Not Sure Where To Start

START HERE
ABOUT
SHOP PRODUCTS
Product Guide Next Gen Course Women Are Not Small Men Course Menopause 2.0 Course Microlearning Courses Compare Courses Books, Programs, and More
TESTIMONIALS ARTICLES FAQs

Privacy Policy

STSims Consultants Ltd. – Privacy Policy

Last Updated: May 25, 2026

 

STSims Consultants Ltd., trading as DR STACY SIMS, is committed to protecting the privacy of our users as we understand the importance of protecting our user’s personal data.

When we say “STSims,” “we,” “our,” or “us”, we mean the STSims Consultants Group of companies, trading as DR STACY SIMS. Our headquarters are located in New Zealand, but we operate in additional jurisdictions. Please see the section headed “contact details” below.

This Privacy Policy explains how we collect, use, disclose, and protect personal data provided to us, or otherwise collected by us when you subscribe to our membership program, sign up to and use our online fitness courses, interact with our website, including our blog, comment section and forum, and use related services (collectively, the “Services”). We have used examples in this Privacy Policy to help explain some points. Please remember that these examples describe common scenarios but do not necessarily cover all situations.

Both this Privacy Policy and the Cookie Policy are incorporated into our Terms of Use by reference. Unless otherwise defined herein, capitalized terms shall have the meaning set forth in our Terms of Use, which can be accessed at www.drstacysims.com/pages/terms. The STSims website itself has its own Terms of Service that may include specific privacy-related terms. To the extent that any such terms conflict with this Privacy Policy, then the Terms of Service supersede and will apply instead.

Our website is powered by Kajabi, LLC (“Kajabi”). Kajabi’s privacy policy can be accessed at https://www.kajabi.com/policies/privacy.

We encourage you to read this policy and the Kajabi privacy policy carefully as it contains important information on what, how and why we collect, use, disclose, sell, share, store, and retain your personal information. It also explains your rights in relation to your personal information and how to contact us in the event you have a complaint or request. If you provide personal data to us, you understand we will process it in accordance with this Privacy Policy and the Kajabi privacy policy. If you do not provide personal data to us, however, it may impact our ability to provide our Services to you and your use of the Services. If you have any questions, please contact us using the details set out at the bottom of this Privacy Policy.

This Privacy Policy explains:

  • The types of personal data we may collect about you;
  • How we might collect your personal data;
  • How we may use your personal data and the reasons we collect it;
  • How we will store your personal data;
  • If we are likely to disclose your personal data overseas, and if so, which countries we are likely to disclose your personal data to;
  • Your rights in relation to your personal data; and
  • How you can contact us if you have any other questions regarding our processing of your personal data.

For consumers in the United States, further information on what we use your personal information for, the reasons for doing so and your rights as a consumer under various US state laws, such as the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA) can be found in the addendum titled “Additional Information if you reside in the United States”.

For consumers within the European Economic Area (EEA), further information on what we use your personal information for, the reasons for doing so and your rights as a consumer under the General Data Protection Regulation (GDPR) can be found in the addendum titled “Additional Information if you reside within the EEA”.

  1. Personal data

In this policy:

  • Personal data means identifiable data about you, for example your name, email, address, telephone number. If you cannot be identified (for example, when personal data has been aggregated and anonymised to the extent you can't reasonably be identified) then certain parts of this policy may not apply to that information. For the purposes of this Privacy Policy, “personal data” and “personal information” are used interchangeably and have the same meaning, except where specific legal definitions apply under relevant laws;
  • Sensitive Personal Information means Personal Data that carries a higher risk of harm if exposed, for example your social security number, health data, or your ethnic origin.
  • Applicable privacy laws means the requirements of privacy laws, codes and regulations relevant to you in the country you reside in, including as applicable the New Zealand Privacy Act 2020, the Australian Privacy Act 1988, the CCPA as amended by the CPRA and the GDPR;
  • Cookie means a file that stores information about you and your behaviour on the internet. Cookies are created by a web server when you browse a website and are stored on your web browser. Cookies are accessed by a web server upon entering a website;
  • Where we refer to processing of your personal data, we mean all activities relating to our use of that personal data, from its collection through to its storage and disposal and everything in between, and process shall be interpreted accordingly.
  1. Categories of Personal Data We May Collect

