Where the wisdom of essential oils meets the art of living with intention.
About Us
Resources
Contact
Updated: March 21, 2026
Where the wisdom of essential oils meets the art of living with intention.
About Us
Resources
Contact
Privacy Policy
**Oils Wisdom**
**oilswisdom.com**
**Last Updated: 21 March 2026**
**1. Introduction**
Oils Wisdom (“we”, “us”, “our”) is a sole proprietorship registered in Georgia. We respect your privacy and are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) where it applies, as well as Georgian data protection laws.
This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website (oilswisdom.com), purchase our Services (online courses, membership programme, private sessions, digital content), or otherwise interact with us.
**Important Notice regarding Paddle**
Our order process is conducted by Paddle.com, our appointed Merchant of Record. Paddle.com is the Merchant of Record for all purchases made on this website. When you buy any of our Services, you are purchasing from Paddle and your personal data is processed by both Paddle and us. Paddle provides customer service for billing and refunds. You can read Paddle’s Privacy Notice here: [https://www.paddle.com/legal/privacy](https://www.paddle.com/legal/privacy).
**2. Information We Collect**
We collect the following categories of personal data:
- **Identity & Contact Data**: name, email address, country of residence.
- **Account & Profile Data**: username, password, course progress, membership status, notes you make in the platform.
- **Technical & Usage Data**: IP address, browser type, device information, pages visited, time spent on site (via cookies and analytics).
- **Payment Data**: Paddle handles all payment processing; we do not receive or store your full card details.
- **Communication Data**: messages you send us via contact forms, support emails, or community forums.
- **Health & Wellbeing Data (limited)**: only information you voluntarily share during private sessions or in course exercises (e.g. emotional patterns). This is treated as sensitive data and processed only with your explicit consent.
**3. How We Collect Your Data**
- Directly from you (when you create an account, purchase, book a session, subscribe to our newsletter, or contact us).
- Automatically through cookies and similar technologies.
- From Paddle (order confirmation, name, email, country, purchase details).
- From our course platform EzyCourse (enrolment and progress data).
**4. Legal Basis for Processing (GDPR)**
We process your personal data on the following lawful bases:
- **Contract** – to provide the Services you have purchased (e.g. course access, membership).
- **Consent** – for marketing emails, cookies (non-essential), and any sensitive data. You can withdraw consent at any time.
- **Legitimate Interests** – to improve our website and Services, prevent fraud, and communicate with you about your account.
- **Legal Obligation** – to comply with tax, accounting, or other legal requirements.
**5. Purposes of Processing**
We use your data to:
- Deliver and manage your purchased Services (courses, membership, sessions).
- Process payments via Paddle and send order confirmations.
- Provide customer support and respond to enquiries.
- Send you important Service-related communications (e.g. access details, renewal reminders).
- Improve our website and Services through analytics (anonymised where possible).
- Send marketing emails (only if you have opted in).
**6. Sharing Your Personal Data**
We share your data only with:
- **Paddle.com** – as Merchant of Record for order processing, tax, invoicing, refunds, and customer billing support.
- **EzyCourse** – our course delivery platform (they process enrolment and progress data).
- **Email service providers** (e.g. MailerLite or similar) – for newsletters and transactional emails.
- **Analytics providers** (Google Analytics) – anonymised usage data.
- **Legal authorities** – if required by law.
We do not sell your personal data to third parties. All third-party processors are bound by data processing agreements and GDPR-compliant safeguards.
**7. International Data Transfers**
Oils Wisdom is based in Georgia (outside the EU). When we transfer personal data from the EU/EEA to Georgia or other countries, we use appropriate safeguards such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission, or
- Paddle’s own GDPR-compliant Data Sharing Addendum.
**8. Data Retention**
We keep your personal data only as long as necessary:
- Account and purchase data: 6 years (for tax and accounting purposes).
- Marketing consent: until you unsubscribe.
- Course progress: for the duration of your access + 2 years (or as specified in the course).
When we no longer need the data, we securely delete or anonymise it.
**9. Your GDPR Rights**
As an EU/EEA resident (or where GDPR applies), you have the right to:
- Access your personal data
- Rectify inaccurate data
- Request erasure (“right to be forgotten”)
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent at any time
To exercise any of these rights, email us at **[email protected]**. We will respond within one month (free of charge, unless requests are excessive).
**10. Cookies and Tracking Technologies**
We use essential cookies for the website to function and optional analytics/marketing cookies. You can manage your cookie preferences via the cookie banner on our site. For full details, see our separate Cookie Policy (linked in the footer).
**11. Data Security**
We use industry-standard security measures (encryption, secure servers, access controls) to protect your data. However, no system is 100 % secure. If a breach occurs, we will notify you and the relevant supervisory authority as required by law.
**12. Children**
Our Services are not directed at children under 18. We do not knowingly collect data from children. If we learn we have collected data from a child without parental consent, we will delete it.
**13. Changes to This Privacy Policy**
We may update this Policy from time to time. The new version will be posted on this page with an updated “Last Updated” date. We will notify you of material changes via email or website notice.
**14. Contact Us**
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:
**Email:** [email protected]
**Mailing address:** Tbilisi, Georgia
You also have the right to lodge a complaint with your local data protection supervisory authority (in Georgia: Personal Data Protection Service; in the EU: your national DPA).