A. What information do we collect?
When you register, donate, create a profile, or fill out a form online (catalog request; email sign up; scholarship, employment, or nonprofit retreat applications) on the Platform, we request the information we need to complete your order or request. This information may include your full name, billing address, shipping address, telephone number, email address, gender, and if applicable, credit card number.
The information you provide will be used to process your order or request and improve your online experience. Once you have placed your order or donation with us, we will verify with your credit card company that your credit card is valid and send you an email message that confirms your order or donation was successfully received. We will also send you an email order confirmation once your registration, donation, or online form request has been finalized.
B. Information from Other Sources
Yoga Service Collective sometimes employs third parties to perform services for us. We hire agencies to help administer consumer promotions and to analyze data. We may purchase data from agencies to acquire missing details, as well as to better identify or model our customers and inquiries, to help us shape our messages to your interests. These parties have agreed to hold this information in confidence and do not use it for any purpose except to carry out the requested service(s).
We may also obtain information about you from other sources. For example, we may receive background information in connection with employment opportunities. We will provide the applicable policies and procedures to you in such cases.
After you have attended a workshop in-person or online we email a survey to gather information about your stay and experience. Periodically we may use surveys, questionnaires, or evaluations to gather additional information from you to inform our programs and other activities. Participation in surveys is entirely voluntary.
D. What do we use your information for?
Any of the information we collect from you may be used in one or more of the following ways:
- To personalize your experience
- To improve our Platform
- To improve customer service
- To troubleshoot problems
- To send periodic emails
- To process your registration, request, donation, or application
- For business analysis
E. Sharing with teachers and like-minded companies
Information about our participants and visitors is an important part of our business.
- We maintain a file of recent U.S. participants and inquirers, who have not specifically opted out, with a list service bureau to share or “rent” information for mailings with other like-minded organizations whose programs or products are of a similar nature to our own. We hope that you appreciate hearing from these organizations.
- Like many organizations, we also participate in a cooperative database. Our customer information is added to a central pool for analytical and modeling purposes. Member organizations of this data co-op may mail to anyone who fits their modelling criteria if allowed, though they will not know the source organization. If you have not otherwise opted out of information sharing, you may also receive mail from the other organizations or companies within the data co-op.
If you wish to opt out of having your contact information shared, please refer to the opt-out information for Information Sharing and Mail List below.
F. How to Opt Out
Yoga Service Collective believes in your privacy and we have created easy steps for you to limit or control the way Yoga Service Collective communicates with you and shares your information.
F.1 Promotional eMails
If you do not wish to receive promotional emails from Yoga Service Collective such as our monthly newsletter or weekly email promotions, please follow the instructions at the end of emails you receive from us. From these emails you can unsubscribe at any time. It can sometimes take up to 5 business days for our systems to reflect your changes.
F.2 Information Sharing and Mail List:
If you wish to limit the way Yoga Service Collective shares your contact information please notify us with your preferences and we will update your record in our systems.
Email: Send our Data Protection Officer an email: email@example.com
Write: Send us a note addressed to:
Yoga Service Collective Institute
3 Germay Dr,
Unit 4 #1502
Wilmington, DE 19804
It is most helpful to send us the mail panels of brochures you’ve received, including the key code and customer number.
At a minimum, please include your full name and street address as it appears on the brochure. Please include your email address with your correspondence, in case we need to clarify something.
F.3 The options listed above are specifically designed to limit or control the receipt of promotional materials and the sharing of gathered information. Yoga Service Collective will still contact you regarding customer service, workshop and conference registration, housing, transportation, and other related issues.
We participate in behavioral-based advertising. This means that a third party may use technology (e.g., a cookie) to collect information about your use of our Platform so that they can provide advertising about products and services tailored to your interest. That advertising may appear either on our Platform or on other websites.
If you wish to clear tracking cookies from all of the websites you visit, you can change the preferences or settings in your web browser to control cookies. The Help menu on the menu bar of most browsers will tell you how. In some cases, you can choose to accept cookies from the primary site, but block them from third parties. In others, you can block cookies from specific advertisers or clear out all cookies.
H. Browser and Device Information
Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (e.g., Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version, and the name and version of the Services (such as the App) you are using. We use this information to ensure that the Services function properly.
I. Internet Protocol Address
Your IP address is automatically assigned to your computer by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses the Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications, and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems, and administering the Services. We may also derive your approximate location from your IP address.
J. Web Server Traffic, Browsing History, Pixel Tags
We collect standard web server traffic pattern information and your browsing history. General traffic, Platform usage, browser information, and length of stay information are collected and stored in log files. Pixel tags (also known as web beacons and clear GIFs) may be used to, among other things, track the actions of users of the Services (including email recipients), measure the success of our marketing campaigns and compile statistics about usage of the Services and response rates.
