Privacy Policy

Effective: March 28, 2025

Last updated: July 17, 2025

The River Flows in You LLP, operating as The River Flows in You LLP, is committed to ensuring that your privacy is protected. This Privacy Policy outlines how we collect, use, store, share, and protect your personal data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) of the European Union and applicable European data protection laws. Please read this notice carefully to understand how we handle your data.

We may update this Privacy Policy from time to time. You should periodically check this page to ensure that you are happy with any changes. The latest update was made on July 17, 2025.

Introduction And Scope

This Privacy Policy applies to The River Flows in You LLP (referred to as "the Company" or "we"), a Canadian Limited Liability Partnership (LLP), and describes how personal data is collected, processed, stored, and shared through our services, particularly online holistic life coaching services provided to expatriate professionals in Europe, including the EU, UK, Switzerland, and Norway. This policy is effective from March 28, 2025 and will cover all data processing activities from that date forward.

How and Why We Process Your Personal Data

We process personal data only where it is necessary to operate our services responsibly and in alignment with our coaching work.

Personal data may be processed for the following purposes:

- To respond to enquiries and communicate with prospective clients

- To onboard clients and manage contractual relationships

- To deliver coaching services, including structured programs and individual sessions

- To manage scheduling, communication, and continuity of service

- To meet legal, accounting, and tax obligations

- To improve service quality and internal operations

We do not process personal data for purposes that are incompatible with the original reason it was collected.

Legal Basis and Principles of Data Processing

The Company, as the Data Controller, ensures that personal data is processed lawfully, fairly, and transparently in accordance with GDPR and applicable European data protection laws. The lawful bases for processing personal data include:

• Contractual Obligation: To fulfill the coaching services provided.

• Legitimate Interests: For business operations and internal processes.

• Legal Obligation: To comply with relevant legal requirements.

• Explicit Consent: Required for special category data and marketing communications.

We are committed to the following core data protection principles:

• Lawfulness, Fairness, and Transparency: Data will be processed transparently and fairly.

• Purpose Limitation: Data is collected for specific, legitimate purposes and will not be processed in a manner that is incompatible with those purposes.

• Data Minimization: Only necessary data will be collected and processed.

• Accuracy: We will ensure that data is accurate and up-to-date.

• Storage Limitation: Data will only be retained for as long as necessary for the purpose it was collected.

• Integrity and Confidentiality: Appropriate security measures will be in place to protect personal data from unauthorized access, loss, or misuse.

• Accountability: The Company will demonstrate compliance with these principles.

We process personal data under the following lawful bases as defined by GDPR:

Processing Activity

Newsletter, insights, free resources

Client onboarding & coaching delivery

Coaching session reflections

Internal session notes

Payments & accounting

Optional AI-assisted tools

Lawful Basis

Consent

Contract

Contract + Explicit consent

Legitimate interest (with safeguards)

Legal obligation

Explicit consent

Where consent is required, it is freely given, specific, informed, and revocable.

Categories of Personal Data We Process

Depending on your interaction with GENIE LifePower Coaching, we may process the following categories of personal data:

- a) Contact and Identification Data

- Name

- Email address

- Country of residence

- Basic communication details

b) Client Relationship Data

- Onboarding information

- Program participation details

- Session scheduling and logistics

c) Coaching Session and Reflection Data

As part of coaching services, we may process reflective and experiential information shared voluntarily by clients during sessions or through program exercises. This may include:

- Personal reflections

- Life context and experiences

- Emotional or identity-related themes

- Written exercises or session summaries

d) Payment and Financial Data

- Transaction identifiers

- Invoice and payment status

- VAT or tax-related information (where applicable)

GENIE does not intentionally collect unnecessary data and applies data minimization principles at all times.

Special Category Personal Data

Due to the reflective and identity-focused nature of coaching, some information shared by clients may qualify as special category personal data under GDPR (e.g. reflections on emotional states or personal life experiences).

