Controller: Person (or entity) determining the purpose and means of processing personal data.
Processor: Person (or entity) that processes data on behalf of the Controller.
Personal Data: is information that identifies you as an individual or relates to an identifiable person, such as name, postal address, telephone number, email address, credit card number, and social media account ID. It does not include strings of code such as browser cookie IDs.
Sensitive Personal Data: Data that reveals race or ethnic origin, political opinions, religious or other beliefs, trade union membership, physical or mental health, sex life and criminal background.
Data Subject: A living individual subject of the data.
Data Breach: Any accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.
GDPR: General Data Protection Regulation (the law).
For the purposes of the Data Protection Act 1998 and the GDPR, the data controller is Sanskrit Yoga.
INFORMATION SANSKRIT YOGA COLLECTS ABOUT YOU
As data controller Sanskrit Yoga accepts responsibility for setting clear guidelines to its processors regarding the storing and processing of your data for business and marketing purposes. This includes information collected through our website. In case of a data breach Sanskrit Yoga will do what is legally available and necessary to protect your interests.
Sanskrit Yoga only has access to information that you, the data subject, provide at the point of creating an account via the Sanskrit Yoga website, (www.sanskrit-yoga.co.uk).
Please note that Sanskrit Yoga does not ask for or handle sensitive personal information.
We may collect and process the following data about you:
Information that you provide by filling in forms on our site www.sanskrit-yoga.co.uk. This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services.
Details of transactions you carry out through our site, including invoicing, collecting payment and of the fulfilment of your orders. However, any financial information (including debit and credit card numbers) collected from you is used only in order to authorise payment and bill you for products and services and is not stored by us.
Details of your visits to our site including, but not limited to, traffic data, location data, web blogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
We may also ask you for information when you report a problem with our site.
If you contact us, we may keep a record of that correspondence.
We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
Sanskrit Yoga collects your personal information on the lawful basis of legitimate interest. The information we ask for (for example name, date of birth, address, email address) is to ensure our products and services are used as intended and minimises company loss. (For example it helps us prevent and detect the creation of duplicate accounts and therefore the taking advantage of our offers more than once.)
PROCESSING YOUR DATA
Wix is our Data Processor. Sanskrit Yoga uses and stores data using the Wix platform for all our business activities
As Data Controller Sanskrit Yoga only allows the processing of your personal data to:
Ensure that content from our site is presented in the most effective manner for you and for your computer.
Provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
Carry out our obligations arising from any contracts entered into between you and us.
Allow you to participate in interactive features of our service, when you choose to do so.
Notify you about changes to our service.
WHERE YOUR DATA IS STORED
Your data is stored outside of the EEA and is also processed by staff operating outside the EEA who work for us. Such staff maybe engaged in, among other things, the fulfillment of your booking, the processing of your payment details and the provision of support services.
All information you provide to us is stored on secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
If you are a new customer, we will contact you by electronic means only if you have clearly consented to this. This is shown by you ticking the relevant box on our registration form.
DISCLOSURE OF YOUR INFORMATION
We may disclose your personal information to third parties:
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
If our business or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions of supply and other agreements; or to protect the rights, property, or safety of our business, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
ACCESS / CHANGE / REMOVE INFORMATION
The Data Protection Act gives you the right to access information held about you. Your right of access can be exercised in accordance with this Act. We will not charge a fee unless your request is manifestly unfounded or excessive or you are requesting further copies of your data. In these instances we may charge a reasonable fee for the administrative costs of complying with the request.