Unfortunately, it is in the nature of things that these explanations sound very technical, but we have tried to describe the most important things as simply and clearly as possible when creating them.
What is Personal Data?
Personal data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not personal data. This includes, for example, the number of users of a website.
Responsible for data processing
Responsible for data processing in accordance with the provisions of the GDPR and DPA is:
Urban Yoga Lab
Soho works, 72-74 Dean St,
Soho, London, W1D 3SQ
Phone: +44 1589306851
General information on data processing
In the course of our business and website operations, we process data. This also includes disclosure by transmission to third parties and, where applicable, to so-called third countries outside the UK and the EEA. Where we transfer data outside the UK or EEA, we have highlighted this accordingly below.
All personal data that we obtain from you via the website will only be processed for the purposes described in more detail below. This is done within the framework of the respective legal regulations mentioned or only with your consent.
In particular, Art. 6 GDPR specifies when data processing is permitted. Urban Yoga Lab collects personal data if:
- you have given your consent (Art. 6 para. 1 lit. a GDPR),
- the data is necessary for the fulfilment of a contract / pre-contractual measures (Art. 6 para. 1 lit. b GDPR),
- the data is necessary for the fulfilment of a legal obligation (Art. 6 para. 1 lit. c GDPR) or
- the data is necessary to protect the legitimate interests of our company, provided that your interests are not overridden (Art. 6 para. 1 lit. f GDPR).
Urban Yoga Lab processes and stores your personal data only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period (in particular commercial and tax law) exists. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.
- a) Hosting
To provide our website, we use the services of WP ENGINE who process the below-mentioned data and all data to be processed in connection with the operation of our website on our behalf. The legal basis for the data processing is our legitimate interest in providing our website.
- b) Collection of access data and log files
We also collect data on every access to our website. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the respective incident is finally clarified. The legal basis for the data processing is our legitimate interest in providing an appealing website.
- c) Contacting us
If you contact us, we process the following data from you for the purpose of processing and handling your enquiry: Name, contact details (phone number and e-mail address) -if provided by you- and your message. The legal basis of the data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations and/or our legitimate interest in processing your enquiry.
- d) When you use our services
When you are using our interactive online health and well-being platform, we provide a series of features including face-to-face, virtual health and well-being coaching, classes, webinars and workshops to improve workforce well-being. Doing so we process various data within the framework of the provision of our services and for the initiation and processing of the existing contractual relationship between you and us. If you have commissioned us to provide a service, we process your personal data and all information that is necessary in the context of fulfilling the services, exclusively for the purpose of processing and handling the contractual relationship.
Further and through the performance of our services we may routinely collect Special Category data.
Special category data is personal data that needs more protection because it is sensitive. This may include personal data revealing racial or ethnic origin, religious or philosophical beliefs, genetic data, biometric data, or data concerning health. If the processing of Special Category data during the course of the provision of services becomes necessary, we need to obtain the data subjects consent in Article 9 Para. 2 lit. c), h) GDPR.
In this context, consent means any freely given indication of the data subject’s wishes for the specific case in an informed and unambiguous manner, in the form of a declaration or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.
Accordingly, and when you use our services, the data is processed on the basis of fulfilling our contractual obligations as well as to fulfil our legal obligations and the consent of the relevant service user.
- e) When using our platform
We process the data of our users, registered users, and any test users in order to be able to provide our contractual services to them as well as on the basis of legitimate interests in order to ensure the security of our offer and to be able to develop it further. The required information is identified as such in the context of the order, purchase order or comparable contract conclusion and includes the information required for the provision of services and billing as well as contact information.
Unless otherwise specified the purposes of processing are Contractual performance and service, contact requests and communication, office and organizational procedures, administration, and response to requests, visit action evaluation, interest-based and behavioral marketing.
- f) Administration, financial accounting, service organisation, contact management
We process data within the scope of administrative tasks as well as organisation of our business, financial accounting, service organisation and compliance with legal obligations, such as archiving.
In doing so, we process the same data that we process in the context of providing our contractual services. The purpose and our interest in the processing lies in the administration, financial accounting, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information mentioned in these processing activities.
In this context, we disclose or transmit data to the tax authorities, consultants such as tax advisors or auditors as well as other fee offices and payment service providers. Accordingly, the data is processed on the basis of fulfilling our contractual obligations as well as to fulfil our legal obligations.
- g) Calendly
For booking an appointment in an easy and convenient way, we use Calendly. Your data from the form will be transferred to our appointment account at Calendly after you press the “Book appointment” button. You will then receive a confirmation email with a link to the event. Your data will be kept at Calendly until the purpose for storing the data no longer applies (appointment made) or you request us to delete it. Calendly undertakes not to pass on your data to third parties. The legal basis is your consent as well as our legitimate interest.
- h) Content Management System (CMS)
We also use the Content Management System (CMS) of WordPress a service provided by Automattic Inc, to publish and maintain the created and edited Content and texts on our website and to provide the forms used. This means that all content and texts submitted to us by users for publication is transferred to WordPress. In addition to texts, this also includes, for example your data in our forms. This represents a legitimate interest.
- i) Content Delivery Network (CDN)
We also use the content delivery network (CDN) of Cloudflare, Inc.. A content delivery network (CDN) refers to a geographically distributed group of servers which work together to provide fast delivery of Internet content and to protect from common malicious attacks, such as Distributed Denial of Service (DDOS) attacks. This represents a legitimate interest.
Whenever you browse the Internet, you use a browser. Most websites store small text files in your browser. These files are called cookies.
These cookie files are automatically placed in the cookie folder, effectively the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.
