Last Updated: October 12, 2025
Our Commitment to Data Protection
SHero Empowered respects the privacy rights of all individuals, including those in the European Union (EU), European Economic Area (EEA), and United Kingdom (UK). This statement outlines how we comply with the General Data Protection Regulation (GDPR) and your rights regarding your personal data.
This statement should be read in conjunction with our Privacy Policy.
1. Who This Applies To
This GDPR Compliance Statement applies to individuals in the EU, EEA, and UK who:
- Visit our website
- Subscribe to our newsletter
- Enroll in our programs or services
- Attend our virtual meetings
- Otherwise provide personal data to SHero Empowered
2. Data Controller Information
Data Controller:
SHero Empowered
Fränya K. Isley
21738 Lawrence 1100
Monett, MO 65708
United States
Contact for Data Protection Matters:
Email: admin@sheroempowered.com
Subject Line: “GDPR Request” or “Data Protection”
3. Legal Basis for Processing Your Data
We process your personal data only when we have a legal basis to do so. Our legal bases include:
3.1 Consent
When you:
- Subscribe to our newsletter
- Sign up for free resources
- Create an account
- Opt in to marketing communications
You can withdraw consent at any time.
3.2 Contractual Necessity
When you:
- Enroll in a paid program
- Purchase services
- Enter into an agreement with us
We need your data to fulfill our contractual obligations to you.
3.3 Legitimate Interests
When:
- Improving our website and services
- Analyzing how our services are used
- Preventing fraud and maintaining security
- Communicating about our services to those who have shown interest
We always balance our interests against your rights and freedoms.
3.4 Legal Obligation
When required by law to:
- Maintain financial records
- Respond to legal requests
- Comply with regulatory requirements
4. What Personal Data We Collect
4.1 Information You Provide:
- Name and contact information (email, phone)
- Billing and payment information
- Program enrollment details
- Communication preferences
- Feedback and survey responses
- Information shared during coaching sessions (with consent)
4.2 Information Collected Automatically:
- IP address and location data
- Browser type and version
- Device information
- Website usage data (pages visited, time on site)
- Cookie data
4.3 Sensitive Data:
We may process information you voluntarily share about:
- Personal circumstances (divorce, life transitions)
- Health and well-being (to provide appropriate support)
We only process sensitive data with your explicit consent and never share it without permission.
5. How We Use Your Data
We use your personal data for:
- Service Delivery: Providing coaching services, program access, and support
- Communication: Sending program materials, session reminders, and responding to inquiries
- Billing: Processing payments and managing payment plans
- Marketing: Sending newsletters and program information (with consent)
- Improvement: Analyzing and improving our services
- Legal Compliance: Meeting legal and regulatory requirements
6. Data Sharing and International Transfers
6.1 Who We Share Data With:
We may share your data with:
Service Providers:
- Email service providers (for newsletter delivery)
- Payment processors (for secure payment handling)
- Website hosting services
- Analytics providers (Google Analytics, anonymized when possible)
- Virtual meeting platforms (for coaching sessions)
All service providers are contractually required to protect your data.
6.2 International Data Transfers:
SHero Empowered is based in the United States. When you use our services:
- Your data may be transferred to and stored in the U.S.
- The U.S. may not provide the same level of data protection as the EU
We take steps to ensure your data remains protected, including:
- Using service providers with appropriate safeguards
- Implementing standard contractual clauses
- Ensuring recipients commit to data protection
6.3 We Do Not:
- Sell your personal data to third parties
- Share your data for others’ marketing purposes
- Transfer data to countries without adequate protection
7. Your GDPR Rights
Under GDPR, you have the following rights:
7.1 Right to Access
You can request:
- Confirmation of whether we process your data
- Copy of your personal data
- Information about how we use your data
7.2 Right to Rectification
You can request correction of:
- Inaccurate personal data
- Incomplete information
7.3 Right to Erasure (“Right to be Forgotten”)
You can request deletion of your data when:
- Data is no longer necessary for its original purpose
- You withdraw consent and no other legal basis exists
- You object to processing and no overriding grounds exist
- Data was unlawfully processed
Exceptions: We may retain data when required by law or for legal claims.
