Hot Yoga Hastings is fully committed to compliance with the requirements of the Data Protection Act
2018, the UK General Data Protection Requirements and all other data protection legislation currently
in force. The Regulation applies to anyone processing personal data and sets out principles which
should be followed and gives rights to those whose data is being processed.
This privacy notice tells you what to expect us to do with your personal information when you contact us
or enter into a purchase agreement with us.
In this Privacy Notice we’ll tell you:
• why we are able to process your information;
• what purpose we are processing it for;
• whether you have to provide it to us;
• how long we store it for;
• whether there are other recipients of your personal information;
• whether we intend to transfer it to another country; and
• whether we do automated decision-making or profiling.
Hot Yoga Hastings takes its responsibilities seriously and adheres to the Data Protection Principles as
When processing data we will ensure that it is:
• processed lawfully, fairly and in a transparent way
• processed only for the purpose that the data was collected for
• limited to what is necessary
• accurate and kept up to date
• kept for no longer than is necessary
• kept safe and secure
• only shared with others who can demonstrate compliance with the regulations
1. Our contact details
There are many ways you can contact us, including via our contact us page on our website, post or
email as follows:
Name: Hot Yoga Hastings
Postal Address: 21 St Peters Road, St Leonards-on-Sea, East Sussex, TN37 6JG
2. Collecting and processing your personal data
2.1. Our role
Hot Yoga Hastings are a Data Controller. We are not required to register with the Information
Commissioners Office (ICO) and acknowledge their status as our data protection regulator.2.2. How we collect your data and the type of information we collect
We collect the following information from you either directly:
• personal data such as your name and contact details (address, email address, telephone number)
• other personal identifiers such as IP Addresses you use to access our website along with your
When you enter into a contract/agreement with us, to provide health and well-being services, this
Privacy Notice applies. The type of data we may collect is dependent on the service you require:
• Payment card details
• Your name, address, and in some cases your state of health (so we can ensure your safety);
• Your phone number and email address (so you can be contacted as necessary)Where we collect sensitive data, we will always seek your explicit consent first.
Page 1 of 3
2.3. The purpose for collecting and processing it
The data we collect, and process is for one or more of the following reasons:
• When you use our website or to enquire about our services via our website or telephone.
• When you enter into an agreement with us for the provision of health and well-being services
• To comply with any legal obligations
• To notify you of any enhancements or updates to the services we provided to you.
• Where you gave your consent for marketing purposes. You can opt out of this at any time by either
selecting the unsubscribe link shown on marketing emails (if any) or by contacting us directly.
• To manage our business
• Perform the terms of our agreement with you
Your data will not be used for automated decision-making or profiling other when used for analytical
2.4. Lawful bases for processing
In most cases, the lawful bases, or reason(s) for processing your information is in fulfilment of a
contract, for example:
• Where you send a query via our website or telephone requesting information about our services to
help you decide whether to enter into a contract with us.
• In acceptance of our terms and conditions for the supply of our health and well-being services.
In certain circumstances we also use other lawful bases as follows:
• Where you provide us with your specific consent for marketing purposes • To fulfil our regulatory and legal requirements • Our legitimate interests, for example:
o to improve our services;
o to conduct web analytics;
o to administer and protect our business, website and social media profiles;
o for the prevention and detection of fraud and spam; and
o for the establishment, exercise, and defence of legal claims.
2.5. How we store your information, where and for how log
We are committed to ensuring that your data is secure. As such we have put in place appropriate
technical and organisational measures to safeguard it, including the use of user logins and passwords
to our internal systems, secure cloud-based data storage, encryption and anti-virus software.
All data entered onto our website by you is encrypted and securely stored for the duration required to
fulfill your request.
All data entered into and stored within our internal systems are kept for the duration required in order
for us to fulfil our contractual and legal requirements. Where you have given your consent for us to
retain your personal data for marketing purposes, we will retain this until you notify us otherwise. You
can retract your consent at any time by contacting us via firstname.lastname@example.org.
2.6. Third parties we share your data with
We use third party organisations to provide elements of our services on our behalf. We have contracts
in place with these organisations which means that they cannot do anything with your personal
information unless we have instructed them to do so. They will hold it securely for the purposes of and
retain it for the period we instruct. The main organisations we share your data with are:
I. IT and other software providers to enable us to collect and process data in fulfilling your
query, in fulfillment of our agreement with you and for our marketing purposes (based on your
II. Payment card processors to take payment for our services.
We will not share your information with any third parties for the purpose of them marketing their or other
entities services directly to you.
Page 2 of 3
2.7. Third Country Data Processing
There may be occasions, such as when data is stored and/or processed outside of the European
Economic Area (EEA). Where this is the case appropriate organisational and technical measures are
adopted to ensure the protection of your data.
Should you require any further information about the circumstances in which processing of your data
may be outside of the EEA, please contact us.
3. Data Subject Rights
3.1. Your data protection rights
Under the data protection legislation, you have rights including:
I. Your right of access – You have the right to ask us for copies of your personal information.
II. Your right to rectification – You have the right to ask us to rectify information you think is
inaccurate. You also have the right to ask us to complete information you think is incomplete.
III. Your right to erasure – You have the right to ask us to erase your personal information in certain
IV. Your right to restriction of processing – You have the right to ask us to restrict the processing of
your information in certain circumstances.
V. Your right to object to processing – You have the right to object to the processing of your
personal data in certain circumstances.
VI. Your right to data portability – You have the right to ask that we transfer the information you gave
us to another organisation, or to you, in certain circumstances.
VII. You are not normally required to pay any charge for exercising your rights. If you make a
request, we have one month to respond to you.
VIII. Please contact us at: email@example.com if you wish to make a request.
3.2. How to complain
Should you not be entirely satisfied with any aspect of how we have used your data, please contact us
directly and we will endeavour to resolve your query as quickly as possible. Should your query not be
resolved to your full satisfaction you may also complain to the ICO at the following address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
4. Changes to our Privacy Notice
Whenever we make any changes to our Privacy Notice and practices, we will inform you by posting an
updated notice on this page.