Privacy Policy
How we collect, use, and protect your personal data
GDPR Compliant
Your Rights Protected
1 Introduction
Conscious Innovation Lab OÜ (“we”, “our”, or “us”) is committed to protecting your personal data and
respecting your privacy. This Privacy Policy outlines how we collect, use, and protect your personal
data in compliance with the General Data Protection Regulation (GDPR).
Data Controller
Conscious Innovation Lab OÜ
Tööstuse tn 48, 10416 Tallinn, Estonia
Email: info@mypalmleaf.com
Data Protection Officer (DPO): Marilis Puusepp
Email: info@mypalmleaf.com
2 Data We Collect
We collect the following personal data to provide our services:
| Data Type | Purpose |
|---|---|
| Name | Order fulfillment & communication |
| Billing address | Invoice & legal compliance |
| Email address | Order confirmation, service updates |
| Phone number | Service coordination |
| Payment details | Secure payment processing |
| Thumbprint | Locating your unique palm leaf |
| Gender & country of birth | Locating your unique palm leaf |
3 Purpose of Data Processing
We process your personal data for the following purposes:
- Order Fulfillment: To process and deliver orders made via our website.
- Finding Your Palm Leaf: Thumbprints, gender, and country of birth are collected
solely to locate your specific palm leaf. - Newsletters: To send newsletters and updates — only with your explicit consent.
- Analytics and Website Improvement: To improve the website and user experience
using tools like Google Analytics and Facebook Pixel. - Legal Compliance: To comply with applicable tax and financial regulations.
4 Legal Basis for Processing
We process your data based on the following legal grounds:
- Consent: For newsletters and any marketing communications.
- Contractual Necessity: To fulfill orders and deliver services.
- Legitimate Interests: To analyze website performance and ensure its
functionality. - Legal Obligations: For compliance with tax reporting and other legal
requirements.
5 Third-Party Services
We use third-party service providers to process your data securely and efficiently. Each of these providers complies with GDPR and ensures data protection through appropriate safeguards.
| Category | Service Providers |
|---|---|
| Hosting Providers | AWS, Google Cloud, monday.com |
| Email Marketing | Mailchimp |
| Payment Processors | PayPal, Stripe |
| Analytics & Tracking | Google Analytics, Facebook Pixel |
6 International Data Transfers
To locate your palm leaf, we transfer personal data (thumbprint, gender, country of birth) — without your name — to our partner readers in India.
These transfers are made under Standard Contractual Clauses (SCCs) as defined by the European
Commission, to ensure an adequate level of data protection for all cross-border transfers.
7 Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your user experience:
- Google Analytics: For analyzing website traffic and user behavior.
- Facebook Pixel: For personalized marketing and tracking conversions.
You can manage cookie preferences through our cookie consent banner or adjust settings in your browser at any time.
8 Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected:
| Data Type | Retention Period |
|---|---|
| General customer data (name, email, billing address) | 6 years |
| Thumbprints (used for locating palm leaves) | 4 weeks after the general reading |
Data is deleted or anonymized once it is no longer required for the purposes stated above.
9 Your Rights Under the GDPR
As a data subject under the GDPR, you have the following rights regarding your personal data. To
exercise any of these rights, please contact us at info@mypalmleaf.com.
purposes.
10 Automated Decision-Making and Profiling
We do not use automated decision-making or profiling tools. All decisions that affect you are made by humans with appropriate oversight.
11 Data Security
We take appropriate organisational and technical measures to handle your personal data securely.
Access to personal data is restricted to authorised personnel only, and we share your data
exclusively with trusted third-party providers who are contractually bound to protect it.
We continuously review and improve our security practices to ensure your data is handled with the
care it deserves. If you have any concerns about the security of your data, please contact us at info@mypalmleaf.com.
12 Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in legal or operational
requirements. Any updates will be posted on this page, and where appropriate, we will notify you
directly.
We encourage you to review this page periodically to stay informed about how we are protecting your
information.
Conscious Innovation Lab OÜ
Tööstuse tn 48, 10416 Tallinn, Estonia
Email: info@mypalmleaf.com
DPO: Marilis Puusepp — info@mypalmleaf.com