Privacy Policy

Last Updated: December 19, 2025

Abhinaya Varshini Dansestudio ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://avdanse.no and use our services.

Your Rights: Under the General Data Protection Regulation (GDPR), you have the right to access, rectify, erase, restrict processing, data portability, object to processing, and lodge a complaint with a supervisory authority regarding your personal data. You can manage your cookie preferences anytime via Cookie Settings.

1. Data Controller Information

Business Name: Abhinaya Varshini Dansestudio (Abhinaya Varshini Dansestudio)
Address: Holmen Center, Vogellund 6, 1394 Nesbru, Norway
Email: amirtha.r@gmail.com
Phone: +47 48688908

For questions or concerns about this Privacy Policy or our data practices, please contact us using the above information.

2. What Data We Collect

We collect different types of information depending on how you interact with our website and services:

2.1 Information You Provide Directly

Account Registration: First name, last name, email address, phone number, user type (student/parent/admin)
Contact Forms: Name, email address, subject, message content
Class Enrollment: Student information, emergency contact details, class preferences

2.2 Information Collected Automatically

Technical Data: IP address, browser type and version, device information, operating system
Usage Data: Pages visited, time spent on pages, visit counts, referring websites
Cookies and Storage: Authentication tokens, language preferences, session data (see our Cookie Policy for details)

3. How We Collect Data

Direct Submissions: When you register for an account, submit a contact form, or enroll in classes
Automated Technologies: Cookies, localStorage, sessionStorage, and similar technologies
Third-Party Services: Through services like Supabase (authentication), EmailJS (contact forms), and Google Fonts (typography)

4. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

Purpose	Legal Basis
User account management and class enrollment	Contract performance (providing dance classes)
Contact form submissions	Consent (you voluntarily provide information)
Website functionality and security	Legitimate interests (site operation and security)
Marketing communications (if opted in)	Consent (you can withdraw anytime)

5. How We Use Your Data

We use your personal data for the following purposes:

Provide Services: Manage your account, process class enrollments, schedule classes, communicate about your dance education
Respond to Inquiries: Answer questions submitted through contact forms
Website Operations: Maintain website functionality, security, and user experience
Improvements: Analyze usage patterns to improve our website and services
Legal Compliance: Comply with legal obligations and protect our rights
Communications: Send important updates about classes, schedule changes, and studio announcements

6. Third-Party Services

We use the following third-party services that may process your personal data:

6.1 Supabase (Authentication & Database)

Purpose: User authentication, profile management, class scheduling database
Data Processed: Email, names, phone numbers, user profiles, authentication tokens
Data Location: Servers in the United States and/or European Union
GDPR Compliance: Supabase is GDPR compliant and provides appropriate safeguards
Privacy Policy: https://supabase.com/privacy

6.2 EmailJS (Contact Form Processing)

Purpose: Process and deliver contact form submissions
Data Processed: Name, email address, subject, message content
Data Retention: Contact form data is retained for 1 year for customer service purposes
Privacy Policy: https://www.emailjs.com/legal/privacy-policy/

6.3 Google Fonts (Web Typography)

Purpose: Provide web fonts for improved typography
Data Processed: IP address, user agent (browser information)
Data Usage: Google may log requests for performance and analytics
Privacy Policy: https://policies.google.com/privacy

6.4 jsDelivr CDN (Content Delivery)

Purpose: Deliver JavaScript libraries quickly and reliably
Data Processed: IP address, request logs
Privacy Policy: https://www.jsdelivr.com/privacy-policy-jsdelivr-net

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Data Type	Retention Period
User accounts and profiles	Until deletion requested or 2 years of inactivity
Contact form submissions	1 year from submission
Authentication sessions	7 days or until logout
Visit counters (anonymized)	Indefinitely (no personal identification)
Class enrollment records	3 years after class completion (for record-keeping)

8. Your Rights Under GDPR

If you are a resident of the European Economic Area (EEA), you have the following data protection rights:

Right to Access: Request a copy of your personal data we hold
Right to Rectification: Correct inaccurate or incomplete data (edit your profile in the dashboard)
Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing of your personal data
Right to Restrict Processing: Request limitation of processing your data
Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
Right to Lodge a Complaint: File a complaint with your local data protection authority

9. How to Exercise Your Rights

Self-Service Options:

Update Profile: Log in to your dashboard and edit your profile information
Delete Account: Request account deletion through your profile settings
Manage Cookies: Use the Cookie Settings tool in the footer

Contact Us for Requests:

For data access, portability, or other requests, please email us at amirtha.r@gmail.com with the subject line "GDPR Data Request".

Response Time: We will respond to your request within 30 days. If we need more time, we will inform you of the reason and extension period.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

Encryption: HTTPS encryption for all data transmitted to/from our website
Access Controls: Strict access controls limiting who can view personal data
Authentication: Secure authentication system with encrypted passwords
Session Management: Automatic logout after 10 minutes of inactivity
Regular Updates: Regular security updates and monitoring
Data Minimization: We only collect data necessary for our services

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. International Data Transfers

Our third-party service providers (such as Supabase) may store data on servers located outside the European Economic Area (EEA), including in the United States. When we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses approved by the European Commission
Service providers certified under recognized data protection frameworks
Ensuring equivalent levels of data protection

12. Children's Privacy

Our services are open to students of all ages, including children under 16. For users under 16 years old:

We require parental consent for account registration
Parents can create accounts on behalf of their children (user type: "parent")
Parents have the right to review, modify, or delete their child's information
We do not knowingly collect unnecessary personal data from children

If you believe we have collected personal data from a child without parental consent, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:

We will update the "Last Updated" date at the top of this page
Material changes will be announced on our website homepage
For significant changes, we may notify registered users via email
Continued use of our services after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically.

14. Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
Notify affected individuals without undue delay if the breach poses a high risk
Provide clear information about the nature of the breach and steps being taken

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Abhinaya Varshini Dansestudio
Holmen Center, Vogellund 6
1394 Nesbru, Norway

Email: amirtha.r@gmail.com
Phone: +47 48688908

Instructor: Smt. Amirthavarshini Raju

16. Related Policies

For more information about our data practices, please also review:

Cookie Policy - Detailed information about cookies and browser storage
Terms & Conditions - Terms of service for using our website and services

This Privacy Policy is effective as of December 19, 2025 and applies to all users of Abhinaya Varshini Dansestudio's website and services.

Back to Home