1. IMPORTANT NOTICE
a) This is the Privacy Notice of Anais Alvarado trading as Retreat Yoga Studio 367 New Cross Road, London. SE14 6AT (“ we”, “us” or “our”) and sets out how we collect and process your personal data. This Privacy Notice also provides certain information that is legally required and lists your rights in relation to your personal data.
b) This Privacy Notice relates to personal data that identifies “ you” meaning our customers or individuals who browse our website and other individuals outside our organisation with whom we interact. However if you are an employee or otherwise engaged in work for us or applying to work for us, a separate privacy notice applies to you instead.
c) We refer to this information throughout this Privacy Notice as “ personal data” and paragraph 3 sets out further detail of what this includes.
d) Please read this Privacy Notice to understand how we may use your personal data.
e) This Privacy Notice may vary from time to time so please check it regularly. This original version was published on 23rd of May 2018.
2. HOW TO CONTACT US
a) Data controller and contact details
For the purposes of relevant data protection legislation, we are the controller of the personal data you provide to us and as a controller we use the personal data we hold on you in accordance with this Privacy Notice.
If you wish to access or correct your personal data held by us or if you need to contact us in connection with our use of your personal data, then these should be directed to the Data Privacy Manager (see below) using the following details:
b) Data Privacy Manager
Our Data Privacy Manager is Anais Alvarado and you can contact her at:
3. CATEGORIES OF PERSONAL DATA WE COLLECT
a) The categories of personal data about you that we may collect are:
· Individual Data which includes personal data you provide to us in person, via our website or by telephone, including the personal and contact details (such as your first name, middle name, last name, username or similar identifier, title, date of birth and gender, billing address, delivery address, email address and telephone numbers, family and associate details, and physical or mental health details) you supply when booking a class, signing up to our newsletter and contact us to let us know we are doing well or to make a complaint or ask a membership / press / brand collaboration / marketing / shop / recruitment / general enquiry;
· Audio and Visual Data which includes personal data which is gathered using our CCTV or other recording systems in the form of images or video footage that is taken at one of our studios or otherwise by us for promotional purposes;
· Account and Profile Data which includes personal data which relates to your account or profile on our website, such as your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;
· Advertising and Marketing Data which includes personal data which relates to your marketing preferences, such as information about your preferences in receiving marketing materials from us and our third parties and your communication preferences as well as your personal interests;
· Sales Data which includes personal data which relates to the transactions you have conducted with us, such as details about payments to and from you, details of the products, services, classes and memberships you have purchased from us;
· Economic and Financial Data which includes personal data which relates to your finances, such as your bank account and payment card details and information which we collect from you for the purposes of the prevention of fraud;
· Market Research Data which includes personal data which is gathered for the purposes of market research, such as price comparison information;
· Information Technology Data which includes personal data which relates to your use of our website, such as your internet protocol (IP) address, login data, traffic data, weblogs and other communication data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website; and
· Health Data which includes personal data which is gathered for health and safety purposes including any accident report or claim log.
b) We may also create personal data about you, for example, if you contact us by telephone to make a complaint, such about our services or products, then we may make a written record of key details of the conversation so that we can take steps to address the complaint.
c) We also obtain and use certain aggregated data such as statistical or demographic data for any purpose (“aggregated data”). Aggregated data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate your operational data to calculate the percentage of users accessing a specific feature on our website. However, if we re-combine or re-connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.
d) In addition, we may obtain certain special categories of your data (“ special categories of data”), and this Privacy Notice specifically sets out how we may process these types of personal data. The special categories of data are: (i) data concerning health.
e) We do not collect information about criminal convictions and offences.
4. THE SOURCES FROM WHICH WE OBTAIN YOUR PERSONAL DATA
We obtain your personal data from the following sources:
(a) Directly from you, either in person (at our studios or otherwise), via our website or by telephone. This could include personal data which you provide when you:
· purchase our products or services;
· create an account on our website;
· subscribe to our newsletter;
· request information on our services or products or for other marketing to be sent to you;
· enter into a competition or promotion;
· complete a survey from us or give us feedback; and
· when you visit any of our studios;
(b) Automated technologies, such as CCTV or other
recording systems, cookies, server logs and other similar technologies. We may automatically collect Information technology data about your equipment,browsing actions and patterns by using cookies, server logs and other similar technologies. [We may also receive information technology data about you if you visit other websites employing our cookies. Audio and visual data may be collected on you if you attend any of our studios for security purposes.
