The purpose of this notice is to explain how Yoga Insurance UK collects and uses your personal information and how we comply with data protection law. In legal terms, Yoga Insurance UK is a 'data controller' for this information.

We respect the privacy of our members and website users, and this Privacy Policy demonstrates our commitment to protecting their privacy.

In this notice, we will explain what personal information we hold, and your rights regarding this information. It's essential that you read it carefully, together with any other privacy notices and information that we provide you, from time to time. By using our website, you are accepting the terms described in this Policy.

Contents

1. Your personal information and where we obtain it

2. How we use your personal information

3. What personal information we use and how long we keep it

4. Passing on your personal information to third parties

5. Security and safe storage of your personal information

6. How you can access and correct your personal information

7. Additional information

8. How to get further information

1. Your personal information and where we obtain it

Information that you provide

We receive personal information about you in several ways. For example,

• When you complete an application to join, includes identifying information such as your name and contact details.

• By completing a form on our website, such as to request information.

• When you visit our social media pages and complete a form.

You can find more information about the personal information we hold about you at "What personal information we use and how long we keep it" below.

Information from other sources

We may also periodically obtain both personal and non-personal information about you from business partners and third parties. We may receive updated address information and additional demographic information.

Information about others

We may also collect and store personal information about other people that you refer to our website. For example, if you share links to our website pages, we may store the personal data of each recipient who visits the website.

2. How we use your personal information

Administration of your membership

We have a contractual and legitimate reason to keep your personal information. To provide you with membership and meet our contractual commitments, we need to use and store your personal information to administer your membership.

For instance, we can use your information to:

• Deliver the service/s that you have requested.

• Communicate and interact with you concerning your membership. We may contact you by telephone/text, email, post or secure mail.

• Provide services and information you request from us about your membership.

• Inform you about changes to our services.

• Provide information about products and services which we think you could benefit from, including newsletters.

• Improve our service offering, including through surveys and research activities.

• Enforce our Terms and Conditions.

• Develop and display content and advertising tailored to your interests on our site.

• Identify if and when you open the secure messages, emails or links we send you.

Use of your personal information based on consent
We'll use your details to provide you with other information you've consented to receive. You can easily withdraw your consent at any time.

For example: when you applied for a membership you were asked if you'd like to receive information about our additional services. If you have consented to receive such information, you can withdraw your consent at any time, by contacting us, putting the title of email Withdrawing Consent.

Use of Cookies

On your first visit to our website and every 30 days after, you will have to accept or deny cookies. If you choose to reject cookies, you deny your consent to store cookies and local storage for the website, eventually deleting already stored cookies. You may also delete or decline cookies by changing your browser settings. (Click "Help" in the toolbar of most browsers for instructions.) If you do so, some of the features and services of our website may not function properly.

If you choose to allow cookies, we will collect information from your browser when you visit our website. This information includes your IP address, your browser type and language, access times, the content of any undeleted cookies that your browser previously accepted from us, and the referring website address.

If you want more information about the cookies we use, please refer to our cookies policy.

3. What personal information we use and how long we keep it?

Data we use include:

• Names, surname, forenames, yoga name

• Address

• Telephone number

• Email address

• Emails, secure messages, correspondence

• Website and social media links

• Trainer details and graduation date

• Membership dates and payment dates

• Further Training Information

• Date of birth

• Insurance information

• Credit card details (encrypted)
  

How long do we keep your data?
We will keep a record of your membership for 7 (seven) years after your cancellation date. We will keep your name, email address, training details and membership dates for this time. After you cancel, we will remove your credit card details from our system.

Also, the information we've passed to third parties as described in this Privacy Policy, retention of that information will be subject to those third parties individual policies.

Financial information and bank details

For active members, we will keep a record of your credit or debit card on your account at all times, to process renewal payments. We encrypt card details (except for the last 4/four digits), for your safety. Our authorised employees cannot see your card details. We may use this information or payment method to process payments for any purchases made on our website, enrol you in discount, rebate and other programs in which you elect to participate.

If you do not wish us to hold your card details, you can contact us to remove them.

Finally, we may keep your personal information for an extended period than mentioned above for archiving or research purposes, or in the event of ongoing disputes, claims, complaints or data migration. In such cases, we'll consider the nature, degree of sensitivity, and volume of your personal information that needs storing. We will also take into consideration the purpose of extending the retention period and whether this is achievable through other means.

4. Passing on your personal information to third parties

From time to time, we may need to pass your personal information on to trusted third parties. The third parties we may share information with are:

For compliance purposes

We may need to pass your data as requested and when required to Her Majesty's Revenue and Customs, under our legal obligations, for compliance purposes.

To comply with our legal, regulatory and statutory obligations, we may need to pass your personal information to third parties such as courts, law enforcement agencies, our insurers, auditors and our professional advisers.

For insurance scheme administering purposes

Yoga Insurance UK will send your details on to Balens Ltd, our insurance broker. We are an Authorised Introducer for them. To set up members insurance, we will share, member names, addresses, payment date and membership dates.

