Privacy policy
Version 22 February 2026, Enschede
Article 1 – Identity
The InnerSeed Developers
De Plooij 24, 7548 CV Enschede, The Netherlands - Chamber of Commerce (KvK): 88635511 - Email: hello@innerseed.dev - Trade names: InnerSeed, InnerSeed Studio, InnerSeed Garden (hereinafter referred to as InnerSeed)
Article 2 – Scope
2.1 This privacy statement applies to all processing of personal data by InnerSeed in connection with the webshop, the InnerSeed Garden web application and all other services.
2.2 InnerSeed acts as the data controller within the meaning of the General Data Protection Regulation (GDPR) and operates in accordance with the GDPR and the Dutch GDPR Implementation Act (UAVG).
2.3 InnerSeed is entitled to amend this statement. Material changes will be published on the website and or communicated by email at least 30 days prior to their entry into force. Continued use after that period constitutes acceptance.
Article 3 – Processed Data and Purposes
3.1 InnerSeed processes only personal data that are necessary for the performance of its services. Processing takes place as follows:
| Purpose | Data | Legal basis |
|---|---|---|
| Ticket sales and order processing | Name, email address, address, payment details | Contract performance article 6 paragraph 1 sub b GDPR |
| Use of InnerSeed Garden | Account data, progress data, session data | Contract performance article 6 paragraph 1 sub b GDPR |
| Safe breathwork guidance | Voluntarily shared health information | Explicit consent article 9 paragraph 2 sub a GDPR |
| Newsletter and marketing | Name, email address | Consent article 6 paragraph 1 sub a GDPR |
| Legal obligations | Transaction data | Legal obligation article 6 paragraph 1 sub c GDPR |
| Service improvement | Anonymised usage data | Legitimate interest article 6 paragraph 1 sub f GDPR |
3.2 Health data are processed only if voluntarily shared by the participant and only insofar as strictly necessary for safe guidance. These data are encrypted and stored separately from other personal data.
Article 4 – Processors and Transfers
4.1 InnerSeed works exclusively with external processors that provide appropriate technical and organisational safeguards in accordance with article 28 GDPR, on the basis of a data processing agreement or a standard Data Processing Addendum provided by the processor.
4.2 InnerSeed engages external parties for e commerce, cloud hosting, payment processing, email communication, analytics and authentication. The exact system names are recorded internally in the processing register pursuant to article 30 GDPR and are not publicly disclosed in order to safeguard the integrity and security of the systems.
4.3 Where personal data are processed outside the European Economic Area EEA, InnerSeed implements appropriate safeguards in accordance with article 46 GDPR, including Standard Contractual Clauses SCCs and, where applicable, adequacy decisions of the European Commission.
Article 5 – Retention Periods
5.1 InnerSeed does not retain personal data longer than necessary for the purpose for which they were collected, taking into account statutory retention obligations.
5.2 The following retention periods apply: transaction data are retained for seven years pursuant to fiscal retention requirements; account data are retained for as long as the account remains active and for a maximum of one year thereafter; health data are deleted upon withdrawal of consent or at the latest one year after the last session; other data are deleted once the purpose has ceased to exist.
Article 6 – Cookies
6.1 InnerSeed uses functional cookies that are necessary for the operation of the service and do not require consent, as well as analytical and marketing cookies for which prior consent is required.
6.2 Cookie preferences can be managed via the cookie banner on the website or through browser settings.
Article 7 – Data Subject Rights
7.1 Under the GDPR, the participant has the following rights: access article 15, rectification article 16, erasure article 17, restriction of processing article 18, data portability article 20 and objection article 21.
7.2 Consent given may be withdrawn at any time, without affecting the lawfulness of processing prior to withdrawal.
7.3 Requests may be submitted to hello@innerseed.dev. InnerSeed will respond within 30 days after verification of the requester’s identity.
Article 8 – Security
8.1 InnerSeed implements appropriate technical and organisational measures to protect personal data, including encryption during storage and transmission TLS SSL and encryption at rest, access restriction based on the need to know principle and separate storage of special categories of personal data.
8.2 In the event of a personal data breach that poses a risk to the rights and freedoms of data subjects, InnerSeed will notify the data subjects and the Dutch Data Protection Authority in accordance with articles 33 and 34 GDPR.
Article 9 – Minors
9.1 The services of InnerSeed are not directed at persons under 18 years of age. InnerSeed does not knowingly process personal data of minors. If this has nevertheless occurred unintentionally, InnerSeed requests that contact be made via hello@innerseed.dev so that the data can be deleted as soon as possible.
Article 10 – Complaints
10.1 Complaints regarding the processing of personal data may be addressed to hello@innerseed.dev with the subject line Privacy.
10.2 If the complaint is not resolved satisfactorily, the data subject has the right to lodge a complaint with the Dutch Data Protection Authority via www.autoriteitpersoonsgegevens.nl.
Article 11 – Governing Law
11.1 This privacy statement is exclusively governed by Dutch law.
11.2 Disputes shall be submitted to the competent court in the district of Overijssel, without prejudice to the right of consumers to submit a dispute to the court of their place of residence.