(c) Third parties, such as:
analytics providers (such as Google Analytics, Segmentum, ONDA);
advertising networks (such as Google and Facebook based
[inside]/[outside] the EU);
search information providers (such as Google);
providers of technical, payment and delivery services (such as Elavon, Realex, Stripe, Shopify Plus);
(d) Publicly available sources, such as Companies House.
5. HOW WE USE YOUR PERSONAL DATA & OUR BASIS FOR USING IT
a) We may rely on one or more of the following legal bases when processing your personal data. We have set out below the purposes for which we may process your personal data:
In addition, we may lawfully process special categories of data in certain ways. We set these out below along with the linked purposes for which we can process these special categories of data:
b) We do not need your consent if we process your data under one or more of the other legal bases set out above. In limited circumstances we may approach you for your written consent to allow us to process certain data. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
6. WHO RECEIVES THE PERSONAL DATA YOU PROVIDE TO US
We may disclose the personal data you provide to us to:
· our group companies and affiliates or third-party data processors such as MindBody Online, who may process data on our behalf to enable us to carry out our usual business practices. Any such disclosure will only be so that we can process your personal data for the purposes set out in this Privacy Notice;
· HMRC, legal and other regulatory authorities, including those who request your personal data or to report any potential or actual breach of applicable law or regulation;
· external professional advisers such as accountants, auditors, bankers, insurers and lawyers;
· law enforcement agencies, courts or other relevant party, to the extent necessary for the establishment, exercise or defence of legal rights;
· third parties where necessary for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
· third parties which are considering or have decided to acquire some or all of our assets or shares (including in the event of a reorganisation, dissolution or liquidation);
· third parties operating plugins or content (such as Facebook, Twitter, Instagram) on our website which you choose to interact with.
7. INTERNATIONAL TRANSFERS OF PERSONAL DATA
We do not process or transfer personal data we collect from you outside the European Economic Area.
8. HOW LONG WE WILL STORE YOUR PERSONAL DATA FOR
We keep the length of time that we hold your personal data for under review. These reviews take place annually.
9. CONTRACTUAL OR STATUTORY REQUIREMENTS ON YOU TO PROVIDE PERSONAL DATA
a) In certain circumstances the provision of personal data by you is a requirement:
· to comply with the law or a contract; or
· necessary to enter into a contract.
b) It is your choice as to whether you provide us with your personal data necessary to enter into a contract or as part of a contractual requirement. If you do not provide your personal data then the consequences of failing to provide your personal data are that we may not be able to perform to the level you expect under our contract with you. An example of this would be where we are unable to provide you with certain products or services as you have not provided certain health data to us that we might need for health and safety purposes.
10. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
a) Subject to applicable law including relevant data protection laws, in addition to your ability to withdraw any consent you have given to our processing your personal data (see paragraph 4b), you may have a number of rights in connection with the processing of your personal data, including:
· the right to request access to your personal data that we process or control;
· the right to request rectification of any inaccuracies in your personal data or, taking into account the purposes of our processing, to request that incomplete data is completed;
· the right to request, on legitimate grounds as specified in law:
– erasure of your personal data that we process or control; or
– restriction of processing of your personal data that we process or control;
· the right to object, on legitimate grounds as specified in law, to the processing of your personal data;
· the right to receive your personal data in a structured, commonly used and machine-readable format and to have your personal data transferred to another controller, to the extent applicable in law; and
· the right to lodge complaints regarding the processing of your personal data with the Information Commissioner’s Office or other relevant supervisory body. Please see https://ico.org.uk/concerns/ for how to do this.
If you would like to exercise any of the rights set out above, please contact us using the contact details set out in paragraph 2.
11. LINKS TO OTHER WEBSITES