The categories of personal data we may collect about you include:

  • Identifiers (including first name, middle name, last name and email address);
  • Personal information (including billing address, telephone numbers and bank account, and payment card details through our third-party payment processor Stripe or PayPal);
  • Commercial information (including details about payments from you to us and other details of Services you have purchased from us);
  • Account information (including your login for our Services, support requests you have made, your interests, preferences, feedback and survey responses, additional personal data that you provide to us, directly or indirectly, through your use of our Services, associated applications or accounts from which you permit us to collect information);
  • Location data (including internet protocol [IP] and your location information [for example your city and state derived from your IP address]);
  • Internet or other electronic network activity information (including your browser session, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behavior, information about your access and use of our website and Services, including through the use of internet cookies, your communications with our website, the type of browser you are using, the type of operating system you are using, the domain name of your internet service provider, your preferences in receiving marketing from us and your communication preferences); and
  • Requested data (including any other personal data requested by us and/or provided by you or a Third Party).

Our Services are intended for individuals aged 18 years or older, and we do not knowingly collect or solicit personal data from individuals under the age of 18.

  1. How We Handle Unsolicited Sensitive Personal Information

We do not intentionally collect, process, or store Sensitive Personal Information, such as health and fitness data. Any fitness and health-related information you choose to share, such as your fitness goals, health conditions, date of birth, workout history, progress, or other fitness-related data, is considered unsolicited and is .

  1. How We Might Collect Your Personal Data

The ways we collect your personal data can be categorized into: (a) information you provide to us directly, and (b) information that is collected automatically by us.

a.  Information Provided by You Directly

The personal data we collect directly from you may include:

  • Information you provide to us during the user registration process, blog and forum subscription process or membership sign-up process (“user profile data”). This User Profile Data may include your name, email address, website settings, marketing preferences and preferences regarding the information you wish to receive, including content tailored to specific age groups. STSims provides its Services exclusively to individuals aged 18 and over, including parents, coaches, trainers, teachers, and health professionals who may engage with programs such as NEXT GEN: Training Active Girls For Health & Performance, designed to support understanding of the developmental changes experienced by active teenage girls;
  • Information you provide to us via our questionnaire which will be provided to you after having completed the user registration process or membership sign-up process (“user data”). This user data may include details about your professional role and the age group relevant to your inquiry;
  • Information contained in or relating to any communication that you send to us or that we send to you (communication data). The communication data may include the communication content and metadata associated with the communication;
  • Data allowing us to get in touch with you (“contact data”). This contact data may include your name, email address, telephone number, postal address and other information you provide us when you send us communication data; or
  • Information relating to transactions, including your purchase of a membership subscription plan or your purchase of our online courses (“transaction data”). The transaction data may include your payment card details or other payment and transaction details.

b. Information We Collect Automatically:

When you use our website and Services, we may automatically collect and store personal data in so-called “log files”. The personal data we automatically collect from you may include:

  • Information relating to your interaction with our courses, including pages visited, videos watched, time spent on lessons, completion rates, and features used (“Usage Data”);
  • Information relating to your device, including your IP address, blocking status of your IP address, browser type and version, operating system, any referring URL, computer’s hostname, the time of server request, caching information, type of device, information about our system's response to your device, timestamps, security-relevant information of the firewall and other technology on the devices you use to access our Services (“Technical Data”); or
  • Information relating to your general location (for example, your city and state) derived from your IP address. We do not collect precise geolocation without your explicit consent.

