Privacy Policy

Last updated: September 15, 2025

Controller: Cherry Holistic is a brand of
One Healthy Future LLC, 1209 Mountain Road PL NE STE N, New Mexico 87110, United States of America (the)
Email: info (at) cherryholistic.com
Website: https://cherryholistic.com

This notice explains how we process personal data on this website and the connected services listed below.

 

1. categories of data & sources

  • Usage data: IP address, device/browser, pages viewed, timestamps, referrers.
  • Communication data: messages sent via forms or email.
  • Newsletter data: email address, double-opt-in (DOI) timestamp, engagement (opens/clicks), preferences.
  • Appointment/course data (if applicable): name, email, selected date/time, time zone, booking/payment metadata.

2. purposes & legal bases (GDPR)

  • Operating the site & security (server logs, essential cookies) – Art. 6(1)(f) GDPR; for device storage not related to content transmission: national e-privacy rules (e.g. §25(2) TTDSG equivalent
  • Consent-based features (non-essential cookies, embedded media, analytics if activated) – Art. 6(1)(a) + applicable e-privacy rules
  • Newsletter (DOI, delivery, measuring opens/clicks) – Art. 6(1)(a); withdraw anytime via unsubscribe.
  • Contract / pre-contract (bookings, purchases) – Art. 6(1)(b).
  • Legal obligations (tax, retention) – Art. 6(1)(c)

3. Cookies & consent (CookieYes)

We use the CookieYes banner to obtain and manage consent for non-essential cookies and to block them until consent.

What are cookies?

This Cookie Policy explains what cookies are, how we use them, the types of cookies we use (i.e., the information we collect using cookies and how that information is used), and how to manage your cookie settings.

Cookies are small text files used to store small pieces of information. They are stored on your device when a website loads in your browser. These cookies help ensure that the website functions properly, enhance security, provide a better user experience, and analyse performance to identify what works and where improvements are needed.

How do we use cookies?

Like most online services, our website uses both first-party and third-party cookies for various purposes. First-party cookies are primarily necessary for the website to function properly and do not collect any personally identifiable data.

The third-party cookies used on our website primarily help us understand how the website performs, track how you interact with it, keep our services secure, deliver relevant advertisements, and enhance your overall user experience while improving the speed of your future interactions with our website.

Types of cookies we use

  • Necessary: necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
  • Functional: functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.
  • Analytics: analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
  • Advertisement: advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.

Manage cookie preferences:

You can modify your cookie settings anytime by clicking the ‘Consent Preferences’ button above. This will allow you to revisit the cookie consent banner and update your preferences or withdraw your consent immediately.

Additionally, different browsers offer various methods to block and delete cookies used by websites. You can adjust your browser settings to block or delete cookies. Below are links to support documents on how to manage and delete cookies in major web browsers.

Chrome: https://support.google.com/accounts/answer/32050

Safari: https://support.apple.com/en-in/guide/safari/sfri11471/mac

Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox?redirectslug=delete-cookies-remove-info-websites-stored&redirectlocale=en-US

Internet Explorer: https://support.microsoft.com/en-us/topic/how-to-delete-cookie-files-in-internet-explorer-bca9446f-d873-78de-77ba-d42645fa52fc

If you are using a different web browser, please refer to its official support documentation.

4. hosting & server logs (All-inkl.com)

Our website is hosted in Germany by ALL-INKL.COM (Neue Medien Münnich). When you access the site, the provider processes server logs (IP, timestamp, requested file, user agent, referrer) for stability and security. Logs are kept briefly and are then deleted. We have a data-processing agreement (Art. 28 GDPR)

5. Security (AIOS)

We use AIOS – All In One Security to protect the site. This involves processing technical access data in security logs to detect/mitigate attacks. Legal basis: Art. 6(1)(f) (legitimate interests in secure service). AIOS may set functional, necessary cookies (e.g. login protection).

6. Anti-spam (Anti-Spam Bee)

We use Antispam Bee to reduce spam in forms/comments. Data you submit is checked for spam patterns. We run it in a privacy-friendly configuation (no IP storage; no checks against external public DBs). Legal basis: Art. 6(1)(f).

