The Yoga Shed Limited (“The Yoga Shed”, or collectively referred to in these Conditions as “we”, “us” and “our”), is committed to protecting and respecting your privacy. This policy (together with the Terms and Conditions of Use and any other documents we refer to in this policy or the Terms and Conditions of Use) set out how we will use your personal information and who it will be shared with. Please read the following carefully.
WHAT INFORMATION DO WE COLLECT ABOUT YOU?
- We may collect and process the following data about you (“your information”):
- Information that you submit online via our site when you register and / or login;
- Any correspondence you send to us or when you email us;
- Details of your visits to our site and the resources that you access (which may include, amongst other things; traffic data, communication data, purchase data and performance data);
- Details of memberships purchased on the site; and
- Reservations you make for classes.
HOW WILL WE USE YOUR INFORMATION?
- We use your information in the following ways:
- to ensure that our site’s content is presented as effectively as possible for you;
- for our internal purposes, such as quality control, site performance, system administration and to evaluate use of our site, so that we can provide you with enhanced services;
- to notify you about changes to our services;
- to provide you with information, products or services that you request from us, or which we feel may interest you (provided of course that you agree);
- to create reports to assist with future marketing;
- to carry out our obligations arising from any contracts with you (including processing your payment for credits and to reserve your place in The Yoga Shed classes when you have made a booking); and
- We may monitor your use of our site and record your email address and/or IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical information about our users’ browsing actions and patterns and does not identify any individual.
- We only keep your information for as long as is necessary.
WHO DO WE SHARE YOUR INFORMATION WITH?
- If we sell or buy any business or assets, (as we may share your data with the prospective seller or buyer);
- If we or substantially all of our company assets are acquired by another party, in which case your information will be one of the transferred assets;
- If we have to share your information to comply with legal or regulatory requirements, or if we have to enforce or apply our Terms and Conditions of Use or any other agreements or to protect our rights, property or our customers etc. This may involve exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- We may also share your information with third parties who provide services to us.
HOW DO WE KEEP YOUR INFORMATION SECURE?
- All your information is stored on our secure servers. Any payment transactions will be encrypted. If you have a username, password or other login details which enable you to access certain parts of our site, you must not allow any other person to use them and must treat them as confidential. If you believe or suspect that someone else knows your login details you must contact us at firstname.lastname@example.org as soon as possible. Please also see our Terms and Conditions of Use.
- Unfortunately, the transmission of information via the internet is not completely secure. Although we will apply our normal procedures and comply with legal requirements to protect your information, we cannot guarantee the security of your information transmitted to our site and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
- Our site may from time to time contain links to and from other websites. If you follow a link to any of those sites, please note that those sites ought to have their own privacy policies and that we do not accept any responsibility or liability for those sites or for their privacy policies. Please check those privacy policies before you submit your information to those sites.
- You have the right to access your information and should direct any request for your information to us at The Yoga Shed
- You have the right to rectify your information by sending us a written request to us at email@example.com
- You have the right to ask us not to process your information or pass your information to other companies or organisations) for marketing purposes. You can tick the appropriate box on the forms when we collect your information.
- If you have a complaint about how we have used your information, you have the right to complain to the Information Commissioner’s Office.
HOW TO CONTACT US
2.2 Data Security
2.2.1 Location and Backup. All Subscriber Data is located on secure servers, or backup directories that require access authentication.
2.2.2 Firewalls. All secure servers are protected by multiple, redundant firewalls and intrusion detection and prevention systems that are regularly monitored and tested (details of firewall configuration are not shared publicly for maximum security).
2.2.3 TLS Encryption. Transport Layer Security data encryption is employed to protect all data access across the Internet.
2.2.4 Qualified Security Assessor (QSA). Approved Scanning Vendor (ASV), delivers accurate vulnerability scanning and actionable reporting, that enables the MINDBODY Network Operations Centre to quickly rank risks and gauge compliance against PCI-DSS Standards. Daily Vulnerability Assessments monitor the MINDBODY network perimeter against daily threats to help protect MINDBODY from hackers, data breaches, adware, spyware, pop-ups, browser exploits, and phishing attempts.
2.3 Data Center SSAE 18 Type II and Type III Compliance
2.3.1 SSAE 18 Type II and Type III Compliance.MINDBODY hosts Your Data at multiple secure and redundant data centres in geographically diverse locations. Each data centre is secured and monitored 24x7x365 by a staff of highly trained data centre facility experts. The primary data centre features:
a A Zone 4 earthquake-rated reinforced structure;
b Multiple redundant, enterprise switching hardware at every stage;
c A monitoring system providing real-time data on equipment operation, enabling instant identification of problems;
d Multiple paralleled N+1 UPS modules configured in redundant systems allow for A/B power configuration;
e 20 megawatts of expandable N+1 power backup utilising generators;
f A Very Early Smoke Detection Alarm (VESDA) early smoke detection with pre-action dry pipe fire suppression systems;
g Multiple fiber route entrances to structures;
h Access control systems leveraging a biometric scan and personal identification number (PIN), with separate locks for all MINDBODY server cabinets; and
i The backup data centre features the same facility specifications as the primary data centre. The backup data centre receives a backup of subscriber data at least once per 24-hour period.
2.4 Physical and Personnel Security
2.4.1 Physical Security Measures. Physical access to the primary data centre and the backup data centre is restricted by 24x7x365 on-site security and Network Operations Centre staff. The facility is controlled by alarm systems with cameras on perimeter points of the building along with video and camera surveillance within the facility. Multi-level access authorisation with man trap, biometric verification and security controlled access level assignments are used to verify a limited number of MINDBODY authorised personnel who have been granted access.
2.4.2 Personnel Security Measures. Background Checks and NDA Agreements. Our technical and management personnel with access to Subscriber Data are subjected to background checks prior to hiring, and must sign non-disclosure and data security agreements that protect both MINDBODY and Subscriber Data.
Transfer Restrictions. Our personnel are not permitted to transfer Subscriber Data onto any hard drive, flash drive, mobile device, or other storage device, except those contained within either the primary data centre or backup data centre. Subscriber Data is not transferred to MINDBODY corporate workstations.
- Changes to this Security Policy
We may, in Our sole discretion, make changes to this Security Policy from time to time. Any changes We make will become effective when We post a modified version of the Security Policy to Our Website, and We agree the changes will not be retroactive.