PRIVACY POLICY

Who we are

Our website address is: https://mahaalmusa.com.

List of plugins that this website uses that collect personal data

The following plugins on this website collect personal data. The nature of this data, where it is stored, and why it is collected is outlined within this policy.

  • Contact Form 7
  • Google Analytics for WordPress by MonsterInsights
  • WooCommerce
  • WooCommerce Stripe Gateway
  • GetResponse for WordPress

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.


An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.


Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.


Contact forms

Our contact forms on this website asks for you to provide us with your name, email address and a message from you. This is used so that we can respond to your enquiry. The plugin that is used for this is Contact Form 7. The method of transmission of this information is to send the enquiry as an email to us. This email is then stored locally at our office on our computer system. Contact Form 7 does not store this information on the website. Filling out the contact forms on this website is not required in order to use our website.


Checkout forms

Our checkout forms on this website asks you to provide us with your first name, last name, country that you live in, street address, town, state and email address. The details collected are emailed to us so that we may process your order. They are also stored on the website hosting server.


We require these details in order to fulfil your order, process your order, and ship your order if applicable. We also require them so that we may contact you for any reason that directly relates to your purchase. These details are not used for any other purpose.


When you place an order, your name and email address is also synced across to our third party Data Processor called GetResponse so that we can contact you to process your order. This is also used as our email marketing platform, however, you will only receive emails from this platform if you have explicitly given us your consent to join our mailing list. It is not required for you to join our mailing list to purchase a product on this website.


If you purchase a product from our website, you will provide us with additional personal data in the form of your credit card number, expiry date and the CVC number or similar in order to facilitate a transaction made on this website.


For this, we use the WooCommerce Stripe Gateway plugin. This plugin works by allowing us to take payments directly on the checkout page of this website via Stripe’s API. This sensitive data is transmitted directly to Stripe without passing through the server that hosts this website, which allows our checkout process to be PCI-DSS compliant. For more information, visit: https://stripe.com/docs/security.


Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.


If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.


When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.


If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.


Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.


These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.


Analytics

This website uses a Google Analytics code snippet and Facebook Pixel code snippet as part of aggregated visitor data. The personal data collected are cookies and usage data.


The purpose of collecting this data is to create reports on visitor statistics to this website.


Certain areas of this website also allow for interactions with social media platforms should you choose to do this, in the form of a Facebook share button, Twitter tweet button and a Pinterest pin button.  These areas will collect cookies and usage data should you choose to use these buttons.

Who we share your data with

If you have consented to join our email newsletter, we use a third party Data Processor called GetResponse (https://www.getresponse.com). This processor is used to collect your name and email address.


GetResponse is a marketing platform that we use to send email marketing to you. You reserve the right to unsubscribe from our email newsletter, and once you do so, your information we hold with GetResponse will be deleted or anonymised.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.


For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.


Any other information we collected such as through our contact forms, check out forms or payment gateway is stored for as long as your account is active, your information is required to provide you with services, or as required to fulfill our legal obligations.


If you have requested to join our email newsletter, your personal data (your name and email address) will be stored for the length of time that you remain an active subscriber to our newsletter.


You can request to update this information, correct this information, or be provided with a copy of all the personal data we hold by emailing info@mahaalmusa.com


You also have the right to have all personal data deleted or removed, and you can so by emailing info@mahaalmusa.com.  You do not need to know what personal data we hold if you request to have all of your personal data deleted or deleted, unless you have requested to receive a copy. It is our responsibility to fulfill your request for deletion or removal.


When we receive a request to delete or remove personal data, it will be deleted or anonymized.


With regard to personal data collected to provide a sale, we may delete or anonymize any personal data relating to your sale once we no longer have a business need to process your information relating to your sale.


If you choose to unsubscribe from our email newsletter, your personal data is deleted from GetResponse after 60 days.


