Privacy Policy

PRIVACY POLICY

Last updated: March 3, 2026.

COMPANY INFORMATION

SM Strategic Minds Marketing ("the Company", "we", "us", "our")

Registered in Cyprus

Registration number: HE 466059

Operating under the brand name: Shift by Sofia

 

 

  1. INTRODUCTION

We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website at www.shiftbysofia.com or engage with our coaching services.

This policy complies with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the applicable data protection laws of the Republic of Cyprus.

 

Please read this policy carefully. By using our website or services, you acknowledge that you have read and understood this policy.



  1. DATA CONTROLLER

The data controller responsible for your personal data is:

SM Strategic Marketing Ltd.

sofia@shiftbysofia.com.



  1. WHAT DATA WE COLLECT

We may collect and process the following categories of personal data:

  1. a) Data you provide directly:

— Full name

— Email address

— Any information you share through our contact form or during coaching sessions

— Payment information (processed securely through our payment provider — we do not store card details)

 

  1. b) Data collected automatically:

— IP address

— Browser type and version

— Pages visited and time spent on our website

— Referring website

— Device information

 

  1. c) Cookies and tracking data (see Section 8 for full details):

— Google Analytics data

— Social media pixel data (Facebook, Instagram, LinkedIn, and others)



  1. HOW WE USE YOUR DATA

 

We use your personal data for the following purposes and legal bases:

Purpose: Responding to enquiries submitted via the contact form

Legal basis: Legitimate interest / Pre-contractual steps

 

Purpose: Providing coaching services

Legal basis: Performance of a contract

 

Purpose: Processing payments

Legal basis: Performance of a contract

 

Purpose: Sending service-related communications

Legal basis: Performance of a contract

 

Purpose: Improving our website and services through analytics

Legal basis: Consent (via cookie consent)

 

Purpose: Targeted advertising via social media pixels

Legal basis: Consent (via cookie consent)

 

Purpose: Complying with legal obligations

Legal basis: Legal obligation

 

We will never use your data for purposes incompatible with those listed above without your prior consent.



  1. DATA RETENTION

We retain your personal data only for as long as necessary:

— Contact form enquiries: 12 months from the date of submission

— Client coaching records: 3 years from the end of the coaching relationship

— Financial and payment records: 7 years (as required by Cyprus tax law)

— Website analytics data: As per Google Analytics retention settings (default 26 months)

 

After the relevant retention period, your data will be securely deleted or anonymised.



  1. WHO WE SHARE YOUR DATA WITH

We do not sell your personal data. We may share it with the following third parties where necessary:

 

— Payment processors: Stripe or Revolut — to process payments securely

— Google LLC — for website analytics (Google Analytics)

— Meta Platforms (Facebook/Instagram) — for advertising pixels (with your consent)

— LinkedIn — for advertising pixels (with your consent)

— Sendpulse — our website and email platform

— Legal or regulatory authorities — where required by law

 

All third-party processors are required to handle your data in accordance with GDPR and our data processing agreements.



  1. INTERNATIONAL DATA TRANSFERS

Some of our third-party service providers (including Google and Meta) are based outside the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.



  1. COOKIES

Our website uses cookies — small text files stored on your device — to improve your experience and help us understand how our website is used.

 

Types of cookies we use:

 

STRICTLY NECESSARY COOKIES

These are essential for the website to function. They cannot be disabled.

 

ANALYTICS COOKIES

Google Analytics: We use Google Analytics to understand how visitors interact with our website. This data is anonymised and aggregated. These cookies are only set with your consent.

 

MARKETING & PIXEL COOKIES

We use social media pixels from Facebook, Instagram, LinkedIn, and other platforms to measure the effectiveness of our advertising and to show relevant ads. These are only activated with your explicit consent.

 

You can manage your cookie preferences at any time via the cookie consent banner on our website, or by adjusting your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

 

For more information on Google Analytics and how to opt out, visit: https://tools.google.com/dlpage/gaoptout



  1. YOUR RIGHTS UNDER GDPR

As a data subject under GDPR, you have the following rights:

 

  • Right of access — You can request a copy of the personal data we hold about you.
  • Right to rectification — You can ask us to correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") — You can ask us to delete your personal data, subject to legal obligations.
  • Right to restriction of processing — You can ask us to limit how we use your data in certain circumstances.
  • Right to data portability — You can request your data in a structured, machine-readable format.
  • Right to object — You can object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent — Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint — You have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection in Cyprus:

Website: www.dataprotection.gov.cy

Address: 1 Iasonos Street, 1082 Nicosia, Cyprus

 

To exercise any of your rights, please contact us at: sofia@shiftbysofia.com.

We will respond within 30 days of receiving your request.



  1. DATA SECURITY

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include:

— Encrypted data transmission (SSL/TLS)

— Restricted access to personal data

— Secure password protocols

— Regular review of our data security practices

 

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.



  1. CHILDREN'S DATA

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately.



  1. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will notify you of any significant changes by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically.



  1. CONTACT

For any questions, concerns, or requests relating to this Privacy Policy, please contact:

Company: SM Strategic Minds Marketing

Email: sofia@shiftbysofia.com

logo smaller

Shift by Sofia.

Coaching for Clarity and Transformation.

Transformational life coaching for people ready to close the gap between where they are and where they want to be.

2026. Shift by Sofia. All Rights Reserved. | Privacy Policy | Terms & Conditions | Cancellation & Refund Policy