In these circumstances we use cookies and similar technologies to collect personal data. Cookies used on this website enable some of the website's essential functionality and help us provide the best possible service to you by tailoring our services to best suit your preferences. Most internet browsers give you the option to reject all cookies, accept all cookies, erase cookies stored on your device or be notified before a cookie is stored on your device. However, if you reject or erase cookies some functionality or features of our website may not function properly or be fully available.

Our website operator Kajabi may use cookies, tracking pixels, and other tracking technologies to:

  • Track traffic patterns to and from our website, including information such as the pages you visit, the time you spend on each page, the date and time of your visit, and referring pages (pages you came from or go to);
  • Ensure advertising is being shown to the most appropriate person and limit the frequency of display for certain advertisement formats;
  • Enable you to enter our website and use certain products services without having to log on each time and to visit restricted areas of our website;
  • Pre-populate information in the ordering or enquiry process to make the processes on our website easier for you;
  • Identify and maintain certain views and options for user preference; or
  • Enable us and our affiliates or partners to serve targeted advertising to you (on our website and elsewhere).

Where required by law (including in the EEA and the United Kingdom), we will obtain your prior consent before placing non-essential cookies on your device, including cookies used for analytics and advertising purposes.

You can learn more about our use of cookies in our Cookie Policy at www.drstacysims.com/pages/cookie-policy and in our cookie settings at www.drstacysims.com. You can change your cookie preferences in the cookie settings or via your browser settings at any time.

 c. Information Collected Indirectly from Third Parties

We may receive information about you from Third-Party services that you link to your account (for example, social media logins and payment service providers) or from partners who provide services to us. Where we collect personal information about you from Third Parties (for example, Third Parties working with us to facilitate the Services provided on our website or social media accounts), we will do so in compliance with all applicable privacy laws.

If you are a Third-Party providing personal data about somebody else, you warrant that you have such person's consent to provide their personal data to us.

  1. How and Why We May Use Your Data

Under data protection laws, we can only use your personal information if we have a proper reason for doing so (for example to comply with our legal and regulatory obligations, for the performance of our contract with you, our legitimate business or commercial interests or those of a Third Party or where you have given consent). We use your personal data when you subscribe to or purchase our Services, while you are a client and when you use our website, including our blog. We will use this personal data generally to manage our Services and business effectively, as well as for potential development of future Services.

By engaging in our website’s comment and/or forum section you understand and agree that any information you choose to share will become publicly accessible. This includes visibility to other users, visitors, and Third Parties who have access to or subscribe to these features. Please be aware that once information is posted publicly, we cannot control how it is used, viewed, collected, or shared by others.

  1.   Who We May Share Your Personal Data With

We may also share your personal data within STSims, to our service providers and with other authorized Third Parties. We will only share personal data when we are allowed to under applicable data protection laws, or when we are legally required to. We may disclose your personal data to:

  • Third-Party service providers for the purpose of performing functions on our behalf, including customer support, IT service providers (for example, software solutions for office and customer management such as Microsoft and Google), content management system providers, data storage, web-hosting and server providers, cookie providers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers (for example Meta), professional advisors and payment systems operators;
  • Our employees, including our website operator’s employees;
  • Our existing or potential agents or business partners;
  • Anyone to whom our business or assets (or any part of them) are, or may be, transferred. In case of a transfer, we will notify you of any such transfer and any changes to this Privacy Policy;
  • Courts, tribunals and regulatory authorities, in the event you fail to pay for services we have provided to you;
  • Courts, tribunals, regulatory authorities and law enforcement officers, as required or authorized by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
  • Third-party fraud prevention providers for the purpose of assessing your order data. When purchasing via PayPal, we transmit your order data (name, address, gender, date of birth, shopping cart value, time of order, IP address, payment method) to a service provider based in the United States for the purposes of fraud prevention. If you select credit card as your payment method, we will transmit your order data to a service provider based in the United States;
  • Any other Third Parties as required or permitted by law; or
  • Any other Third Parties as explicitly consented to by you.

These providers are obligated to protect your information and only use it for the purposes for which we disclose it to them.