Cookies store certain user data about you, such as language or personal page settings. When you return to our site, your browser transmits the “user-related” information back to our site. Thanks to cookies, our site knows who you are and offers you your usual default setting.
There are two classes of cookies, namely first-party cookies and third-party cookies.
First-party cookies are created directly by our site, third-party cookies are created by partner websites. Each cookie must be evaluated individually, as each cookie stores different data. Also, the expiration time of a cookie varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other “pests”. Cookies also cannot access information on your PC.
What types of cookies are there?
We can distinguish between 3 types of cookies:
- i) Essential or Necessary cookies
These cookies are essential or necessary to ensure that our website works properly and is secure so that you can navigate our website and use its features. Without these cookies, certain features of our website would not be available, and you would not be able to use certain services.
- ii) Functional cookies
Functional cookies allow a website to remember the options you have selected (including user ID, consents you have given and/or your preferred language), your username if applicable, and any custom settings you have made (e.g., font sizes) or personalisation options you have selected when browsing.
iii) Analysis and performance cookies
Analysis and performance cookies are used to monitor and improve the function and service of a website. They can also help us track down problems you may encounter when using an online service. Analysis and performance cookies may be used to facilitate online surveys, record visitor numbers, and provide other website analytics metrics.
The cookies we use that require your consent
Google will use this information on our behalf for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. In doing so, pseudonymous user profiles can be created from the processed data.
The IP address transmitted by your browser will not be merged with other data from Google. You can prevent the storage of cookies by setting your browser accordingly. You can also prevent the collection of the data generated by Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
How can I delete cookies?
Duration of data storage
We only store personal data for as long as it is necessary for the purposes for which it is processed or for as long as any consent you have given us has been revoked by you. Insofar as statutory retention obligations must be observed, the storage period for certain data may be up to 6 years, irrespective of the processing purposes.
Transfer of personal data
We will not disclose or otherwise distribute your personal data to third parties unless this:
- is necessary for the performance of our services,
- you have consented to the disclosure,
- or the disclosure of data is permitted by relevant legal provisions.
However, we are entitled to outsource the processing of your personal data in whole or in part to external service providers acting as processors within the framework of the DPA and GDPR. External service providers support us, for example, in the technical operation of the service organisation and support of the website, data management, the provision and performance of services, marketing, as well as the implementation and fulfilment of reporting obligations.
The service providers commissioned by us however will process your data exclusively in accordance with our instructions and we remain in accordance with the DPA and the GDPR responsible for the protection of your data. Doing so we always make sure that service providers commissioned by us are carefully selected, follow strict contractual regulations, technical and organisational measures, and additional controls by us.
We may also disclose Personal Data to third parties if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfil our legitimate interests.
Advertising and Marketing
We use the data you provide to fulfil and process our contract and to respond to your enquiries in or on the basis of your consent. Insofar as you have also given us your separate consent to process your data for consulting, marketing and advertising purposes, Urban Yoga Lab is entitled to contact you for these purposes via the communication channels you have given your consent to.
You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.
Direct Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe (or opt out).
We are present in “social media” (currently, LinkedIn, Instagram, YouTube, TikTok and Facebook) in order to communicate with our customers, interested parties and users registered there and to be able to inform them about our offers. We would like to point out that you use social media platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating). We, as the provider of our Social Media Profile, do not collect and process any data from your use of our social media platforms and beyond this. The processing of users’ personal data is based on our legitimate interests in providing users with effective information and communicating with users.
Automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR does not take place at Urban Yoga Lab.
Your data subject rights
These rights are standardised in the DPA and the GDPR. These include:
- the right to information (Art. 15 GDPR),
- the right to rectification (Article 16 GDPR),
- the right to erasure (Article 17 GDPR),
- the right to restriction of data processing (Article 18 GDPR),
- the right to data portability (Article 20 GDPR),
- the right to object to data processing (Article 21 GDPR),
- the right to revoke any consent you have given (Art. 7 (3) GDPR), and
- the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR).
Please contact us at any time with questions and suggestions regarding data protection and to enforce your rights as a data subject.
We encourage you to get in touch if you have any concerns with how we collect or use your personal data. You also have the right to lodge a complaint with your local data protection supervisory authority or the Information Commissioners Office (ICO), which is the relevant authority in the UK.
The ICO is located at Wycliffe House, Water Ln, Wilmslow SK9 5AF, UK and their website can be found at www.ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO or any other supervisory authority.
State-of-the-art internet technologies are used to ensure the security of your data. During the online enquiry process, your details are secured with SSL encryption. For secure storage of your data, the systems are protected by firewalls that prevent unauthorised access from outside. In addition, technical and organisational security measures are used to protect the personal data you have provided against accidental or intentional manipulation, loss, destruction or access by unauthorised persons.
Updating your information
If you believe that the information we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.
Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal information, notably where such requests would not allow us to provide our service to you anymore.
Links to other providers
Our website also contains – clearly recognisable – links to the websites of other companies. Insofar as there are links to websites of other providers, we have no influence on their contents. Therefore, no guarantee or liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the content of these pages.
The linked pages were checked for possible legal violations and recognisable infringements at the time of linking. Illegal contents were not recognisable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of a legal violation. Such links will be removed immediately if infringements of the law become known.
Concerns and Contact
If you have any concerns about a possible compromise of your privacy or misuse of your personal information on our part, or any other questions or comments, you can contact us.
Who should I contact for more information?
Urban Yoga Lab
Soho works, 72-74 Dean St,
Soho, London, W1D 3SQ
Phone: +44 1589306851