Background

Head and Heart Yoga (hereby referred to as “the Studio” or “We”) is owned and operated by Samra Hasanovic Juson.

This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you. It applies to all products and services, and instances where we collect your personal data.

This privacy notice applies to personal information processed by or on behalf of the Head and Heart Yoga.

Changes to this privacy notice

We may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes whenever you visit our website – www.head-and-heart-yoga.com

Head and Heart Yoga and our Data Protection Officer

We’re the Head and Heart Yoga. We are a data controller of your personal data.

We have a dedicated data protection officer (“DPO”). You can contact the DPO by writing to samra@head-and-heart-yoga.com or by going to Contact Us on our website.

What kinds of personal information about you do we process?
Personal information that we’ll process in connection with all of our products and services, if relevant, includes:

  • Personal and contact details, such as title, full name, contact details (address, phone number and email) and contact details history (where changes are made)
  • Your date of birth, gender and/or age
  • Details of emergency contacts, such as family members and other emergency contact, whose details you provided on your health questionnaire
  • Family members (other than emergency contacts and if relevant)
  • General health details and if you are a vulnerable student
  • Records of your classes and contacts with us such as if you get in touch with us online using our online services or via mobile, apps or emails
  • Memberships you hold with us, as well as have been interested in and have held and the associated payment methods used
  • The usage of our products and services, such as purchases made via our website, classes attended
  • Marketing to you Offers may include the yogawear sold through our website, different workshops or retreats that we may offer and any of our other products and services. You may wish to opt out of the marketing – if you wish to do so, please let us know.
  • Your credit card details, where provided
  • Your lifestyle or social circumstances, if relevant and where provided (for example, the number of dependents you have)

What is the source of your personal information?
We’ll collect personal information from the following general sources:

  • From you directly, and any information from family members
  • Our Health questionnaires
  • Information generated about you when you use our products and services

What do we use your personal data for?
We use your personal data, including any of the personal data listed above, for the following purposes:

  • Assessing what type of activity is appropriate for you to protect you during a class and make necessary adjustments to meet your needs.
  • Assess which product or service to provide such as a yoga class, retreat or other related services including considering whether or not to offer you the product or service, the price, the risk of doing so, availability of payment method and the terms
  • Managing the product or service you have with us
  • Updating your records, recovering debt if necessary
  • Managing any aspect of the product or service
  • For management and auditing of our business operations including accounting
  • To monitor and to keep records of our communications with you and our staff
  • For direct marketing communications and related profiling to help us to offer you relevant products and service, including deciding whether or not to offer you certain products and service. We’ll send marketing to you by email, social media and digital channels (for example, using Facebook Custom Audiences). Offers may relate to any of our products and services such as workshops, retreats, additional classes we think may be of interest
  • To comply with legal and regulatory obligations, requirements and guidance
  • To share information, as needed, with third parties such as Glofox (which supplies the business management platform), PayPal and Stripe to facilitate the sale of our products and services

What are the legal grounds for our processing of your personal information (including when we share it with others)?
We rely on the following legal bases to use your personal data:

Where it is needed to provide you with our products or services, such as:
a) Health questionnaires – to assess and consider whether or not to offer you the service and which activity is appropriate, the price, the payment methods available and the conditions to attach
b) Managing products and services you hold with us, or an application for one
c) Updating your records, tracing your whereabouts to contact you about your account and doing this for recovering debt (where appropriate)
d) Sharing your personal information with business partners and services providers when you apply for a service to help manage your service (such provision of online booking facility and payment methods)
e) All stages and activities relevant to managing the service including enquiry, application/health questionnaire, administration and management of service
Where it is in our legitimate interests to do so, such as:
a) For direct marketing communications and related profiling to help us to offer you relevant products and services. We will send marketing to you by email and social media and digital channels (for example, using Facebook Custom Audiences)
b) Where we need to share your personal information with people or organisations in order to run our business or comply with any legal and/or regulatory obligations
To comply with our legal obligations
With your consent or explicit consent:
a) For some direct marketing communications
b) For some of our processing of special categories of personal data such as about your health, if you are a vulnerable customer or some criminal records information
For a public interest, such as:
a) Processing of your special categories of personal data such as about your health, criminal records information (including alleged offences), or if you are a vulnerable customer

When do we share your personal information with other organisations?
We may share information with the following third parties for the purposes listed above:

  • Other organisations and businesses who provide services to us such as Glofox, Stripe and PayPal (IT software and maintenance providers and suppliers of other back office functions)
  • We will disclose your personal data to our service providers, including Glofox, which supplies our cloud business management platform and booking apps. Glofox is also subject to certain obligations with regard to the security of your personal data processed via the booking app.
  • However, your rights in relation to the use of your personal data as processed by the Glofox Platform as set out in this privacy statement are owed to you by us and if you have any questions in relation to the use of your personal data by the Glofox Platform, Stripe and PayPal, please contact us using the Contact Us details on our website or email us to samra@head-and-heart-yoga.com

How and when can you withdraw your consent?
Where we’re relying upon your consent to process personal data, you can withdraw this at any time by contacting us using the details below.

Is your personal information transferred outside the UK or the EEA?
We’re based in the UK. Your personal information is not transferred outside the European Economic Area.

What should you do if your personal information changes?
You should tell us so that we can update our records using the details in the Contact Us section of our website. We’ll then update your records if we can.

Do you have to provide your personal information to us?
We’re unable to provide you with our products or services if you do not provide certain information to us. You are however, under no obligation to provide such data, other than your name, address, e-mail address, telephone number and postal address. Any further information we request is completely optional.

Do we do any monitoring involving processing of your personal information?
In this section monitoring means any: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings and other communications.

We may monitor where permitted by law and we’ll do this where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes. This information may be shared for the purposes described above.

For how long is your personal information retained by us?
Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:

  • For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
  • For as long as we provide products and/or services to you
  • Retention periods in line with legal and regulatory requirements or guidance.

What are your rights under data protection laws?
Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not. The right of data portability is only relevant from May 2018.

  • The right to be informed about the processing of your personal information
  • The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
  • The right to object to processing of your personal information
  • The right to restrict processing of your personal information
  • The right to have your personal information erased (the “right to be forgotten”)
  • The right to request access to your personal information and to obtain information about how we process it
  • The right to move, copy or transfer your personal information (“data portability”)

You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/. You can contact us using the details below.

Your right to object
You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us by going to the Contact Us section of our website to exercise these rights.

What are your marketing preferences and what do they mean?
You can stop our marketing at any time by contacting us using the details below or by following the instructions in the communication.

Contact Us
If you have any questions about this privacy notice, or if you wish to exercise your rights or contact the DPO, you can contact us by going to the Contact Us section of our website. Alternatively, you can write to samra@head-and-heart-yoga.com marking it for the attention of the DPO.