Privacy Policy

This Privacy Policy clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as „Data“) within our online offering and the related websites, features and content, as well as our external online presence thereto, e.g. our social media profiles. (collectively referred to as „online offering“). With regard to the terminology used, e.g. „Personal data“ or the „processing“ thereof, we refer to the definitions expounded in Article 4 of the General Data Protection Regulation (GDPR).

Responsible Person:

Surname/Forename:                   Private Yoga Institute & Jyoti Design GmbH

Street/Number:                          Mörfelder Landstraße 44

Postcode, Location, Country:        60598 Frankfurt am Main, Germany

Companies Register/Number:       Amtsgericht Frankfurt, HRB 45608

Managing Director:                     Jutta Gonder

Telephone Number:                     069 – 66 42 68 50

Email Address:                           kontakt@privateyogainstitute.de

Type of data processed:

• Inventory data (e.g., names, addresses).
• Content data (e.g., text entries, photographs, videos).
• Meta and communication data (e.g., device information, IP addresses).

Processing of special categories of data (Art. 9 para. 1 GDPR):

No special data categories are processed

Categories of individuals affected by the processed data:

• Customers / interested parties / suppliers.
• Visitors and users of the online offering.

In the following, we also refer to the persons concerned as „users“.

Purpose of processing:

• Provision of the online offering, its contents and functions.
• Provision of contractual services, other services and customer care
• Answering contact requests and communicating with users.
• Marketing, advertising and market research.
• Security measure.

Stand: 25.4.2018

1. Relevant Legal Basis

In accordance with Art. 13 GDPR, we hereby inform you of the legal basis of our data processing. Unless said legal basis is mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6 (1) para. a and Art. 7 GDPR; the legal basis for the processing and discharge of our services and the execution of contractual measures as well as the response to inquiries is Art. 6 (1) para. b GDPR; the legal basis for processing in order to fulfil our legal obligations is Art. 6 (1) para. c GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Art. 6 (1) para. f GDPR. In the event that the vital interests of affected persons or another natural persons require the processing of personal data, Art. 6 para. 1 subpara. d GDPR provides as legal basis thereto.

2. Changes and Updates to the Privacy Policy

We ask you to inform yourself regularly about the content of our privacy policy. We will modify the privacy policy as soon as changes to data processing necessitate it. We will notify you as soon as the changes require your participation (e.g. consent) or other individual notification.

3. Security Measures
   • We take appropriate technical measures in accordance with Art. 32 GDPR, taking into account the latest technology, implementation costs and the nature, scope, circumstances and purposes of the processing as well as the probability of occurrence and severity of the risk to the rights and freedoms of natural persons and organisational measures to ensure a level of protection appropriate to the risk; Measures include, in particular, ensuring the confidentiality, integrity and availability of data by monitoring physical access to the data, as well as their access, input, disclosure, availability and separation. In addition, we have established procedures that ensure the management of the rights of affected persons, data erasure and data vulnerability. Furthermore, we consider the protection of personal data already in the developmental phase, or selection of hardware, software and procedures, according to the principle of data protection by technology design, taken into account privacy aware default settings (Art. 25 GDPR).
   • One of the security measures is the encrypted transfer of data between your browser and our server.
4. Cooperation with Processors and Third Parties
   • If, in the context of our processing, we disclose data to other persons and companies (processors or third parties) or otherwise grant access to the data, this will only be done on the basis of legal permission (e.g. if a transmission of the data to third parties, as required by payment service providers, pursuant to Art. 6 (1) (b) GDPR for the performance of the contract) you have consented to, a legal obligation or based on our legitimate interests (e.g. the use of agents, web hosting, etc.).
   • If we commission third parties to process data on the basis of a so-called “ processing contract“, this is done on the basis of Art. 28 GDPR.
5. Transmission to Third Countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure or transmission of data to third parties, this will only be done if it is to fulfil our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special conditions of Art. 44 et seq. GDPR. That is, processing is, for example, on the basis of specific guarantees, such as the officially recognized level of data protection (e.g. through the “Privacy Shield” for the USA) or compliance with officially recognized special contractual obligations (the so-called „standard contractual clauses“).

