Shambhala Yoga Limited takes the security and privacy of our customers very seriously. This Privacy Policy is designed to provide you with important information about Shambhala Yoga’s use of personal data as required by the EU GDPR.

About us and this privacy policy

This privacy policy aims to give you information on how we collect, use, share, store, process and protect your personal data through your use of this website, including any data you may provide through the website when you sign up for our newsletter, submit a contact form or make a purchase.

This website is not intended for children and we do not knowingly collect data relating to children. Where we become aware that a child has provided us with personal data, we will take steps to remove the data.

You should read this privacy policy together with any other privacy policy we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

How to contact us about your personal data or this privacy policy

If you have any questions about this privacy policy or about the personal data we hold about you, please email the  Manager at infor@shambhalayogascotland.com

The Data Controller for all personal data collected via this website is Shambhala Yoga Limited, with its registered trading office at:

Islay House West, Livilands Lane, Stirling, FK8 2BG

As the Data Controller, we are responsible for deciding what data we collect and how we hold and use your personal data. We will implement appropriate data security measures for protecting the data from unauthorised access and loss, as laid out in the Data Security section of this policy

Your Personal Data

Shambhala Yoga Limited will only use your personal information to administer your account and to provide the products and services you have requested from us.   Your personally identifiable information is kept secure. Only authorised employees, agents and contractors (who have agreed to keep information secure and confidential) have access to this information.  We ask you to ‘opt in’ to receiving marketing emails (this can be done on our booking system).  All emails and newsletters from our sites allow you to opt out of further mailings.

Shambhala Yoga Limited will never sell trade, rent, exchange or otherwise share your personal information with any other person, company or organization.

Shambhala Yoga Limited stores information about its members. via our online booking software “TeamUp” (https://goteamup.com). Details of what Personal Data is collected and how it is used can be found on Team ups full Privacy Policy here.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Marketing emails

The lawful basis for processing your personal data to send you marketing emails is either Legitimate Interest or consent. We use your personal data to send you regular emails about topics relating to the subject matter of this website, as well as company news, information about upcoming training opportunities and other products and services of ours and partner companies which we think may be of interest to you.

We also gather behaviour data around open-rates, click through rates etc, to help us monitor and improve our email marketing.

We never rent, sell or trade email lists with other organisations and businesses.

If you have consented to receive marketing, you may opt out at any time by clicking the Unsubscribe link at the bottom of any of our emails or by writing to us at the address above. If you opt-out of receiving our marketing emails, you may still receive transactional emails necessary for the delivery of a product or service.

Live-streamed Online Classes

We have launched a live-stream online service in March 2020 , offering our classes live-streamed to our clients.  We use the Zoom Cloud Meetings software to stream the live classes to users.

We will not play music during these livestream classes.

To respect user privacy, our default settings are set to mute users audio when they join the practice, and users have the option to turn off their own camera. Users may use any chosen ‘name’ when joining the practice. If you switch on your audio, or leave the camera running then other participants may see or hear your audio or visuals.
Please note that users that they are not permitted to record any part of the livestream practice.

We will record livestream classes and you are asked to consent to this before joining. These are then provided to members who want to watch the class at a later date. Teachers ensure that no participants are in the edited version of the recording which is sent.

Hybrid Classes

As of 1st September 2020 we will be running some of our livestream online classes at the same time as our in person classes in studio. The teacher will ensure that the camera is only in direct view of them and not anyone participating in the class.

We ask that both online & in person students complete our privacy consent waiver when booking into the class.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Social Media

Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.

Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.

This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.

Contact forms/Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Pop Ups

We use a Popup Software (Hustle) and the information contained in this section relate to this software specifically. When visitors or users submit a form or view a module, we capture the IP Address for analysis purposes. We also capture the email address and might capture other personal data included in the form fields.

When visitors or users submit a form or view a module we retain the data for 30 days.

All collected data might be shown publicly and we send it to our workers or contractors to perform necessary actions based on the form submission.

By default, Hustle uses cookies to count how many times each module is visualized. Cookies might be used to handle other features such as display settings, used when a module should not be displayed for a certain time, whether the user commented before, whether the user has subscribed, among others, if their related settings are enabled.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with / How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Our contact information

SHAMBHALA YOGA
Islay House West, Livilands Lane, Stirling, FK8 2BG
Tel: 07380307463 or 07961825500
Email: info@shambhalayogascotland.com

Additional information

The website of Shambhala Yoga (https://www.shambhalayogascotland.com/ )collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.

When using these general data and information, Shambhala Yoga does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimise the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, Shambhala Yoga analyses anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

Industry regulatory disclosure requirements

Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR.

Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the above mentioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).

Your legal rights

Unless subject to an exemption under the data protection laws, you have the following rights with respect to your personal data:

If you wish to exercise any of the rights set out above, please contact our Manager at the address mentioned above.

No fee required – with some exceptions

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable admin fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Changes to this notice and your duty to inform us of changes

We aim to adhere to the highest standards of data privacy and so our policies and procedures are constantly being reviewed and updated where necessary. It is therefore recommended that you check this page periodically to review the latest version.

In order for us to maintain these high standards it is important that the personal data we hold about you is accurate and current, therefore please inform us if your personal data changes during your relationship with us.

Queries, Requests or concerns

To exercise all relevant rights, queries or complaints in relation to this policy or any other data protection matter between you and us, in the first instance please contact our Manager on 07961825500 or email info@shambhalayogscotland.com.

If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031 231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.