This policy sets out
- What data we collect from you
- How, when & why we collect it
- How we process this data
- How long we retain this data
- Where we store this data
- The steps we take to keep data secure
- How to contact us about your data
1. Our compliance with General Data Protection Regulation (GDPR) May 2018
In accordance with the 25th May 2018 General Data Protection Regulation, we contacted all previous retreat guests via email and asked if they would like to opt out of further communication from us. We also contacted anyone who had ever enquired about our retreats in 2016, 2017 and up to 25th May 2018 to see if they would like to opt out of future communications.
Anyone who opt’d out at that time (May 2018) has been removed from our database & will no longer receive communication from us unless they opt back in or send us a retreat enquiry at a future date.
From 25th May 2018, after each retreat, every guest will be expressly asked (via email) to confirm if they do not wish to receive future communications from us.
2. What, when & why we collect your data
Website. If you contact us via our online chat facility or by sending us an email via our WordPress website, we will record your email address & name (if given) and details of the retreat you are interested in.
Telephone: if you contact us via a call or text message with a question regarding our retreats, we collect your name, telephone number & email address (if given) and the retreat you are interested in.
Google Adwords Tracking. If you have not opt’d out of this, we use Google Adwords tracking to help us measure the success of our paid for advertising on Google. This helps us to identify which are the most successful key words to help us fine tune our future Google advertising.
Why we collect this data.
This data is collected so that we:
- have a better understanding of the ‘peaks & troughs’ of enquiries throughout the year so that we can tailor our marketing efforts to match these movements and, to better understand which retreats are most/least popular.
- respond to your retreat enquiry / questions
- can forward the appropriate information you will need prior to attending your retreat with us
Please know, your personal data is never shared with any third party. You can ask to be removed from our records at any time. See section 7 below.
3. How long we retain your information
Your personal data is stored for the minimum legal requirement. For example, As we are a legal registered business in Spain, we have to keep a record of clients personal data, for example name and contact information, information for invoices, etc, for up to 6 years for the Spanish tax authorities.
After each retreat (or if you have signed up for our Newsletters) your email & name is recorded on a secure mail delivery system provided by Mail Chimp in order that we can contact you with future retreat information (ie special retreat offers).
You can unsubscribe at any time by using the opt out option at the base of our communications.
4. Security of your data
We take the following precautions to ensure your personal data cannot be accessed or misused:
- Our website has an SSL certificate installed and is served encrypted over https. Any data sent to us over this connection is secure.
- The use of strong passwords to access our third party processing systems (such as Mail Chimp, Facebook & Google Drive/Analytics)
- The security plugins in use on this website prevent spam robots, and hackers from overloading the website or gaining unauthorised entry. It is possible that on occasion your IP address and browser information may be logged by this system.
The plugins used on this website for this purpose are:
Akismet: Akismet collects information about visitors who comment on Sites that use the Akismet anti-spam service. The information we collect depends on how the User sets up Akismet for the Site, but typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself). This information is used to help detect and prevent spam comments.
Bulletproof Security: Checks all hits to the website by IP address, user-agent, and referrer to block bad robots, spammers, hackers and brute force login attempts that cause problems and resource overloads on this website. IP addresses are not logged and so there is no information about your visit that can be identifiable to you. More information about Bulletproof’s GDPR compliance can be found here: https://forum.ait-pro.com/forums/topic/bps-gdpr-compliance/
Bad Behavior: Prevents spam and scrapers from overloading the website. There is a small chance that this plugin will log your IP address and browser information. This is stored in a log file and deleted after 7 days. There is no reason why this information should be processed and personally identifiable to you.
WordFence: Provides a firewall to prevent unauthorised access to this website. It is possible that your IP address will be logged briefly, logs are rotated and deleted every 24 hours and there is no reason why this information should be processed and personally identifiable to you.
Whilst we do our upmost to ensure all reasonable care is taken to protect your data, unfortunately, the internet uses many different firewalls, systems & servers to process, store & send information electronically and so total security is not guaranteed. Hence we cannot guarantee absolute security of any data you send to us electronically as we rely on various third party systems to process/store/forward your data. As with any website, the submission of your personal data is entirely at your own risk
5. Data Breech.
If we are advised of a security breech via our third party processors (named above), we will contact all relevant persons if it is apparent that personal data has been stolen/intercepted.
7. Your right to access your personal information
Under the General Data Protection Regulation May 2018, you may submit a written request via email at any time for details of your personal information that Yoga Breaks in Spain hold. At this time we need your full name and your email address/es to help us find your data in our records. Your request will normally be responded to within a month of receipt of the request. We will not charge a fee to provide you with this information.
If you believe that any information we hold on you is incorrect, incomplete or out of date, then you should email the owner of Yoga Breaks in Spain as soon as possible so that we can update your records. Yoga Breaks in Spain will then promptly correct any information found to be incorrect and respond within one month to the request for rectification.