  1. Automated Processing and Artificial Intelligence

We may use automated technologies, such as Artificial Intelligence (“AI”) tools (for example Meta AI) to analyze limited categories of personal data, such as your city of residence, for internal business purposes and advertising. These include:

  • Improving services and identifying operational issues;
  • Detecting system errors and broken automations;
  • Analyzing trends in customer service and business operations; or
  • Enhancing customer experience

We do not use automated decision-making, including profiling, to make decisions that produce legal or similarly significant effects on you.

Further information on how Meta processes personal data can be found in their Privacy Policy at www.facebook.com/privacy/policy/. We do not sell personal information, and we do not use customer data to train publicly available AI models.

If this practice changes in the future, we will update this Privacy Policy and, where required by law, obtain your consent.

  1. How We Store and Protect Your Personal Data

We are committed to ensuring that the personal data we collect is secure. Your data will be stored in our customer database hosted by Kajabi at 880 Newport Center Dr., Suite 100, Newport Beach, California 92660, United States of America.

In order to prevent unauthorised access or disclosure, we have put in place suitable electronic and managerial procedures, to safeguard and secure personal data and protect it from misuse, interference, loss and unauthorised access, modification and disclosure. Such safeguards include:

  • Encryption: We use encryption technologies (for example, SSL/TLS) to protect data transmitted over the Internet.
  • Access Controls: We restrict access to your personal information to authorized personnel who need to know that information to perform their job functions.
  • Regular Security Audits: In collaboration with Kajabi, we regularly perform security audits and vulnerability assessments to identify and address potential weaknesses in our systems.
  • Employee Training: Kajabi employees receive training on data privacy and security best practices.

While we are committed to security, we cannot guarantee the security of any information that is stored by us or transmitted to or by us over the internet. The transmission and exchange of information over the internet is carried out at your own risk.

  1.   How Long We Store Your Personal Data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to provide our Services, comply with legal obligations, resolve disputes, and enforce our agreements. The retention of your personal data includes the following:

  • Account Data: We will retain your account information for as long as your account is active. If you close your account, we will delete or anonymize your personal information within a reasonable timeframe, which will not exceed thirty (30) days unless legal obligations require us to retain it longer.
  • Transaction Data: We will retain transaction data for the period required under applicable tax and accounting laws. This period typically lasts up to seven (7) years, depending on the jurisdiction.
  • Marketing Communications: If you have opted in to marketing communications, we will retain your contact information for marketing purposes until you opt out of receiving marketing communications at www.drstacysims.com/.

Thereafter, we will keep your personal data for as long as is necessary:

  • To respond to any questions, complaints or claims made by you or on your behalf;
  • To show that we treated you fairly; and
  • To keep records required by law.

We will not retain your personal information for longer than necessary for the purposes set out in this policy. In determining appropriate retention periods, we consider the nature and sensitivity of the personal data, the purposes for which it is processed, and applicable legal requirements.

Once retention is no longer necessary, we will securely delete or anonymize your personal data.

  1. Your Data Protection Rights

Under certain circumstances and to the extent that such rights are granted in accordance with applicable data protection laws in your country, you, or someone you give authority to, has the right to request access to or correct your personal data:

  • Access: You may request access to the personal data that we hold about you. An administrative fee may be payable for the provision of such information depending on your jurisdiction. Please note, in some situations, we may be legally permitted to withhold access to your personal data;
  • Correction: If you believe that any information, we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal data.

When it comes to marketing communications, you can ask us at any time not to send you these by opting out at www.drstacysims.com/.

  1. How to Exercise Your Rights

If you would like to exercise any of your rights as described in this Privacy Policy, you can do so by emailing us at support@drstacysims.com. If you choose to contact us you will need to provide us with the following:

  • Enough information to identify you [(e.g., your full name, address and customer or matter reference number)];
  • Proof of your identity and address (e.g., a copy of your driving license or passport, a recent utility or credit card bill); and
  • A description of what right you want to exercise and the information to which your request relates.

