This privacy policy explains how your personal data is collected, used, and protected by Qi Rising® Studio and Integrative Flow International Ltd, depending on your location and the services you receive.

Legal Entities and Responsibility for Data

We operate under two legal entities to ensure regulatory compliance and provide optimal service based on your location:

• Qi Rising® Studio, a sole proprietorship registered with the Dutch Chamber of Commerce (KvK no. 96420022), is responsible for processing personal data of clients located in the Netherlands only.

• Integrative Flow International Ltd, a UK-registered private limited company (Companies House no. 15864460), is responsible for processing personal data of clients located outside the Netherlands.

Each entity acts as an independent data controller for the personal data it processes.

Contact Information

Depending on your location, your data is handled by one of the following legal entities:

For clients located in the Netherlands
Your data is processed by:
Qi Rising® Studio
Registered Address: Westblaak 122, 3012 KM Rotterdam, Netherlands
Visiting Address (by appointment): Westblaak 122C, 3012 KM Rotterdam, Netherlands
KvK Registration Number: 96420022
Email: privacy@qirising.studio
Phone: +31 625 418 514
Website: qirising.studio

For clients located outside the Netherlands
Your data is processed by:
Integrative Flow International Ltd
Registered Address: 3rd Floor, 86–90 Paul Street, London, EC2A 4NE, United Kingdom
Company Registration Number: 15864460 (UK)
Email: privacy@qirising.studio
Phone: +31 625 418 514
Website: qirising.studio

What Personal Data We Collect

Depending on the services you use, we may collect the following information:

• Full name

• Date of birth

• Postal address

• Email address

• Phone number

• Gender identity (optional and only when disclosed)

• Medical information relevant to your care (with your explicit consent)

• Other information you provide in communications (e.g. WhatsApp, email, forms)

Lawful Basis for Processing (as per GDPR/UK GDPR)

We process your personal data based on one or more of the following legal grounds:

• Performance of a contract (e.g. to provide you with services)

• Legal obligation (e.g. tax reporting)

• Explicit consent (e.g. for processing sensitive health data)

• Legitimate interests (e.g. improving our services, communication)

You may withdraw your consent at any time where processing is based solely on consent.

Automated Decision-Making

We use AI-powered tools only to record or summarise conversations (e.g. for note-taking). These tools do not make decisions about your treatment, and all clinical decisions are made by a qualified practitioner.

Retention Period

We retain your data for up to 5 years from your last interaction with us unless legal requirements mandate a longer retention period (e.g. tax records). After this period, data is securely deleted.

Who We Share Data With

We do not sell your personal data. We only share it with trusted third parties when:

• It is necessary to deliver services (e.g. appointment scheduling or payment providers)

• We are legally obliged to do so

• You have given explicit consent

All third-party processors are GDPR/UK GDPR-compliant and bound by data processing agreements.

Cookies and Tracking

Our website uses:

• Essential cookies: For core functionality

• Analytical cookies: For site performance insights (anonymised)

• No marketing or tracking cookies are used without your consent

You can opt out using your browser settings or the cookie banner.

International Data Transfers

If you are located outside the EU/EEA, and your data is processed by Integrative Flow International Ltd (UK), your data is protected under the UK GDPR, which maintains alignment with the EU GDPR.

Where data is transferred outside of the EU/UK (e.g. if using international IT systems), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or equivalent legal mechanisms.

Your Rights Under GDPR and UK GDPR

Depending on your location, you have the following rights under EU GDPR or UK GDPR:

• Right of access – Request a copy of your data

• Right to rectification – Correct inaccuracies

• Right to erasure – Request deletion (subject to legal exceptions)

• Right to restrict processing

• Right to data portability

• Right to object to processing based on legitimate interests

• Right to withdraw consent at any time

• Right to lodge a complaint with a supervisory authority

You may exercise these rights by contacting privacy@qirising.studio.

Supervisory Authorities

If you believe your data protection rights have been violated, you may contact:

• For clients in the Netherlands:
  Autoriteit Persoonsgegevens (Dutch DPA)
  www.autoriteitpersoonsgegevens.nl

• For clients outside the Netherlands (UK):
  Information Commissioner's Office (ICO)
  www.ico.org.uk

Data Security

We implement appropriate technical and organisational measures to safeguard your data from misuse, unauthorised access, disclosure, alteration, or destruction. These may include:

• Secure encrypted storage

• Access controls

• Regular audits and monitoring

If you suspect a data breach or security risk, please contact us immediately at privacy@qirising.studio.