REGISTRATIONS OPEN NOW!

THE PROGRAM LIBRARY LOGIN
REGISTER NOW

PMU Scientist™

PRIVACY POLICY

 

Effective date: July 30, 2025

This Privacy Policy explains how PMU Scientist™ collects, uses, discloses, and protects personal data when you use our websites, learning platform, mobile or web applications, online courses, live and recorded webinars, communities, podcasts, social channels, and related services (the Services). We serve a global audience and align this Policy with major privacy laws including GDPR and UK GDPR, CCPA and CPRA, LGPD, APPI, Australia Privacy Act, and PIPEDA.

Table of Contents

  1. Purpose and Who We Are
  2. Scope - What This Privacy Policy Covers
  3. Roles - Controller or Processor
  4. Legal Bases for Processing - By Region
  5. What Personal Data We Collect
  6. How We Collect Personal Data
  7. How We Use Personal Data
  8. Recordings and User-Generated Content
  9. Cookies and Tracking - Overview
  10. Your Choices About Use of Data - Opt-Outs and Controls
  11. Who We Share Personal Data With
  12. International Transfers - SCCs - Adequacy - DPF
  13. Retention of Personal Data
  14. Confidentiality and Security
  15. Your Rights and How to Submit Requests
  16. Jurisdiction-Specific Rules
  17. External Links
  18. Children's Privacy
  19. Changes to this Policy
  20. Interpretation
  21. Contact Information
  22. Annex A - Cookies and Tracking Details
  23. Annex B - Data Privacy Framework Notice - If and When Certified
  24. Annex C - Complaints and Escalation Contacts

1. Purpose and Who We Are

PMU Scientist™ provides professional education for permanent makeup professionals, including The Science Behind Your PMU Art® and our membership community The Science™ Circle. We are based in Belgium and serve students worldwide. We are committed to processing personal data lawfully, fairly, and securely.

2. Scope - What This Privacy Policy Covers

This Policy applies when you visit our website, use our learning platform and app, enroll in courses, join communities, attend webinars or live sessions, communicate with us by email or in-platform messaging, engage with our channels on Instagram - TikTok - YouTube - Spotify - Apple Podcasts, make payments, or participate in surveys - promotions - events. Some features can be used without sharing much data, but course access - purchases - webinars - support typically require it.

3. Roles - Controller or Processor

Unless stated otherwise, PMU Scientist™ is the data controller of personal data we collect. Some providers act as independent controllers for certain processing - for example payment card data processed by Stripe and certain meeting telemetry processed by Zoom. We also use contracted processors - subprocessors to support the Services under written agreements that require confidentiality - security - processing only on our instructions.

4. Legal Bases for Processing - By Region

This Privacy Policy, as well as any disputes arising from or relating to your use of our Services, shall be governed by and construed in accordance with the laws of Belgium, without regard to its conflict of law principles.

You agree that any dispute, claim, or controversy arising out of or relating to this Policy or your use of our Services shall be brought exclusively before the competent courts of Belgium.

  • EU - UK GDPR - contract necessity - consent - legitimate interests - legal obligation. Legitimate-interest assessments are performed where required.
  • California CCPA - CPRA - rights to know - access - correct - delete - opt out of sale or sharing - non-discrimination. We do not sell personal data.
  • Brazil LGPD - consent - contract - legitimate interest - legal compliance.
  • Japan APPI - consent and transparency for cross-border transfers.
  • Australia Privacy Act - collection limited to stated purposes - access and correction rights.
  • Canada PIPEDA - knowledge and consent for collection - use - disclosure.

5. What Personal Data We Collect

  • Identity and Contact - name - email - phone - billing address - country or region.
  • Account and Profile - login credentials - profile photo - bio - language - optional social links.
  • Payment and Billing - purchase details - invoices - tax data. Stripe processes card details directly. We do not store full card numbers.
  • Learning - enrollments - progress - modules viewed - assignments - quizzes - certificates - survey responses.
  • Communications - emails - support requests - in-platform messages - chat - reviews - Q and A.
  • Recording - video - audio - screen share - chat - captions - transcripts from live sessions and webinars.
  • Technical and System - IP address - device - OS - browser - language - approximate location - logs - error reports.
  • Usage - pages and screens viewed - features used - session duration - referral source.
  • Marketing and Preferences - newsletter opt-ins - campaign interactions.
  • Social - Connected Accounts - data shared by third-party platforms you connect or use to sign in.
  • Promotions - Surveys - entries - responses and any information you provide.

You are responsible for the accuracy of data you provide. Please keep your contact details current.

6. How We Collect Personal Data

  • Directly from you - account creation - forms - checkout - messages - reviews - uploads - webinar participation.
  • Automatically - cookies - pixels - SDKs - logs - device signals - analytics. See Cookies sections and Annex A.
  • From third parties - payment confirmations from Stripe - attendance and recording metadata from Zoom - account and course data from our learning platform - social platforms if you connect.