We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information or is someone authorized to act on such person's behalf. Any personal information we collect from you to verify your identity in connection with your request will be used solely for the purposes of verification.

You also have the right to contact the Office of the New Zealand Privacy Commissioner (OPC) or the Office of the Australian Information Commissioner (OAIC), or another relevant data protection authority within the country you resident in, where you are not satisfied with our resolution process.

  1. We May Make Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated Privacy Policy on our website and updating the Effective Date at the top of this policy. We encourage you to review this Privacy Policy periodically.

Links to other websites

Our website and Services may contain links to other websites. We do not have any control over those websites, and we are not responsible for the protection and privacy of any personal data which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

Contact details

For any questions or notices, please contact our privacy representative at:

STSims Consultants Ltd. 

                  Privacy Support

                  48 Tweed St

                  Mount Maunganui

                  Bay of Plenty 3116

                  New Zealand

                  support@drstacysims.com

 

 

Additional Information If You Reside in the United States of America

Last Updated: May 22, 2026

This addendum supplements our Privacy Policy and applies solely to our website and Service users that reside in the US. Together with the Privacy Policy this addendum ensures our compliance with the various U.S. Privacy Laws, including but not limited to the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), which we abide by as a business.

  1. How and Why We May Use Your Personal Data

Under data protection laws, we can only use your personal information if we have a proper reason for doing so. The list below explains what we use (process) your personal information for and our reasons for doing so:

                  Use of Your Personal Data

  • To enable you access to our services, including to provide you with a login;
  • To provide our services to you, including to give you access to our Services, blog and membership content;
  • To contact and communicate with you about our services and any enquiries you make.

                  Our Reason

  • For the performance of our contract with you or to take steps at your request.

                  Use of Your Personal Data

  • For internal record keeping, administrative, invoicing and billing purposes;
  • For analytics, market research and business development, including to operate and improve our Services;
  • To detect and/or prevent any illegal activity that may threaten us or our Services; and
  • For advertising and marketing, including to send you promotional information about Services and information that we consider may be of interest to you, noting we will comply with all laws that are relevant to marketing.

Our Reasons

  • For our legitimate interests or those of a Third Party, i.e., to make sure we are following our own internal procedures so we can deliver the best service to you;
  • For our legitimate interests or those of a Third Party, i.e., to be as efficient as we can so we can deliver the best service for you at the best price;
  • For our legitimate interests or those of a Third Party, i.e., to minimize fraud that could be damaging for us and for you; and
  • For our legitimate interests or those of a Third Party, i.e., to promote our business to existing and former customers.

Use of Your Personal Data

  • To comply with our legal obligations and resolve any disputes that we may have; and
  • If otherwise required or authorized by law.

Our Reason

  • Compliance. 

2. Who We May Share Your Personal Data With

In the last 12 months, we have not sold your personal information.

a. Personal Information We Shared

In the preceding 12 months, we have shared the following categories of personal information:

  • Identifiers (email address) with Third Party Meta for cross-context behavioral advertising.

b. Personal Information We Disclosed for Business Purposes

In the preceding 12 months, we have disclosed the following categories of personal information for a business purpose:

  • Identifiers (including first name, middle name, last name and email address);
  • Personal information (including billing address, telephone numbers and bank account, and payment card details through our third-party payment processor Stripe or PayPal);
  • Commercial information (including details about payments from you to us and other details of Services you have purchased from us);
  • Account information (including your login for our Services, support requests you have made, your interests, preferences, feedback and survey responses, additional personal data that you provide to us, directly or indirectly, through your use of our Services, associated applications or accounts from which you permit us to collect information);
  • Location data (including internet protocol [IP] and your location information [for example your city and state derived from your IP address]);
  • Internet or other electronic network activity information (including your browser session, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behavior, information about your access and use of our website and Services, including through the use of internet cookies, your communications with our website, the type of browser you are using, the type of operating system you are using, the domain name of your internet service provider, your preferences in receiving marketing from us and your communication preferences);
  • Requested data (including any other personal data requested by us and/or provided by you or a Third Party); or

3. How We Handle Children's Privacy

Our Services are intended for individuals aged 18 years or older, and we do not knowingly collect or solicit personal data from individuals under the age of 18. In addition, our Services are not directed to children under the age of 13, and we do not knowingly collect personal data from children under the age of 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal data from a child under the age of 13 without verifiable parental consent, we will take steps to remove that information from our servers pursuant to the Children’s Online Privacy Protection Act.

