Privacy Policy

PERSONAL DATA PROTECTION

GENERAL

In YOGA IN CRETE (hereinafter the “Company”) we care about the protection of your personal data and we wish to be open and transparent about the way they are processed.

For this reason, we have created this Privacy Policy in which we explain how we process and protect your personal data.

The personal data the user voluntarily provides anywhere on our Website are solely intended to ensure the functioning of the services provided and the legitimacy of the transactions concerned and may not be used by any third party without complying with the provisions of the General Data Protection Regulation 2016/679 (GDPR), the national, community and international law on the protection of individuals from the processing of personal data as currently in force.

The present Policy forms an integral part of the Terms of Use. At the beginning of this document is indicated the latest Policy update. These terms may change so users of the website are kindly requested to check them at regular intervals. Please visit and review this Privacy Policy periodically, as it may change from time to time.

Controller

The personal data controller in accordance with the applicable legislation is the sole proprietorship Kladakis Georgios with the distinctive title “YOGA IN CRETE” which is headquartered in Piraeus at 98 Karaiskou st., with TIN 063751032

e-mail for personal data issues: gdpr@yogaincrete.com

To process your data as described below, the company relies on the following legal bases:

  • Execution of contract: In order for the visitor/user-customer to book for yoga classes, it is necessary to process the personal data provided by him/her when signing up and registering his/her reservation on the participation form and the recording of his/her transactions.
  • Legitimate Interests: The processing of personal data is necessary to improve the company’s services (processing of statistics and non-identifiable data), to detect fraud attempt and to safeguard the legitimate interests of the company.
  • Consent – assent: Customers are required to give their explicit consent to the following processing purposes: sending of informative / promotional messages.

1.1 Information, processing and processing purposes:

YOGA IN CRETE  informs the visitor / registered user and the visitor / registered user acknowledges that s/he is aware of the following:

a) Processing of Personal Data: The company will process the personal data of the visitor/ registered user, as declared by him/her when completing his/her details in the reservation form, in order to complete his/her participation in the yoga lessons. Furthermore, and provided that the visitor / registered user has given his/her consent, the company may process his/her personal data to send information and promotional messages about Yoga and any lessons s/he may wish to participate in.

b) Online reservation for yoga lessons, Personal Data Type and Processing Purposes:

b.1) Basic processing

The user/customer has the option of choosing 2 ways to complete an online reservation and to state his/her personal data:

As a visitor: In this case, the visitor’s / customer’s personal data will be retained in the company’s records until the completion of his/her lessons, except for transaction data for tax purposes, and their processing will concern the sole purpose of executing the sales contract.

As a registered user: In this case, the customer / user has created a user account at www.yogaincrete.com and their personal data will be retained in the company’s records until the user requests their deletion. Once a year the company will ask the user/customer to confirm the correctness of the data it keeps and to update them, in case there are any changes. The user/customer may at any time change or correct his/her data by sending an email to gdpr@yogaincrete.com with his/her request.

In order to make any transaction through www.yogaincrete.com and to make reservations for company’s lessons, the following are requested:

  • full name,
  • contact phone number
  • customer’s e-mail address
  • city and
  • country of origin.

The credit card details are not stored in the company’s storage media during the transaction but are registered directly in a secure environment of the co-operating bank (EUROBANK) that has undertaken the routing of the cards.

The purpose of the basic data processing is to execute the contract and to complete the specific reservation, to communicate with the customer-user and to send informative messages regarding the stages of the processing of the reservation, to provide clarifications about the reservation and generally the information for lessons s/he has attended and the confirmation and identification of the user-customer in all the necessary circumstances.  The visitor / registered user is informed that the provision of the above mandatory personal data as well as the details of his/her transactions are necessary and constitute a prerequisite for the proper implementation of the services’ contract. For this reason, the user’s-customer’s consent is not required for this particular processing.

