For the purpose of the General Data Protection Regulation (the “GDPR”), which applies in Sweden on May 25, 2018, and other data protection laws applicable in Sweden, the data controller is Be Rooted AB, whose registered office is ÖSTERPORTSGATAN 1 B C/O TEREZE KESTERE 21128 MALMÖ. Our company is registered in Sweden and the company registration number is 559123-9115.
INFORMATION WE MAY COLLECT ABOUT YOU
We may collect personal data, that includes your name, date of birth, address, email address, contact information, emergency contact and doctor information, financial information (payment information such as credit or debit card or direct debit details), demographic information such as preferences and interests, if you are a yoga or pilates teacher as well as other information relevant to customer surveys and/or offers.
We may collect and process the following data about you:
Information you provide when you use our website, Mindbody’s website or any other processor service (for example, Paysafe, iZettle or Mailchimp). This includes information you provide when you book a class, workshop or course, purchase any other product or service or enter a competition or promotion. We may also ask you for information if you report a problem with our website.
Information you provide when you contact us by email, through our contact forms on our website or social media platforms, by telephone, in writing or in person, including all studio registration and membership forms. We may keep a copy of that correspondence or communication
Information you provide to other booking systems who send us your information when you select our studio to book a class.
Details of your visits to the website and the resources that you access as set out in IP Addresses & Cookies section below.
If you are aged 18 or under, please get your parent/guardian’s permission beforehand whenever you provide personal information us. Users without this consent are not allowed to provide us with personal information.
If you are providing information on behalf of another person, please get their permission beforehand whenever you provide personal information to us. Users without this consent are not allowed to provide us with personal information
IP ADDRESSES & COOKIES
We may collect information about your mobile phone, computer or other device from which you access the website. Such information may include your domain name and IP address, details of your computer operating system and browser, the website you visited prior to visiting our website and unique number identifiers that are automatically generated by our systems when you visit our website. This will include details of the choices you make on our website indicating whether you wish to receive information on other products and services. Some of this information is retained in “cookie” files on your computer. Cookies are small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping baskets, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers
USES MADE OF THE INFORMATION
We use information held about you in the following ways:
to provide customer support e.g. responding to your inquiries;
to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, goods and services that you request from us;
to send you a welcome email, to verify your account when you register with the site or sign-up at one of our events and other emails for the purposes of providing any services or products to you, including in relation to account management or system maintenance or setting consent preferences;
for internal record keeping and to improve our goods and services;
to notify you about changes to our goods, services or class & workshop schedules;
to provide you with information of product and services we offer that are similar to those that you have already purchased or other goods or services we believe may be of interest to you. We will not share your data with third parties for marketing purposes unless we have procured your express consent to do so;
to ensure that content from our site is presented in the most effective manner for you and for your computer; to administer our site for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
We will only use financial or credit card information to discharge our legal / regulatory duties and to process payments made by you for our products and services or due to you by agreement (e.g. refunds); or to investigate financial transactions with our bank or payment processor.
LEGAL BASIS FOR DATA PROCESSING
We can process personal data on various legal bases:
For processing operations for which we obtain your consent for a specific processing purpose, Article 6(1)(a) of the GDPR is our legal basis. For example, purchase of a class pass or consent to marketing emails.
If the processing of personal data is necessary for the performance of a contract with yourself, for example, when processing operations are necessary to provide you with our products or services, the processing is based on Article 6(1)(b) of the GDPR. This includes processing required from your inquiries concerning our products or services.
As an entity established under the laws of Sweden, we are obliged to comply with Swedish laws and guidance provided by Swedish regulatory bodies and where we are subject to a legal obligation by which processing of personal data is required, our processing is based on Article 6(1)(c) of the GDPR.
Finally, we can base our processing operations on Article 6(1)(f) of the GDPR: in specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
THIRD PARTY SERVICES
Certain providers may be located in, or have facilities that are located in, a different jurisdiction than either you or us for example, Mindbody and Mailchimp which means your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
We may also disclose your personal information to third parties: in the event that we consider selling, buying or similar with any business entity; in the event of an insolvency situation or to protect our rights, our property, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection, credit risk reduction or bad debt collection.
Where you have chosen a password to access certain parts of our booking site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
You have a number of rights in relation to our use of your personal information and can request us to do various things with this information. For example, at any time you can ask us for a copy of your personal information, ask us to correct mistakes, change the way we use your information, or even delete it. You may also instruct us not to process your personal information for marketing purposes. In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes. In response to these requests, we’ll either do what you’ve asked, or confirm why we cannot if due to a legal or regulatory issue. Please see your full rights here.
If our company is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell services to you.
This Policy was last reviewed and updated on 24 May 2018.
In the event that there is a change to your personal information, for example your contact details, please let us know of this by contacting us so that we can keep your information up to date and accurate. If you have any concerns regarding our processing of your personal data, please contact us in the first instance. Our contact details are: Be Rooted AB, email: firstname.lastname@example.org or address ÖSTERPORTSGATAN 1 B C/O TEREZE KESTERE 21128 MALMÖ.