Privacy Policy & Data Processing Agreement

Privacy Policy

This privacy policy describes our policies and procedures on the collection, use and disclosure of client’s user’s information when users use the Service and tells users about user privacy rights and how the law protects client and the users.

We use the client's user’s personal data to provide and improve the service. By using the service, clients and their users agree to the collection and use of information in accordance with this privacy policy.

Interpretation and Definitions


The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.


For the purposes of this privacy policy:

Account means a unique account created for a client’s users to access our service or parts of our service.
Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
Application means the software program provided by the company downloaded by user on any electronic device, named Silatha
Company (referred to as either "the company", "we", "us" or "our" in this agreement) refers to Silatha BV, Zacharias Jansestraat 47.
Country refers to: Netherlands
Device means any device that can access the service such as a computer, a cell phone or a digital tablet.
Personal Data is any information that relates to an identified or identifiable individual.
Service refers to the application.
Service Provider means any natural or legal person who processes the data on behalf of the company. It refers to third-party companies or individuals employed by the company to facilitate the service, to provide the Service on behalf of the company, to perform services related to the Service or to assist the company in analysing how the service is used.
Third-party Social Media Service refers to any website or any social network website through which a user can log in or create an account to use the service.
Usage Data refers to data collected automatically, either generated by the use of the service or from the service infrastructure itself (for example, the duration of a page visit).
Client means the company, or other legal entity on behalf of which such individual is accessing or using the service, as applicable.
User means the individual accessing or using the service as applicable.
Collecting and Using user Personal Data

Types of Data Collected

Personal Data

While using our service, we may ask users to provide us with certain personally identifiable information that can be used to contact or identify users. Personally identifiable information may include, but is not limited to:

Email address
First name
Usage Data
Usage Data

Usage data is collected automatically when using the service.

Usage data may include information such as user’s device's internet protocol address (e.g. IP address), browser type, browser version, the pages of our service that users visit, the time and date of user’s visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When client’s users access the service by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device users use, user’s mobile device unique ID, the IP address of user’s mobile device, user’s mobile operating system, the type of mobile Internet browser users use, unique device identifiers and other diagnostic data.

We may also collect information that the user’s browser sends whenever the user visits our service or when the user accesses the service by or through a mobile device.

Information Collection and Use

For a better experience, while using our service, we may require the client’s users to provide us with certain personally identifiable information, including but not limited to first name, surname, email, address, when users meditate, how often the users meditate, contacts. The information that we request will be retained by us and used as described in this privacy policy. This privacy policy operates within the regulations of the GDPR ruling.

The app does use third party services that may collect information used to identify users.

Link to relevant privacy documentation of third party service providers used by the app. By using the app, you agree to be bound by this documentation.

Google Play Services
Google Analytics for Firebase
Firebase Crashlytics
Information from Third-Party Social Media Services

The company allows client’s users to create an account and log in to use the service through the following third-party social media services:

If the client’s users decide to register through or otherwise grant us access to a third-party social media service, we may collect personal data that is already associated with that user’s third-party social media service's account, such as user name, user email address, user activities or user contact list associated with that account.

The client’s users may also have the option of sharing additional information with the company through user third-party social media service's account. If the client’s user chooses to provide such information and personal data, during registration or otherwise, the users are giving the company permission to use, share, and store it in a manner consistent with this privacy policy.

Third party providers
We may share the client’s user’s personal data within Silatha and with third parties, including in accordance with the GDPR. Where we share user data with a third party data processor, we will put the appropriate legal framework in place in order to cover such transfer and processing, in accordance with articles 26, 28 and 29 GDPR. Furthermore, where we share user data with any entity outside the EEA, we will put appropriate legal frameworks in place, notably controller-to-controller (2004/915/EC) and controller-to-processor (2010/87/EU) standard contract clauses approved by the European Commission, in order to cover such transfers, in accordance with articles 44 ff. GDPR.

We use Google Analytics, Firebase, Mailchimp and HubSpot as our third party service providers in order to collect and analyse data, create email distribution lists and manage marketing campaigns.
We use Amazon Web Services for the storage of the data to authenticate and secure all logins on the Silatha App. Under this contract, AWS certified it will not store any data outside the EEA.

