This policy sets out how we ensure that your information is processed lawfully and appropriately, in line with the requirements of the Data Protection Act 2018 and the General Data Protection Regulation (collectively referred to as the ‘Data Protection Requirements’).
We take our data protection duties seriously because we respect your privacy. We will not sell or otherwise transfer your information to third parties for marketing purposes without your explicit consent
About This Policy
Jo Burningham Yoga is responsible for ensuring compliance with the Data Protection Requirements and with this policy. Any questions about the operation of this policy or any concerns that the policy has not been followed should be referred to us by emailing email@example.com, or by using our contact page.
What is Personal Data?
Personal data means data (whether stored electronically or paper based) relating to a living individual who can be identified directly or indirectly from that data (or from that data and other information in our possession).
Processing is any activity that involves use of personal data. It includes obtaining, recording, holding or transferring data; organising, amending, retrieving, using, disclosing, erasing or destroying it.
Data we hold about you
We hold your name, email address, (phone number, location and health records if provided) and class/workshop booking in our booking tool Simply Book and we also store your email address in our web provider system MailPoet in order to communicate with you via our newsletter (see details about newsletters below) and Learn more about SimplyBook's privacy practices here.
If you are attending a course or receiving yoga therapy, you will be asked to complete a supplementary health questionnaire and we will store this information you have provided safely and in-line with poilcay as outlined below.
Some of our classes are for teenagers and we would hold the young person's name, guardian names, contact details of guardian, DOB as required.
Keeping your data safe
Your data is stored digitally and to keep it safe it is protected by a firewall & network security, anti-virus software, password protected and other safeguards. We only allow our admin staff, website administrators, software developers and instructors access to your personal records.
Keeping your data confidential
If we believe your details have been compromised (eg through a data breach) in any way we will inform as soon as possible of becoming aware.
Passing your data to others
We have never, and will never, give or sell your details to a third party except when we are working with another organisation to promote or deliver a course or workshop, in which case it will have been made explicit on the booking form.
Fair and Lawful Processing
The Data Protection Requirements are not intended to prevent the processing of personal data, but to ensure that it is done fairly and without adversely affecting the rights of the individual.
In accordance with the Data Protection Requirements, we will only process personal data where it is required for the following lawful purposes: where the processing is necessary for performing a contract with the individual, for compliance with a legal obligation, in the legitimate interests of the business, or where the individual has given their consent.
Processing for Limited Purposes
We have in place detailed policies and procedures for all categories of data subjects. These will be kept up to date with all Data Protection requirements and are available to data subjects upon request.
We will ensure that personal data we hold is accurate and kept up to date. We will check the accuracy of any personal data at the point of collection and at regular intervals afterwards. We will take all reasonable steps to amend or destroy inaccurate or out-of-date data.
We will not keep personal data longer than is necessary for the purpose or purposes for which it was collected. We will take all reasonable steps to destroy, or erase from our systems, all data which is no longer required.
Processing in line with Data Subject’s Rights
We will process all personal data in line with data subjects’ rights, in particular their rights to:
- Confirmation as to whether or not personal data concerning the individual is being processed.
- Request access to any data held about them.
- Request rectification, erasure or restriction on processing of their personal data.
- Lodge a complaint with a supervisory authority.
Object to processing, including for direct marketing.
Not be subject to automated decision making including profiling in certain circumstances.
You can remove yourself from our newsletters any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at firstname.lastname@example.org.
We use Mailpoet as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailpoet for processing. Learn more about Mailpoet's privacy practices here.
Data Security - Keeping your data safe
Your data is stored digitally and we take appropriate and adequate security measures against unlawful or unauthorised processing of personal data, and against the accidental or unlawful destruction, damage, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.
We have in place industry-standard procedures and technologies to maintain the security of all personal data from the point of the determination of the means for processing and point of data collection to the point of destruction. Additionally, we use a secure connection when collecting personal financial information from you, which conforms to PCI standards. All forms which request credit card or bank details use the SSL (Secure Sockets Layer) protocol for encryption.
Wherever possible, we will store all personal data inside the European Economic Area (EEA). Any time that data is transferred outside the EEA, we ensure that exactly the same provisions on data security and processing are applied.
We only allow our admin staff, website administrators, software developers and insructors access to your personal records.
Your rights over your data
At any time you have the right to withdraw your consent, ask us to remove your data from our system, to unsubscribe from our mailing list or ask us not to contact you by emailing us email@example.com. We will act on your request and confirm with you that this has happened.
Changes to this Policy
Cookies are used on this website to make the site easier to use and to track the traffic patterns of visitors. We are operating an ‘implied consent’ policy which means that we assume you are happy with this usage. If you are not happy with this, then you should adjust your web browser settings to disallow cookies.