Privacy Policy (GDPR Compliant)

This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR).

1. Data Controller

For the purposes of GDPR, we act as the Data Controller of your personal data. If you have any questions about this policy or your data, you may contact us directly.

2. Personal Data We Collect

We collect personal data directly from you when you:

  • Register for classes, workshops, or events

  • Complete health or intake forms

  • Make payments

  • Subscribe to newsletters

  • Contact us by email, phone, website, or social media

The personal data we may collect includes:

  • Full name

  • Contact details (email address, phone number, address)

  • Emergency contact information

  • Relevant health information necessary for safe participation

  • Attendance records

  • Payment information (processed securely via a third-party payment processor)

We only collect data that is necessary to provide safe and effective yoga instruction and to manage our services.

3. Legal Basis for Processing

Under GDPR, we process your personal data based on one or more of the following lawful bases:

  • Contractual necessity – to provide yoga classes and related services you have booked

  • Legitimate interests – to manage bookings, communicate with students, and operate our business effectively

  • Consent – for marketing communications or where we collect health information

  • Legal obligation – where required for tax, insurance, or regulatory purposes

You may withdraw your consent at any time.

4. How Your Data Is Stored

Your data is stored securely in:

  • Password-protected digital systems

  • Secure booking and payment platforms

  • Locked physical files (where applicable)

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy and to comply with legal, tax, and insurance obligations.

5. How We Protect Your Data

We implement appropriate technical and organizational measures to safeguard your data, including:

  • Password-protected systems and devices

  • Restricted access to personal information

  • Secure third-party payment processors

  • Secure storage of any physical documentation

6. Data Sharing

We do not sell, rent, trade, or share your personal data with third parties for marketing purposes.

We may share limited data with trusted service providers (such as secure booking systems or payment processors) solely for the purpose of operating our business. These providers are GDPR-compliant and process data on our behalf under data processing agreements.

We may also disclose personal data if required by law.

7. Your Rights Under GDPR

Under GDPR, you have the right to:

  • Access your personal data

  • Correct inaccurate or incomplete data

  • Request erasure of your data (“right to be forgotten”)

  • Restrict or object to processing

  • Data portability

  • Withdraw consent at any time

  • Lodge a complaint with your local Data Protection Authority

To exercise any of these rights, please contact us directly.

8. Updates to This Policy

We may update this Privacy Policy from time to time. The most current version will always be available upon request or on our website.