7. How We Use Personal Data

  • Provide and administer the Services - user accounts - course delivery - community access - webinars - certificates.
  • Process payments and subscriptions via Stripe - manage billing - issue receipts.
  • Send service communications - confirmations - reminders - updates - safety and security notices.
  • Support and respond to chats - messages - reviews - help requests.
  • Host and provide access to recordings - improve quality - develop educational content.
  • Personalize and improve the Services using analytics and feedback.
  • Send marketing communications with consent where required - you can opt out at any time.
  • Comply with legal - tax - accounting - regulatory requirements.
  • Detect and prevent fraud - misuse - security incidents.
  • Conduct research and statistics using aggregated - de-identified data.
  • If we offer AI-assisted features - we will explain them and limit processing to what is necessary to deliver the feature. We do not use your personal data to train external foundation models without separate consent.

8. Recordings and User-Generated Content

Recordings

  • We record most live trainings - webinars - Q and A sessions including video - audio - chat - polls - captions - transcripts. We announce recording at the start.
  • By attending you consent to being recorded if your camera - microphone - chat are active. You may join with camera - microphone off and use chat selectively.
  • Recordings are made available to enrolled learners for rewatching. Limited excerpts may be used for educational - quality - promotional purposes. Where feasible we minimize or anonymize learner identifiers or obtain consent where required by local law.

User-Generated Content - UGC

  • User content includes messages - reviews - posts - uploads - assignments - chats you share. Visibility depends on the feature used and may be visible to other users.
  • You are solely responsible for your user content and must have the rights to share it. Do not include confidential - sensitive - third-party personal data without permission.
  • We do not endorse - monitor - assume liability for user content although we may moderate or remove content that violates law - policy - rights of others.
  • By posting user content you grant PMU Scientist™ a non-exclusive - worldwide - royalty-free license to host - store - reproduce - display - distribute it as necessary to provide - promote - improve the Services consistent with this Policy and our Terms.

9. Cookies and Tracking - Overview

We use cookies and similar technologies for:

  • Essential - authentication - security - core functions.
  • Analytics - Performance - measure traffic - features - completion - diagnose issues.
  • Functional - remember preferences such as language - region.
  • Marketing - Advertising - where used - measure campaigns and provide relevant information about our offerings. We do not sell personal data.

Consent is requested where required. You can manage choices via our cookie banner and your browser - device settings. See Annex A for details and opt-out resources.

10. Your Choices About Use of Data - Opt-Outs and Controls

  • Email marketing - use the unsubscribe link or adjust preferences. We will continue to send transactional and service emails.
  • Cookies and ads - use our cookie banner where available and your browser - device controls. Industry tools include Network Advertising Initiative and Digital Advertising Alliance - YourOnlineChoices for EEA - Japan Digital Advertising Consortium - Google Ads Settings - analytics opt-outs such as the Google Analytics browser add-on.
  • Mobile ads - iOS - Android - Windows provide OS-level controls.
  • Do Not Track - no current industry standard - we do not respond to DNT signals.
  • Social - connected accounts - disconnect via those platforms.
  • Recordings - you can join with camera - microphone off and use chat thoughtfully.
  • Community visibility - adjust your profile and posting choices.

11. Who We Share Personal Data With

We do not sell or trade personal data. We disclose data only as needed to operate the Services and as required by law:

  • Learning platform and hosting providers - accounts - course delivery - communities - emails.
  • Stripe - payment processing and billing.
  • Zoom - webinars - recordings - captions - transcripts.
  • Email - SMS - CRM - transactional and - where consented - marketing communications.
  • Analytics - performance - to understand usage and improve the Services.
  • Cloud - security - IT support - secure hosting - monitoring - backups.
  • Authorities and legal recipients where required to comply with law - enforce terms - protect rights - safety.
  • Successor entities in a merger - acquisition - asset transfer with appropriate safeguards.

Our processors are bound by contract to confidentiality - security and to process only on our documented instructions. Sub-processors may not subcontract onward without appropriate approval and equivalent protections.

12. International Transfers - SCCs - Adequacy - DPF

Because we operate globally and use vendors headquartered in multiple countries, personal data may be transferred outside your country. For EU - UK - Swiss data we rely on Standard Contractual Clauses and other recognized safeguards such as adequacy decisions. If and when PMU Scientist™ self-certifies to the EU - U.S. Data Privacy Framework - the UK Extension - the Swiss - U.S. DPF we will publish a DPF Notice and honor those Principles. See Annex B for details that apply upon certification.

13. Retention of Personal Data

We retain personal data only as long as necessary for the purposes described including education delivery - legal - tax - accounting - security - dispute resolution. Course data and recordings may be archived for educational and quality assurance purposes. If you request deletion we will act in accordance with applicable law and our obligations. Backups and logs may persist for limited periods. We may retain de-identified - aggregated data.

14. Confidentiality and Security

We use administrative - technical - physical safeguards including encryption in transit - access controls - secure hosting - monitoring - backups - least-privilege access - staff training. No system is 100 percent secure. Protect your credentials and contact us if you suspect unauthorized access or a breach. Email is not encrypted - do not send sensitive data by email.

