Purpose of policy
We are committed to protecting your personal information and being transparent about what information we hold about you.
Using personal information allows us to develop a better understanding of our patrons and in turn to provide you with relevant and timely information about the work that we do - both on and off stage.
The purpose of this policy is to give you a clear explanation about how we [and all of our subsidiaries] collect and use the information we collect from you directly and from third parties.
We use your information in accordance with all applicable laws concerning the protection of personal information. This policy explains:
- What information we may collect about you
- How we may use that information
- In what situations we may disclose your details to third parties
- Information about how we keep your personal information secure, how we maintain it for and your rights to be able to access it
If you have any queries about this policy, please contact firstname.lastname@example.org
Who we are
Tramshed Studio Limited are a health and well-being operator. We are registered as a company in England and Wales under registration number 10763214.
We collect various types of information and in a number of ways:
Information you give us
For example when you register on our website or purchase tickets from our event partners, we may store personal information you give us such as your name, email and postal address. We may also store a record of your purchases.
Information about your interactions with us
For example, when you visit our website, we may collect information about the browser you’re using, your IP address (this is a number that identifies a specific network device on the internet and is required for your device to communicate with websites), what sites you came from and how you interact with our content.
When we send you an email we may collect information on how you respond such as the number of times you have opened emails or the links in them that are clicked.
Please see our Cookies Policy at the bottom of this document for more information.
Sensitive personal data
Data Protection law recognises that certain categories of personal information are more sensitive such as race, religious beliefs and political opinions. We do not collect this type of information about our patrons unless there is a clear reason for doing so.
In the event of a data breach, in accordance with GDPR regulation, we will disclose to the ICO regulator within 72 hours.
There are three bases under which we may process your data:
When you make a purchase from us, you are entering into a contract with us. In order to perform this contract we need to process and store your data. For example we may need to contact you by email in the case of cancellation of a yoga class, or in the case of problems with your payment.
Legitimate business interests
In certain situations we collect and process your personal for purposes that are in our legitimate organisational interests. However we only do this if there is no overriding prejudice to you by using your personal information in this way. We describe below all situations where we may use this basis for processing.
With your explicit consent
For any situations where the two bases above are not appropriate, we will instead ask for your explicit consent before using your personal information in that specific situation.
We aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this we use data that we have stored about you, such as what events you have booked for in the past, as well as any interactions or preferences you may have told us about.
We use our legitimate organisational interest as the legal basis for the following communications. In the case of email, we will give you an opportunity to opt out of receiving them during your first booking with us or registering to receive direct marketing from our websites. If you do not opt out, we will provide you with an option to unsubscribe in every email that we subsequently send you, or you can alternatively use the contact details at the end of this policy.
Other processing activities
In addition to marketing communications, we also process personal information in the following ways that are within our legitimate organisational interests:
We may analyse data we hold about you to ensure that the content and timing of communications that we send you are as relevant to you as possible.
We may analyse data we hold about you in order to identify and prevent fraud.
In order to improve our website we may analyse information about how you use it and the content that you interact with.
In all of the above cases we will always keep your rights and interests at the forefront to ensure they are not overridden by your own interests or fundamental rights and freedoms. You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy. Please bear in mind that if you object this may affect our ability to carry out tasks above that are for your benefit.
There are certain circumstances under which we may disclose your personal information to third parties. These are as follows:
To our own service providers who process data on our behalf and on our instructions (for example our booking system software provider, MINDBODY). In these cases we require that these third parties comply strictly with our instructions and with data protection laws, for example around security of personal data.
Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies).
Maintaining your personal information
When you have confirmed a yoga booking or signed up to our mailing list, we may store your personal information indefinitely such that for any subsequent purchases or interactions you make we are able to link them back to a single unique record that we hold for you on our system.
If there are aspects of your record that are inaccurate or that you would like to remove, you can do so by using the contact details at the end of this policy to get in touch.
Any objections you make to any processing of your data will be stored against your record on our system so that we can comply with your requests.
Security of your personal information
We will put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible. We will ensure that any third parties we use for processing your personal information do the same.
Our booking system software provider MINDBODY stores all data in servers and backup servers located in the United States. MINDBODY has Privacy Shield certification which complies with GDPR regulations related to transferring data outside of the EU. Click here for a detailed explanation of how the Privacy Shield requirements align with the new GDPR guidelines.
Your rights to your personal information
You have a right to request a copy of the personal information that we hold about you and to have any inaccuracies in this data corrected. Please use the contact details at the end of this policy if you would like to exercise this right.
From time to time we may change our privacy practices. We will notify you of any changes to this Policy as required by law. We will also post an updated copy on our website. It will have a different date from the one set out below. Please check our site periodically for updates.
Contact details and further information
Last Updated- May 2018
Next Review Date- November 2018