top of page

Privacy Policy

PRIVACY POLICY (GDPR)

for Grof Transpersonal Training® (GTT) in Transpersonal Psychology and Holotropic Breathwork

and for the licensed GTT Organizer 

Controller:

Grof Transpersonal Training OÜ

Kotkapoja tn 2a-10

10615 Tallinn

Estonia

Effective Date: January 2026

 

 

1. Introduction

This Privacy Policy explains how Grof Transpersonal Training OÜ (“we”, “us”, “our”) collects, processes, and protects personal data in accordance with the General Data Protection Regulation (GDPR).

 

By registering for our training programs and participating in GTT modules you consent to the processing of your personal data as described in this policy.

 

2. Categories of Personal Data Collected

We may collect and process the following categories of personal data:

a) General Personal Data

  • Full name

  • Contact details (email, phone number, address)

  • Date of birth

  • Payment and billing information

b) Training-Related Data

  • Participation history

  • Certification status

  • Communication related to training

c) Health and Sensitive Data (Special Category Data – Art. 9 GDPR)

  • Medical and psychological information relevant for participation
     

Important:

  • Health data is collected solely for safety and assessment purposes.

  • It is deleted after each training module.

  • It is re-collected for each new module.

 

3. Purpose of Data Processing

Your data is processed for the following purposes:

  • Administration of training registrations

  • Assessment of participant suitability and safety

  • Delivery and organization of training modules

  • Certification and record keeping

  • Communication with participants

  • Compliance with legal obligations

 

4. Legal Basis for Processing

We process personal data based on:

  • Art. 6(1)(b) GDPR – performance of a contract

  • Art. 6(1)(c) GDPR – legal obligations

  • Art. 6(1)(f) GDPR – legitimate interests (organization and improvement of trainings)
     

For sensitive health data:

  • Art. 9(2)(a) GDPR – explicit consent
     

5. Data Sharing and Recipients

Your data may be shared with:

  • Authorized training organizers within Europe

  • Trainers and certification team members

  • Service providers (e.g. payment processors, IT services)
     

All recipients are bound to confidentiality and GDPR compliance.

Your data will not be sold or shared for marketing purposes without consent.

 

6. International Data Transfers

As trainings are organized across Europe, your data may be processed in different EU/EEA countries.

No transfer outside the EU/EEA occurs unless appropriate safeguards (e.g. Standard Contractual Clauses) are in place.

 

7. Data Retention

  • Health data: deleted after each module

  • Training and certification data: stored as long as necessary for certification and legal obligations

  • Financial data: retained according to legal tax requirements
     

8. Your Rights under GDPR

You have the following rights:

  • Right of access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to object (Art. 21 GDPR)

  • Right to withdraw consent at any time
     

To exercise your rights, contact us at:

info@grof-transpersonal-training.org

 

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • restricted access to sensitive data

  • secure storage systems

  • confidentiality obligations for staff and trainers
     

10. Photos and Media

Photos or recordings from training events may only be used:

  • with your explicit consent

  • for internal sharing or selected publication

You may withdraw your consent at any time.

 

11. Obligation to Provide Data

Providing certain personal and health data is necessary for participation.

Failure to provide required information may result in inability to participate in the training.

 

12. Complaints

You have the right to lodge a complaint with a supervisory authority.

In Estonia, this is:

Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)

 

13. Changes to this Policy

We reserve the right to update this Privacy Policy to reflect legal or operational changes.

The latest version will always be available upon request or on our website.

 

 

End of Privacy Policy

bottom of page