K. Targeted Outreach and Advertising
M. Physical Location
We may collect the physical location of your device by, for example, using satellite, cell phone tower, or Wi-Fi signals. We may use your device’s physical location to provide you with personalized location-based services and content. In some instances, you may be permitted to allow or deny such uses and/or sharing of your device’s location, but if you do, we may not be able to provide you with the applicable personalized services and content.
O.1 We implement a variety of security measures to maintain the safety of your personal information when you place an order or access your personal information, including offering use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway provider’s database only to be accessible by those authorized with special access rights to such systems, and they are required to keep the information confidential. However, as with all information submitted online, while we strive to protect personal information, neither Yoga Service Collective nor our service providers can guarantee the security (including but not limited to unauthorized access by third parties, loss, misuse, or alteration) of any information you transmit to us over the Internet.
O.3 Incorrect or Fraudulent Information: A credit card transaction may be canceled by Yoga Service Collective if we reasonably determine that the order information you provided is incorrect or fraudulent, or if we reasonably believe the credit card utilized is from an unauthorized party.
O.4 Login Profile: You are responsible for maintaining the confidentiality of your account and password, and for restricting access to the computer(s) you have used to place orders. We recommend you keep this information current. Yoga Service Collective is not responsible for updating login profile information.
O.5 Password: To provide you with an increased level of security, access to your login profile is protected with a password you select. We strongly recommend that you do not disclose your password to anyone. Your password will never be requested through unsolicited communication from Yoga Service Collective.
P. Yoga Service Collective Wellness Center
Yoga Service Collective’s Wellness Center may ask for basic medical information that might impact or preclude you from receiving certain Wellness Services, including information about injuries, surgeries, pregnancy, or medical conditions such as cancer. This information is requested on written, paper intake forms for guests who want to participate in a wellness service and these forms are never transmitted electronically either internally or externally. The paper forms are stored at the Center during the season and then moved to a location outside the Center for final storage in a locked location.
Minors (anyone under the age of 18) are not eligible to pay for Yoga Service Collective services and we ask that minors do not submit credit card information. Yoga Service Collective is not responsible for a minor’s use of their parent’s credit card.
Q.1 The Children’s Online Privacy Protection Act (“COPPA”) requires that we inform parents and legal guardians about how we collect, use, and disclose personal information (from children under 13 years of age).The Platform is not directed at children under 13 years of age, but we recognize that with proper adult supervision some parents might permit their children to visit and utilize the Plaform. COPPA requires that we obtain the consent of parents and guardians in order for children under 13 years of age to use certain features of the Platform.
Q.3 The information we collect may include information from which children can be personally identified, including name, mailing address, telephone number, fax number, email address, buying information (e.g., preferences or history), birth date, birthplace, parent’s name, gender, geolocation information, zip code, biographical information, personal interests, and Facebook/Twitter/Google/ ICQ/AIM/Yahoo/MSN/SKYPE user name (or similar user names), when you register with them, use the particular products or services, or post content on a blog site as a guest with authoring rights, or photos, videos, or audio files that may contain children’s image or voice as applicable. For purposes of this Section Q, persistent identifiers that can be used to recognize a user over time and across different websites or online services, such as a user name, is also considered personal information. Where the Platform or Services collect a persistent identifier and no other personal information, and such identifier is used for the sole purpose of providing support for the internal operations of the Platform or the Service, no notice will be given.
Q.4 Once parental or guardian notice and consent has been verified, the information we collect will be treated the same as information collected from any other user of the Services.Without verified parental notice and consent, we will not knowingly collect personal information of children under 13 years of age, and if we learn that we have inadvertently collected such information, we will promptly delete it, provided that we will not delete the information needed to (i) protect the security or integrity of the Platform or Services; (ii) take precautions against liability; (iii) respond to judicial process; or (iv) to the extent permitted under other provisions of law, to provide information to law enforcement agencies or for an investigation on a matter related to public safety; and where such information is not to be used for any other purpose.
Q.5 How Parents Can Access their Children’s Personal Information:
R. Your Consent
S. International Visitors to Our Platform
T. GDPR Data Privacy Statement
FOR RESIDENTS OF THE European Economic Area (EEA) ONLY.
We endeavor to ensure that any personal data we collect about you will be held and processed strictly in accordance with the Data Protection Act of 1998 (DPA) and the European General Data Protection Regulation (GDPR). Terms with meanings under GDPR are identified here:
- “controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by EU or other applicable law, the controller or the specific criteria for its nomination may be provided for by EU or other applicable law. We are considered a “Data Controller”. Data Controller means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.
- We utilize “Data Processors (or Service Providers),” which means any person (other than an employee of the Data Controller) who processes the data on behalf of the Data Controller.
- You, or any User, would be considered a “data subject”. A data subject is any living individual who is the subject of personal data.
- “personal data” means any information relating to a data subject, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
- “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
- “recipient” means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with EU or other applicable law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
We process personal data based on at least one of the following statutory sources:
- Permission of the data subject to the processing of his/her personal data concerning one or more specific purposes (Art. 6 Para.1 S.1 lit.a GDPR);
- Completion of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6 Para.1 S.1 lit.b GDPR);
- Compliance with a legal obligation we are subject to (Art. 6 Para.1 S.1 lit.c GDPR);
- Protection of the vital interests of the data subject or of another natural person (Art. 6 Para.1 S.1 lit.d GDPR);
- Protection of our legitimate interests or those legitimate interests of a third party (Art. 6 Para.1 S.1 lit.f GDPR)
Disclosure of personal data to recipients
We only share personal data with recipients (processors of personal data or other third parties) to the extent necessary and only under one of the following conditions:
- Permission of the data subject to the transfer of his/her personal data;
- The transfer is necessary for the fulfillment of contractual obligations or in order to take steps at the request of the data subject prior to entering into a contract;
- We are legally obligated to transfer the data;
- The disclosure is based on our legitimate interests or those legitimate interests of a third party.
Under European data protection law, you have:
- The right to access: You may request a copy of your personal data;
- The right to rectification: You may request correction of your personal data that you believe is inaccurate or incomplete;
- The right to erasure: You may request that we erase your personal data, under certain conditions enumerated under Article 17 (https://gdpr-info.eu/art-17-gdpr/);
- The right to restrict processing: You may request that we restrict the processing of your personal data, under certain conditions;
- 5he right to object to processing: You may object to our processing of your personal data, under certain conditions;
- The right to data portability: You may request that we transfer to another organization, or to you, the data we have collected about you, under certain conditions; and
You can exercise any of these rights by contacting us as follows:
Call: 877.944.2002 ext. 9022 (toll free in the United States)
845.256.8144 ext. 9022 (International)
Email: Send our Data Protection Officer an email: firstname.lastname@example.org
Write: Send us a note addressed to:
Yoga Service Collective Institute
c/o Data Services
150 Lake Drive
Rhinebeck, NY 12572-3252
Deletion and Limitation of Personal Data
We delete personal data processed according to Art. 17 GDPR and restrict the processing of personal data pursuant to Art. 18 GDPR. Unless otherwise specified herein, personal data is deleted if it is no longer necessary for the purposes for which it was collected or otherwise processed and the deletion does not conflict with any statutory requirements of safeguarding the personal data. If personal data is required for legally permissible purposes, it will not be deleted but its processing will be limited to such purpose. This applies, for example, to personal data that must be retained by us for commercial or tax law reasons.
I Processing operations
To make our Platform available to the public, we use hosting services provided by hosting providers, such as the supply of web servers, disk space, database services, security, and maintenance services. Therefore we and our hosting provider are processing personal data of users of our Platform on the basis of our legitimate interests under Art. 6 Para. 1 lit. f GDPR.
- Access Data and Log Files
When you access our Platform or one of its pages, the browser on your device automatically sends information to the Platform’s server. This information is stored in so-called log files by us or our hosting provider. The following information is stored:
- IP address of the computer requesting access to our Platform
- Date and time of the access
- Name and URL of the retrieved file
- Platform from which access is made (referrer URL)
- The browser used and, if applicable, the operating system of your computer
- Database changes and errors
- This data is processed for the following purposes, and the legal basis for such data processing is Art. 6 Para. 1 p. 1 lit. of GDPR:
- Providing the Platform, including all functions and contents
- Enabling an unobstructed dial-up connection to the Internet
- Enabling easy utilization of our Platform
- Ensuring system security and stability
- Anonymized statistical evaluation of visitors accessing our Platform
- Platform optimization
- Other administrative purposes
- Registration / User Account
You have the opportunity to register on our Platform. Registering requires the providing of personal data. The registration is voluntary and is in accordance with Art. 6 Para. 1 p. 1 lit. a GDPR on the basis of your voluntary consent. The personal data being transferred depends on the data input in the registration form. The personal data recorded is used as described above and to contact you. You may access your personal data and make changes to it. Your data will be stored until you delete the user account or instruct us to delete your data. Other than obligations to retain your personal data on the basis of statutory retention periods, under tax and commercial law, the processing of your personal data will be restricted until the retention period expires, and then the data will be deleted.If you register on our Platform or create a user account, we store the IP address and the time of the respective use. This storage is based on our legitimate interest under Art. 6 Para. 1 p. 1 lit. f GDPR in providing such options. The user account and data stored in connection with it also facilitate purchases, access to historical orders, and the writing of customer reviews. Transfer of this data to third parties does not take place unless it is required to fulfil contractual obligations according to Art. 6 Para. 1 lit. b GDPR or for the prosecution of any claims or if there is a legal obligation according to Art. 6 Para. 1 lit. c GDPR.