4. Your Data Protection Rights

While there is not one overarching federal privacy law in the US, various state laws (for example, CCPA/CPRA in California, VCDPA in Virginia, CPA in Colorado, UCPA in Utah, CTDPA in Connecticut) grant consumers certain rights. These rights include:

a. Disclosure of Personal Information We Collect About You

  • You have the right to know, and request disclosure of:
    • The categories of personal information we have collected about you, including sensitive personal information;
    • The categories of sources from which the personal information is collected;
    • The categories of Third Parties to whom we disclose personal information, if any; and
    • The specific pieces of personal information we have collected about you.
    • Please note that we are not required to:
    • Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained;
    • Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information; or
    • Provide the personal information to you more than twice in a 12-month period.

b. Disclosure of Personal Information Disclosed for a Business Purpose

  • In connection with any personal information we may disclose to a Third Party for a business purpose, you have the right to know:
    • The categories of personal information that we disclosed about you for a business purpose and the categories of persons to whom the personal information was disclosed for a business purpose

 c. Right to Opt-Out of Sale/Sharing

Where applicable you have the right to opt-out of the "sale" or "sharing" of your personal information (as defined by relevant state laws, which may include sharing for cross-context behavioral advertising). This right includes the right to opt-out of the collection of non-functional cookies.

 d. Right to Opt-Out of Automated Decision Making

Where applicable you have the right to opt-out of automated decision-making including profiling. You can make use of this right by contacting us using the contact details provided in Section 5 “How to Exercise Your Rights” of this addendum. To determine whether you have the right to opt-out please include information on your residence when contacting us.

e. Right to Limit Use of Sensitive Personal Information

We do not use or disclose Sensitive Personal Information for purposes to which the right to limit use and disclosure applies.

f. Right to Deletion

  • Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:
    • Delete your personal information from our records;
    • Delete your personal information from our records; and
    • Direct Third Parties to whom the business has sold or shared your personal information to delete your personal information unless this proves impossible or involves disproportionate effort
  • Please note that we may not delete your personal information if it is reasonably necessary to:
    • Complete the transaction for which the personal information was collected, fulfil the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;
    • Help to ensure security and integrity to the extent the use of the consumer's personal information is reasonably necessary and proportionate for those purposes;
    • Debug to identify and repair errors that impair existing intended functionality;
    • Exercise free speech, ensure the right of another consumer to exercise their right of free speech, or exercise another right provided for by law;
    • Comply with the California Electronic Communications Privacy Act;
    • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;
    • Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us
    • Comply with an existing legal obligation; or
    • Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

g. Right of Correction

If we maintain inaccurate personal information about you, you have the right to request us to correct that inaccurate personal information. Upon receipt of a verifiable request from you, we will use commercially reasonable efforts to correct the inaccurate personal information.

h. Protection Against Retaliation

  • You have the right to not be retaliated against by us because you exercised any of your rights under applicable US state privacy laws. This means we cannot, among other things:
    • Deny goods or services to you;
    • Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
    • Provide a different level or quality of goods or services to you; or
    • Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

5. How To Exercise Your Rights

If you would like to exercise any of your rights as described in this Privacy Policy, you can do so at www.drstacysims.com/site/contact. You may also call us at 1 (800) 915-2821 or email us at support@drstacysims.com. We will respond to your request within the timeframe required by applicable law. We may need to verify your identity before processing your request pursuant to Clause 11“How to Exercise Your Rights” of this Privacy Policy.

