Privacy Policy

Effective Date: 9.26.2025
Notice Version: 2.0
Data Controller: Yoni Havana (“we,” “us,” “our”)
Website: yonihavana.com
Contact: info@yonihavana.com

This Privacy Policy explains what Personal Data (“PD”) and Non-Personal Data (“NPD”) we collect, how we use and share it, how we protect it, the choices and rights you have (under GDPR/UK-GDPR and the California Consumer Privacy Act as amended by the CPRA), and how to contact us. Capitalized terms not defined here have the meanings given elsewhere on our site.

Definitions

  • Personal Data (PD): Any information that identifies or can reasonably identify a natural person (e.g., name, email, IP, online identifiers).

  • Non-Personal Data (NPD): Aggregated/anonymous information that does not identify an individual.

  • Visitor/User/Member: A “visitor” browses the site. A “member/user” registers, purchases, or otherwise engages more deeply.

Quick Summary (Human-Friendly)

  • We collect PD you give us (e.g., checkout, forms) and some technical data automatically (e.g., IP, device, pages).

  • We use cookies and similar tech. You can manage them via your browser and (if present) our consent banner.

  • We don’t sell your data. We share with trusted processors (e.g., payment, email, hosting, analytics) to run the site.

  • You can access, correct, delete, or limit your PD, and opt out of marketing. California and EU/UK residents have extra rights.

  • We take reasonable security measures; no system is 100% secure.

  • This site is for adults (16+).

  • We may update this Policy; changes appear here with a new effective date.

Your Rights (GDPR/UK-GDPR & CPRA/CCPA)

Depending on your location, you may have the right to:

  • Be informed about PD we collect and how we use it.

  • Access your PD.

  • Rectify inaccurate or incomplete PD.

  • Erase your PD (right to be forgotten) where applicable.

  • Restrict processing of your PD.

  • Data portability of PD you provided, in a commonly used format.

  • Object to processing (including direct marketing).

  • Opt-out of “sale”/“sharing” of personal information (as defined by CPRA), and opt-out of targeted advertising.

  • Limit the use/disclosure of Sensitive Personal Information where applicable.

  • Not be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.

  • Appeal our denial of a request (where required).

  • Non-discrimination for exercising CPRA rights.

How to exercise: Email info@yonihavana.com with your request and the nature of your relationship with us. We will verify identity (e.g., email link, order info) and respond within the time required by law (generally 30–45 days). You may also designate an authorized agent (CPRA) with proof of authorization.

Complaints (EU/UK): You may lodge a complaint with your local supervisory authority if you believe your rights were infringed.

Information We Collect & Legal Bases

You control how much you share; some features won’t work without certain PD.

Categories & examples

  • Identifiers & contact: name, email, phone, billing/shipping address.

  • Commercial data: orders, subscriptions, support tickets.

  • Payment data: last 4 digits/tokenized data via our processors (we do not store full card data).

  • Technical data: IP address, device, browser, OS, pages visited, timestamps, referral/UTM.

  • User content: forms, questionnaires, surveys, comments, community posts.

  • Inferred data: preferences derived from interactions (e.g., email engagement).

Sources

  • Directly from you (forms, checkout, messages).

  • Automatically via cookies/SDKs/pixels (see Cookies).

  • Service providers (e.g., payment confirmation, email delivery status).

  • Public/affiliate/partner sources where lawful.

Legal bases (GDPR/UK-GDPR)

  • Contract necessity: to provide services, purchases, memberships, or events.

  • Consent: newsletters, certain cookies/marketing, optional fields.

  • Legitimate interests: site security, analytics (privacy-respecting), improving services, limited direct marketing to existing customers.

  • Legal obligation: tax, accounting, compliance.

What if you don’t provide PD? Some services (e.g., purchase, registration, replies) may be unavailable.

Cookies & Tracking Technologies

We use cookies, pixels, and similar technologies to operate and improve the site.

Types we may use

  • Strictly necessary: authentication, session management, security.

  • Functional: preferences (e.g., language, form states).

  • Performance/analytics: traffic, usage (e.g., Plausible Analytics—privacy-friendly, no cookies by default unless configured).

  • Advertising/retargeting (if enabled): to show relevant messages across sites.

  • Session vs. persistent: session cookies expire on browser close; persistent last longer.

Your choices

  • Manage cookies in your browser and via our on-site consent banner (if present).

  • Some features may not function if you disable certain cookies.

Global Privacy Control (GPC) & Do Not Track

  • GPC: If your browser sends a valid GPC signal, we will treat it as an opt-out of “sale/share” for CPRA to the extent applicable.

  • DNT: Many sites (including ours) don’t respond to legacy DNT signals due to lack of standardization.

How We Use Your Information

  • Provide, operate, and support the website, memberships, retreats, events, and services you request.

  • Process payments and fulfill orders.

  • Communicate: confirmations, service messages, updates, customer support.

  • Send newsletters and promotions (with consent or as permitted by law). You can unsubscribe anytime.

  • Improve performance, usability, and content; detect/prevent fraud and abuse.

  • Comply with legal, tax, and accounting obligations.

Communications & emails
We may email you about your account, orders, service notices, and—with your consent or as allowed—marketing. Unsubscribe using the link in any marketing email or email info@yonihavana.com. Transactional/service emails are not subject to unsubscribe.

