Cherry Yoga Privacy Notice
Your personal data:
Personal data relates to an individual who can be identified from that data. The processing of personal data is governed by the Data Protection Act 1998, shortly to be replaced by the Data Protection Bill 2018 (General Data Protection Regulation 2016/679 (the “GDPR”)).
Who are we?
Cherry Yoga is the name of my yoga business. My name is Marzia Stefani and I am the sole owner and teacher for Cherry Yoga and I am the data controller for this information (contact details below), which means I decide how your personal data is processed and for what purposes.
This privacy notice tells you what to expect when Cherry Yoga collects personal information.
How to get in touch:
If you have any questions or comments, or if you want to update, delete or change any Personal Information I hold, or you have a concern about the way in which I have handled any privacy matter, send me an e-mail firstname.lastname@example.org or call me: 07879 339305
You may also contact me by postal mail, just ask for my address via email or phone.
What personal information will I collect?
Information you voluntarily provide to me: when you sign up for and use Cherry Yoga Services (including my website and the online booking system), send me an email or communicate with me in any way. You are voluntarily giving me information that I collect. That information may include either your name, physical address, email address, IP address, phone number, credit card information, as well as details including gender, occupation, location, purchase history, and other demographic information, including information regarding your health. By giving me this information, you consent to this information being collected, used, disclosed, and stored by me, as described in this Privacy Notice.
I may require you to provide certain information to me in order to enter into and perform my contract(s) with you or to comply with my legal obligations. Except in these circumstances, your decision to provide personal information to me is generally voluntary and, where it is voluntary, you may choose to withhold and not provide personal information to me. If you choose not to provide certain information to me I may not be able to accomplish some of the purposes outlined in this policy.
How do I process your data?
Cherry Yoga ( Marzia Stefani)complies with its obligations under the Data Protection Act/GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
I ensure that I have set out the legal basis on which I process your information.
How do we process your personal information?
Who do we share your personal information with?
In connection with the uses described above, we may share your information to certain third parties, including:
to external agencies and organisations (including the police and other law enforcement agencies) for the purpose of preventing and detecting fraud (including fraudulent transactions) and criminal activity and for the assessment and collection of tax; and
my insurers and insurance brokers and my and their advisers in the event that a claim is made or could be made against me
In the unlikely event that I sell or buy any business or assets, I may disclose personal information held by me to the prospective seller or buyer of such business or assets. If I or substantially all of Cherry Yoga's assets are acquired by a third party, personal information held by me will be one of the transferred assets.
I may pass your personal information to third parties if I am under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation (including in connection with a court order), or in order to enforce or apply the agreements I have with or otherwise concerning you (including agreements between you and Cherry Yoga ; or to protect my rights, property or safety or those of my customers, or other third parties.
You should be aware that, if I am requested by the police or any regulatory or government authority investigating suspected illegal activities to access and disclose individually identifiable information concerning your activities whilst using my website, I reserve the right to do so.
Links to other websites
This privacy notice does not cover the links within this site linking to other websites. I encourage you to read the privacy statement on the other websites you visit.
Use of children’s data
I do not knowingly collect or store any personal information about children under the age of 16 and I do not offer any of our products or services directly to children.
Where will your information be processed?
In relation to the above uses of your personal information and the above sharing arrangements, your personal information may be transferred to, and stored and processed in, one or more countries outside the European Economic Area (EEA), including countries which do not provide equivalent protection for personal information.
In relation to these transfers, I will take steps to ensure that your personal information is adequately protected. This may involve the use of data transfer agreements (standard contractual clauses) in the form approved by the European Commission or some other mechanism recognised by the European Commission as ensuring an adequate level of protection for personal data transferred outside the EEA (such as the US Privacy Shield framework). https://www.privacyshield.gov/welcome
How long do I keep your personal information?
I will keep your personal information for as long as is necessary given the purposes for which I collect and use that information. I may also retain and use your information in order to comply with my legal obligations, resolve disputes, prevent abuse, and enforce agreements.
If I collected your personal information in order to perform a service or performance of a contract, I keep your personal information for 4 years from the date of the last service you requested or booked with me.
How do we keep your personal information safe?
I take reasonable and appropriate measures to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Information.
How can you access, correct, update or delete information I hold about you?
I will give an individual access to any Personal Information I hold about them within 30 days of any request for that information. You are entitled:
to request access to your data,
to correct or update your data,
to delete your data,
to restrict or object to how I use your data, and
To move your data.
Individuals may make any of the above requests regarding the information I hold about them by contacting me via e-mail: email@example.com. Unless it is prohibited by law, I will remove any Personal Information about an individual from my servers at your request. There is no charge for an individual to access or update their Personal Information.
You are able to unsubscribe or withdraw consent for how I use your information at any time.
How can you make a complaint?
To make all relevant requests and complaints, please in the first instance contact me direct:
Postal address available on request
You are entitled to make a complaint to the Information Commissioner’s Office:
on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at their address:
Information Commissioner's Office
Cheshire SK9 5AF
If I update this privacy notice, will post the updated notice on this website. The updated notice will take effect as soon as it is posted on the website. This policy was last updated on 26th April 2018.
Purpose of processing your information
To administer booking requests and purchases, including confirming your booking or purchase and otherwise communicating with you about your booking or purchase.
To provide you with other products and services you request
To manage our relationship and to administer your membership
To address any claims made against me; for example, we may share details of our accident logs with our insurers in connection with any claim made or likely to be made against me
To comply with any legal or regulatory obligation (including in connection with a court order)
To provide you with information that you have requested from us
Legal basis for processing
With your consent or for the performance of a contract, or for taking steps at your request in order to enter into a contract.
With your consent or for the performance of a contract.
With your consent or for the performance of a contract.
Carried out in connection with legal proceedings (ie the establishment, exercise or defence of legal claims)
This processing is necessary for compliance with law
With your consent, or as is necessary for compliance with the law.
With your consent.
Depending on the circumstances, the processing is carried out for our legitimate business purposes, compliance with law, to protect the vital interests of a living person (ie matters of life or death), or in connection with legal proceedings (ie the establishment, exercise or defence of legal claims)