Privacy Policy

1. Introduction

Inlibrium OÜ ("Inlibrium", "we", "us", or "our") is committed to protecting your privacy and personal data in accordance with the EU General Data Protection Regulation (GDPR) (EU 2016/679) and other applicable data protection laws.

This Privacy Policy explains how we collect, use, store, and protect personal data when you:

• Visit our website https://www.inlibrium.com/ ("Website"),
• Contact us via email or contact forms,
• Register for or participate in our residential programs, services, or events,
• Otherwise interact with us in a business or service-related context.

By using our Website or services, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is:

3. Personal Data We Collect

A. Information You Provide Directly

We may collect personal data that you voluntarily provide, including:

• Name, email address, phone number,
• Messages or inquiries sent via contact forms or email,
• Registration details for services or residential programs,
• Newsletter subscription information (if applicable).

B. Residential-Specific Data (Health & Emergency Information)

When you register for or participate in an Inlibrium residential program, we may collect additional information necessary to ensure your safety and proper organization of the program, including:

• Health-related information, such as medical conditions, allergies, dietary requirements, medications, physical limitations, or accessibility needs,
• Emergency contact details, including name, relationship, and phone number,
• Any other information voluntarily provided that is relevant to your well-being during the residential program.

Special Category Personal Data

Some health-related information constitutes special category personal data under Article 9 of the GDPR. We process such data only when:

• You have given explicit consent, and
• The processing is necessary to protect your vital interests, ensure safety, or properly deliver the residential services.

Providing health-related information is voluntary; however, failure to provide relevant information may limit or prevent safe participation in certain residential activities.

Use, Access & Confidentiality

Residential-specific data is used solely for:

• Ensuring participant safety and well-being,
• Accommodating health, dietary, or accessibility needs,
• Responding to medical or emergency situations,
• Complying with legal, insurance, or safety obligations.

Access to this data is strictly limited to authorized personnel and service providers who need it for these purposes.

Health and emergency information is never used for marketing purposes.

C. Automatically Collected Data

When you visit our Website, we may automatically collect:

• IP address,
• Browser type and device information,
• Website usage data (pages visited, time spent).

This data is collected through cookies and similar technologies.

4. Cookies

We use cookies to:

• Ensure proper website functionality,
• Improve user experience,
• Analyze website usage and performance.

Where required by law, we request your consent before using non-essential cookies. You can manage or disable cookies through your browser settings.

5. Purposes of Processing

We process personal data for the following purposes:

• Providing and managing our services and residential programs,
• Responding to inquiries and communications,
• Ensuring safety during residential programs,
• Managing contractual and legal obligations,
• Improving our Website and services,
• Sending updates or informational communications (where permitted).

6. Legal Bases for Processing

We process personal data based on one or more of the following legal grounds under GDPR:

• Performance of a contract,
• Consent (including explicit consent for health data),
• Legal obligation,
• Legitimate interests, provided such interests are not overridden by your rights and freedoms.

7. Data Sharing and Disclosure

We may share personal data with:

• Trusted service providers (e.g. hosting providers, email services, program facilitators) under data processing agreements,
• Authorities or regulators where legally required,
• Insurance or emergency services when necessary to protect vital interests.

We do not sell personal data to third parties.

If personal data is transferred outside the EU/EEA, appropriate safeguards (such as Standard Contractual Clauses) are applied.

8. Data Retention

We retain personal data only for as long as necessary to:

• Fulfill the purposes described in this Policy,
• Meet legal, accounting, or insurance requirements,
• Resolve disputes or enforce legal claims.

Residential-specific health and emergency data is deleted or anonymized once it is no longer required for safety, legal, or insurance purposes.

9. Your Rights Under GDPR

You have the right to:

• Access your personal data,
• Request correction of inaccurate data,
• Request deletion of your data,
• Restrict or object to processing,
• Receive your data in a portable format,
• Withdraw consent at any time (where processing is based on consent).

To exercise your rights, contact us at info@inlibrium.com.

You also have the right to lodge a complaint with your local data protection authority.

10. Children's Privacy

Our services and Website are not intended for children under the age of 16. We do not knowingly collect personal data from children under this age.

11. Security Measures

We apply appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or disclosure.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our Website, with the "Last updated" date revised accordingly.

13. Contact Us

If you have any questions about this Privacy Policy or how we handle personal data, please contact: