Controller: Person (or entity) determining the purpose and means of processing personal data.
Processor: Person (or entity) that processes data on behalf of the Controller.
Personal Data: is information that identifies you as an individual or relates to an identifiable person, such as name, postal address, telephone number, email address, credit card number, and social media account ID. It does not include strings of code such as browser cookie IDs.
Sensitive Personal Data: Data that reveals race or ethnic origin, political opinions, religious or other beliefs, trade union membership, physical or mental health, sex life and criminal background.
Data Subject: A living individual subject of the data.
Data Breach: Any accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.
GDPR: General Data Protection Regulation (the law).
INFORMATION WE MAY COLLECT FROM YOU
As data controller MoreYoga accepts responsibility for setting clear guidelines to its processors regarding the storing and processing of your data for business and marketing purposes. This includes information collected through our website and the MoreYoga app. In case of a data breach MoreYoga will do what is legally available and necessary to protect your interests.
MoreYoga affiliates only have access to information that you, the data subject, provide at the point of creating an account or signing up for a newsletter via the MoreYoga website, (www.moreyoga.co.uk), or the MoreYoga app, given that you have not otherwise interacted with those companies. MoreYoga does not take responsibility for information provided to its affiliates that were not acquired at the point of registration on the MoreYoga website/app or were not provided to us directly using other means of communication.
For example if you register an account with MindBody using www.mindbodyonline.com or the MindBody app, MoreYoga does not take responsibility for personal information provided using those means.
Please note that MoreYoga and its affiliates do not ask for or handle sensitive personal information.
We may collect and process the following data about you:
- Information that you provide by filling in forms on our site www.moreyoga.co.uk (“our site”). This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services.
- Details of transactions you carry out through our site, including invoicing, collecting payment and of the fulfillment of your orders. However, any financial information (including debit and credit card numbers) collected from you is used only in order to authorise payment and bill you for products and services and is not stored by us.
- Details of your visits to our site including, but not limited to, traffic data, location data, web blogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
- Location Data: If you authorise it, the MoreYoga app collects your location data. This is to enable the self sign in function when you are close enough to the studio and to prevent false log ins through the app.
We may also ask you for information when you report a problem with our site.
If you contact us, we may keep a record of that correspondence.
We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
MoreYoga collects your personal information on the lawful basis of legitimate interest. The information we ask for (for example name, date of birth, address, email address) is to ensure our products and services are used as intended and minimises company loss. (For example it helps us prevent and detect the creation of duplicate accounts and therefore the taking advantage of our offers more than once.)
PROCESSING YOUR DATA
MindBody (MindBody Inc.) is our Data Processor. MoreYoga stores and processes data using the MindBody platform for all our business activities.
As Data Controller MoreYoga only allows the processing of your personal data to:
- Ensure that content from our site is presented in the most effective manner for you and for your computer.
- Provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- Carry out our obligations arising from any contracts entered into between you and us.
- Allow you to participate in interactive features of our service, when you choose to do so.
- Notify you about changes to our service.
For more details about how MindBody Inc. handles your data please see www.mindbodyonline.com/privacy-policy
To read in more detail about the relationship of us and our Processor please see the Privacy Annex on the MindBody website: www.mindbodyonline.com/terms-of-service/privacy-annex
WHERE YOUR DATA IS STORED
Your data is stored outside of the EEA and is also processed by staff operating outside the EEA who work for us. Such staff maybe engaged in, among other things, the fulfillment of your booking, the processing of your payment details and the provision of support services.
All information you provide to us is stored on secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
For more information about how your data is stored and processed please see https://www.mindbodyonline.com/privacy-policy
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
If you are an existing customer, meaning that you registered an account on our website prior to 25/05/2018, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale to you. You can at any time unsubscribe any time by clicking “Unsubscribe” in the emails and following the instructions in the texts. Or by emailing firstname.lastname@example.org
If you are a new customer, we will contact you by electronic means only if you have clearly consented to this. This is shown by you ticking the relevant box on our registration form. MoreYoga does not allow marketing communication to be sent to you from any of our affiliates or other third parties without seeking your consent first. You can unsubscribe any time as mentioned previously.
As explained in (3) is our main Data Processor. For details please read above.
- We use MailChimp to manage our mailing list for our newsletter and other marketing communication. MailChimp only has access to your name and email address and is not authorised to send you marketing communication in relation to any of their products and services. Mailchimp does not sell lists or email addresses. For more information please see https://mailchimp.com/legal/privacy/
- Perkville is the awesome company that allows you to create points every time you use MoreYoga services. You then can use those points to turn them into perks. Perkville has the same information of you as us. The data is only processed for business purposes and to be able to identify you if there is a problem with your account. For more information please see: https://www.perkville.com/privacy/
Please note that our Data Processors use Sub-Processors to be able to fulfil their tasks. Sub-Processors are bound by the GDPR as long as they handle personal data of EEA citizens. In addition, agreements between Processors and Sub-Processors cannot violate agreements between the Data Controller and the Data Processor.
IP ADDRESSES AND COOKIES
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service.
They enable us:
- To estimate our audience size and usage pattern.
- To store information about your preferences, and so allow us to customise our site according to your individual interests.
- To speed up your searches.
DISCLOSURE OF YOUR INFORMATION
We may disclose your personal information to third parties:
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
If our business or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions of supply and other agreements; or to protect the rights, property, or safety of our business, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
ACCESS / CHANGE / REMOVE INFORMATION
The Data Protection Act gives you the right to access information held about you. Your right of access can be exercised in accordance with this Act. We will not charge a fee unless your request is manifestly unfounded or excessive or you are requesting further copies of your data. In these instances we may charge a reasonable fee for the administrative costs of complying with the request.
MindBody Self Service Privacy Portal
You can also update your account information by logging in to your account using the MindBody Portal. To access this page, you will be given the option to subscribe or unsubscribe through one of the following:
- Your automated emails from MINDBODY
- From the MINDBODY app or
- Via the link in your client account online
After clicking on one of these links, you’ll notice the Data Options tab located next to Communication Preferences. Here you can request access to, remove or alter your data.
MoreFit Ltd. 41 Oakdale Road, London, N4 1NU
Last update: 24 May 2018