- Contract Data
In connection with and for the purpose of fulfilling pre-contractual measures and contractual obligations via our Platform upon request of the data subject, we process the data of the data subject required for the fulfillment of the contract. This includes:
- Data of the contractor, such as name, address and contact details, if applicable different delivery or billing addresses or recipients, roommate request, and gender;
- Contractual data, such as subject of the contract, duration, and customer category;
- Payment data, such as bank details, credit card data, and payment history.
The legal basis for the data processing is Art. 6 Para. 1 p. 1 lit. b GDPR. The data will be transferred to third parties only to the extent to fulfil pre-contractual and contractual obligation, e.g. to banks, payment service providers, and credit card companies for the payment transaction and to email service providers.
- Application Form
By using our application form you are asked to submit your name, contact information, and further application information, so we can consider your application and contact you personally. Data to process your application is processed according to Art. 6 Para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent.
- Email Marketing to Customers
If you are our customer and we have received your email address in connection with the sale of a good or service, we are authorized to use your email address for purposes of customer service, direct marketing of similar goods or services. This only applies if you have not objected to such use and we have explicitly informed you about the possibility to object to such use when collecting the email address and every time we use your email address. Legal basis of such processing is our legitimate interest in direct marketing according to Art. 6 Para. 1 lit. f GDPR.
If you would like to receive our newsletter, we require your email address. The data processing for the purpose of sending you our newsletter is carried out pursuant to Art. 6 Para. 1 p. 1 lit. a GDPR on the basis of your voluntary consent by means of the so-called double opt-in procedure. Your email address and other provided details will be used and stored for this purpose until you revoke your consent or unsubscribe from receiving the newsletter. It is possible to unsubscribe from our newsletter at any time, for example via a link at the end of each newsletter. Alternatively, you can unsubscribe at any time by sending an email to the email address documented under II.We send our newsletters with a so-called counting pixel. A counting pixel is a miniature graphic embedded in the HTML format of the newsletter to allow for analysis of reader behavior. In this context, we store whether and at what time a newsletter was opened by you and which of the links contained in the newsletter you accessed. We use this data to generate statistical evaluations about the success or failure of a marketing campaign in order to optimize the delivery of newsletters and to better tailor the content of future newsletters to your interests. The collected data will not be passed on to third parties and will be deleted after the statistical evaluation.
III Payment Service Provider
IV Statistics and Analysis
- Facebook Pixel
Within our website we use the so-called “Facebook-Pixel”. Provider is Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Responsible for the processing of personal data of individuals in the EU is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.Facebook has entered the EU/U.S. PrivacyShield, is thereby committed to comply with European privacy standards and therefore is in compliance with the requirements of the European Union to legitimize the transfer of personal data to the U.S. Information on Facebook’s commitment concerning the PrivacyShield can be found at https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.The use of this technology enables Facebook to assign the visitors to our Platform to certain groups (e.g. visitors to our Platform or rather according to the fields of interest we have passed on to Facebook, so-called “custom audiences”) for the display of specific advertisements and to be able to recognize them. This ensures that these users are shown only personalized advertisements and so harassment by improper advertising can be avoided. By using Facebook-Pixel we can also understand the effectiveness of our Facebook advertisements for statistical purposes and track whether and how a user has used our offer after clicking on the advertisement.More information about Facebook-Pixel and how it works can be found at https://www.facebook.com/business/help/651294705016616. Details about Facebook’s processing of data and general information about Facebook advertisements can be found in the Facebook at https://www.facebook.com/about/privacy/update. You can opt out of the collection of your data by Facebook-Pixel, and its advertisement functions, in your Facebook account under the heading “settings”. Information about these settings can be found at https://www.facebook.com/settings?tab=ads (login required).The use of Facebook-Pixel helps us advertise our products and services in an appropriate, tailored manner. The legal basis for such use of Facebook-Pixel is the legitimate interests of us and third parties for these purposes according to Art. 6 Para. 1 lit. f GDPR.
