WHO WE ARE
Welcome to our website. PORTALS OF THE EARTH (https://portalsoftheearth.com/) is a website operated by THE SEASONS OF YOU LLC (“Controller” or “Provider”), a legal entity organized in the United States of America, registered as a California LLC, with headquarters in San Francisco, California, USA.
The Controller offers, through the website, informational and educational content and, primarily, promotes and sells in-person immersions held in the United States, focused on personal development, spirituality, experiential experiences, integrative practices, and sound healing.
The Controller is the controller and responsible for the personal data transmitted to it by the User for purposes of registration, communication, participant management, support, and use of any services and products offered through the website (hereinafter “Website”). The Controller exercises control only over the processing of data provided to it through its Website and official channels.
This Privacy Policy addresses our conduct in relation to the data that you, the User (hereinafter “you” and “User”), transmit to us voluntarily and/or automatically when making use of the Website and/or contracting our products and services.
ABOUT THIS PRIVACY POLICY
The Controller takes measures to implement, monitor, update, and evaluate advanced data protection policies and procedures. Data is protected by the legal, administrative, and technical measures we adopt to ensure the privacy, integrity, and availability of personal data. To prevent security incidents involving your data, we use a mixed organizational and technical approach, based on risk assessment.
The Controller does not disclose any private information of its Users and former Users, except with written approval for such disclosure, or unless:
disclosure is required by applicable legislation, court order, or competent authority;
it is necessary for identity verification and event security, fraud prevention, or eligibility validation (e.g., confirmation of legal age);
it is necessary for the Controller to fulfill its contractual obligations under any agreement entered into with the User;
it is necessary for the regular exercise of rights in judicial, administrative, or arbitration proceedings.
User information is processed preferably electronically, with possible intervention by employees of the Controller and/or trusted third parties providing specific support services (e.g., hosting, email, customer service, payment processors, and analytics), exclusively to the extent necessary for contract performance and Website operation.
Such information is stored in electronic storage media and, when necessary, physical media, in compliance with applicable legal standards and requirements.
SCOPE / USE OF DATA
We will collect, use, store, and/or transfer different types of data about you, which we group as follows (collectively referred to as “Personal Data”):
Identity Data: such as first and last name, date of birth (when necessary for age verification), identification document (when required for check-in, access control, fraud prevention, or travel requirements), and other identification information provided by the User.
Contact Data: email address, phone numbers, country and/or city of residence, and physical address when necessary for issuing documents, logistical communication, or operational requirements of the event.
Financial Data: details related to the chosen payment method (e.g., payment confirmation, transaction identifiers, receipts), including processors such as credit card, Zelle, PayPal, and international transfers (e.g., Wise or Western Union). The Controller does not store the full card number, validation code (CVV/CVC), or the User’s banking credentials, which are processed by the payment provider.
Transaction Data: details about the User’s registration, payment history, dates, amounts, purchase status, refunds (if applicable), upgrades, and communications related to the contract.
Technical Data: IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system, platform, and other technologies on the devices the User uses to access the Website, and use of cookies stored on your device.
Profile Data: account details (when applicable), preferences, responses to forms, comments and/or information received through interaction with the Controller during service provision, including responses to satisfaction surveys and logistical forms.
Usage Data: information about Website usage, pages visited, registration date, traffic source, clicks, and navigation events.
Marketing and Communication Data: your preferences in receiving communications and marketing from us and your communication preferences.
Location Data: details about your approximate location when interacting with our Website (for example, country of residence, time zone, and language).
Aggregated Data: includes statistical or demographic data for any purpose. Such data may be derived from your personal data but is not considered personal data under the law, as it does not reveal your identity, either directly or indirectly.
However, if the Controller combines Aggregated Data with common data in such a way that the result can identify an individual, the Controller will treat such combined data as personal data, in accordance with the provisions set forth herein.
The processing of your data is carried out following the principles of legality, fairness, transparency, and always adhering to the intended purpose of data processing, as well as the principles of data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability.
The Controller collects and processes Personal Data based on at least one of the following reasons:
To perform the contract with the User (e.g., registration and participation management);
To comply with applicable legal, regulatory, and tax obligations;
To safeguard legitimate interests (e.g., event security, fraud prevention, service improvement);
Based on the User’s consent, when applicable (e.g., marketing).
The User acknowledges that all or part of the data relating to their registration, related transactions, and communications may be stored by the
Controller and may be used in the event of a dispute between the User and the Controller.
The User is responsible for updating any data provided to the Controller in the event of changes. It is important that the data provided be accurate and up to date.
