PRIVACY POLICY

Welcome to the website of The Yoga Therapy Institute. Your privacy and the security of your personal data are very important to us. We therefore collect and manage your personal data with the utmost care and take specific measures to keep them secure. Below, you will find the main information regarding our processing of your personal data when you complete the registration form on our website www.theyogatherapyinstitute.org 

We process your personal data in accordance with the data protection regulations, including the General Data Protection Regulation (GDPR). In this privacy statement, we explain what personal data we process for what purpose. We encourage you to read it carefully. If you have any questions, please contact us via info@theyogatherapyinstitute.org.

Data controller

The Mango Tree B.V., also trading under the name The Yoga Therapy Institute, with its registered office at Milletstraat 5-3 (1077 ZA) in Amsterdam, The Netherlands (The Yoga Therapy Institute or we) is the party responsible for all data processing.

Collection and processing of personal data

In order to apply for any of our courses, modules and workshops, you are required to complete the registration form on our website. This allows us to assess whether you meet the requirements to participate in one of our courses. As a result, we have to process your personal data. We only process personal data if we have a legal basis for doing so.

The categories of personal data that we collect and process when you complete the registration form on the website are as follows:

  • Contact data. We process personal data, which is necessary for us to get in touch with you after your application, such as your name, surname, email address, telephone number and in case you have completed the form on behalf of a company, the contact details of the company (company address, VAT number).
  • Experience data. We process personal data, which is necessary to verify whether you meet the requirements for participation in our courses, such as your level of English, work experience, references and information about your yoga certifications, personal practice and any other qualifications that might be relevant.

Legal basis for processing

We only process your personal data in the presence of one of the legal requirements established by current legislation, and specifically:

1. For the conclusion and execution of an agreement of which you are a part or in order to take steps, at your request, prior to entering into an agreement. This legal basis legitimises the processing of personal data which takes place with
the following activities:

  • Contact. We use your personal data to get in touch with you about your completed Application Form. Sometimes, we may have additional questions regarding your application or we may need to send you confirmation that your registration has been approved as well as further information about participating in one of our courses or modules.
  • Verification of prerequisites. We use your personal data to verify the information you have supplied on the Application Form.

2. For compliance with legal obligations. We may process your personal data if we are required to do so in order to comply with a legal obligation, such as keeping records for tax purposes or providing information to a public body or law enforcement agency.

3. For our legitimate interest. We process your personal data where it is in our legitimate interest to run a lawful business and to promote and innovate that business, including preventing fraud or criminal activities, as long it does not outweigh your interest.

Medical and health data

We would like to inform you, in advance, that after your final enrolment, your medical and health information will be requested. We use this information so that we can take this into account, for your own health, during courses, modules and workshops and to specifically advise you which yoga therapy practices may or may not be suitable for you. We process this personal data based on the statutory exception as laid down in the Dutch Implementation Act of the GDPR, since the processing of your medical and health data is necessary for your own safety, health and proper training as well as for maintaining our professional practice standards.

Your medical and health data will, of course, be handled with complete confidentiality.

Transfer to third parties

We may share your personal data with the following categories of third-parties, for the purposes described in this privacy policy:

Teachers and collaborators

We will share your contact details with our teachers and collaborators so that they are aware of who their students are and how they can get in touch with them. Your experience data will also be shared with our teachers and collaborators so that they can adapt their lessons accordingly and provide you with more personalised learning based on your experience.

Service providers

We may share your personal data with our service providers, such as parties we have engaged to provide and support our services or assist in protecting our systems and other business-related functions. We will ensure your data is only being used in a way similar to, or for a similar purpose, as the purpose for which your personal data has been gathered, and only in accordance with this Privacy Policy and any legal obligation.

Competent law enforcement, regulatory or government bodies

We may share personal data with thirdparties, if we are obliged to do so pursuant to a statutory provision or a decision of the court or supervisory body, or if this is necessary in the interest of preventing, detecting or prosecuting criminal offences (such as fraud or scams).

Advertising parties

We may partner with third-party advertising networks (Google) and social media platforms (such as Facebook and LinkedIn) to display advertising on our website or to manage and serve our advertising on other sites.

We will never transfer your personal data to any third party for their own direct marketing use.

Security

We have taken technical and organisational security measures to protect your personal data from misuse, loss, unauthorised access, undesirable disclosure and unauthorised alteration. All of our employees and all persons involved in data processing are obliged to comply with the data protection laws and to handle personal data confidentially. In the case of collection and processing of personal data, the information is transmitted in encrypted form to prevent misuse of the data by third parties. Our security measures are constantly being revised according to technological developments.

We draw your attention to the fact that data transmission over the internet (e.g. email communication) may involve loopholes in security. It is not possible to protect such data completely, from third-party access. We will, however, always process personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Storage

We store your personal data for a limited period of time, this period differing depending on the type of activity that is involved in processing your personal data. After this limited period, your data will be permanently erased or otherwise rendered anonymous in an irreversible way. Your personal data is stored in compliance with the terms and criteria specified below:

  • Contact data. Your contact data will be stored for a maximum of two years after you have completed the course, or as long as you give us consent to stay in touch with you. We value staying in touch with our students after finishing the course because we are interested in the career development of our students. This desire must of course be mutual and we will, therefore, always ask your consent. In case you decide not to participate in one of our courses, or do not qualify for participation, your contact details will be stored for a maximum of one year after our last correspondence about your application.
  • Experience data. Your experience data will be stored for a maximum of two years after you have completed the course. In case you decide not to participate in one of our courses, or do not qualify for participation, your experience data will be stored for a maximum of one year after our last correspondence about your application.

In addition, we have a legitimate reason to store your data longer in case it is necessary to establish, or to properly deal with legal claims, investigations or lawsuits. Where possible, we will store this data in our archive and not in our day-to-day systems.

Your personal data will be stored on our servers, which are located in the European Economic Area.

Changes to this privacy policy 

We reserve the right to modify this statement. We recommend that you consult this statement on a regular basis, so that you remain informed of any changes.

Your privacy rights 

You have the right to view and change the personal data that we have collected from you. You have the right to object to the processing of your personal data. In certain cases, you can also ask us to limit the processing of your personal data, erase your data, transfer your data to another data controller or have it deleted. If you wish to do any of these, please send a request to: info@theyogatherapyinstitute.org and indicate that it concerns a personal data request. 

Please enclose a copy of your identity document so that we can be sure that you are the person submitting the request. Make sure that you conceal your passport photograph and citizen service number. This is to protect your privacy. Also provide your private address. You will receive an overview of your data or a response to your request, within one month of your request. We store this information until we are sure that you are satisfied with our response.

Right to make a complaint 

You can submit a complaint about the processing of your personal data. If we do not meet your request for access, rectification, objection, restriction, erasure or transfer of your personal data, you can submit a complaint to the Data Protection Authority in your country. In the Netherlands, the relevant authority is the Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl/). 

If you are unhappy with how the complaint was resolved, you can lodge an appeal with the courts.

Contact details

The Mango Tree B.V. (The Yoga Therapy Institute)
Milletstraat 5-3
1077 ZA Amsterdam
The Netherlands 
E: info@theyogatherapyinstitute.org

(February 2023)