Such data is processed:

- Only for the purpose of delivering coaching services

- Only with the client’s explicit consent

- Only for the duration necessary to support the coaching relationship

- Never for marketing, profiling, or automated decision-making

Clients may withdraw their consent for the processing of special category data at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

What We Do With the Information We Gather

The personal data we collect is used for the following purposes:

• To deliver coaching services as per the agreements made with you.

• To manage client relationships, including payments, scheduling, and maintaining records.

• To comply with legal obligations, such as tax and accounting requirements.

• To send marketing communications (with explicit consent).

• To improve our services and customize user experiences.

We may share your data with trusted third-party service providers who assist in fulfilling these purposes, but only with your explicit consent.

Cookies, Analytics, and Tracking Technologies

We use cookies and similar tracking technologies to enhance functionality and improve the user experience on our website. Where required by law, non-essential cookies and tracking technologies are used only with your explicit consent, which can be managed via our cookie settings. Cookies are used for:

• Essential functionalities: Like user login and account management.

• Performance and analytics: To track user interactions and improve site performance.

• Functionality: To remember preferences and settings.

• Advertising and targeting: To display relevant content and advertisements.

For more information, please review our Cookie Policy, which explains the cookies we use, their purpose, and how you can manage them.

Third-Party Data Sharing and Disclosure

We may share personal data with third-party service providers and contractors who assist us in operating the website and providing services, including payment processing, storage, and communication tools (e.g., Zoom, Stripe). We ensure that these third parties comply with applicable data protection laws and have appropriate Data Processing Agreements (DPAs) in place.

We use carefully selected service providers (data processors) to support our operations, including:

- Communication and document management platforms

- Program and task management tools

- Payment and accounting providers

- Optional transcription services

All processors operate under contractual data protection obligations and are required to process data only on our instructions.

Personal data is not sold and not shared for marketing purposes.

Personal data may be shared with:

• Independent Partners: Financial or career advisors (with your explicit consent).

• Third-Party Platforms within the EEA: Such as payment processors (Stripe) and cloud storage (Proton Cloud).

• Legal Authorities: To comply with legal obligations, defend against legal claims, or protect our rights and property.

Data Security and Confidentiality

We implement strong security measures to protect your personal data. These include:

• Technical Measures: Firewalls, encryption, and secure passwords.

• Organizational Measures: Staff training, confidentiality clauses, and regular audits.

• Access Control Measures: Limiting access to your data to authorized personnel only.

While we take reasonable steps to protect your data, please note that no system is 100% secure, and we cannot guarantee the security of data transmissions over the internet.

Client Rights Under GDPR

If you are located in the EU, EEA, or UK, you have specific rights regarding your personal data under GDPR, including:

• Right to Access: To obtain confirmation and access to your data.

• Right to Rectification: To correct inaccurate or incomplete data.

• Right to Erasure: To request deletion of your data when it is no longer needed.

• Right to Restrict Processing: To limit how your data is processed.

• Right to Data Portability: To receive your data in a structured, machine-readable format.

• Right to Object: To object to the processing of your data for certain purposes, including marketing.

You can exercise these rights by contacting our data protection contact at [email protected].

International Data Transfers

In providing our services, your personal data may be transferred outside the EEA. Any such transfer will comply with GDPR and include adequate safeguards, such as:

• Standard Contractual Clauses: For data transfers to third countries.

• Adequacy Decisions: For jurisdictions with adequate data protection standards.

We ensure that any data transfer, whether internal or with third parties, is secure and complies with applicable privacy laws.

Data Retention and Deletion

We retain personal data only for as long as it is necessary for the purposes for which it was collected:

- Coaching-related data: for the duration of the coaching relationship plus a defined reflection period

- Financial and accounting records: in accordance with legal retention requirements (typically 6–7 years)

- Marketing data: until consent is withdrawn or prolonged inactivity occurs

When data is no longer required, it is securely deleted or anonymized.

