administrative identities with hardware-backed second factors for privileged consoles, periodic dependency patching cycles, workstation disk encryption expectations for personnel viewing inbox exports, and phishing-resistant training refreshers.
No internet-facing workflow eliminates risk entirely. If you suspect unauthorized exposure involving data you submitted, alert us promptly so we can coordinate containment steps and statutory notifications where warranted.
Individual rights & escalation paths
Jurisdiction dictates which rights apply. Subject to verification thresholds, eligible persons may invoke access, rectification, erasure, restriction, portability, objection to legitimate-interest processing, and withdrawal of consent without retroactive invalidation of earlier lawful grounds.
Submit a structured request
Email the controller address above with enough detail to authenticate proportionately—typically corrorespondence context plus alternate identifiers we previously observed.
Verification dialogue
We may schedule a brief callback or reply-only challenge when impersonation risk is elevated.
Decision & remedy timeline
Responses ordinarily arrive within thirty calendar days for GDPR-class requests unless complexity warrants an extension with rationale.
Supervisory escalation
EU residents retain the right to lodge complaints with their lead supervisory authority without forfeiting other judicial remedies.
United States state transparency supplements
Residents of states adopting comprehensive privacy statutes may access bespoke disclosures referencing sensitive-data thresholds, profiling absent automated legal effects, and appeal workflows after substantive denials. Because statutory catalogs diverge, consult supplemental annexes distributed alongside billing paperwork when services imply regulated monetary exchanges.
Updates & archival copies
Material revisions trigger refreshed summaries near the top of this document and may activate renewed consent prompts where technology partners materially alter embedding behaviour. Historical snapshots remain available upon authenticated request for dispute resolution.