Please note that you may only make a CCPA/CPRA-related data access or data portability disclosure request twice within a 12-month period. Similar regulations may apply to a US state resident depending on where they reside. 

Additional Information If You Reside Within the EEA

Last Updated: May 8, 2026

This addendum supplements our Privacy Policy and applies solely to our website and Service users that reside within the European Economic Area. Together with the Privacy Policy this addendum ensures our compliance with the General Data Protection Regulation (GDPR) as the controller of your personal data.

  1. How and Why We May Use Your Personal Data

Under the GDPR, we are the controller of your data and therefore can only use your personal information if the GDPR allows us to (Art 6 (1) GDPR). We use the information we collect for various purposes, primarily to provide and improve our Services and to communicate with you. The list below outlines what we use your personal data for and the legal bases for doing so:

a. To Provide and Maintain Our Services

    • We process data that you provided to us when registering your customer account. During the registration process, we process certain types of personal data, such as your name, address, or bank details. The data we collect can be seen in the respective input masks. The legal bases for using this data are Art 6(1)(a) and Art 6(1)(b) GDPR;
    • We process data that you provide to us when you place an order or when registering or maintaining your customer account. The data we collect can be seen in the respective input fields. We use the data you provide to fulfill our contractual obligations to you (for example, to process and transmit your order) and to process your inquiries. The legal basis for using this data is Art 6(1)(b) GDPR;
    • In some cases, we may be obliged to retain certain data (for example, business correspondence and receipts) for a legally prescribed period. This data may only be deleted, even in the event of a request for deletion, after the statutory retention periods have expired. The legal basis for using this data is Art 6(1)(c) GDPR.

b. To Improve and Personalize Your Experience

The data we collect may be used as follows to improve and personalize your experience:

    • To provide you information, advice and guidance as part of our Services, including such information, advice and guidance that is tailored to you;
    • To assist us in providing better products and services to you by tailoring them to meet your needs;
    • To analyze usage trends and patterns to optimize our platform; and
    • To troubleshoot and improve the functionality of our website and courses.

The legal basis for the above-mentioned use of your data is Art 6(1)(f) GDPR.

c. For Marketing and Promotional Purposes

In addition to using your data to process your purchases in our online web shop, we may also use your data to communicate with you about your orders, specific products, or marketing campaigns and to recommend products or services that may be of interest to you. This communication may take place via email, SMS, or other messaging services. If you have consented to receive such communication from us, you can revoke your consent to the use of your data for advertising purposes at any time, either in whole or for individual measures, with effect for the future. You can also object to advertising communication that you receive from us without your consent at any time with effect for the future. You can contact us at support@drstacysims.com or at the address provided under “Contact Details” of this Privacy Policy. The legal bases for the above-mentioned use of your data are Art 6(1)(a) and Art 6(1)(f) GDPR.

d. For Security and Fraud Prevention

We have a legitimate interest in preventing fraud when ordering our products. We therefore carry out fraud checks on orders and transmit your order data to our designated service providers for this purpose. If an order is classified as risky based on the check, your order may be canceled.

  • When purchasing via PayPal, we transmit your order data (name, address, gender, date of birth, shopping cart value, time of order, IP address, payment method) to a service provider based in the United States for the purposes of fraud prevention. The legal bases for this use of your data are Art 6(1)(c) and Art 6(1)(f) GDPR;
  • If you select credit card as your payment method, we will transmit your order data to a service provider based in the United States. This service provider's fraud check uses probability values ​​to identify orders that pose a fraud risk for us. The legal bases for this use of your data are Art 6(1)(c) and Art 6(1)(f) GDPR.