6. Rights of Affected Persons
   • You have the right to ask for confirmation as to whether the data in question is processed and for information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.
   • According to Art. 16 GDPR, you have the right to demand the completeness of the data concerning you or the correction of the incorrect data concerning you.
   • In accordance with Art. 17 GDPR, you have the right to demand that the relevant data be deleted immediately or, alternatively, to require a restriction of the processing of data in accordance with Art. 18 GDPR.
   • You have the right to demand that the data relating to you, which you have provided to us, be obtained in accordance with Art. 20 GDPR and request the transmission thereof to other responsible persons.
   • Pursuant to Art. 77 GDPR, you also have the right to file a complaint with the competent supervisory authority.
7. Right of Cancellation

You have the right to grant consent in accordance with. Art. 7 para. 3 GDPR with future effect.

8. Right of Objection

You can object to the future processing of your data at any time, in accordance with Art. 21 GDPR. The objection may in particular be made against processing for direct marketing purposes.

9. Cookies and Right of Objection for Direct Advertising

We use temporary and permanent cookies, i.e. small files that are stored on users‘ devices (for an explanation of the term and function, see the previous section of this Privacy Policy). In part, the cookies are used for security or to operate our online offering (for example, the website) or to save the user’s decision when confirming the cookie banner. In addition, we or our technology partners use cookies for reach measurement and marketing purposes, which users are informed about in the course of the privacy policy.

A general objection to the use of cookies used for online marketing purposes can be found in a variety of services, especially in the case of tracking, explained via the US website http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by switching them off in the browser settings. Please note that not all features of this online offering may be used.

10. Deletion of Data

The data processed by us is deleted, in accordance with Art. 17, or limited as regards processing, pursuant to Art.18 GDPR. Unless explicitly stated in this privacy policy, the data stored by us is deleted as soon as it is no longer required and said deletion does not conflict with any statutory storage requirements. If the data is not deleted, because it is required for other and legitimate purposes, its processing will be restricted. That is, the data is blocked and not processed for other purposes. This applies, for example, for data that must be kept for commercial or tax purposes.

• According to legal requirements, storage occurs for 6 years, in accordance with § 257 para. 1 of the German Commercial Code (trading books, inventories, opening balance sheets, annual accounts, commercial papers, accounting documents, etc.) and for 10 years, in accordance with § 147 para. 1 of the German Fiscal Code (books, records, status reports, accounting documents, commercial and business papers, documents relevant to taxation, etc.).

11. Provision of Contractual Services
    • We process inventory data (e.g., names and addresses as well as users’ contact information), contract data (e.g., services used, names of contacts, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. Art. 6 para. 1 subpara. b. GDPR. The entries marked as obligatory in online forms are required for the conclusion of the contract.
12. Credit Check
    • If we make an advance payment (e.g., when purchasing on account), we reserve the right to carry out an identity and credit check for the purpose of assessing credit risk on the basis of mathematical-statistical procedures from specialized service providers (credit agencies).
    • As part of the credit check, we provide the following personal data of the customer (name, postal address, date of birth, details of the type of contract, bank details [if necessary, please provide additional data]) to the following credit agencies:
    • We process the information obtained by the credit agencies on the statistical probability of a default in the context of an appropriate discretionary decision on the establishment, implementation and termination of the contractual relationship. We reserve the right, in the case of a negative result of the credit check, to refuse payment on account or any other advance payment.
    • In accordance with Art. 22 GDPR, the decision as to whether we make advance payments is made solely on the basis of an automated decision in individual cases, which our software carries out on the basis of the information provided by the credit agency.
    • If we obtain your explicit consent, the legal basis for the credit information and the transmission of the customer’s data to the credit agencies is thus given, in accordance with. Art. 6 para. 1 subpara. a, 7 GDPR. If no consent is obtained, our legitimate interests in the reliability of the claim for payment constitutes the legal basis, pursuant to Art. 6 para. 1 subpara. f. GDPR.
13. Establishing Contact
    • When contacting us (via contact form or email), the information provided by the user is used to process the contact request, pursuant to Art. 6 para. 1 subpara. b) GDPR.
    • User information can be stored in our Customer Relationship Management System („CRM System“) or similar organisation.
    • We delete the requests in the event that they are no longer required. We check the necessity therein every two years; enquiries from customers who have a customer account are stored permanently and refer to deletion on the details of the customer account. In the case of legal archiving obligations, deletion takes place after its expiry (end of commercial law [6 years] and tax law [10 years] pursuant to retention obligations).
14. Comments and Posts
    • If users leave comments or other posts, their IP addresses are saved for 7 days, based on our legitimate interests within the meaning given in Art. 6 para. 1 subpara. f. GDPR.
    • Concerning our own security, if someone leaves illegal content in comments and posts (insults, prohibited political propaganda, etc.), as we can be prosecuted for such comments or posts, there is hence a legitimate interest in the identity of the author.
15. Collection of Access Data and Log Files
    • Based on our legitimate interests, within the meaning of Art. 6 para. 1 subpara. f. GDPR, we collect data concerning all access to the server on which this service is located (so-called server log files). The access data includes the name of the accessed web page, file, date and time of access, amount of data transferred, message about successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the enquiring provider
    • Log file information is stored for security purposes for a maximum of seven days (for example, to investigate abusive or fraudulent activities), after which time the information is deleted. Where further data retention is required for evidential purposes, it shall be exempted from the aforementioned cancellation period until the final clarification of the incident.
16. Online Presence in Social Media
    • We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users in order to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines apply to their respective providers.
    • Unless otherwise stated in our Privacy Policy, users‘ data will be processed as long as they communicate with us within social networks and platforms, e.g. write posts on social networks and platforms that form part of our online presence or send us messages.
17. Cookies and Reach Measurement
    • Cookies are information transmitted from our web server or third-party web servers to users‘ web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.
    • We use „session cookies“ that are only stored for the duration of the current visit to our website (for example, to enable the saving of your login status or the shopping cart function and thus the use of our online offering itself). A session cookie randomly generates and saves a unique identification number, known as a session ID. In addition, a cookie contains information about its origin and retention period. These cookies cannot save any other type of data. Session cookies will be deleted if you have finished using our online offering and have, for example, logged out or closed the browser.
    • Within the scope of the present privacy policy, users are informed of the use of cookies in the context of pseudonymous reach measurement.
    • If users do not want cookies stored on their computer, they will be asked to disable the option in their browser’s system settings. Saved cookies can be deleted in the browser’s system settings. The exclusion of cookies can, however, lead to functional restrictions of this online offering.
    • You may object to the use of cookies for reach measurement and promotional purposes through the network advertising initiative’s opt-out page (http://optout.networkadvertising.org/) and the US website (http://www.aboutads.info/choices ) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
18. Google Analytics
    • Based on our legitimate interests (i.e., interest in the analysis, optimisation, and economic operation of our online offering within the meaning of Art. 6, para. 1 subpara. f GDPR), Google Analytics uses a web analytics service provided by Google LLC („Google“). Google uses cookies. The information generated by the cookie about the use of the online offering by the users are usually transmitted to a Google server in the USA and stored there.
    • Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
    • Google uses this information on our behalf to evaluate the use of our online offering by users, to compile reports on the activities within this online offering and to provide us with further services related to the use of this online offering and internet usage in general. In this case, pseudonymous user profiles can be created from the processed data.
    • We only use Google Analytics with activated IP anonymisation. This means that the IP address of the users will be shortened by Google within member states of the European Union or in other contracting states of the Agreement in the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA, upon which it will be shortened.
