Privacy and Your Personal Data
It applies to Information collected by us, or provided by you, whether at one of our activity centres, over our Website, or in any other way (such as over the telephone). It is also intended to assist you in making informed decisions when using our Website and our services.
We may use the personal information you provide us to help us improve the service we provide, to advertise our services to you, to maintain our accounts and records, and to support and manage our staff.
All your personal Information shall be held and used in accordance with the new General Data Protection Regulation (known as “GDPR”) which comes into effect on the 25 May 2018. If you want to know what information we collect and hold about you, or to exercise any of your rights (as set out below), please write to us via email at email@example.com.
Yogalotus is the controller of your Information for the purposes of the GDPR.
What Information Do We Collect on our Website?
When you visit our Website, you may provide us with personal information such as name, address, phone numbers, email address, Bank details for payment.
You may provide us with Information in a number of ways:
a/ by supplying us with the Information as listed above, on an individual basis by registering as a registered user or subscribing to receive updates or offers from us. To become a registered user you must provide us with your name and email address, but you may also provide us with additional information if you choose to do so;
b/ by corresponding with us by email, in which case we may retain the content of your email messages together with your email address and our responses;
c/ by applying to enrol in our courses, filling in/uploading our online information/booking forms, or applying for a job with us;
d/ through any preferences and areas of interest as advised by you on subscribing to our online services;
e/ by Information provided via your phone or when you attend any of our centres/classes/retreats;
f/ by providing personal data about other named applicants. You must have their authority to provide their personal data to us and share this data protection statement with them beforehand together with details of what you have agreed on their behalf.
How we use your Information
1.1 We will hold, use and disclose your Information for our legitimate business purposes including:
a/ to keep you up to date about important changes to our business;
b/ to administer and provide products and services you request or have expressed an interest in;
c/ to communicate with you in the event that any products or services you have requested are unavailable;
d/ to answer your queries;
e/ for record keeping purposes;
f/ for profiling purposes to enable us to personalise and/or tailor any marketing communications that you may consent to receive from us;
g/ to release Information to regulatory or law enforcement agencies, if we are required or permitted to do so.
1.2 We may process certain sensitive personal data (known as special category data in GDPR) where you include it in information you send to us e.g. if you include information about your health/medical history in booking requests. We have processes in place to limit our use and disclosure of such sensitive data other than where permitted by law.
The legal basis for processing your Information
Under GDPR, the main grounds that we rely upon in order to process your Information are the following:
a/ Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your Information. We may also be obliged by law to disclose your Information to a regulatory body or law enforcement agency;
b/ Necessary for the purposes of legitimate interests – we will need to process your Information for the purposes of our legitimate interests., provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your information protected. Our legitimate interests include responding to requests and enquiries from you, fulfilling enrolment/booking applications, optimising our website and customer experience, informing you about our products and services and ensuring that our operations are conducted in an appropriate and efficient manner;
c/ Consent – in some circumstances, we may ask for your consent to process your Information in a particular way.
How we share your Information
In certain circumstances we will share your Information with other parties. Details of these parties are set out below along with the reasons for sharing it.
a/ Trusted third parties: In order to provide certain services, we will share your information with third party service providers such as IT infrastructure companies and email logistics providers. We will not share your data with any third party where it is not necessary to do so to provide a service to you;
b/ Regulatory and law enforcement agencies. As noted above, if we receive a request from a regulatory body or law enforcement agency, and if permitted under GDPR and other laws, we may disclose certain personal information with the new owners of the business or company and their advisors;
c/ New business owners. If we or our business merges with or is acquired by another business or company, we will share your personal information with the new owners of the business or company and their advisors. If this happens, you will be sent notice of such event.
How long we hold your Information
We will only retain your information for as long as is necessary for the purpose or purposes for which we have collected it. The criteria that we will use to determine retention periods will be determined by the nature of the data and the purposes for which it is kept. For example, if we receive your Information through an enrolment entry, we will retain your data for as long as is necessary to administer the enrolment. If we receive your Information when you apply for a job, we will retain your data for as long as it is necessary to process your application and maintain application statistics. We will not directly market you for longer than three (3) years, unless you consent to receive direct marketing by opting in again before the expiry of that three (3) year period. In certain circumstances, once we have deleted or anonymised your data, we may need to retain parts of it (for example, your email address), in order to comply with our obligations under GDPR or other legislation, or for fraud detection purposes.
Your rights relating to your Information
You have certain rights in relation to personal information we hold about you. Details of these rights and how to exercise them are set out below. We will require evidence of your identity before we are able to act on your request.
a/ Right of Access. You have the right at any time to ask us for a copy of the Information about you that we hold, and to confirm the nature of the Information and how it is used. Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your Information, or certain elements of the request. If we refuse your request, or any element of it, we will provide you with our reasons for doing so;
b/ Right of Correction or Completion. If Information we hold about you is not accurate, or is out of date or incomplete, and requires amendment or correction, you have a right to have the data rectified, updated or completed. You can let us know by contacting us at the address, or email address set out above;
c/ Right of Erasure. In certain circumstances, you have the right to request that Information we hold about you is erased e.g. if the Information is no longer necessary for the purposes for which it was collected, or processed, or our processing of the Information is based on your consent, and there are no other legal grounds on which we may process the Information;
d/ Right to Object to,or Restrict Processing. In certain circumstances, you have the right to object to our processing of your Information by contacting us at the address, or email address set out above. For example, if we are processing your Information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You also have the right to object to use of your Information for direct marketing purposes.
You may also have the right to restrict our use of your Information, such as in circumstances where you have challenged the accuracy of the Information and during the period where we are verifying its accuracy;
e/ Right of Data Portability. In certain instances, you have a right to receive any Information that we hold about you in a structured, commonly used and machine-readable format. You can ask us to transmit that Information to you, or directly to a third party organisation.
This right exists in respect of Information that:
-you have provided to us previously; and
- is processed by us using automated means.
While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation’s systems. We are also unable to comply with requests that relate to Information of others without their consent.
You can exercise any of the above rights by contacting us at the email address set out above. You can exercise your rights free of charge.
Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
To the extent that we are processing your Information based on your consent, you have the right to withdraw your consent at any time. You can do this by unsubscribing via the link provided in any direct marketing communication, or contacting us at the address, or email address set out above.
In common with many other website operators, we use standard technology called ‘cookies’ on our website. Cookies are small pieces of information that are stored by your browser on your computer’s hard drive and they are used to record how you navigate this website on each visit.
Security of Information
We take the security of your personal Information seriously. When you submit your data to us, we use industry standard Secure Sockets Layer (SSL) encryption technology to guard your Information. In addition, we have security procedures in place to protect our paper based systems and computerised databases from loss and misuse, and only allow access to them when it is absolutely necessary to do so, and then under strict guidelines as to what use may be made of the personal Information contained within them.
If you are unhappy about our use of your Information, you can contact us at the email address above. You are also entitled to lodge a complaint with the UK Information Commissioner’s Office using any of the below contact methods:
Telephone: 0303 123 1113
Post: Information Commissioner’s Office