HOW YOUR PERSONAL DATA IS COLLECTED
We use different methods to collect your data, as follows:
Direct Interactions
You will provide us with Identity and Contact Data and, when applicable, information necessary for service provision, online, through the Website and/or by filling out online forms. Data may be submitted when you wish to:
register for an in-person immersion;
request information about dates, location, logistics, and event conditions;
subscribe to publications, ongoing updates, and newsletters;
request the sending of marketing messages and promotions;
participate in a promotion or survey; and/or
provide your opinion or contact us.
We need to collect the above data so that we can (i) provide our services efficiently, (ii) comply with our legal and regulatory obligations, and (iii) prevent fraud and increase the security of the Website and event.
If you do not provide the data when requested, we may not be able to perform the contract we have or attempt to enter into with you (for example, complete your registration). In this case, it may be necessary to cancel or refuse the service, and the User will be notified when applicable.
Automated Technologies or Interactions
When using our services, your device automatically transmits technical characteristics to us. Information such as country, time zone, and language may be used to provide the best possible experience.
Using information about IP address, cookies, browser, operating system, date and time of access, and addresses of requested pages allows us to provide optimal service and monitor behavior to improve efficiency and usability.
We use analytics tools to track Website performance and the User’s marketing origin through cookies in order to optimize marketing costs and provide a better experience.
The User may, at any time, request that we refrain from certain transmissions (to the extent possible and subject to our legal obligations) by sending a request to the contact channel indicated at the end of this Policy. We will respond within a reasonable timeframe.
ABOUT COOKIES
A Cookie is a small amount of data, usually including a unique identifier, sent to your computer or device from a website server.
This file is stored on your device in order to track Website usage. Some websites use cookies to track online traffic flows. When you visit our Website, our system may automatically collect information about your visit, such as Technical Data, including, but not limited to, your browser type, IP address, and referring website.
Stored cookies help determine the path the User has taken on our site and may be used to anonymously identify repeat users and the most popular pages. The Controller protects Users’ privacy and does not store names, emails, or other directly identifiable data through cookies.
If you wish, you may configure your browser not to save cookies from our Website, and you may also delete them manually or automatically. Note, however, that by doing so you may not be able to use all Website functions.
THE REASON WE USE YOUR DATA AND THE LEGAL BASES THAT AUTHORIZE ITS USE
We process data in accordance with applicable legislation in order to:
(i) fulfill our contractual obligations with you and offer the best possible service;
(ii) provide our services efficiently;
(iii) comply with legal and regulatory obligations; and
(iv) protect legitimate interests and vital interests (when applicable).
We process data based on the following legal grounds, as applicable:
To comply with legal and regulatory obligations;
To perform contractual obligations toward the User;
To safeguard legitimate interests, when the fundamental rights of the data subject do not prevail; and/or
Based on your consent.
If you are already a Website User, in which case we have a legitimate interest in communicating with you, or if you have given us your consent, we may process your data for support, newsletters, messages, and to keep you informed about new features, news, events, and the efficient provision of our services.
AGE RESTRICTION
The Website, products, and services are not intended for minors, and we do not intentionally collect data relating to individuals under 18 years of age.
As we do not allow Users under 18 to use our services, we may request age confirmation and/or date of birth to verify legal age.
In the event of false data being provided, and such falsity being subsequently verified, the data may be deleted without prior notice, subject to legal retention obligations.
If you become aware of any improper processing of a child’s data, please contact us at the email indicated at the end of this Policy so that we may take appropriate measures.
MARKETING OPTION
If you do not wish to receive marketing newsletters, or if you object to data sharing for marketing purposes, your preference may be expressed:
(i) at the time of registration;
(ii) upon receiving advertising content; or
(iii) by sending an email to the contact channel indicated at the end of this Policy requesting cessation of advertising content.
Requests will be processed within a reasonable timeframe, subject to technical and legal limitations.
DATA SHARING
It is important that you are aware that we may share your data with other companies that significantly contribute to the provision of our services.
We require that third parties processing data on our behalf respect your data and treat it in accordance with applicable legal provisions, including, where applicable, the Brazilian LGPD (Law No. 13,709/2018) and California privacy laws (CCPA/CPRA). We take reasonable measures to ensure that providers do not use your data for their own purposes and process it only for specific purposes, in accordance with our instructions.
Data transfer to another legal entity may occur as part of a business transfer or parts thereof in the form of reorganization, asset sale, consolidation, merger, or similar.
We may disclose personal data only if (i) legally required; (ii) necessary to execute requested transactions or services; (iii) necessary for service provision under the contractual relationship; and/or (iv) for protection of legitimate interests and regular exercise of rights.