Yoga Insurance UK is satisfied that Balens Ltd has appropriate and adequate technical and organisational measures in place to protect the security of your data. Balens Ltd will never share your data with anybody else.

Third-party processors for website analytics purposes

Yoga Insurance UK uses website analytics providers to provide valuable information and insight into the performance and use of our website. Refer to our Cookie Policy for further details. Yoga Insurance UK website analytics has a data retention period of 4 years; all data collected will expire after this date. Additionally, Yoga Insurance UK can and will remove specific website analytics user data on request.

Other Authorised Service Providers

We use external systems to perform certain services on our behalf. We may share your personal information with them. These services include and are not limited to our:

• Payment gateway which allows us to process payments,

• CRM system which enables us to provide customer service and marketing assistance, performing business and sales analysis, support our website functionality, and support surveys and other features offered through our website.
  

These service providers may have access to personal information needed to perform their functions but are not permitted to share or use such information for any other purposes.

Yoga Insurance UK is satisfied that all of our Additional Third Parties have appropriate and adequate technical and organisational measures in place to protect the security of your data. They will never share your data with anybody else.

Aggregate Information

Such information does not contain any personal data and is related to numerical data such as the number of website visitors, most popular features accessed on the website. We may share such information with members, prospective members and our other third parties. Yoga Insurance UK may use the information to conduct business analysis and develop additional website content and services, which we believe our members will find of interest.

5. Security and safe storage of your personal information

The security of your data is critical to us, and we take this matter very seriously. We use appropriate procedures and security features to process and protect your information. The information which you provide us on application forms, contact forms and on your membership profile, will be stored on a secure CRM system.

We take appropriate security measures (including physical, electronic and procedural measures) to help safeguard your personal information from unauthorised access and disclosure. For example, only authorised employees can access your personal information, and they may do so only for permitted business functions. We use firewalls to help prevent unauthorised persons from gaining access to your personal information.

We want you to feel confident using our website. However, no system can be completely secure. Although we take steps to secure your information, we do not promise, and you should not expect that your personal information, searches, or other communications will always remain secure. This Privacy Policy is compliant with the General Data Protection Regulation (GDPR) 2018.

Please refer to the National Crime Agency's website at for information about how to protect yourself against identity theft.

6. How you can access and correct your personal information

How can you correct your data?

You can correct the information we hold about you by contacting us via email.

How can you access your data and exercise your rights?

In addition to your right to access the data we hold about you, you also have the right to make a request (under certain circumstances) to:

• Restrict or object to the processing of the personal data we hold about you (see Note 1 below).

• Erase your data (see Note 1).

• Receive a copy of personal data we hold about you, i.e. the information you have provided to us in a structured, commonly used, machine-readable format where we use it with your consent.

Note 1

It is important to note that under the GDPR your request to restrict or object to processing or erase your data doesn't automatically lead to a requirement for processing to stop, or for personal data to be deleted, in all cases.

To request these rights, you can:

Please write to us at Yoga Insurance UK, 10/2 Beaverhall Road, Edinburgh, EH7 4JE or by email.

Restricting Data

You can choose not to provide us with certain information when you join or at any time during your membership. By doing so, you may be unable to use certain membership features, such as receiving newsletters, special offers.

At any time, you can choose to receive commercial or promotional emails or newsletters no longer. Either unsubscribe directly from these messages or contact us via email. We may send you other types of transactional and relationship email communication such as service announcements, renewal notifications, without offering you the opportunity to unsubscribe.

7. Additional Information

Third-Party Websites

There are several places on our website where you may click on a link to access other websites that do not operate under this Privacy Policy.

For example, if you click on a link which takes you to a website that we do not control. These third-party websites may independently solicit and collect information, including personal information, from you. We recommend that you consult the privacy statements of all third-party websites you visit by clicking on the "privacy" link typically located at the bottom of the webpage you are visiting.

Children's Privacy

Our website is a general audience site, and we do not knowingly collect personal information from children under the age of 13.

Third-party Rights

This Privacy Policy does not create rights enforceable by third parties or require disclosure of any personal information relating to users of the website.

8. How to get further information

Further Information
The information provided in this Privacy Policy is in addition to any other privacy information we may give you on our website, or via other channels (paper communication, secure message, telephone etc).

If you want more information about the cookies we use, please refer to our cookies policy.

Contact Us

If you want to contact us:

• Please write to us at , 10/2 Beaverhall Road, Edinburgh, EH7 4JE.

• Please email us at support@insurance.yoga

Raising a complaint with the ICO

If you have concerns about the way we handle your data or you think we haven't dealt with it properly, you can contact the Information Commissioner's Office and raise a complaint.

They can be contacted by:

Telephone on +44 303 123 1113

Writing to the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.

Via their website

We will occasionally update this Privacy Policy to reflect changes in our practices, services and legislation. We recommend that you check our website from time to time to inform yourself of any changes in this Privacy Policy or any of our other policies.

Governing Law

This Privacy Policy is governed by Scottish Law, and you hereby submit to the exclusive jurisdiction of the Scottish Courts.

End of Agreement.