    • The IP address submitted by the user’s browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly; users may also prevent Google from collecting data generated by the cookie and related to their use of the online offering as well as the processing of this data by Google by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout?hl=de
    • For more information about Google’s data usage, setting and opt-out options, please visit Google’s websites: https://www.google.com/intl/en/policies/privacy/partners („Google’s use of your data when you use websites or apps from our partners“), https://policies.google.com/technologies/ads („data usage for advertising purposes“), https://adssettings.google.com/authenticated („Managing information Google uses to display advertising“).
19. Newsletter
    • The following information provides information about the contents of our newsletter as well as the registration, transmission and statistical evaluation procedures as well as your right of objection. By subscribing to our newsletter, you agree to the receipt thereof and the processes therein.
    • Content of the newsletter: We send newsletters, emails and other electronic notifications with advertising information (hereafter „newsletter“) only with the consent or legal permission of the recipient. Where the contents of a newsletter are concretely described, they represent the authoritative consent of the users. Furthermore, our newsletters contain information about our products, offers, promotions and our company.
    • Double opt-in and logging: Registration for our newsletter is done through a so-called double-opt-in procedure. That is, after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary so that nobody can register with third-party email addresses. The registration for the newsletter will be logged in order to verify the registration process, in accordance with legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address. Likewise, changes to your data stored with the dispatch service provider will be logged.
    • Dispatch Service Provider: The newsletter is distributed via „MailChimp“, a mailing list platform of Rocket Science Group, LLC, 675 Ponce De Leon Ave # 5000, Atlanta, GA 30308, USA. The privacy policy of the dispatch service provider can be viewed here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC is certified under the Privacy Shield Agreement, which guarantees compliance with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).
    • Furthermore, the dispatch service provider may, according to information available, transmit this data in pseudonymous form, i.e. without attribution to a given user, in order to optimise or improve their own services, e.g. for the technical optimisation of the dispatch and the presentation of the newsletters or for statistical purposes, so as to determine from which countries the recipients originate. However, the dispatch service provider does not use or transcribe the newsletter recipients’ data or pass on said data to third parties.
    • Login details: To subscribe to the newsletter, providing an email address is sufficient. Optionally, we ask for a name to be given in the newsletter for personalised salutation.
    • Measuring success: The newsletters contain a so-called „web beacon“, i.e. a pixel-sized file that is retrieved from the dispatch service provider’s server when the newsletter is opened. This retrieval will initially collect technical information, such as information about the browser and your system, as well as your IP address and time of retrieval. This information is used to improve the technical performance of services based on the target audience’s specifications or their reading habits, based on their respective locations (which can be determined using the IP address) or access times. Statistical surveys also include determining whether the newsletters will be opened, when they will be opened, and which links will be clicked. For technical reasons, this information can be assigned to individual recipients of newsletters. However, it is neither our endeavour nor that of the dispatch service provider to observe individual users. The evaluations serve to recognize the reading habits of our users and to adapt our content accordingly or to send different types of content according to the interests of our users.
    • Germany: The sending of the newsletter and the measurement of success are based on the consent of the recipients, according to Art. 6 para. 1 subpara. a, Art. 7 GDPR i.V.m § 7 para. 2 No. 3 of the Unfair Competition Act or on the basis of the legal permission pursuant to Art. § 7 para. 3 of the Unfair Competition Act.
    • The logging of the registration process is based on our legitimate interests in accordance with Art. 6 para. 1 subpara. f GDPR and serves as proof of the consent for receipt of the newsletter.
    • Cancellation / Objection: You may cancel the receipt of our newsletter at any time, i.e. revoke your consent. A link to cancel the newsletter can be found at the end of each newsletter. If the users have subscribed to the newsletter and cancel this registration, their personal data will be deleted.
20. Integration of Services and Third-Party Content
    • Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6 (1) subpara. GDPR), we make use of content or services offered by third-party providers in order to provide their content and services, such as videos or fonts (collectively referred to as „content“). This always presupposes that the third-party providers of this content are aware of the IP address of the users, since they could not send the content to the users’ browser without the IP address. The IP address is therefore required for the presentation of this content. We endeavour to only use content from respective providers that use the IP address solely for the purposes of delivering said content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as „web beacons“) for statistical or marketing purposes. The „pixel tags“ can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include, but is not limited to, technical information about the browser and operating system, referring websites, time of access, and other information regarding the use of our online offering.
    • The following provides an overview of third-party providers and their content, as well as links to their privacy policies, which contain further information on the processing of data and, as already mentioned in part, possibilities for objection (so-called opt-out):

• If our customers use the payment services of third parties (for example, PayPal or Sofortüberweisung), the terms and conditions and privacy policies of the respective third party apply, which are available within the respective websites, or transactional applications.
• External fonts from Google, LLC., https://www.google.com/fonts („Google Fonts“). The integration of Google fonts is carried by accessing a Google server (usually in the US). Privacy Policy: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated.
• Third-party maps provided by Google Maps, Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/.
• Third-party YouTube videos from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated.
• Third-party external code from the JavaScript framework „jQuery“, provided by the jQuery Foundation, https://jquery.org.