PRIVACY POLICY

Privacy Policy

(last updated on July 2021)

Introduction

Welcome to the website of The Yoga Therapy Institute. Your privacy and the security of your personal data are very important to us. We therefore collect and manage your personal data with the utmost care and take specific measures to keep them secure. Below, you will find the main information regarding our processing of your personal data when you complete the registration form on our website <www.theyogatherapyinstitute.org> (Website).

We process your personal data in accordance with the data protection regulations, including the General Data Protection Regulation. In this privacy statement, we explain what personal data we process for what purpose. We encourage you to read it carefully. If you have any questions, please contact us via [email protected]heyogatherapyinstitute.org.

Data controller

The Mango Tree B.V., also trading under the name The Yoga Therapy Institute, with its registered office at Milletstraat 11-2 (1077 ZA) in Amsterdam, The Netherlands (The Yoga Therapy Institute or we) is the party responsible for all data processing.?

Collection and processing of personal data

In order to apply for any of our courses, modules and workshops, you are required to complete theregistration form on our Website. This allows us to verify whether you meet the requirements to participate in one of our courses. As a result, we have to process your personal data. We only process personal data if we have a legal basis for doing so.

The categories of personal data that we collect and process when you complete the registration form on the Website are as follows:

1. Contact data. We process your personal data which is necessary to get in touch with youafter your registration, such as your name and surname, e-mail address, telephone number and, in case you have completed the form on behalf of a company, the contact details of the company (company address, VAT number).

2. Experience data. We process your personal data which is necessary to verify if you meet the requirements for participation for our courses, such as your level of English, information about your yoga certifications and other qualification that might be relevant, work experience and references.

Legal basis for processing

We only process your personal data in the presence of one of the legal requirements established by current legislation, and specifically:

1. For the conclusion and execution of an agreement of which you are part or in order to take steps, at your request, prior to entering into an agreement. This legal basis legitimises the processing of personal data that takes place in the following activities:

Contact. We use your personal data to get in touch with you about your completed registration via our Website. Sometimes we may have additional questions regarding your registration, or we may send you confirmation that your registration has been approved and further information about participating in one of our courses.
Verification of registration. We use your personal data to verify the information you have filled in on the registration form on our Website.
2. For compliance with legal obligations. We may process your personal data if we are required to do so in order to comply with a legal obligation, such as keeping records for tax purposes or providing information to a public body or law enforcement agency.

3. For our legitimate interest. We process your personal data where it is in our legitimate interest to run a lawful business and to promote and innovate that business, as long it does not outweigh your interest, such as preventing fraud or criminal activities.

Medical and health data

We would like to inform you already in this privacy policy that after your final registration, your medical and health information will be requested. We use this information so we could take this in to account during our courses, modules and workshops for your own health, or specifically advise you on which modules are and are not suitable for you. We process this personal data based on the statutory exception as laid down in the Dutch Implementation Act of the GDPR, since the processing of your medical and health data is necessary for your own safety, health and proper training, and for our professional practice concerned.

Your medical and health data will of course be handled in complete confidentiality.

Transfer to third parties

We may share your personal data with the following categories of third-parties for the purposes described in this privacy policy:

Teachers and collaborators

We will share your contact details with our teachers and collaborators so that they are aware of who their students are and how they can get in touch with them. Your experience data will also be shared with our teachers and collaborators so that they can adapt their lessons accordingly and provide you with more personalised guidance based on your experience.

Service providers

We may share your personal data with our service providers, such as parties we have engaged to provide and support our services or assist in protecting our systems and other business-related functions. We will ensure your data is only being used in a way similar to, or for a similar purpose as the purpose for which your personal data has been gathered, and only in accordance with this Privacy Policy and any legal obligation.

Competent law enforcement, regulatory or government bodies

We may share personal data with thirdparties if we are obliged to do so pursuant to a statutory provision or a decision of the court or supervisory body, or if this is necessary in the interest of preventing, detecting or prosecuting criminal offences (such as fraud, fraud or scams).

Advertising parties

We may partner with third-party advertising networks (Google) and social media platforms (such as Facebook and LinkedIn) to display advertising on our Website or to manage and serve our advertising on other sites.

We will never transfer your personal data to any third party for their own direct marketing use.

Security

We have taken technical and organisational security measures to protect your personal data from misuse, loss, unauthorised access, undesirable disclosure and unauthorised alteration. All of our employees and all persons involved in data processing are obliged to comply with the data protection laws and to handle personal data confidentially. In the case of collection and processing of personal data, the information is transmitted in encrypted form to prevent misuse of the data by third parties. Our security measures are constantly being revised according to technological developments.

We draw your attention to the fact that data transmission over the internet (e.g. e-mail communication) may involve loopholes in security. It is not possible to protect such data completely from third-party access. We will, however, always process personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.?

Storage

We store your personal data for a limited period of time which period differs depending on the type of activity that involves the processing of your personal data. After this limited period, your data will be permanently erased or otherwise rendered anonymous in an irreversible way. Your personal data is stored in compliance with the terms and criteria specified below:

Contact data. Your contact data will be stored for a maximum of six months until you finished the course, or as long as you give us consent to stay in touch with each other. We value staying in touch with each other after finishing the course, because we are interested in the career development of our students. This desire must of course be mutual and we will therefore always ask your consent. In case you decide not to participate in one of our courses, or do not qualify for participation, your contact details will be stored for a maximum of two weeks after our last correspondence about your registration.
Experience data. Your experience data will be stored for a maximum of six months until you finished the course. In case you decide not to participate in one of our courses, or do not qualify for participation, your experience data will be stored for a maximum of two weeks after our last correspondence about your registration.

In addition, we have a legitimate reason to store your data longer in case it is necessary to establish, or to properly deal with legal claims, investigations or lawsuits. Where possible, we will store this data in our archive and not in our day-to-day systems.

Your personal data will be stored on our servers which are located in the European Economic Area.

Changes to this privacy policy ?

We reserve the right to modify this statement. We recommend that you consult this statement on a regular basis, so that you remain informed of any changes. ?

Your privacy rights ?

You have the right to view and change the personal data that we have collected from you. You have the right to object to the processing of your personal data. In certain cases, you can also ask us to limit the processing of your personal data, erase your data, transfer your data to another data controller or have it deleted. If you wish to do any of these, please send a request to: [email protected] and indicate that it concerns a personal data request. ?

Please enclose a copy of your identity document so that we can be sure that you are the person submitting the request. Make sure that you conceal your passport photograph and citizen service number. This is to protect your privacy. Also provide your private address. You will receive an overview of your data or a response to your request within one month of your request. We store this information until we are sure that you are satisfied with our response.?

Right to make a complaint ?

You can submit a complaint about the processing of your personal data. If we do not meet your request for access, rectification, objection, restriction, erasure or transfer of your personal data, you can submit a complaint with the Data Protection Authority in your country. In the Netherlands, the relevant authority is the Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl/). ?

If you are not happy with how the complaint is resolved, you can lodge an appeal with the courts.

Contact details

The Mango Tree B.V. (The Yoga Therapy Institute)?
Milletstraat 11-2 ?
1077 ZA Amsterdam?
The Netherlands ?
E: [email protected]