7. Backups (updraftplus)

We use UpdraftPlus for backups. Backups may contain personal data generated by site use (e.g. form contents). If external storage (e.g. Dropbox/Google Drive) is used, data is stored there on our behalf; any third-country transfers rely on Standard Contractual Clauses (SCCs) or other safeguards. Legal basis: Art. 6(1)(f).

8. SEO features (Yoast SEO)

We use the plugin Yoast SEO – free – which supports SEO (meta/structured data). It does set visitor tracking cookies or process personal data for analytics/marketing.

9. forms & site features (Divi, Bloom, WPML)

We use Divi/Bloom (forms/popups) and WPML (multilingual pages). These may set functional cookies to provide requested features (e.g. showing/hiding forms, language settings). Non-essential features are enabled only after consent.

10. Email newsletters (Brevo)

We use Brevo with double opt-in. Brevo stores your email and records your consent. Our newsletters may measure opens and link clicks to improve relevance. You can unsubscribe at any time (withdrawl of consent). Brevo acts as our prcessor under a DPA; where processing involves countries outside the EEA, transfers rely on SCCs/appropriate safeguards.

11. embedded media & video delivery

  • YouTube (privacy-enhanced mode). We embed videos using youtube-nocookie.com and block them until you consent. When you press play, YouTube may process device data and set cookies for functionality/analytics/ads according to your consent.
  • Bunny.net (video/CDN). We may deliver videos or static assets via bunny.net (EU-based provider with global DCN). For efficient delivery, your IP and request metadata are processed; content may be cached at edge locations. Where data leaves the EEA, transfers use SCCs/appropriate safeguards.

12. WhatsApp contact

If you contact us via WhatsApp (e.g., click-to-chat), we process your phone number, profile name (if visible), message content and metadata to handle your request. Legal basis: Art. 6(1)(b) (pre-/contractual communication) or Art. 6(1)(f) (efficient communication). Please avoid sharing health information via WhatsApp.

13. Appointments & calendar bookings (TidyCal)

We use TidyCal for scheduling. When you book, TidyCal processes the data you provide (e.g. name, email, selected date/time, time zone, optional notes) to arrange/confirm the booking and send reminders. Legal basis: Art. 6(1)(b) or Art. 6(1)(f). Transfers outside the EEA (if any) rely on SCCs/appropriate safeguards.

If payments are processed by Stripe/PayPal on the booking page, they act under their own terms/policies; we receive only the data needed to confirm the booking (no full card details).

14. Social media pages & outbound links

We maintain pages on third-party platforms (e.g. Instagram, Facebook, YouTube). When you follow those links, the respective providers process data under their own policies. We do not embed social plugins that set cookies without your action.

15. Recipients & processors

We share data with service providers strictly as necessary to run the site (hosting, security, consent management, newsletter, video/CDN, scheduling). These providers act under Art. 28 GDPR agreements.

16. international transfers

We processing involves countries outside the EEA, we implement safeguards such as SCCs, and, where applicable, rely on the EU-U.S. Data Privacy Framework, plus supplementary measures.

17. Retention

We retain personal data only as long as needed for each purpose (newsletter until you unsubscribe; enquiries until resolved; statutory retention for invoices). Logs are kept briefly for security.

18. Security

We use appropriate technical and organizational measures (TLS encryption, access controls, least-prvilege).

19. your rights (Art. 15-21 GDPR)

You can request access, rectification, erasure, restriction, data portability, and object (where applicable). You may withdraw consent any time with future effect. You also have the right to lodge a complaint with a supervisory authority.

20. EU representative (Art.27 GDPR)

We have appointed the following representative for inquiries from data subjects and supervisory authorities in the European Union: René Franz, ℅ IP-Management #41471, Ludwig-Erhard-Str. 18, 20459 Hamburg, Germany; E-Mail: eu-rep@cherryholistic.com. The EU representative is the point of contact for data protection issues; the responsibility of One Healthy Future LLC (US) remains unaffected.

21. Updates

We may update this policy to reflect changes. The current version is published on this page. Please also see our Imprint and our Disclaimer.

Contact: info (at) cherryholistic.com