15. Your Rights and How to Submit Requests

Depending on your location you may have rights to:

  • Access and obtain a copy of your data.
  • Correct inaccurate or incomplete data.
  • Delete your data subject to legal or contractual limits.
  • Restrict or object to certain processing.
  • Data portability where applicable under GDPR - UK GDPR.
  • Opt out of marketing and certain cookies.
  • Opt out of sale or sharing where applicable under U.S. state laws - we do not sell personal data.
  • Appeal a denied request where applicable under certain U.S. state laws.

How to submit - email [email protected] with your request and information to verify your identity or your authorized agent. We aim to respond within timelines required by law - for example 30 days EU - UK - 45 days in U.S. states. If we need more time we will inform you. If we decline we will explain why and how to appeal where applicable.

16. Jurisdiction-Specific Rules

California - CCPA - CPRA

  • Rights to know - access specific pieces - correct - delete - opt out of sale or sharing - non-discrimination.
  • Submit requests using the contact in Section 21. You may designate an authorized agent subject to verification.
  • Shine the Light - you may request information about direct marketing disclosures by emailing with subject California Shine the Light.
  • Do Not Track - there is no widely accepted standard and we do not respond to DNT signals.

Nevada

  • We do not sell personal data. You may submit a no-sale request via the contact in Section 21.

Australia

  • You may complain to the Office of the Australian Information Commissioner - OAIC. We respond to complaints within 30 days.

EEA - UK - Switzerland

  • You may lodge a complaint with your supervisory authority and expect SCCs - adequacy - or DPF protections for transfers. See Section 12.

Brazil - LGPD

  • Rights include confirmation of processing - access - correction - anonymization - blocking - deletion of unnecessary or excessive data - portability - revocation of consent.

Japan - APPI

  • Cross-border transfers require notice and consent. We disclose categories - purposes - foreign recipients as part of this Policy.

17. External Links

Our Services may link to third-party sites and platforms including Instagram - TikTok - YouTube - Spotify - Apple Podcasts. We are not responsible for their privacy practices. Review their privacy notices before providing data.

18. Children's Privacy

The Services are not directed to children below the applicable digital consent age in their jurisdiction - generally under 16 in the EU - UK and under 13 in the U.S. We do not knowingly collect personal data from such children. If you believe a child provided data contact us and we will delete it.

19. Changes to this Policy

We may update this Policy. If changes are material we will notify you by email - in-product notice - or as required by law. Unless stated otherwise changes are effective on posting. Continued use of the Services after the effective date constitutes acceptance and the revised Policy supersedes prior versions.

20. Interpretation

Capitalized terms not defined here have the meaning provided in our Terms of Service. Translations may be provided for convenience. If there is any conflict the English version controls.

21. Contact Information

Questions - requests - complaints about this Policy or our data practices:
Email: [email protected]
Postal mail: PMU Scientist™ - Attn: Privacy - Legal - Belgium - full registered address available upon request.
You may also contact or complain to the relevant supervisory authority in your country. See Annex C.

 

 

 

Annex A - Cookies and Tracking Details

Categories we use

  • Essential - login and session management - fraud prevention - security.
  • Performance - Analytics - measure traffic - features used - completion rates - diagnose issues.
  • Functional - remember preferences such as language and region - saved progress.
  • Marketing - Advertising - if enabled - campaign measurement - showing relevant information about our offerings. We do not sell personal data.

Your controls

  • Use our cookie banner where required to grant - withdraw consent.
  • Manage browser - device settings to block - limit cookies - clear cache - reset advertising IDs.
  • Industry tools - Network Advertising Initiative - Digital Advertising Alliance - YourOnlineChoices for EEA - Japan Digital Advertising Consortium - Google Ads Settings - Google Analytics browser add-on.
  • Blocking some cookies may impact functionality such as login or session continuity.

 

 

Annex B - Data Privacy Framework Notice - If and When Certified

If and when PMU Scientist™ self-certifies to the EU - U.S. Data Privacy Framework - the UK Extension - and the Swiss - U.S. DPF this Annex will apply. We will commit to the DPF Principles including notice - choice - accountability for onward transfer - security - data integrity and purpose limitation - access - recourse and enforcement and liability. We will remain responsible for onward transfers to agents processing on our behalf unless we prove we are not responsible for the event giving rise to the damage. Unresolved complaints may be referred to an independent dispute-resolution body at no cost to you and binding arbitration may be available under certain conditions. We will be subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. Until certification we rely on SCCs and other lawful transfer mechanisms as explained in Section 12.

Annex C - Complaints and Escalation Contacts

  • EU - EEA - contact your national Data Protection Authority.
  • United Kingdom - Information Commissioner's Office - ICO.
  • Switzerland - Federal Data Protection and Information Commissioner - FDPIC.
  • Australia - Office of the Australian Information Commissioner - OAIC.
  • Brazil - Autoridade Nacional de Proteção de Dados - ANPD.
  • Japan - Personal Information Protection Commission - PPC.
  • Canada - Office of the Privacy Commissioner of Canada - OPC.
  • United States - state privacy laws - you may contact your state Attorney General.