Our Data Protection Representative is Marta Palombo who can be contacted at firstname.lastname@example.org.
What data do we collect?
Our Business collects the following data:
Clients and prospective Clients
We collect personally identifiable information which third party partners provide to us in respect of certain Clients and potential Clients including:
- Email address
- Telephone number
- Financial details such as bank account numbers or banking card numbers
We may also obtain certain sensitive personal data from our Data Subjects with their consent, and in particular, medical information where appropriate, and where necessary for performance of our obligations and provision of our services. Where such information is provided, the information will be shared only where necessary taking into account the nature of the information provided and the proposed services. Sensitive data will not be retained for any longer than necessary for the performance of the Contract with the Business. We will not disclose sensitive personal data without your consent, reliance of the contractual obligations, specifically authorised or required by law, protection of the vital interest of the Data Subject or of any other natural person or where necessary for the establishment, exercise or defence of legal claims. We will ensure that processing of sensitive personal data is carried out in compliance with the GDPR at all times.
Who are our Data Subjects?
The Business has identified its Data Subjects as:
- Clients and prospective Clients
How do we collect your Data?
The Business collects data from our data subjects and process it in the provision of our services as a yoga instruction and/or doula services provider.
We will collect data from our Clients and prospective Clients through our website, by email, by post and verbally.
We will collect data to enable us to perform the Contract between us and to comply with our legal and statutory obligations. We will collect personal data via application forms, questionnaires, documents required for completion of yoga instruction and/or doula services together with any personal data obtained from correspondence, telephone calls, emails, details through visits to our website, publicly available information including social media and through use of browser cookies. The Business will primarily collect data by way of direct production of same. On occasion, we may also receive your data indirectly via publicly available information including social networking sites.
We will operate as data controller in respect of personal data supplied to us. We may also act as data processor in certain circumstances in the provision of yoga instruction and/or doula services. We will have in place an appropriate data sharing agreement with our third-party partners in either event.
How will we use your Data?
Our Business collects your data so that we can perform the services of yoga instruction and/or doula services offered by our business.
Clients and prospective Clients
Our Business collects your Data so that we can:
- Process your registration for yoga courses and/or doula services
- To enable you and us to manage your account in the provision of those services
- To contact you with opportunities which may be of interest to you
- To engage with you and respond to any requests which you may have
- To improve our level of service
- For general marketing purposes which are in the legitimate interest of our business
- To process payments in connection with the same if applicable
- To meet our legal, contractual and statutory obligations (including, defence of legal claims, if applicable)
Basis of processing Data
The Business will process data on behalf of natural persons comprising their Clients and prospective Clients and will ensure that your data is processed in a lawful, clear and transparent manner at all times for a specific and legitimate purpose. The Business relies on the following legal basis for the processing of data.
- Processing necessary for the performance of a Contract
- Processing necessary for the compliance with a legal or statutory obligation
- To protect the vital interest of a Data Subject
- With the consent of the Data Subject for one or more specific and legitimate purposes.
- Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller
- Processing necessary for the purposes of the legitimate interest pursued by the Controller or a third party except where such interest is overridden by the fundamental rights and freedoms of the Data Subject.
Where we rely on the legitimate interest of the Business for the processing of the personal data, we will take all reasonable measure to ensure that the interests of the Data Subject are protected. The legitimate interests of the Business in this context include direct marketing, prevention of fraud and information system security.
We will rely on our legitimate interests as a Business to process your data for direct marketing purposes. We consider it to be a legitimate interest of our Business in promoting its services, products and in the administrative operation of our business. Any such processing will not be carried out where such interest is overridden by the rights and freedoms of the Data Subject. In all direct marketing communications, we will give an unsubscribe option. A Data Subject can unsubscribe at any time.
We will only rely on consent as the basis for processing in limited circumstances. Where consent is utilised as the basis for processing, such consent can be withdrawn at any time. In that event, we will cease processing your data, unless there is a separate basis upon which we can rely to process your data, such as same being necessary for the performance of the contract between us or necessary for us to comply with our legal and statutory obligations.
How do we store your Data?
The Business securely stores your data at Körtestraße 22, 10967 Berlin. We will ensure the appropriate, technical and organisational measures are put in place commensurate with the level of security required for the data held on your behalf. We will use all appropriate and reasonable measure to ensure the integrity and confidentiality of the personal as maintained at all times. We have carried out a risk assessment in the processing of personal data and put in place measures to mitigate those risks to include IT security measures, anti-virus software, spire walls, data back-ups, encryption technologies, physical security measures and staff training.