Use of user Personal Data

The company may use personal data for the following purposes:

To provide and maintain our service, including to monitor the usage of our Service.
To manage user account: to manage user registration as a user of the service. The personal data of client’s users can give users access to different functionalities of the service that are available to the client’s users as a registered user.
For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services clients have purchased for the users or of any other contract with us through the service.
To provide clients and their users with news, special offers and general information about other goods, services and events which we offer that are similar to those that client have already purchased or enquired about unless client and users have opted not to receive such information.
To manage the client’s and their user’s requests: To attend and manage user requests to us.
For business transfers: We may use the client’s users information to evaluate or conduct a merger, divestiture, restructuring, reorganisation, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by us about our service users is among the assets transferred.
For other purposes: We may use client’s users information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our service, products, services, marketing and client’s and their users’ experience.
We may share users personal information in the following situations:

With service providers: We may share the personal information of the users with service providers to monitor and analyse the use of our service, to contact users.
With affiliates: We may share user information with our affiliates, in which case we will require those affiliates to honour this privacy policy. Affiliates include our parent company and any other subsidiaries, joint venture partners or other companies that we control or that are under common control with us.
With business partners: We may share client’s user’s information with our business partners to offer clients certain products, services or promotions.
With other users: When users share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside. If the client’s users interact with other users or registers through a third-party social media service, user's contacts on the third-party social media service may see user name, profile, pictures and description of user activity. Similarly, other users will be able to view descriptions of user activity, communicate with users and view user’s profiles.
With client and users consent: We may disclose user’s personal information for any other purpose with user consent.
Retention of client and users personal data

The Company will retain client’s user’s personal data only for as long as is necessary for the purposes set out in this privacy policy. We will retain and use the client's user’s personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain user data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The company will also retain usage data for internal analysis purposes. Usage data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our service, or we are legally obligated to retain this data for longer time periods.

Deletion of users Personal Data

In accordance with the GDPR regulation client’s user can at any point request user data to be deleted within the app in the profile section within the settings option.

Transfer of client Personal Data

Client’s user information, including personal data, is processed at the company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of the client and their users state, province, country or other governmental jurisdiction where the data protection laws may differ from those from client’s and user’s jurisdiction.

Client’s user’s consent to this privacy policy followed by user submission of such information represents user’s agreement to that transfer.

The company will take all steps reasonably necessary to ensure that client and their user’s data is treated securely and in accordance with this privacy policy and no transfer of client’s user’s personal data will take place to an organisation or a country unless there are adequate controls in place including the security of user data and other personal information.

Disclosure of user Personal Data

Business Transactions

If the company is involved in a merger, acquisition or asset sale, client’s user’s personal data may be transferred. We will provide notice before client and their users personal data is transferred and becomes subject to a different privacy policy.

Law enforcement

Under certain circumstances, the company may be required to disclose the client’s user’s personal data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

The company may disclose client’s user’s personal data in the good faith belief that such action is necessary to:

Comply with a legal obligation
Protect and defend the rights or property of the company
Prevent or investigate possible wrongdoing in connection with the service
Protect the personal safety of users of the service or the public
Protect against legal liability
Security of client and users personal data

The security of the client's user’s personal data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect client and their users personal data, we cannot guarantee its absolute security.

Children's Privacy

Our service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If the user is a parent or guardian and the user is aware that the users’s child has provided us with personal data, please contact us. If we become aware that we have collected personal data from anyone under the age of 13 without verification of parental consent, we take steps to remove that information from our servers.

If we need to rely on consent as a legal basis for processing user information and the user country requires consent from a parent, we may require the user’s parent's consent before we collect and use that information.

Links to other websites

Our service may contain links to other websites that are not operated by us. If the client’s user clicks on a third party link, the user will be directed to that third party's site. We strongly advise users to review the privacy policy of every site user visits.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Changes to this privacy policy

We may update our privacy policy from time to time. We will notify users of any changes by posting the new privacy policy on this page.

We will let users know via email and/or a prominent notice on our service, prior to the change becoming effective and update the "Last updated" date at the top of this privacy policy.

Users are advised to review this privacy policy periodically for any changes. Changes to this privacy policy are effective when they are posted on this page.

Contact Us

If client or their users have any questions about this privacy policy, we can be contacted at:

By email: moc.ahtalis%40ofni
Data Processing Agreement
This Data Processing Agreement (the “DPA”) forms part of the agreement For Services (the “agreement”) between Silatha and client and client’s users. Terms used in the DPA have the same meaning as those used in the agreement, unless explicitly provided otherwise. If there are any conflicts or inconsistencies between the DPA and the agreement, the provisions in the DPA prevail.