What does anonymize data mean

If we anonymize data, we do this in order to retain certain information for legal or tax reasons. For example, we will need to keep certain information relating to sales such as the product purchased, price of the sale, and any application sales tax, in order to meet our own reporting obligations for tax purposes, as well as other legal reasons. To anonymize this data means that all personal data relating to that sale is completely deleted so that it becomes non identifiable, which is what we are legally required to do under the General Data Protection regulation (GDPR) for all EU citizens, and is the policy we have adopted to all users of our website who are not EU citizens.


Website hosting

Certain personal data we collect is retained on the website server with this website. This website is hosted with Crazy Domains, and on their servers located within Australia. Any personal data we collect that is stored on this website is stored on a server in Australia.


If you purchase products from our website, and/or if you choose to subscribe to our newsletter, then we collect your name and email address through a third party Data Processor called GetResponse, and this data is hosted on their servers that are located in the United States, within data centres which ensure an adequate level of personal data protection. This means that either they are Privacy Shield certified, or GetResponse has concluded Standard Contractual Clauses with such entities.


If you purchase a product from our website, you provide us with additional personal data in the form of your credit card number, expiry date and the CVC number or similar in order to facilitate a transaction made on this website. This particular information is NEVER stored locally on our website. This information is stored with Stripe.com and all card numbers are encrypted on disk with AES-256 and decryption keys are stored on separate machines. For more information, see Additional Information – How we protect your data.


Website backups

We may perform website backups via our hosting provider from time to time, and these will also be stored on the same hosting server or server in the same physical location as the server that hosts this website, and are usually retained for 4 weeks or less.


In addition, manual backups can be made. These manual backups can also be stored with the hosting server as the website, and also be downloaded to our local computer systems located in our office in New South Wales, Australia, and downloaded as a packaged zip file containing the website files and database information.


Any website backups made will contain the same personal data that is stored on the website server at the time that the backup has been made.


Only the most recent backups are retained, and as a new backup is made, the oldest backup is deleted.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.


You reserve the right to do the following easily by sending an email request to info@mahaalmusa.com.

  • You can ask us for a copy of all the information we hold about you. When we receive this request we have to provide you with any information stored on this website, any information you have emailed to us that contains personal data that is still stored locally on our computer systems, and any information, if applicable, that is stored on the third party Data Processors outlined in the policy, which are GetResponse and Stripe.
  • You can ask us to correct any information that you think may be incorrect that we hold about you, even if you have not requested to see it first.
  • You can request to have any personal data we hold about you, to be deleted or removed completely. You can do this even if you have not requested to see it first.
  • In order to comply with these requests, we may need to ask you to confirm your identity.
  • We are legally obliged to comply with any of the above requests.

Where we send your data

Visitor comments may be checked through an automated spam detection service.


Email newsletter requests will be sent to GetResponse to fulfill this request.


Payment processing requests will be sent to Stripe to process transactions.

Additional information

How we protect your data - SSL Certificate

All data on this website uses an SSL certificate verified by The USERTRUST Network. The connect is encrypted with TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 128 bit keys, TLS 1.2.


Payments processed are done via Stripe payment gateway and comply with the Payment Card Industry Data Security Standards (PCI DSS). Anyone involved with processing, transmitting, or storage of credit card data must comply with the PCI DSS). Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. More information about this can be found here: https://stripe.com/docs/security


This information is transmitted directly to Stripe and does not pass through the server that hosts this website. It is never stored on the server with this website. We do not have access to this information at all. This information is stored with Stripe.com and all card numbers are encrypted on disk with AES-256 and decryption keys are stored on separate machines. None of Stripe's internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist.


Stripe's infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure and doesn't share any credentials with Stripe's primary services (API, website, etc.) For more information, you can visit Stripe's security policy for more information here.


Contact information, owner and data controller

We take your privacy seriously. If you have any questions or complaints, you may contact us below:

Maha Hindi

info@mahaalmusa.com

3/6 Cape Court

Byron Bay, NSW 2481

Ph: +61 401 853 673

 www.mahaalmusa.com


Go back to mahaalmusa.com.

Your VIP access awaits...

Don't leave without becoming an insider!

Sign up for the EmbodyBirth™ Chronicles. You'll receive inspiration, tips, exclusive invites to online/in-person events and more!
YES, I WANT IN!
close-link