You can obtain further information about how our service provider processes personal data at any time from us using the contact details provided in Privacy Policy. If you do not agree to data being transmitted to this service provider, please use a different payment method.

f. To Create Log Files

To be able to provide you with a fully functional website, we may store your access data (for example IP address and browser type) in log files when you visit our website. The legal basis for this use of your personal data is Art 6(1)(f) GDPR.

g. To Process Payments

Depending on the payment method you choose, our payment service providers will collect information from you so that they can match your order details to your payment and process the payment for you. We cannot see your payment-related information, such as credit card details. If we transmit data to payment service providers to process the payment, this is done to fulfil our contract with you. The legal basis for this use of your personal data is Art 6(1)(b) GDPR. Our payment service providers are located in the US. Where we transfer personal data from the European Economic Area (EEA) or the United Kingdom to countries that have not been deemed to provide an adequate level of data protection, we rely on appropriate safeguards in accordance with applicable data protection laws, particularly Art 46 GDPR. These safeguards may include:

  • The European Commission’s Standard Contractual Clauses (SCCs);
  • The UK International Data Transfer Agreement (IDTA) or Addendum (where applicable); and/or
  • Transfers to organizations certified under an approved adequacy framework where available.

You may request further information about the safeguards we use by contacting us using the details provided in this Privacy Policy.

h. To Protect Your Data

If you contact us to exercise your rights as a data subject, we will process your name, email address, and any additional information you provide to us in your inquiry, as well as data to verify your identity as an authorized data subject if necessary. The data provided in your inquiry will be used to respond to you and to ensure our compliance with the GDPR by helping you as a data subject to exercise your rights set out in the GDPR. If we process additional data from you to verify your identity, this is done to prevent fraud.

The legal bases for processing the data in your request are Art 6(1)(c) together with Art 12 GDPR, as well as Art 6(1)(f) GDPR. The legal basis for verifying your identity is Art 6(1)(f) GDPR.

  2. Your Data Protection Rights

The GDPR grants you the following rights:

  a. Right to Receive Information

You have the right to receive information about the processing of your personal data by us, Art 13 and 14 GDPR;

 b. Right to Obtain Information

You have the right to obtain confirmation as to whether we process your personal data and, where this is the case, to obtain access to the personal data, Art 15 GDPR;

 c. Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data, Art 16 GDPR;

 d. Right to be Forgotten

You have the right to request the deletion of your personal data under certain circumstances (for example, when the data is no longer necessary for the purposes for which it was collected), Art 17 GDPR;

 e. Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data under certain conditions, Art 18 GDPR;

f.  Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, Art 20 GDPR;

 g. Right to Withdraw Consent

Where we rely on your consent to process your personal data (Article 6(1)(a) GDPR or Article 9(2)(a) GDPR), you have the right to withdraw that consent at any time, Art 7(3) GDPR. This will not affect the lawfulness of processing based on consent before its withdrawal;

 h. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe your rights under the GDPR have been violated, Article 77 GDPR; and

 i. Right Against Decisions Based on Automated Processing

You have the right not to be subjected to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or significantly affects you in a similar way, Art 22(1) GDPR.

3. Right to Object

Under Article 21(1) GDPR, you have the right to object at any time to our processing of your personal data when that processing is based on our legitimate interests under Art 6(1)(f) GDPR. If you choose to object, you must explain how your specific situation gives you reason to ask us to stop processing your data. We need this information to determine whether your objection meets the legal requirements.

4. How to Exercise Your Rights

If you would like to exercise any of your rights as described in this Privacy Policy, you can do so at www.drstacysims.com/site/contact. You may also email us at support@drstacysims.com. We will respond to your request within the timeframe required by applicable law. We may need to verify your identity before processing your request pursuant to clause 11 “How to Exercise Your Rights” of this Privacy Policy.

The person responsible for data processing within the meaning of Art 4(7) GDPR is:

 

                  STSims Consultants Ltd.

                  48 Tweed St

                  Mount Maunganui

                  Bay of Plenty 3116

                  New Zealand

 

Our privacy support can be reached at:

 

                  STSims Consultants Ltd. 

                  Privacy Support

                  48 Tweed St

                  Mount Maunganui

                  Bay of Plenty 3116

                  New Zealand

                  support@drstacysims.com