Silatha supports companies to create an equitable workplace where women feel valued. Silatha does this two fold:

By creating support groups for the women, in which they are assisted with peer-to-peer support, access to experts, coaching and mindfulness tools.
Educating and knowledge sharing with the entire company to create awareness across all employees around taboo topics.
The Silatha app is a strong core product that is a supporting piece to the Silatha program.

All of the above constitute to Silatha’s service. As described in our privacy policy (, Silatha does this from the role defined within the General Data Protection Regulation (the “GDPR”) as data processor (hereinafter referred to as “Silatha”), where the role of user is defined as the data user (hereinafter referred to as “user”).

In this DPA, “processing operations” means any action or set of actions relating to personal data (“personal data”), including in any case the collection, recording, organizing, retention, updating, modification, retrieval, consultation, use, provision by transmission, dissemination or any other form of making available, bringing together, linking together, as well as the shielding, erasure or destruction of personal data in the context of the user’s assignment to Silatha to make Silatha’s application (“app”) available for the benefit of the employees of the client. In this DPA, personal data means data such as: first name, last name, email address, job title, device ID, test results and telephone number. For purposes of high level continuous improvement of Silatha’s products and services and to reflect the ongoing development in our operation practices, with notice to client, Silatha may modify this DPA, but any modifications will not materially decrease Silatha's overall obligations during a subscription term.


The client has contracted Silatha to hold a workshop. This leads to the performance of processing operations as described in the agreement, as well as this DPA.

Silatha is not entitled to perform acts with regard to the personal data other than on the basis of written instructions from the client. Silatha will only process the personal data for the purposes stated in the agreement and Silatha guarantees that it will never exploit, use or otherwise process the personal data for its own (commercial) purposes. If a union or member state law applicable to Silatha requires it to process personal data, Silatha will notify the client of that legal provision prior to the processing, unless that legislation prohibits such notification for important reasons of public interest.

Silatha may outsource the processing operations to third parties, including affiliated companies or subcontractors. Sub-processors for user authentication and Amazon Web Services as a sub-processor for the hosting of our platform. The full list of sub-processors can be found in our data policy ( Silatha will ensure that these third parties are bound by all that is stipulated in this DPA. Silatha remains responsible for any act and/or omission of third parties engaged with.

Silatha will ensure that only those employees or other contractors of Silatha who are required to process the personal data will have access to the personal data. Silatha will adequately instruct these employees or other subordinates of Silatha and ensure that they are familiar with the responsibilities and obligations under this DPA and under applicable laws and regulations.

Silatha will, at the request of the client, make information available that is necessary to demonstrate compliance with this DPA as well as compliance with the applicable data protection laws and regulations.

At the request of the client and their users, Silatha will grant the user access to the personal data and respond to questions and requests from the client and their users in relation to the processing of personal data. Silatha will also, within 2 (two) weeks after request from the client or users:

(i) provide a copy to the client and their users of all personal data or personal data concerning a specific person that is in its possession or control, as well as a copy of all documents in which this personal data is included and an overview of all systems in which this personal data is included and all other processing of this personal data that is carried out by Silatha, in such a format as the client or their users reasonably requests;

(ii) delete, block or correct certain personal data in accordance with the instructions of the client and their users;

(iii) record non-compliance with specific requests for deletion, blocking or correction and the reasons for this.

Notifications of Disclosures

Silatha will notify the client and users within 72 (seventy-two) hours if a competent authority has made a legally binding request for the provision of the personal data, unless Silatha is not permitted to notify the client and users of this, such as in the event of a criminal injunction to maintain the confidentiality of any law enforcement investigation.

Silatha will notify the client and their users within 72 (seventy-two) hours if it receives a request from a data subject with regard to the personal data, including but not limited to a request for access, rectification, erasure or restriction of processing, data portability, and/or an objection to the processing. Silatha will assist the client and their users in fulfilling its duty to respond to requests to exercise the rights of data subjects by means of appropriate technical and organizational measures.

Silatha will inform the client and the users if at any time it is not (any longer) able to fulfill its obligations under this DPA or if it foresees that it is not (any longer) able to do so in the near future. The client and their users can then decide to (i) with immediate effect stop providing personal data to Silatha, (ii) to instruct Silatha to suspend the processing activities until the moment Silatha is again able to properly fulfill the obligations under this DPA, or (iii) to terminate this DPA with immediate effect.