Each user-customer who uses www.yogaincrete.com is informed that his/her personal data regarding the receipt and execution of the reservation as well as queries regarding the services of yogaincrete.com and the reservations for yoga lessons will be processed for the purpose of serving the users-customers by both the competent employees of the company and the third party recipients and/or those processing on its behalf in the course of the execution of a reservation.  These third-party recipients are providers of special fitness services, tour operators and tourist accommodations with which the company cooperates and which are subject to the special strict conditions of processing of personal data that have been agreed with the company as the Controller. The company YOGA in CRETE requires that its employees, website maintainers and third-party partners take all necessary technical and organizational measures (including appropriate policies and procedures to prevent disclosure of the personal data of its visitors / registered users-customers that process and hold and apply procedures of management and processing of personal data in a manner that is lawful and protect them in accordance with the GDPR).

b.1.1.) Excursion organizing

In this case, the visitor’s/ customer’s personal data will be retained in the Company’s records until the service selected has been completed, except for transaction data for tax purposes, and their processing will concern the sole purpose of executing the sales contract.

In order to be able to organize your excursion through www.yogaincrete.com and to realize the yoga lessons at the destination you choose, the following are required:

  • the full name
  • the contact phone number
  • the customer’s e-mail address
  • the price range
  • your stay
  • the type of diet you follow
  • the meals you desire
  • the destination
  • your Level
  • the number of people
  • the days of stay
  • day of arrival and departure
  • the kind of Yoga
  • any additional services you desire
  • the language and
  • your transportation

The purpose of the data processing is the expression of interest from the visitor/ customer for the execution of the contract and the completion of the particular excursion, the communication with the user-customer and the sending of informative messages concerning the stages of the excursion, the provision of clarifications related to the excursion and the confirmation and identification of the user-customer in all the necessary circumstances.  The visitor / registered user is informed that the provision of the above mandatory personal data constitutes a prerequisite for the proper implementation of the services’ contract, which in this particular case is the organization of an excursion with Yoga lessons. For this reason, the user’s-customer’s consent is not required for this particular processing.

Each user-customer who uses www.yogaincrete.com is informed that his/her personal data regarding the organizing of an excursion as well as queries regarding the particular services of yogaincrete.com will be processed for the purpose of serving the users-customers by both the competent employees of the company and the third-party recipients and/or those processing on its behalf in the course of organizing the excursion.  These third-party recipients are travel agencies and internet service providers, with which the company cooperates and which are subject to the special strict conditions of processing of personal data that have been agreed with the company, as the Controller. The company YOGA in CRETE requires its employees, website maintainers and third-party partners to take all necessary technical and organizational measures (including appropriate policies and procedures to prevent disclosure of the personal data of its visitors / registered users-customers that process and hold and implement procedures of management and processing of personal data in a manner that is lawful and protect them in accordance with the GDPR).

No other processing or transmission of users’-customers’ data will be made by the company except for the processings under b.2 below for which the company has obtained the prior consent of the users-customers or if required by the Law or competent supervisory or judicial authority.

b.2) Consent requiring processing

b.2.1) In order to send the registered user-customer informative and promotional messages from www.yogaincrete.com, the registered user/customer must have previously given his/her explicit consent.

The Purpose of this processing of the registered user’s – customer’s data is to send informative promotional messages of the company and/or its third-party partners to the registered user-customer, to provide special offers and discounts on www.yogaincrete.com, to provide new or alternative services, to communicate forms of www.yogaincrete.com

You may at any time withdraw this consent and not receive such communications from www.yogaincrete.com by sending your request via e-mail to the email address gdpr@yogaincrete.com.

b.2.2.) YOGA IN CRETE also informs its registered user/customer that it can process his/her personal data and conduct researches to improve its provided services to the registered users/customers. Within this process, the company has the ability to record their needs, to take the necessary steps of promoting its appropriate services in order to improve the management of its clientele and to promote its services. In order for registered users/customers to receive personalized offers and updates based on their reservations they have made on the company’s website, they should give their consent to the analysis of their consumer behavior (profiling) based on purely automated processing, and in particular of the following data generated by user’s-custome’s transactions:

  • Services s/he has purchased at www.yogaincrete.com
  • Frequency of visits at www.yogaincrete.com
  • Services s/he has put in his/her basket, or in the favorites list at www.yogaincrete.com
  • Demographics s/he has declared at www.yogaincrete.com
  • Years of remaining a registered user-customer at www.yogaincrete.com
  • Participation in promotion steps
  • Expenditure incurred on purchase at www.yogaincrete.com
  • Reservation History at www.yogaincrete.com

The purpose of this particular processing is to optimize the purchasing experience of registered users-customers, their personal reward, the communication of services tailored to the needs of the customer base of yogaincrete.com, the receipt by the registered users-customers of customized offers and updates that relate to them directly as well as the invitation to participate, with or without reward, in researches for the formation of the yogaincrete.com website, for the evaluation of market trends and the evaluation of the services on the basis of the purchases s/he has made.

The visitor/registered user-customer is informed that his/her personal data may be processed by yogaincrete.com even without his/her consent in case of fulfillment of its obligations under law, such as when the relevant data are requested by the tax and banking authorities in the context of audits or by the competent supervisory and judicial authorities.

c)Data Recipients:  For the data necessary to serve each of the above processing purposes and within the context of responsibilities of each recipient, the recipients of the data of the registered user-customer are or may be:

  1. The tax authorities and the banking authorities in the case of a relevant audit
  2. The Company with which it provides CRM services and processes the data of the registered users-customers as the data processor on behalf of YOGA IN CRETE, according to the instructions and guidance of the company.
  3.  External partners providing internet services, storage and orders management, call center services and sales data analysis services, to which the necessary data for the fulfillment of their tasks are transmitted with strict restrictions and procedures. These companies use the data provided to them under the terms of use of www.yogaincrete.com solely according to the company’s instructions.

d)Rights of the subject of data: Each registered user-customer as a data subject may at any time exercise his/her rights as provided for in the General Data Protection Regulation 679/2016 EU and in particular Articles 12 to 23 thereof and the national legislation, and in particular:

i) the right to information and access to the data processed by the company

ii) the right to restrict the processing of his/her data,

iii) the right to correct or delete part or all (right to be forgotten) of his/her personal data

iv) the right of objection, that is to say to object to the processing of his/her personal data

(v) the right to the portability of his/her data

To exercise these rights, the member may:

  • submit a relevant request to gdpr@yogaincrete.com

 

In detail:

For the right of access to and correction/supplementation of personal data, the company enables registered users-customers of www.yogaincrete.com to correct/supplement their personal data by sending the request to gdpr@yogaincrete.com

For the right of portability of personal data, the company enables registered users-customers to receive their personal data and/or forward them to another Controller by submitting a written request to the email address gdpr@yogaincrete.com.

Each registered user-customer is informed that s/he has the right to withdraw his/her consent for any processing of the data s/he has given his/her consent to www.yogaincrete.com by sending an e-mail.

In the event of the exercise of any of the above-mentioned rights of the registered user-customer, YOGA IN CRETE will take every possible action to satisfy the request within (1) one month of its submission.  In this case, the registered user-customer is informed that the minimum necessary from his/her personal data will be retained, in order to safeguard the legitimate interests of the company.

e) Time of Maintenance of Personal Data: The data of the visitor user-customer will be retained and processed by the company until the completion of his/her specific order.

The data of the registered user-customer will be retained and processed until the registered user-customer requests the deletion of his/her account or for any processings of his/her data take place under his/her consent until s/he declares his/her withdrawal of consent for the purposes of provision of the services of www.yogaincrete.com.  However, some necessary personal data regarding his/her transactional relations with yogaincrete.com as well as information, consent and withdrawal of the member’s consent for the processing of his/her data will remain as information for the registered user-customer to ensure proof of the legitimacy of the processing of his/her data by the company and to safeguard the parties’ legal claims.

f) Special Category Data: The member is informed that yogaincrete.com does not collect nor does it require the disclosure of sensitive personal data (special category data).

In order to exercise its rights, the member may address the following email address: gdpr@yogaincrete.com and tel. +30 2821 200360

In each case, each registered user-customer as a subject of personal data, has the right to submit a query to the company for the way his/her personal data are processed and protected, and if s/he does not feel satisfied with the company’s answer, s/he has a right to complain to the competent supervisory authority (Hellenic Data Protection Authority).

You have the right to appeal to the Hellenic Data Protection Authority for issues concerning the processing of your personal data.  For the competence of the Authority and how to submit a complaint, you can visit its website (www.dpa.gràMy Rights àSubmission of a complaint), where detailed information is available.

