Privacy Policy of Yoga Breaks in Spain as of July 2018

This policy sets out

  • What data we collect from you
  • How, when & why we collect it
  • How we process this data
  • How long we retain this data
  • Where we store this data
  • The steps we take to keep data secure
  • How to contact us about your data

1. Our compliance with General Data Protection Regulation (GDPR) May 2018

In accordance with the 25th May 2018 General Data Protection Regulation, we contacted all previous retreat guests via email and asked if they would like to opt out of further communication from us. We also contacted anyone who had ever enquired about our retreats in 2016, 2017 and up to 25th May 2018 to see if they would like to opt out of future communications.

Anyone who opt’d out at that time (May 2018) has been removed from our database & will no longer receive communication from us unless they opt back in or send us a retreat enquiry at a future date.

From 25th May 2018, after each retreat, every guest will be expressly asked (via email) to confirm if they do not wish to receive future communications from us.

2. What, when & why we collect your data

Website. If you contact us via our online chat facility or by sending us an email via our WordPress website, we will record your email address & name (if given) and details of the retreat you are interested in.

Telephone: if you contact us via a call or text message with a question regarding our retreats, we collect your name, telephone number & email address (if given) and the retreat you are interested in.

Newsletter sign up. If you sign up for our newsletters (ie. via our website), your email address & name are recorded via WordPress and sent to a secure mail delivery service provided by Mail Chimp so that future mailings/newsletters can be sent to you. You can unsubscribe from our communications at any time by using the ‘unsubscribe’ option at the base of every newsletter. Mail Chimps Privacy Policy is here

Website forms. When you submit a form via our website (ie. a booking form), we will record the information you submit including your name, address, email address, date of birth, your yoga experience, any health issues we need to be aware of & telephone number/s. Your name, email & mailing address are then stored on a private Google drive in order that we may communicate with you prior to your retreat. Google’s privacy policy is here

Google Analytics. We use Google Analytics to track your interaction with our website. We use this information to determine the number of people visiting our site, if you found us via another website and to better understand which pages you visit. Google Analytics are also able to identify your geographical location, whether you visited our site from a PC or mobile device (ie your mobile phone or tablet) and your operating system. Google analytics also stores your IP address, but we choose to anonymise this and so no identifiable personal information is stored by google and none of this information identifies you personally to us. Google’s privacy policy is here

Facebook Pixels. If you have not opt’d out of this via your own FB account, FB is able to tell us how many people have visited our website from our Yoga Breaks FB page or from any paid for FB adverts we place. This allows us to target adverts to Facebook users who have interacted with our website. Facebook’s privacy policy is here.

Google Adwords Tracking. If you have not opt’d out of this, we use Google Adwords tracking to help us measure the success of our paid for advertising on Google. This helps us to identify which are the most successful key words to help us fine tune our future Google advertising.

Ecommerce. When booking one of our retreats you have the option to pay for your retreat via a third party secure online payment system provided by PayPal. We never have any access to your credit/debit card details only PayPal have access to your personal & payment information. PayPal’s privacy policy is here.

Why we collect this data.

This data is collected so that we:

  • have a better understanding of the ‘peaks & troughs’ of enquiries throughout the year so that we can tailor our marketing efforts to match these movements and, to better understand which retreats are most/least popular.
  • respond to your retreat enquiry / questions
  • can forward the appropriate information you will need prior to attending your retreat with us

Please know, your personal data is never shared with any third party. You can ask to be removed from our records at any time. See section 7 below.

3. How long we retain your information

Your personal data is stored for the minimum legal requirement. For example, As we are a legal registered business in Spain, we have to keep a record of clients personal data, for example name and contact information, information for invoices, etc, for up to 6 years for the Spanish tax authorities.

After each retreat (or if you have signed up for our Newsletters) your email & name is recorded on a secure mail delivery system provided by Mail Chimp in order that we can contact you with future retreat information (ie special retreat offers).

You can unsubscribe at any time by using the opt out option at the base of our communications.

4. Security of your data

We take the following precautions to ensure your personal data cannot be accessed or misused:

  • Our website has an SSL certificate installed and is served encrypted over https. Any data sent to us over this connection is secure.
  • The use of strong passwords to access our third party processing systems (such as Mail Chimp, Facebook & Google Drive/Analytics)
  • The security plugins in use on this website prevent spam robots, and hackers from overloading the website or gaining unauthorised entry. It is possible that on occasion your IP address and browser information may be logged by this system.
    The plugins used on this website for this purpose are:
    Akismet:  Akismet collects information about visitors who comment on Sites that use the Akismet anti-spam service. The information we collect depends on how the User sets up Akismet for the Site, but typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself). This information is used to help detect and prevent spam comments.
    Bulletproof Security: Checks all hits to the website by IP address, user-agent, and referrer to block bad robots, spammers, hackers and brute force login attempts that cause problems and resource overloads on this website. IP addresses are not logged and so there is no information about your visit that can be identifiable to you. More information about Bulletproof’s GDPR compliance can be found here: https://forum.ait-pro.com/forums/topic/bps-gdpr-compliance/
    Bad Behavior: Prevents spam and scrapers from overloading the website. There is a small chance that this plugin will log your IP address and browser information. This is stored in a log file and deleted after 7 days. There is no reason why this information should be processed and personally identifiable to you.
    WordFence: Provides a firewall to prevent unauthorised access to this website. It is possible that your IP address will be logged briefly, logs are rotated and deleted every 24 hours and there is no reason why this information should be processed and personally identifiable to you.

Whilst we do our upmost to ensure all reasonable care is taken to protect your data, unfortunately, the internet uses many different firewalls, systems & servers to process, store & send information electronically and so total security is not guaranteed. Hence we cannot guarantee absolute security of any data you send to us electronically as we rely on various third party systems to process/store/forward your data. As with any website, the submission of your personal data is entirely at your own risk

5. Data Breech.

If we are advised of a security breech via our third party processors (named above), we will contact all relevant persons if it is apparent that personal data has been stolen/intercepted.

6. Changes to this Privacy Policy.

Future revisions to this privacy policy may be required from time to time. It is recommended therefore that you revisit this webpage for the latest version.

7. Your right to access your personal information

Under the General Data Protection Regulation May 2018, you may submit a written request via email at any time for details of your personal information that Yoga Breaks in Spain hold. At this time we need your full name and your email address/es to help us find your data in our records. Your request will normally be responded to within a month of receipt of the request. We will not charge a fee to provide you with this information.

If you believe that any information we hold on you is incorrect, incomplete or out of date, then you should email the owner of Yoga Breaks in Spain as soon as possible so that we can update your records. Yoga Breaks in Spain will then promptly correct any information found to be incorrect and respond within one month to the request for rectification.