GDPR policy : your privacy
For the purpose of the General Data Protection Regulation (the “GDPR”), which applies in the UK on May 25, 2018, and other data protection laws applicable in the UK, the data controller is Yogibrain.
INFORMATION WE MAY COLLECT ABOUT YOU
We may collect personal data, that includes your name, date of birth, address, email address, contact information, emergency contact and doctor information, financial information (payment information such as credit or debit card or direct debit details).
We may collect and process the following data about you:
- Information you provide when you use our website, Mindbody’s website or any other processor service (for example, Paysafe or Mailchimp). This includes information you provide when you book a class, workshop or course, purchase any other product or service or enter a competition or promotion. We may also ask you for information if you report a problem with our website.
Information you provide when you contact us by email, through our contact forms on our website or social media platforms, by telephone, in writing or in person, including all studio registration and membership forms. We may keep a copy of that correspondence or communication.
- Information you may provide to other booking systems who send us your information when you select our studio to book a class.
- Details of your visits to the website and the resources that you access as set out in IP Addresses.
If you are aged 18 or under, please get your parent/guardian’s permission beforehand whenever you provide personal information us. Users without this consent are not allowed to provide us with personal information.
If you are providing information on behalf of another person, please get their permission beforehand whenever you provide personal information to us. Users without this consent are not allowed to provide us with personal information
USES MADE OF THE INFORMATION
We use information held about you in the following ways:
- to provide customer support e.g. responding to your enquiries;
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, goods and services that you request from us;
- to send you a welcome email, to verify your account when you register with the site or sign-up at one of our events and other emails for the purposes of providing any services or products to you, including in relation to account management or system maintenance or setting consent preferences.
- for internal record keeping and to improve our goods and services;
- to notify you about changes to our goods, services or class & workshop schedules;
- to provide you with information of product and services we offer that are similar to those that you have already purchased or other goods or services we believe may be of interest to you. We will not share your data with third parties for marketing purposes.
- to ensure that content from our site is presented in the most effective manner for you and for your computer; to administer our site for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- We will only use financial or credit card information to discharge our legal / regulatory duties and to process payments made by you for our products and services or due to you by agreement (e.g. refunds); or to investigate financial transactions with our bank or payment processor.
LEGAL BASIS FOR DATA PROCESSING
We can process personal data on various legal bases:
For processing operations for which we obtain your consent for a specific processing purpose, Article 6(1)(a) of the GDPR is our legal basis. For example, purchase of a class pass or consent to marketing emails.
If the processing of personal data is necessary for the performance of a contract with yourself, for example, when processing operations are necessary to provide you with our products or services, the processing is based on Article 6(1)(b) of the GDPR. This includes processing required from your inquiries concerning our products or services.
As an entity established under the laws of England and Wales, we are obliged to comply with UK laws and guidance provided by UK regulatory bodies and where we are subject to a legal obligation by which processing of personal data is required, our processing is based on Article 6(1)(c) of the GDPR.
Finally, we can base our processing operations on Article 6(1)(f) of the GDPR: in specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
THIRD PARTY SERVICES
Certain providers may be located in, or have facilities that are located in, a different jurisdiction than either you or us for example, Mindbody and Mailchimp which means your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
We may also disclose your personal information to third parties: only in the event that we consider selling the business entity; in the event of an insolvency situation or to protect our rights, our property, our customers, or others.
Where you have chosen a password to access certain parts of our booking site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
You have a number of rights in relation to our use of your personal information and can request us to do various things with this information. For example, at any time you can ask us to correct mistakes or even delete your information.
CCTV is used to provide safety, security and protection for our visitors and our staff. CCTV will be only be viewed when necessary (e.g. to detect or prevent a crime) and footage is stored for set period of time.
If our company is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell services to you.
In the event that there is a change to your personal information, for example your contact details, please let us know of this by contacting us so that we can keep your information up to date and accurate. If you have any concerns regarding our processing of your personal data, please contact us in the first instance. Our contact details are: firstname.lastname@example.org. edit “gdpr policy : your privacy”