V Services of Google
Provider of the following Google services: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter “Google”).
The legal basis for using the following Google services is our legitimate interest according to Art. 6 Para. 1 lit. f GDPR. Google has entered the EU/ U.S. PrivacyShield, is thereby committed to comply with European privacy standards, and is in compliance with the requirements of the European Union to legitimize the transfer of personal data to the U.S. Information on Google’s commitment concerning the PrivacyShield can be found at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
Information about Google’s use of data for advertising purposes, settings and options, can be found at the following:
- Google Analytics
- Demographic Characteristics by Google Analytics
Our Platform uses the function “demographic characteristics” as part of Google Analytics so reports can be created containing information such as age, gender, and interests of Platform visitors. This data comes from interest-based advertising from Google and third-party visitor data. This data cannot be assigned to a specific person. The legal basis for the use of these Google services is our legitimate interests to optimize and optimally market our Platform according to Art. 6 Para. 1 lit. f GDPR. You can disable this feature at any time through the display settings in your Google account or generally prohibit the collection of your data by Google Analytics as outlined above.
- Google Maps
- Google Tag Manager
This Platform uses Google Tag Manager for tagging. This service allows Platform tags to be managed by a single interface. No cookies are used and no personal data is collected. The Google Tag Manager triggers other tags which may collect data. However, Google Tag Manager does not access this data. If there is a deactivation at the domain or cookie level, it will remain in effect for all tracking tags if they are implemented with the Google Tag Manager.
VI Social Media Plugins
Our Platform uses social media plugins of social networks. If a page of our Platform is opened with such a plugin, your browser establishes a direct connection to the server of the respective plugin, whereby the respective provider learns which page of our Platform was accessed and from which IP address. The same applies to any interaction with the respective Social Media Plugin (e.g., liking or sharing content, or commenting on a post).
If you are logged in to the respective social network at the same time, the respective provider of that social network can directly match the visit to the page of our Internet offer to your user account there. If you click on the button of the respective plugin, the corresponding information will be transmitted to the respective provider and published there as a post in the profile of your social network. If you do not want the provider to be able to match the data collected on our Platform to your respective user account from the provider, you must first log out of the respective social network. The purposes of plugins are to make our Platform better known and to share content from our Platform in social networks. The legal basis for the use of social media plugins is our legitimate interests according to Art. 6 Para. 1 lit. f GDPR of making our Platform better known through social media.
- Twitter Tweet-Button
VII Media Content
To improve or complement our content, the Platform also uses content from providers such as YouTube (Google), Vimeo, and Adobe TypeKit. The legal basis for using the following social media plugins is our legitimate interest in improving or complementing the Platform with third-party content, according to Art. 6 Para. 1 lit. f GDPR.
Our Platform displays content from YouTube, whose provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter “Google”). This service collects your IP address and, if applicable, any other data required by Google for YouTube. Information generated regarding your use of this Platform is stored on a server in the U.S. This information may also be transferred to third parties if required by law or if third parties process such data on behalf of us or Google. If you are logged in to YouTube at the same time, Google can directly match the visit to the page of our Platform and your YouTube user account. If you do not want Google to be able to match the data collected on our Platform to your respective user account on YouTube, you must first log out of YouTube.
Our Platform uses media content of the Vimeo platform. Provider is Vimeo, LLC headquartered at 555 West 18th Street, New York, NY 10077 USA (hereafter “Vimeo”). The purpose is the display of contents of the platform Vimeo in the context of our Platform. This service collects your IP address and, if applicable, any other data required by Vimeo. The generated information about your use of this Platform is stored on a server in the U.S. This information may also be transferred to third parties if required by law or if third parties process these data on behalf of us or Vimeo. If you are logged in to Vimeo at the same time, Vimeo can directly match the visit to the Platform to your user account. If you do not want Vimeo to be able to match the data collected on our Platform to your respective user account on Vimeo, you must first log out of Vimeo. More information about data processing and data protection by Vimeo, can be found at https://vimeo.com/privacy.
- Adobe Typekit
This Platform uses external font types by Adobe Typekit. Provider is Adobe Systems Incorporated, San Francisco, 345 Park Avenue San Jose, California 95110, USA (hereafter “Adobe”). Your browser will load the required fonts into the browser cache when you visit the Platform. If your browser does not support this feature a standard font will be used by your computer to display the Platform. This service collects your IP address, which of our Platforms you have visited and, if applicable, any other data required by Adobe for the provision of the fonts. The generated information about your use of this Platform is stored on a server in the U.S.