Privacy & Data Protection Policy
Yoga Rise Blackpool needs to gather and use certain information about individuals. These can include customers, suppliers, business contacts, and other individuals with whom the organisation has a relationship or may need to contact. This policy outlines the procedures for collecting, handling, and storing personal data to ensure compliance with the companyâs data protection standards and relevant laws.
This data protection policy ensures Yoga Rise Blackpool:
DATA PROTECTION LAW
The Data Protection Act 1998 (and the UK GDPR) outline the requirements for organisations to collect, handle, and store personal information.â¨These rules apply regardless of whether data is stored electronically, on paper, or elsewhere.â¨
To comply with the law, personal information must be collected and used fairly, stored safely, and not disclosed unlawfully.
PEOPLE, RISKS, RESPONSIBILITIES
This policy applies to Yoga Rise Blackpool, including:
It applies to all data that the business holds relating to identifiable individuals, even if that information technically falls outside of the Data Protection Act.
â¨
This can include:
DATA PROTECTION RISKS
This policy helps protect Yoga Rise Blackpool from key data security risks, including:
RESPONSIBILITIES
As the Studio Manager and Data Controller, you are responsible for ensuring that all data is collected, stored, and handled appropriately in line with this policy and data protection principles.
Your responsibilities include:
GENERAL GUIDANCE
DATA STORAGE
Paper records:
Electronic data:
DATA USE
DATA ACCURACY
SUBJECT ACCESS REQUESTS
Requests should be made by email to hello@yogariseblackpool.com.â¨A ÂŁ10 administration fee may apply, and requests will be processed within 14 days.â¨The Studio Manager will verify the requesterâs identity before releasing information.
DISCLOSING DATA â OTHER REASONS
In some instances, personal data may be disclosed to law enforcement agencies without consent, provided the request is legitimate and lawful.
PROVIDING OTHER INFORMATION
Yoga Rise Blackpool ensures individuals are aware that their data is being processed and understand:
PRIVACY STATEMENT
Preserving your privacy is essential to Yoga Rise Blackpool.â¨We are committed to explaining clearly how we use your personal information and handling it responsibly.
References to âweâ, âusâ, âyouâ, or âourâ in this Privacy Statement are references to Yoga Rise Blackpool.
1) Information about you
We collect personal information when you enquire about our services, register for classes, or subscribe to updates.â¨This may include your name, title, email address, postal address, phone number, and relevant health or participation details.
2) Our use of this information
Your personal information will be used to:
3) Security
We take reasonable precautions to prevent loss, misuse, or alteration of your information.â¨Communications may be sent by email; please note that unless encrypted, email is not fully secure.â¨While we maintain virus protection and data security systems, we cannot guarantee all communications are completely virus-free.
4) Cookies
Our website may use cookies to enhance your browsing experience and improve our services.â¨Cookies collect anonymous information such as how long you spend on our site or what you click.â¨You can disable cookies in your browser settings if you prefer.
5) Other information
If you would like us to correct, update, or delete your information, please email: hello@yogariseblackpool.com
This privacy policy may be updated periodically. This policy does not cover external websites linked to ours.
This data protection policy ensures Yoga Rise Blackpool:
- Complies with data protection law and follows good practice
- Protects the rights of customers and partners
- It is open about how it stores and processes individualsâ data
- Protects itself from the risks of a data breach
DATA PROTECTION LAW
The Data Protection Act 1998 (and the UK GDPR) outline the requirements for organisations to collect, handle, and store personal information.â¨These rules apply regardless of whether data is stored electronically, on paper, or elsewhere.â¨
To comply with the law, personal information must be collected and used fairly, stored safely, and not disclosed unlawfully.
- The law is underpinned by key principles stating that personal data must:
- Be processed fairly and lawfully
- Be obtained only for specific and lawful purposes
- Be adequate, relevant, and not excessive
- Be accurate and kept up to date
- Not be held for longer than necessary
- Be processed in accordance with the rights of the data subject
- Be protected appropriately
- Not be transferred outside of the EEA unless adequate protection exists
PEOPLE, RISKS, RESPONSIBILITIES
This policy applies to Yoga Rise Blackpool, including:
- The Studio Manager
- All staff, teachers, or volunteers
- Any contractors, suppliers, or others working on behalf of Yoga Rise Blackpool
It applies to all data that the business holds relating to identifiable individuals, even if that information technically falls outside of the Data Protection Act.