7.4 Right to Restrict Processing
You can request we limit how we use your data when:
- You contest the accuracy of the data
- Processing is unlawful but you don’t want erasure
- We no longer need the data but you need it for legal claims
- You’ve objected to processing pending verification
7.5 Right to Data Portability
You can request:
- Your data in a structured, commonly used format
- Transfer of your data to another service provider
This applies to data you provided based on consent or contract.
7.6 Right to Object
You can object to processing based on:
- Legitimate interests (including profiling)
- Direct marketing (we’ll stop immediately)
7.7 Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing, including profiling, that produces legal effects or similarly significantly affects you.
We do not make automated decisions that significantly affect you without human involvement.
8. How to Exercise Your Rights
To exercise any of your GDPR rights:
Contact us:
- Email: admin@sheroempowered.com
- Subject Line: “GDPR Request – [Specify Right]”
Include:
- Your full name and contact information
- Clear description of your request
- Proof of identity (to protect your data)
We will:
- Respond within 30 days (may extend to 60 days for complex requests)
- Provide reasons if we cannot fulfill your request
- Take action at no cost (reasonable fees may apply for excessive requests)
9. Data Retention
9.1 How Long We Keep Your Data:
- Newsletter Subscribers: Until you unsubscribe, plus a reasonable period to honor opt-out
- Program Participants: Duration of program plus 7 years for financial/legal purposes
- Website Visitors: Analytics data retained for 26 months (Google Analytics default)
- Payment Records: 7 years (legal requirement)
- Email Communications: As long as necessary for business purposes
9.2 Retention Criteria:
We determine retention periods based on:
- Legal and regulatory requirements
- Contractual obligations
- Legitimate business needs
- Your preferences and requests
9.3 Secure Deletion:
When retention periods expire, we securely delete or anonymize your data.
10. Data Security
We protect your data using:
10.1 Technical Measures:
- Encryption of data in transit (SSL/TLS)
- Secure data storage systems
- Regular security updates and monitoring
- Access controls and authentication
10.2 Organizational Measures:
- Staff training on data protection
- Limited access to personal data (need-to-know basis)
- Confidentiality agreements with staff and service providers
- Regular privacy and security reviews
10.3 Data Breach Response:
In the event of a data breach that poses risk to your rights:
- We will notify the relevant supervisory authority within 72 hours
- We will inform you without undue delay
- We will take immediate steps to contain and remediate the breach
11. Cookies and Tracking
11.1 Cookie Consent:
We use cookies and similar technologies. When you first visit our site:
- You’ll see a cookie banner
- You can accept, reject, or customize cookie preferences
- Essential cookies are necessary for site functionality
11.2 Your Control:
- Adjust preferences via browser settings
- Opt out of analytics cookies
- Delete existing cookies
See our Cookie Policy for detailed information.
12. Children’s Privacy
Our services are not intended for individuals under 18. We do not knowingly collect data from children. If we learn we’ve collected a child’s data, we will delete it promptly.
If you believe we have data from a child under 18, please contact us immediately.
13. Updates to This Statement
We may update this GDPR Compliance Statement to reflect:
- Changes in our practices
- Updates to GDPR guidance
- New legal requirements
- Service changes
When we make changes:
- The “Last Updated” date will change
- Significant changes will be communicated to affected individuals
- Continued use after changes constitutes acceptance
14. Supervisory Authority
If you believe we’ve violated your GDPR rights, you have the right to lodge a complaint with:
Your local supervisory authority in the EU/EEA/UK
EU Data Protection Authorities:
Find your country’s authority: https://edpb.europa.eu/about-edpb/board/members_en
UK Information Commissioner’s Office:
Website: https://ico.org.uk/
Phone: 0303 123 1113
We encourage you to contact us first so we can address your concerns directly.
15. Questions and Concerns
For questions about:
- How we process your data
- Your GDPR rights
- Our data protection practices
- Data transfers
Contact us:
SHero Empowered
Fränya K. Isley
21738 Lawrence 1100
Monett, MO 65708
Email: admin@sheroempowered.com
Subject: “GDPR Inquiry” or “Data Protection Question”
16. Representative in the EU
Note: If required by law as our operations expand, we will appoint an EU representative and provide contact details here.
17. Additional Resources
For more information about GDPR:
- EU GDPR Portal: https://gdpr.eu/
- European Commission: https://ec.europa.eu/info/law/law-topic/data-protection_en
- ICO (UK): https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/
Your privacy rights matter to us. We are committed to transparency and protecting your personal data in accordance with GDPR requirements.