External Third Parties
Your data may be shared with third-party organizations/entities including, but not limited to:
Service providers: providers who operate, maintain, and/or assist IT systems, hosting, email delivery, analytics tools, customer service, and operational management.
Payment platforms and systems: to process payments and monitor investigations and/or complaints related to transactions. Examples: PayPal, credit card operators, transfer/receipt solutions such as Zelle, and international transfer platforms (e.g., Wise and Western Union), as well as other intermediaries that may be used.
Marketing and advertising: we may use marketing and analytics tools (e.g., Google) and social networks (e.g., Meta) to measure and optimize campaigns. The User may request restrictions where possible.
Authorities and legal compliance: data may be disclosed to official authorities only when required by law, regulation, or court order and to the minimum extent required.
Whenever reasonably possible, the Controller ensures that third parties collecting, storing, or processing personal information on our behalf comply with applicable laws through due diligence and contractual privacy and confidentiality clauses.
Corrective measures may be taken in response to misuse or unauthorized disclosure of personal information by third parties.
INTERNATIONAL DATA TRANSFER
As the Controller is headquartered in the United States, personal data may be processed and stored in the U.S. and/or other countries where our providers are located.
By using the Website and contracting our services, the User declares awareness of and agreement with potential international data transfers, subject to reasonable safeguards and applicable legal obligations.
DATA RETENTION
We retain your data for as long as reasonably necessary to fulfill the purposes for which we collected it, including to satisfy legal, regulatory, tax, accounting, or reporting requirements.
We may retain personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation.
To determine the appropriate retention period, we consider the size, nature, and sensitivity of the data, potential risk of harm from unauthorized use or disclosure, processing purposes, and applicable legal and regulatory requirements.
After the retention period ends, data may be deleted through irreversible destruction and/or anonymized. When applicable, we will inform third parties to whom data has been transferred, requiring similar action.
YOUR RIGHTS, HOW TO WITHDRAW CONSENT, AND UNSUBSCRIBE
You have various data protection rights under applicable law:
A. Right of access;
B. Right of rectification;
C. Right of deletion;
D. Right to restriction/blocking;
E. Right to portability;
F. Right to objection;
G. Right to withdraw consent;
H. Right to file a complaint with competent authorities.
Additional Rights – California (CCPA/CPRA)
If you are a California resident, you may have additional rights, including:
Right to Know;
Right to Delete;
Right to Correct;
Right to Opt-Out;
Right to Non-Discrimination.
Note: The Controller does not sell personal data.
To exercise your rights, contact us using the channels indicated at the end of this Policy. We may request information to confirm identity.
We aim to respond within a reasonable timeframe. Additional time may be required for complex or multiple requests.
DATA SECURITY
We implement appropriate security measures to prevent accidental loss, unauthorized access, alteration, or disclosure of data. Access is limited to those strictly necessary and subject to confidentiality obligations.
We implement procedures to handle suspected security incidents and will notify Users and competent authorities when legally required.
Encryption in transit: We use encryption mechanisms and secure transport protocols (e.g., TLS/SSL).
Infrastructure protection: Secure-by-design development, access controls, logical segmentation, and need-to-know restrictions.
Threat protection: Monitoring for vulnerabilities, unauthorized access, and malware.
Backups and continuity: Backup routines and recovery procedures when applicable.
Awareness: Internal guidance and measures regarding privacy and security.
Your assistance: You agree not to share access credentials (when applicable) and must notify us immediately of suspected unauthorized use.
LIMITS OF AUTOMATED DECISION-MAKING AND PROFILING
In general, we do not adopt exclusively automated decision-making with significant legal effects. If we do, you will be informed as required by law.
LINKS TO OTHER WEBSITES
The Website may contain links to third-party websites not under our control. We recommend reviewing their terms and policies before providing data.
CHANGES TO THIS PRIVACY POLICY
We reserve the right, at our discretion, to add, modify, or remove parts of this Policy to ensure updates and compliance with data processing practices.
This Policy should be understood as complementary to the Terms of Use and other Website policies.
CONTACT
The Controller responsible for data processing is THE SEASONS OF YOU LLC.
You may contact us at: hello@theseasonsofyou.comSubject: DATA PROTECTION / DATA PRIVACY
DATA PROTECTION OFFICER (DPO / PRIVACY RESPONSIBLE)
When applicable, the Controller may designate a responsible officer to handle matters related to this Policy.
If you have any questions about this Privacy Policy, including requests relating to your data, please contact us at the email indicated above, with the subject DATA PROTECTION.