Sharing & Disclosure

We do not sell your PD. We may “share” PD for cross-context behavioral advertising only if such tools are enabled; if so, you can opt out (and GPC will be honored).

We share PD with trusted service providers under contracts that limit use to our instructions, such as:

  • Hosting/CDN/Security (e.g., your WordPress host, WP Rocket, firewalls)

  • Payments (e.g., Stripe/PayPal—tokenization; we don’t store full card numbers)

  • E-mail & CRM (e.g., ConvertKit, Mailchimp, or similar)

  • Analytics (e.g., Plausible Analytics; we prefer privacy-friendly setups)

  • Forms/Events/Memberships (e.g., Elementor, Event Tickets, ARMember, WooCommerce)

  • Professional services (e.g., accountants, legal counsel, auditors)

Legal disclosures
We may disclose PD if required by law/subpoena, to cooperate with authorities, enforce our terms, protect our rights, users, safety, or prevent fraud.

Business transfers
If we undergo a merger, acquisition, restructuring, bankruptcy, or asset sale, PD may transfer subject to this Policy (or a successor policy with notice where required).

Community Discussion Boards & User Content

If you post content (e.g., comments, forums), assume it is public. Do not share others’ PD without permission. We don’t routinely moderate; we remove content upon valid notice of rights violations.

Protecting third-party privacy
If your posts include third-party PD, you must have their consent. We will remove postings we’re notified about that violate others’ privacy.

Data Retention

We keep PD only as long as needed for the purposes above and as required by law (e.g., tax and accounting retention). When PD is no longer needed, we delete or irreversibly anonymize it.

Updating Your Information

If your account or profile tools allow edits, you may correct or update your details there. Otherwise, email info@yonihavana.com. We may retain necessary PD to meet legal obligations and enforce agreements.

Revoking Consent / Opt-Out

Where processing is based on consent, you may withdraw it at any time (e.g., unsubscribe, cookie banner). Withdrawal does not affect prior lawful processing or disclosures permitted by law (e.g., to processors for fulfillment, government requests, etc.). To opt out of marketing or certain processing, use links provided or email info@yonihavana.com.

Security

We use reasonable administrative, technical, and physical safeguards (e.g., TLS encryption in transit, access controls). No method of transmission or storage is completely secure.

Account hygiene: Use strong, unique passwords; log out on shared devices; don’t share credentials.

Use of Your Credit Card

Payments are processed by third-party providers (e.g., Stripe/PayPal). We do not store full card numbers on our servers. Providers use industry-standard security and encryption. We are not responsible for misuse occurring on third-party systems beyond our control.

Children’s Privacy

Our site is not intended for children under 16. We do not knowingly collect PD from children under 16. If you believe a child provided PD, contact us and we will delete it after reasonable verification.

International Data Transfers

We are based in the United States. If you are outside the U.S., your PD may be transferred to and processed in the U.S. and other countries that may not provide the same level of data protection as your home jurisdiction.

For EEA/UK users, transfers rely on appropriate safeguards (e.g., Standard Contractual Clauses and supplemental measures) or a GDPR Article 49 derogation (e.g., contract necessity or explicit consent). By using our site/services, you acknowledge these transfers as described.

California Notice at Collection (CPRA)

We may collect the following categories of personal information: Identifiers (name, email, IP), Customer Records (billing address), Commercial Information (orders), Internet/Network Activity (usage, interactions), Geolocation (approximate IP-based), Inferences (preferences).
Purposes: as described above (provide services, security, analytics, marketing with consent, legal compliance).
Retention: as described under “Data Retention.”
Sensitive Personal Information: we do not use SPI to infer characteristics or for additional purposes beyond those allowed without a “Limit Use” link.
Sale/Sharing: We do not sell PI. If any cross-context behavioral advertising tool is enabled, we may “share” PI for that purpose; you can opt out (and GPC will be honored).

Do Not Track (DNT) & Global Privacy Control (GPC)

  • We do not currently respond to legacy DNT signals.

  • We honor GPC as an opt-out of “sale/share” where applicable.

External Links

We may link to third-party websites. Their privacy practices are not our responsibility. Review their policies before providing PD. Your use of third-party sites is at your own risk.

Limitation of Liability & Disclaimer

Your use of this site and its content is at your own risk. We do not guarantee accuracy, completeness, availability, or reliability of any content. To the fullest extent permitted by law, we disclaim all liability for any direct, indirect, incidental, consequential, special, exemplary, or punitive damages arising from or related to your use of the site, any services, or any third-party links or tools. External links are provided for convenience; we are not responsible for third-party content or practices. Nothing here limits liability that cannot be limited under applicable law.

(Note: Broader disclaimers, medical disclaimers, IP ownership, arbitration/venue clauses, etc., typically live in a separate Terms of Service.)

Changes to This Policy

We may update this Policy from time to time. Changes will be posted here with an updated Effective Date. If we materially change how we process your PD, we will provide additional notice as required by law. Your continued use of the site after changes means you accept the updated Policy.

Contact

Questions, requests, or concerns about this Privacy Policy or our data practices:
Email: info@yonihavana.com