â¨
This can include:
- Names of individuals
- Postal addresses
- Email addresses
- Telephone numbers
- Any other personal details
DATA PROTECTION RISKS
This policy helps protect Yoga Rise Blackpool from key data security risks, including:
- Breaches of confidentiality â information being given out inappropriately
- Failure to offer choice â individuals not given control over how their data is used
- Reputational damage â for instance, if a security breach occurred
RESPONSIBILITIES
As the Studio Manager and Data Controller, you are responsible for ensuring that all data is collected, stored, and handled appropriately in line with this policy and data protection principles.
Your responsibilities include:
- Reviewing all data protection procedures and keeping them up to date
- Ensuring staff or teachers understand their responsibilities
- Handling all data protection questions and subject access requests
- Approving any third-party agreements that handle personal data (e.g., booking systems, cloud storage providers)
- Ensuring all systems and services used for storing data meet acceptable security standards
- Performing regular checks to ensure software and security systems are functioning properly
- Ensuring marketing initiatives comply with data protection principles
GENERAL GUIDANCE
- Only people who need access to personal data for their work should have it.
- Data should not be shared informally or unnecessarily.
- Strong passwords must be used and never shared.
- Personal data should not be disclosed to unauthorised individuals.
- Data should be reviewed regularly and deleted when no longer required.
DATA STORAGE
Paper records:
- Keep in a locked drawer or cabinet.
- Shred securely when no longer required.
Electronic data:
- Protect with strong passwords and approved security software.
- Store only on designated drives or secure cloud storage.
- Do not save data directly to laptops or mobile devices.
- Ensure regular backups are made and tested.
DATA USE
- Personal data is only useful if used appropriately and securely.
- Lock computer screens when unattended.
- Do not send personal data by unencrypted email.
- Encrypt data before transferring it electronically.
- Never transfer personal data outside of the EEA.
- Always access and update the central copy of data.
DATA ACCURACY
- It is the Studio Managerâs responsibility to ensure data is accurate and up to date.
- Verify information with clients regularly.
- Remove or correct inaccurate data promptly.
- Maintain a single, central database rather than multiple lists.
- Review marketing databases at least every six months.
SUBJECT ACCESS REQUESTS
- Individuals are entitled to:
- Ask what information Yoga Rise Blackpool holds about them and why
- Request access to their data
- Ask how to correct or update it
- Understand how Yoga Rise Blackpool complies with data protection law
Requests should be made by email to hello@yogariseblackpool.com.â¨A ÂŁ10 administration fee may apply, and requests will be processed within 14 days.â¨The Studio Manager will verify the requesterâs identity before releasing information.
DISCLOSING DATA â OTHER REASONS
In some instances, personal data may be disclosed to law enforcement agencies without consent, provided the request is legitimate and lawful.
PROVIDING OTHER INFORMATION
Yoga Rise Blackpool ensures individuals are aware that their data is being processed and understand:
- How their data is used
- How to exercise their rights
- A privacy statement sets out how data is used and protected.
PRIVACY STATEMENT
Preserving your privacy is essential to Yoga Rise Blackpool.â¨We are committed to explaining clearly how we use your personal information and handling it responsibly.
References to âweâ, âusâ, âyouâ, or âourâ in this Privacy Statement are references to Yoga Rise Blackpool.
1) Information about you
We collect personal information when you enquire about our services, register for classes, or subscribe to updates.â¨This may include your name, title, email address, postal address, phone number, and relevant health or participation details.
2) Our use of this information
Your personal information will be used to:
- Process bookings and class registrations
- Provide you with updates or information about our services
- Notify you of changes, offers, or events you may be interested in
3) Security
We take reasonable precautions to prevent loss, misuse, or alteration of your information.â¨Communications may be sent by email; please note that unless encrypted, email is not fully secure.â¨While we maintain virus protection and data security systems, we cannot guarantee all communications are completely virus-free.
4) Cookies
Our website may use cookies to enhance your browsing experience and improve our services.â¨Cookies collect anonymous information such as how long you spend on our site or what you click.â¨You can disable cookies in your browser settings if you prefer.
5) Other information
If you would like us to correct, update, or delete your information, please email: hello@yogariseblackpool.com
This privacy policy may be updated periodically. This policy does not cover external websites linked to ours.