Our Business would like to send marketing information to you about the opportunities, yoga instruction and/or doula services, Clients, products and services which we think will be of relevance to you. We will always give you an option to unsubscribe from our marketing list, please contact Marta Palombo at email@example.com if you wish to unsubscribe from our marketing list. You have a right to object to our processing your data for direct marketing purposes at any stage.
Sharing of Personal Data
It may be necessary for us to share your personal data with third parties to enable us to comply with our legal, contractual and statutory obligations. We will need to share the personal data collected from our data subjects with third parties to enable us to perform the contract for the provision of such services. The sharing of data shall continue for the duration of the services to enable us to carry out the administration of any services provided. We may also need to share the data of our data subjects to conduct the administration and completion of the yoga and/or doula services. For doula services, there is always a back-up doula with whom it is necessary to share certain information to ensure continuity of services in an emergency. We will never provide your data to third parties for marketing purposes. We may need to share your financial information for the purposes of payments required in order to comply with our contractual obligations. We may also share your data with our professional advisors where necessary including lawyers, bankers, auditors and insurers who provide professional services necessary for the operation of the business.
We may process data with certain parties outside of Europe where necessary to provide our services. Where we do so, we will ensure that such processing is carried out in accordance with the GDPR and that there are appropriate safeguards in place to protect the data subject.
The Business will keep your data for no longer than necessary for the purpose for which the data was provided taking into account the basis for processing the data. The retention periods are as follows:
Client and Potential Client Contact Information (name, address, email address, telephone number, health information):
One year after the completion of the services (or the most recent yoga instruction and/or doula services as appropriate). In respect of a prospective client, we will retain data for one year following the initial enquiry.
Financial Information (including credit card information):
One month after completion of the yoga instruction and/or doula services in respect of Clients, prospective Clients or one month after the last payment is made, whichever is the longer.
Personal Injury, accidents, damage, property or other loss sustained by any third party in the course of its relationship with the Business:
Three years following the date of the alleged incident or in the event that the party is a minor, three years after the minor reaches the age of 18 years. In the event that proceedings are issued or any notification of a claim is made, then the Business may retain the data for as long as may be necessary until the proceedings have been concluded.
Federal Law Compliance records:
in relation to our compliance with Federal Data Protection Act and GDPR will be kept for a five-year period
Breach of Contract related records:
Six years from the date of the alleged breach and in the event that proceedings are issued, the Business may retain the data for so long as may be necessary until the proceedings have been concluded.
Rights of Data Subject
You have the following rights under the GDPR, in certain circumstances and subject to certain exemptions, in relation to your personal data:
- Right to access data – you have the right to request a copy of the personal data that we hold about you together with other information about our processing of that personal data.
- Right to rectification – you have the right to request that any inaccurate data that is held about you is corrected or if we have incomplete information you may request that we request that we update the information such that it is complete.
- Right to erasure – you have the right to request us to delete personal data that we hold about you. This is sometimes referred to as a right to be forgotten.
- Right to restrict processing or object to processing – you have the right to request that we no longer process your personal data for particular purposes or object to our processing of your personal data for a particular purpose
- Right to data portability – you have the right to request us to provide you or a third party with a copy of your personal data in a structured commonly used readable format.
- Right to object to processing – you have the right to object to the processing of data under certain conditions.
If you wish to exercise any of the rights set out above, please contact Marta Palombo at firstname.lastname@example.org.
We ask that you ensure that all data which you furnish to us is kept accurate and up to date at any stage. We cannot be held responsible for your failure to provide us with up-to-date information.
If we were processing personal data on the basis of your consent, you may withdraw consent at any time. This does not affect the lawfulness of the processing which should take place prior to its withdrawal.
You can object to the processing of your personal data for direct marketing purposes at any stage. If you are unhappy with how we process your personal data, we ask that you contact us so that we can rectify the situation. You may lodge a complaint with the Commissioner for Data Protection.
- Keeping you signed in
- Understanding how you use our website
You can set your browser not to accept Cookies. In certain cases, however, if you decline to accept Cookies certain of our website features may not function as a result.
Automated decision-making and profiling
We do not use personal data for the purposes of automated decision-making or profiling.
Changes to this Privacy Notice
Last update: 26 January 2021.