Silatha will maintain strict confidentiality with regard to the personal data and will guarantee that the persons authorized to process the personal data will maintain confidentiality or are bound by an appropriate legal obligation of confidentiality. Silatha will also ensure that it has taken measures to ensure that no more persons have access to the personal data than necessary, and that every natural person acting under the authority of Silatha, and has access to the personal data only uses it to fulfill the agreed purpose, unless the natural person is bound by union or member state law to do otherwise.

Silatha will notify the client and the users if, in the opinion of Silatha, an instruction from the client or the user is in conflict with the applicable laws and/or regulations, including but not limited to the applicable data protection laws and regulations, or if an upcoming change in applicable laws and regulations are likely to have a negative effect on the way in which Silatha will be able to fulfill obligations under this DPA.

Notifications of data breaches

Silatha will notify the client and the users in writing within 48 (forty-eight) hours of becoming aware of a suspected or actual breach in connection with personal data (a “data breach”), including but not limited to an actual or suspected unauthorized access, disclosure, use, loss, damage or destruction of the personal data by a current or former employee, contractor or agent of Silatha or by any other person or third party. Silatha will provide the client and the users with full assistance in fulfilling the obligations of the client and their users in this respect, such as assisting, if requested, with reporting to the supervisory authority and/or the data subject(s).

Silatha will timely assist and support the client and their users in the event of an investigation by a supervisory authority, if and insofar as that investigation is related to the processing of Personal Data as referred to in this DPA.

Silatha will at all times provide the client and their users in a timely manner with the fulfillment of its obligations under Article 32 to 36 of the GDPR, including but not limited to the obligations of the client and their users with regard to the security of the processing and the performance of data protection impact assessments.

Applicable legislation and regulations

Silatha will comply with its obligations under this DPA as well as from all applicable laws and regulations, including but not limited to the GDPR, and hereby accepts all (future) obligations that will ensue from this.

Technical and organizational measures

Silatha will take adequate technical and organizational measures to secure the personal data and will apply a security level that guarantees the confidentiality of the personal data and guarantees that the personal data is protected against loss, alteration, destruction, disclosure or access, and furthermore against all other forms of unlawful processing of the personal data. Taking into account the state of art and costs of implementation of these measures, these measures will guarantee an appropriate level of security in view of the risks associated with the processing and the nature of the personal data to be protected.

Processing outside the EEA

Without the prior written consent of the client and the users, Silatha will not process any personal data, or have it processed, outside the European Economic Area and/or the European Union.

Term and termination

This DPA will enter into force on the same date as the agreement between Silatha and client the users, and will remain valid for 6 (six) months after termination of the agreement.

Either party can terminate this DPA prematurely by giving notice of termination of the DPA in writing with due observance of a notice period of 3 (three) months. The party that terminates the DPA does not owe the other party any compensation in connection with the termination, with the exception of the fees as stipulated in the agreement between Silatha and client.

If one of the following cases occurs with regard to a party, this DPA will be terminated with immediate effect and by operation of law without notice of default being required and without the parties owing each other any compensation:

(i) the party has ceased exist or has been dissolved;

(ii) the party has been declared bankrupt or has been granted a moratorium on payments, whether or not temporarily;

(iii) the party has applied for a suspension of payments or that party is granted a suspension of payments;

(iv) the party is placed under administration.

Return of Personal Data

If this DPA ends, or if the client or any user, requests the cessation of the processing activities, or if the retention period of the personal data of 2 (two) years has expired, Silatha will cease the processing activities with regard to the personal data with immediate effect and it will, on its own accord, without delay, but no later than within 4 (four) weeks, return all documents and other information carriers, including copies thereof, containing personal data, to the client or user.

Insofar as personal data is stored in a computer system of Silatha or is recorded in another form that cannot reasonably be given to client or their users, Silatha will destroy that personal data, subject to other instructions from the client or their users, unless Silatha is obliged to store the personal data on the basis of an EU or member state law.

Governing law and jurisdiction

This DPA is exclusively subject to Dutch law. Applicability of the Vienna Sales Convention is expressly excluded.

All disputes arising in connection with this DPA , including disputes about its existence and validity, will be settled by the competent court in Amsterdam.


This DPA is not transferable by either party, except with the prior written consent of the other party.

This DPA can only be amended or supplemented in writing and with consent of both parties.

Want to Attract & Retain Women?

Contact us today!