Effective Date: [14 May 2025]

1. Data Controller
The data controller of this website is Mystic Readings KM, with registered address at [Street Address, City, Postal Code, Spain] and email mysticreadingskm@gmail.com (hereinafter “we”, “us” or “our”).

2. Scope of This Policy
This Privacy Policy describes how we collect, use, disclose, and protect personal data when you visit our website [https://www.mysticreadingskm.com] (the “Website”) and use our tarot consultation and related services. It also explains your rights under European and Spanish data-protection laws.

3. Personal Data We Collect
We may collect and process the following categories of personal data:

  • Identity & Contact Data: e.g. name, postal address, email address, telephone number when you book a reading or subscribe to newsletters.
  • Payment Data: e.g. transaction details if you pay for services online.
  • Technical & Usage Data: e.g. IP address, device type, browser version, operating system, pages visited, referral URLs, time stamps.
  • Communications Data: e.g. correspondence when you contact us by email or via contact forms.
  • Marketing & Profile Data: your preferences for receiving marketing materials, survey responses.

4. Legal Basis for Processing
We process your data only when lawful. Our legal bases include:

  • Contractual Necessity (Art. 6(1)(b) GDPR): to perform services you request (e.g. booking a reading).
  • Consent (Art. 6(1)(a) GDPR): e.g. when you sign up for our newsletter. You may withdraw consent at any time.
  • Legitimate Interests (Art. 6(1)(f) GDPR): to improve our Website, prevent fraud, and send you service-related communications. We always balance our interests against your rights.
  • Legal Compliance (Art. 6(1)(c) GDPR): to comply with legal obligations under Spanish Law 3/2018 on Data Protection and Guarantee of Digital Rights (LOPDGDD).

5. How We Use Your Data

  • Service Delivery: to schedule and conduct tarot readings.
  • Payments & Invoicing: to process fees, issue invoices, and prevent fraud.
  • Customer Support: to respond to your inquiries.
  • Marketing: with your consent, to send newsletters, special offers or events.
  • Analytics & Improvement: to analyze Website traffic and usage patterns.

6. Data Recipients & International Transfers

  • Service Providers: IT, hosting, payment processors (all GDPR-compliant).
  • Legal Authorities: if required by law or court order.
  • International Transfers: We do not transfer personal data outside the EEA. If we ever do, we will ensure adequate safeguards (e.g. Standard Contractual Clauses).

7. Data Retention
We retain your data only as long as necessary for the purposes indicated, or to comply with legal obligations (e.g. tax rules require invoices be kept for 5 years). Marketing consents are stored until withdrawn.

8. Cookies & Tracking Technologies
Our Website uses cookies and similar technologies to:

  • Remember your preferences.
  • Analyze traffic (e.g. Google Analytics, with IP anonymization).
  • Serve targeted ads (only with your consent).

You can manage or disable cookies via your browser settings; however, some features may be affected.

9. Data Security
We implement appropriate technical and organizational measures (e.g. SSL/TLS encryption, access controls, regular security reviews) to protect your personal data against unauthorized access, alteration, or loss.

10. Your Rights
Under EU law you have the right to:

  • Access your data.
  • Rectify inaccurate or incomplete data.
  • Erase (“right to be forgotten”) in certain circumstances.
  • Restrict or object to processing.
  • Data portability (receive a copy in structured format).
  • Withdraw consent at any time (without affecting processing before withdrawal).

To exercise any right, contact us at mysticreadingskm@gmail.com. We will respond within one month.

11. Right to Lodge a Complaint
If you believe your data-protection rights have been infringed, you may lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.

12. Changes to This Policy
We may update this Privacy Policy at any time (e.g. to reflect law changes). The “Effective Date” above shows when it was last revised. Please review periodically.