YOGA IN CRETE states that no other use of the personal data of the visitor/registered user will be made for purposes other than those mentioned in this policy without prior notice and, where appropriate, consent of the visitor/registered user.

SAFETY

SSL protocol (Secure Sockets Layer) is today the world standard on the internet for the certification of websites to network users and for encrypting data between network users and web servers. An encrypted SSL communication requires all information sent between a customer and a server to be encrypted by the sending software and decrypted by the receiving software, thereby protecting personal information when transferred. In addition, all information sent under the SSL protocol is protected by a mechanism that automatically verifies whether the data has been changed during transport.

The SSL certificate for www.yogaincrete.com has been issued by the COMODO certification company.

Finally, we should remind that the credit card details are not stored in the company’s storage media during the transaction but are registered directly in a secure environment of the co-operating company (EUROBANK) that has undertaken the routing of the cards.

We also use Paypal and direct payment to our bank account to charge users for services. These companies do not keep, share, store or use personally identifiable information for secondary purposes

COOKIES

With this note, we provide you with more information on how we use “cookies” and other automated means to collect specific information about visitors of our websites, such as the number of visitors of our websites as well as our most visited websites, through any browser and device used.  By collecting this information, we learn how to better adapt our websites and our advertising to our visitors.

Cookies and other Automated Data Collection Means

Cookies are small text files that are stored on your device by using any browser when you visit a website. Cookies can be used to inform us, for example, if you have visited our website in the past or if you are a new visitor and help us to identify features of our site that you may be most interested in. Cookies can improve your online experience by storing your preferences as you visit a specific website.

Web Beacons

Web beacons (also known as Internet tags, pixel tags and clear GIFs) are usually transparent graphic images that are placed on a website. Web beacons are used in conjunction with cookies to capture the actions of visitors to the websites.

IP Addresses and URLs

The IP address is a unique locator that certain electronic devices use in order to be identified and communicate with each other on the Internet. When you visit our websites, we can see the IP address of the device you used to connect to the Internet. We use this information to determine the general geographic location of the device and to understand from which geographic areas our website visitors come from. This information can be used to change the way our website is presented in order to improve your visit.

The URL (Uniform Resource Locator) is a unique locator or address for every medium on the internet, and basically, it is the address of the website you are visiting. We will use this information in order to see which websites have traffic as well as how you navigate on our website.

Which Cookies do we use?

On our websites we use the following cookies:

Absolutely necessary cookies

The absolutely necessary cookies are essential to the proper functioning of the website, allow you to browse and use its features such as access to secure areas, registration forms, favorites list, the basket of purchases use and for safety reasons. These cookies do not recognize your individual identity. Without these cookies, we cannot provide our website with effective functionality.

Performance and Analysis Cookies

These cookies collect information about how visitors use the website, which pages they visit more often, and whether they receive error messages from websites. These cookies collect aggregate, anonymous information that does not identify a visitor. They are used exclusively to improve the performance of a website and allow us to collect information about the use you make on our websites, including the content you choose when browsing our websites, in order to measure the effectiveness and interaction of consumers with the website as well as to improve our pages over time.  These cookies can be provided to us by third-party analytic tool providers but are only used for purposes related to our websites.

For example: https://developers.google.com/analytics/devguides/collection/analyticsjs

Targeting/advertising cookies

These cookies are used to provide content that best suits you and your interests. They can be used to send targeted advertisements/offers, to limit advertisement displays, or to measure the effectiveness of an advertising campaign. These cookies can be used to remember the websites you have visited in order to determine which online marketing channels are more effective and allow us to reward external websites and partners who have promoted you to us.

How Can You Disable the Use of Cookies?

In case you want to enable or disable the use of cookies by your browser settings, depending on your browser please visit the following websites to be informed about the necessary actions

 

Internet Explorer http://support.microsoft.com/kb/278835

Firefox http://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored

Chrome http://support.google.com/accounts/answer/61416?hl=en

Opera http://www.opera.com/browser/tutorials/security/privacy/

Safari http://support.apple.com/kb/PH5042

Safari for iPad and iPhone http://support.apple.com/kb/HT1677