Fertility Yoga Privacy Notice
1. Process Controller’s identity and contact details
Fertility Yoga Ltd act both as a data controller for their own business information and a processor for their customers. You can contact us by emailing lisa@fertilityyoga.co.uk.
2. What information is collected
We store your company name (if applicable), full name, address(es), phone number(s) and email address(es).
3. How your information will be used
No information is ever passed to a third party. We use your information only to communicate with you, bill you and deliver the services you have requested us to provide.
4. Legal basis for processing your data
Our legal basis for processing your data is three fold:
a. The contract (verbal or written) between us to provide information, quotations or the service requested.
b. Our legal obligation to maintain registered accounts.
c. Your explicit consent is given when you read this notice and then choose to provide the requested information. Or, if you make verbal contact with us we will make you aware of where to find this information and outline it to you.
5. Who receives your informationOnly persons working for and with Fertility Yoga Ltd will have access to the information, and only as much as is required to carry out your request or the services requested by you.
Although they do not have access to our systems we do use sub-processors for cloud storage and servers on which we store information and websites. We also use email and payment companies. The sub-processors we use are (links to Privacy Notices):
a. 1&1 IONOS (1&1 IONUS Privacy Notice)
b. PayPal (PayPal Privacy Notice)
6. Where your information is stored and how it is kept secure
Your information storage and security depends on what we hold on your behalf:
a. Personal information is stored within 1&1 Web Portal which is accessible only by passworded accounts given to users authorised by Fertility Yoga Ltd’s directors. The system is available from our PC’s and laptops which are password protected.
b. Some information such as contractual information, accounts, quotations, as well as specifications, documents and information related to specific services we are required to undertake for you are kept on our PC’s and laptops which are password protected.
7. Transfers of data to 3rd countries and safeguards in place
Your customer data is held on EU data protection compliant servers. No information that we or our sub-processors hold will be transferred to 3rd party countries.
If you choose to do so payments for goods on our website are processed by PayPal. By selecting this option you agree to their terms and conditions. We do not hold any payment details from the transactions you make using Paypal. PayPal may transfer data outside of the EU but they do undertake to ensure that all such transfers are compliant with GDPR.
Where PayPal or their Group Members do transfer EEA User Personal Data to Third Parties or to Processors that are not Group Members: (i) located in countries that do not provide adequate levels of protection (within the meaning of the Directive 95/46/EC), (ii) not covered by approved binding corporate rules, or (iii) who do not have other arrangements that would satisfy EU adequacy requirements, PayPal or the Group Member shall ensure in relation to:
a. Third Parties, that they shall implement appropriate contractual controls, such as model contractual clauses approved by the European Commission, providing levels of protection commensurate with these User Corporate Rules or, alternatively, ensure that the transfer (i) takes place with the unambiguous consent of the User, (ii) is necessary to conclude or perform a contract concluded with the User, (iii) is necessary or legally required on important public interest grounds, or (iv) is necessary to protect the vital interests of the User;
b. Processors, that they shall implement contractual controls, such as model contractual clauses approved by the European Commission, providing levels of protection commensurate with these User Corporate Rules.
8. How long your information will be kept
This depends on the information you provided us with:
a. Your personal data is kept for as long as you are a customer. Sufficient information (e.g. Invoice details) in order to fulfil our legal obligation for producing accounts is kept for as long as is required by the HMRC, but at least 7 years.
b. Contractual information and Quotations will be kept for the period you remain a customer and for 12 years after our relationship ends.
9. Your rights
Under GDPR you have a number of rights for which we must provide, those that apply to the data we hold are listed below but more information is available here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
a. You should be informed by us about how we use your data (this documents fulfils that obligation)
b. You can request a copy of what information we hold on you.
c. You can ask us to correct any errors in the information we hold on you
d. You always have the right to require us to delete information for which we have no legal obligation to keep.
e. You can request us to provide the information we hold to be provided in a .csv format for transfer to another organisation.
10. How you can make a complaint
If you are unhappy with anything you can complain. Here’s how:
a. First, please let us know so we can put things right. Email to us at lisa@fertilityyoga.co.uk
b. If we don’t resolve things to your satisfaction then you can report us direct to our supervisory authority, the Information Commissioner’s Office, by ringing 0303 123 1113 or via live chat at their website: https://ico.org.uk/concerns/.
c. More Information can be found here: https://ico.org.uk/for-the-public/raising-concerns/