Legal | Privacy Policy

Effective Date: 23/02/2016
Last Updated: 23/02/2016

1. Introduction and Data Controller Information

Welcome to The Laboratory of Life (“we,” “us,” “our,” or the “Website”). We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018, and other applicable privacy laws.

Data Controller:
Carlo Praful Saracino
Operating as: The Laboratory of Life
Email: prafulsessions@gmail.com
Website: www.thelaboratoryoflife.com

For any questions regarding this Privacy Policy or your personal data, please contact us at: prafulsessions@gmail.com

2. Scope of This Policy

This Privacy Policy applies to all personal data collected through:

• Our website at www.thelaboratoryoflife.com
• Email communications
• Registration for classes, trainings, and workshops
• Booking of private sessions (individual, couple, or family)
• Any other interactions with The Laboratory of Life

3. Types of Personal Data We Collect

3.1 Data You Provide Directly

When you contact us, register for services, or book sessions, we may collect:

• Identity Data: Full name, title
• Contact Data: Email address, telephone number, postal address
• Service Data: Information relevant to the services you request, including session preferences, workshop selections, and training enrollment details
• Communication Data: Content of emails and messages you send us
• Health-Related Data: Where voluntarily disclosed by you in connection with our services (e.g., emotional or psychological concerns discussed during sessions). This constitutes special category data under GDPR Article 9.

3.2 Data Collected Automatically

When you visit our website, we may automatically collect:

• Technical Data: IP address, browser type and version, operating system, device type
• Usage Data: Pages visited, time spent on pages, navigation paths, referring website
• Cookie Data: Information collected through cookies and similar technologies (see our Cookie Policy)

4. Legal Bases for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

Purpose	Legal Basis
Responding to inquiries	Legitimate interest (Art. 6(1)(f))
Providing requested services	Contract performance (Art. 6(1)(b))
Session booking and management	Contract performance (Art. 6(1)(b))
Sending service-related communications	Legitimate interest (Art. 6(1)(f))
Marketing communications (if opted in)	Consent (Art. 6(1)(a))
Website functionality and security	Legitimate interest (Art. 6(1)(f))
Legal compliance	Legal obligation (Art. 6(1)(c))

For Special Category Data (health-related information voluntarily shared):

• Explicit consent under GDPR Article 9(2)(a)

5. How We Use Your Personal Data

We use your personal data to:

1. Provide Services: Process bookings, deliver sessions, and manage your participation in classes and trainings
2. Communicate: Respond to your inquiries, send appointment confirmations, and provide service updates
3. Improve Our Services: Analyze website usage to enhance user experience
4. Ensure Security: Protect against unauthorized access and maintain website integrity
5. Comply with Law: Meet legal and regulatory obligations

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share your data only:

• With Service Providers: Trusted third parties who assist in operating our website and services (e.g., web hosting, email services), bound by confidentiality obligations
• For Legal Requirements: When required by law, court order, or governmental authority
• With Your Consent: When you have given explicit permission

7. International Data Transfers

As our services are offered internationally, your data may be transferred outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, including:

• Transfers to countries with EU adequacy decisions
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Your explicit consent where applicable

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

Data Type	Retention Period
Contact and inquiry data	2 years from last contact
Service/session records	10 years (legal requirements)
Marketing consent records	Until consent withdrawn + 1 year
Website analytics data	26 months
Cookie data	See Cookie Policy

After the retention period, data is securely deleted or anonymized.

9. Your Rights Under GDPR

As a data subject, you have the following rights:

1. Right of Access (Art. 15): Request a copy of your personal data
2. Right to Rectification (Art. 16): Request correction of inaccurate data
3. Right to Erasure (Art. 17): Request deletion of your data (“right to be forgotten”)
4. Right to Restriction (Art. 18): Request limited processing of your data
5. Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
6. Right to Object (Art. 21): Object to processing based on legitimate interests
7. Right to Withdraw Consent: Withdraw consent at any time (without affecting prior lawful processing)
8. Right to Lodge a Complaint: File a complaint with a supervisory authority

To exercise your rights, contact us at: prafulsessions@gmail.com

We will respond within 30 days of receiving your request. Identity verification may be required.

10. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

Garante per la Protezione dei Dati Personali
(Italian Data Protection Authority)
Piazza Venezia 11, 00187 Roma, Italy
Website: www.garanteprivacy.it
Email: protocollo@gpdp.it

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Secure server infrastructure
• SSL/TLS encryption for data transmission
• Access controls and authentication
• Regular security assessments
• Staff confidentiality obligations

While we strive to protect your data, no transmission over the internet is 100% secure. We cannot guarantee absolute security.

12. Children’s Privacy

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately for its deletion.

13. Links to Third-Party Websites

Our website may contain links to external sites (e.g., Instagram). We are not responsible for the privacy practices of third-party websites. We encourage you to review their privacy policies.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated “Last Updated” date. Significant changes will be communicated via email where appropriate.

15. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email: prafulsessions@gmail.com
Website: www.thelaboratoryoflife.com