Privacy & Data Policies
Privacy Notice for Yoga on Tay | May 2018
Yoga on Tay takes your privacy seriously. We are a “controller” of the personal information that you provide to us and this privacy notice sets out how, why and for how long we will use your personal data, as well as who (if anybody) it is shared with. It also explains your legal rights as a ‘data subject’ and how to exercise them.
What we need from you
When you register as class participant with Yoga on Tay, or are asked to update your personal details or health declaration we may ask you for some or all of the following personal information:
Contact details – eg. name, address, email address and phone number.
Yoga experience – information about any previous yoga experience prior to (or as well as) coming to Yoga on Tay classes
Details of an emergency contact
Health declaration and details of any relevant health conditions and/or medication
If you do not provide us with all of the personal information that we need this may affect our ability to offer you our yoga classes.
Why we need your personal information – contractual purposes
We need to collect this personal information so that we can manage your relationship with us. We may use your personal information to:
Provide you with core services (yoga instruction)
Enable us to respond to any health (and safety) issue that may arise during yoga classes
Provide you with information should classes be cancelled at short notice
Why we need your personal information – legitimate purposes
We also process your personal information in pursuit of our legitimate interests to:
Provide you with news and updates about Yoga on Tay, workshops, events via email newsletter
Respond to and investigate your questions, comments, support needs, complaints or concerns
Who we share your personal information with
We do not routinely share your personal information with any person or organisation.
We may, in exceptional circumstances, share personal information with professional and legal advisors for the purpose of obtaining advice.
Third party supplier with access to members’ personal data
Yoga on Tay may use third party suppliers to provide services (for example the online booking system; online newsletter provider) . These suppliers may process personal data on our behalf as “processors” and are subject to contractual conditions to only process that personal information under our instructions and protect it.
In the event that we share personal information with external third parties, we only share such information strictly required for the specific purposes and take reasonable steps to ensure recipients shall only process the disclosed personal information in accordance with those purposes.
How we protect your personal information
Your personal information is accessed by our teachers and administrative support only for the purposes set out above. It is stored by Yoga on Tay on the WIX website (secure and password protected), and in some cases in paper form (securely stored in files accessible only to the teachers at the Studio).
How long we keep your personal information
We only keep your personal information for as long as necessary to provide you with yoga classes and allow you to book classes. If you have not attended or booked classes for over three years, we will securely delete your information. Personal details held for the newsletter will be held until such time also, or until you unsubscribe yourself.
You have a right to:
Change your communication preferences or restrict the processing of your personal data for specific purposes.
Request that we correct your personal data if you believe it is inaccurate or incomplete.
Request that we delete your personal information.
Access the personal data that we hold about you through a “subject access request”.
You can contact us by emailing email@example.com.
Further contact details can be found on the website www.yogaontay.com/contact-us
If you are dissatisfied, you have a right to raise a complaint with the Information Commissioner’s Office at www.ico.org.uk
Data Protection Policy
Data Protection Policy for Yoga on Tay | May 2019
Data Protection Policy Statement
Yoga-on-Tay is committed to compliance with the General Data Protection Regulations and takes seriously the responsibility of handling personal information. To this end Yoga-on-Tay will ensure that all appropriate procedures are in place, so that all personal data obtained, held or used by Yoga-on-Tay is protected and managed in accordance with GDPR.
Subject Access Requests
All subject access requests should be made in writing to Yoga-on-Tay (at the email address or postal address below).
Data subjects’ rights include being informed whether their information is being processed by Yoga-on-Tay; being provided with a description of what information Yoga-on-Tay holds about them; preventing processing in certain circumstances; and correcting, blocking or erasing incorrect information.
Yoga-on-Tay-will not make a charge for responding to subject access requests.
Data subjects must prove their identity. Responses will be made within one month.
Yoga on Tay Contact Details
Postal address can be found here.
Purpose and objectives
This policy forms part of Yoga-on-Tay’s commitment to the safeguarding of personal data processed by its members. (Processing has a very broad definition, and includes activities such as creating, storing, consulting, amending, disclosing and destroying data.) Its objectives are:
To help owners, teachers and administrative support at Yoga-on-Tay recognise personal data
To help them understand their rights and obligations with respect to personal data.
Yoga-on-Tay processes the personal data of people who are making use of or deliver our services (attending and booking yoga classes and private lessons, and people who rent our space, and teachers). This processing is regulated by the General Data Protection Regulations
The policy applies to the owners, teachers and administrative support at Yoga-on-Tay. It relates to their storage and processing of personal data on personal computers and also relates to paper files and records created for the purposes of conducting Yoga-on-Tay activities.
Security of Personal Data
Owners, teachers and administrative support at Yoga-on-Tay processing personal data should ensure that any data they are using is secure and that appropriate measures are taken to prevent unauthorised access, disclosure and loss.
Yoga-on-Tay records containing personal data should only be shared with other teachers as necessary (in most cases that is the completion of the registration form and health declaration – and any additional information about specific needs/issues relevant to the safe and wholesome practice of yoga).
Personal data of Yoga-on-Tay customers and teachers should only be stored on the systems provided by Yoga-on-Tay for a specific purpose (through the WIX website, its booking system and associated Ascend mailing system) –password protected, and passwords never shared with third parties), or in paper records. All users must always log out of WIX after a session. The only other digital storage of personal data of Yoga-on-Tay customers will be on the owners’ computer, in password protected files.
Manual/paper personal data should be stored in a secure location.
Personal data will be securely destroyed when no longer required, with consideration for the format of the data.
Personal data must not be disclosed unlawfully to any third party.
All losses of personal data must be reported immediately (within 24 hours) to the owners of Yoga-on-Tay.
Records in all formats containing personal data must be created, stored and disposed of when no longer required. While in use, they must be authentic, reliable and usable, and capable of speedy and efficient retrieval.
Registration files must be retained for no longer than necessary in the context of accessing or delivering services: where students, teachers or other users have not attended or booked classes for over 3 years, or taught classes or rented our space for a period of over 3 years, their personal data (both held on paper, digitally or on the booking system) will be destroyed securely.