Privacy & Personal Data Management Policy
Data Processing Controller. The Company «OM SHANTI L.P.» with the distinctive title «OM SHANTI» and registered office in Athens, 7 Pratinou Street, (General Electronic Commercial Register No 146437903000) [hereinafter referred to as “the Company”] is the owner of the yoga and pilates academy and the manager of the website www.omshanti.gr [hereinafter referred to as “the Website”]. The Company is responsible for processing the personal data of the Academy’s clients and the Website’s users.
1. Legal Basis. The Company collects and processes data of personal nature (hereinafter “personal data”) of the clients and, furthermore, of users of the website www.omshanti.gr, based on the consent they themselves have provided freely and voluntarily by signing the Personal Data Form, in accordance with the Terms of Participation thereof. The Company, as Data Processing Controller, undertakes to ensure that the confidentiality of your personal data is respected and to guarantee that you are able to exercise freely the rights conferred upon you by the national and Community law applicable to the collection, use and disclosure of your personal data by us
2. Legal Framework. The collection and processing of your personal data are subject to the provisions of the General Data Protection Regulation of the European Union – Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), as well as of the applicable national, European and international law on the protection of natural persons with regard to the processing of personal data.
3. Personal Data We Collect. Personal data collected and processed by the Company with your explicit consent to use our website and/or receive our services are: Name, Surname, E-Mail, Address, Postcode, City, Country, Phone. As we provide services to you, we may collect for accounting purposes data necessary for the pricing of our services e.g. VAT number. You may also be required to provide additional data such as Date of Birth/Age, social media account, personal information you choose to make known.
4. Use of Personal Data. Your personal data is collected and used by the Company solely in order to inform you about its activity and provide its services, for the purposes of identification and registration in our Academy, verification of fitness condition and, if needed, providing you personalized and special exercises, for informing you about activities, for communication purposes in case of emergency, for improvement of our website’s content and our services in general, for internal workings and analysis such as internal management and fraud prevention and use by management, pricing, accounting, billing and control information systems.
5. Principles of Procession according to GDPR 2016/679 (such as legality, objectivity, transparency, purpose limitation, data minimization, accuracy, retention-time limitation, data integrity, confidentiality and accountability) are enforced during personal data collection and procession,
6. Data Retention. Your personal data are retained for as long as is required for the provision of our services. Data may be retained for longer periods if this is required by law for specific purposes such as bookkeeping and accounting.
7. The collection and processing of your personal data by the Company is not intended for commercial purposes. The Company undertakes not to sell, lease or in any way publish and/or disclose the personal data of the participants to any third party, natural or legal person, unless disclosure of data is required in any of the cases described herein.
8. Disclosure/Transfer of Data. The Company discloses/transfers personal data to third parties, natural and/or legal persons, that cooperate with the Company and/or provide services solely for the purposes described above (par. 4). Natural or legal persons providing services to our Company are for example instructors of our Academy, those who provide IT & technical (software and hardware) support to our Company (application platform/collection of applications for participation, host server and e-mail support services), those who provide accounting services to the Company, those who organize events etc. The natural or legal persons who provide services for the purposes of par. 4, do so solely on the Company’s orders and within the framework set by the Company. The Company takes the necessary measures to ensure that only the absolutely necessary data are transferred/disclosed in each case depending on the specific purpose and to guarantee that such data are processed under the law.
9. Cookies Policy. According to the Directive 2009/136/EC, which will be replaced by Regulation, our website accepts cookies. A cookie is a small alpha-numeric archive which is stored on the hard drive or in the browser of a computer, tablet, smartphone or similar device when it browses the internet. The majority of the cookies we use are of the analytic type, which count number of users, help us to understand how they navigate our site and improve the way it works, for instance by making search results more accurate. By visiting our website, you accept (opt-in) the procession of your personal data collected by social media or search engines e.g. Google Analytics, Facebook social plug-ins, Google+, etc, without any involvement, influence or control on the part of the Company, transmitted within or besides the European Economic Area (28 EU-members, Island, Lichtenstein, Norway). For these actions solely responsible are the third parties. In case you don’t agree with the receipt of information by third parties such as Google, Facebook, Twitter, etc from your browser, when you are visiting our website, you can opt out by making the corresponding settings as provided by the applicable usage policy on each third party’s website.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site or any other websites that you visit.
10. Newsletter. You are offered the opportunity of receiving our Academy’s news e.g. new programs, activities, events, etc via newsletters sent to your email/home address. Your selection is recorded via your subscription in our website’s newsletter or by signing the relative Personal Data Form. In case you don’t wish the receipt of newsletters, you can choose to “unsubscribe” in any received email that contains newletter or you can acknowledge your wish by sending email to our email address firstname.lastname@example.org.
11. User Rights. With regard to the personal data you provide to the Company, you maintain, among other things, the rights to information, access, rectification, erasure, restriction of processing, objection and portability as specified in Articles 13 to 21 of the General Data Protection Regulation of the European Union – Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR):
• Right to information: This is the right to know who is processing your data, what data are being processed, for what purpose and for how long the processing takes place.
• Right to access: This is the right to receive confirmation as to whether or not your personal data is being processed, what data are being processed, for what purpose, how long they are stored and to whom they can be disclosed.
• Right to rectification: This is the right to request the correction of inaccurate or irrelevant personal data and to fill in incomplete information.
• Right of erasure (‘right to be forgotten’): This is the right to request the deletion of your personal data under certain conditions set by the Regulation, such as when the data is no longer necessary, you have withdrawn your consent, the data has been processed illegally, etc.
• Right to restriction of processing: This is the right to request that the processing of your personal data be restricted when their accuracy is contested, the processing is unlawful, the data are no longer needed by the controller, or you have objections to processing by automated means.
• Right to object: This is the right to oppose at any time and for reasons related to your particular situation, to the processing of personal data that concern you, if such processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or if such processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, including the profile status under those provisions.
• Right to data portability: This is the right to receive the personal data that concern you and that you have provided, in a structured, commonly used and machine-readable format and the right to transmit those data to another company without hindrance from the Company to which the personal data have been provided, where: (a) the processing is based on consent or a contract; and (b) the processing is carried out by automated means. When exercising the right to data portability, you have the right to request the direct transmission of personal data from one controller to another where this is technically feasible.