How We Use AI Tools in Coaching

GENIE LifePower Coaching may use AI-assisted tools (such as transcription or structured summarization) only to support service delivery and internal documentation.

AI-assisted tools are used exclusively with prior explicit consent from the client.

- Participation is optional

- Clients may opt out at any time

- Opting out does not affect the coaching relationship or service quality

No AI tools are used for automated decision-making or profiling. AI is always a supporting tool, never a replacement for human coaching or professional advice. AI tools will never diagnose, treat mental health conditions, or make decisions for you. Personal data is not used to train public AI models. For more information, please contact [email protected].

Scope of practice

GENIE Life Power Coaching provides non-therapeutic, non-medical coaching services focused on personal clarity, life alignment, and conscious decision-making.

Our work supports clients in exploring patterns, values, identity themes, and life direction through reflective dialogue and structured coaching tools. Coaching is forward-looking, client-led, and does not involve diagnosis, treatment, or clinical assessment.

What Coaching with GENIE Includes

- As part of the coaching relationship, the following activities may occur:

- Reflective conversations exploring life experiences, identity themes, and personal patterns

- Structured exercises and written reflections provided within coaching programs

- Session summaries, action points, and continuity notes created to support coaching delivery

Optional use of AI-assisted tools (such as transcription or summarization) where explicitly agreed

These activities are conducted solely for the purpose of delivering coaching services.

Data Processing Within Scope

The processing of personal data within the coaching scope follows clearly defined lawful bases:

- Coaching reflections and session content
- Processed under contractual necessity and explicit client consent, as such content may include sensitive personal reflections.

- Internal session notes and continuity records
Processed under legitimate interest, limited strictly to what is necessary to ensure service quality and continuity, and protected by access safeguards.

Payments, invoicing, and accounting records
Processed under legal obligation to comply with financial and tax regulations.

Optional AI-assisted tools
Used only with explicit, opt-in consent, solely to support documentation and recall, and never for automated decision-making or profiling.

No personal data processed within the coaching scope is used for marketing purposes or shared with third parties outside contracted service providers.

What Coaching with GENIE Does Not Include

GENIE Life Power Coaching does not provide:

- Psychotherapy, counseling, or psychiatric services

- Medical, mental health, or clinical diagnosis

- Crisis intervention or emergency support

- Clients experiencing acute psychological distress, mental health conditions, or medical concerns are encouraged to seek

appropriate licensed professionals.

Client Autonomy and Consent

Clients remain fully responsible for their decisions, actions, and interpretations arising from coaching. Participation in reflective exercises and optional tools is voluntary, and consent may be withdrawn at any time without penalty.

Guiding Principle

GENIE Life Power Coaching operates under a dignity-first, minimization-based approach:

We engage only within the agreed scope, process only what serves the coaching relationship, and release data when it no longer has a clear purpose.

Changes to this Privacy Policy

This Privacy Policy may be updated from time to time. Any substantive amendments will be communicated to clients via email and published on our website. You are encouraged to review this Privacy Policy regularly to stay informed of any changes.

Contact Information and Supervisory Authority Information

For any privacy-related inquiries, or to exercise your rights under GDPR, please contact us at:

• Email: [email protected]

• Office Address: 422 Richards St, Suite 170, Vancouver, BC, V6B 2Z4, Canada

If you are unsatisfied with our response, you have the right to lodge a complaint with the relevant Supervisory Authority.

Based on the main establishment location, you can contact the following Supervisory Authorities:

1. European Data Protection Supervisor (EDPS):

Website: https://edps.europa.eu/

Address: Rue Wiertz 60, B-1047 Brussels, Belgium

2. Information Commissioner's Office (ICO) (for clients in the UK)

Website: https://ico.org.uk/

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom

For other EU countries:

European Data Protection Board (EDPB) website for the respective Supervisory Authority contact details: https://edpb.europa.eu/about-edpb/board/members_en