Privacy Policy

One Yoga UK Ltd (collectively referred to as “the business” or “we” in this policy) respects your privacy and is committed to protecting your personal data.  One Yoga UK Ltd is dedicated to being transparent about what data it collects about you and how we use it.

The purpose of this privacy policy

This policy aims to provide you with information about how we collect and process your data.  This includes what personal data the business collects, how we use your data, how we ensure your privacy is maintained, and your legal rights relating to your personal data.

It is important that you read this privacy policy together with any other documentation on specific occasions when the business collects or processes personal data about you so that you are fully aware of how and why we use your data.

Personal data the business collects

Personal data, or personal information, means any information about an individual from which that person can be identified. 

The business may collect the following information about you:

  • Identity Data: title, first name, last name, age/date of birth and gender, any physical / behavioural considerations.

  • Contact Data: your contact details, postal address including billing and delivery addresses, telephone numbers and email addresses.

  • Financial data: your payment details – should you engage the business services and/ or activities.

  • Your web browsing activities on the business virtual platforms.

  • Your communication and marketing preferences.

  • Your interests, preferences, feedback, and survey responses.

  • Your correspondence and communication with the business. 

  • Publicly available personal data including information shared on social media platforms such as Twitter, Instagram, and Facebook; &

  • Your computer’s IP address.

The business will not collect any sensitive data about you.

This list is not exhaustive and in specific instances, the business may need to collect additional data for the purposes set out in this policy.  Some of the above personal data is collected directly:

  • Volunteered by you when registering for information and other personal data is collected indirectly, &

  • When you are browsing the business virtual platforms. 

How the business uses your data

We use your personal data for:

  • Providing services and/ or activities to you.

  • Providing information to you that you request from the business relating to services and/ or activities.

  • Internal record keeping.

  • Improving and personalising the business services and/ or activities.

  • Promotional and Marketing purposes: with your agreement, to contact you via email, phone and/ or mail about relevant promotional offers, services and/ or activities which we think may interest you.

  • Developing new services and/ or activities.

  • Customer insight and market research purposes, which helps the business to better understand your needs and wants in relation to the delivery of services and/ or activities.

  • Informing you of any changes to the business virtual platforms, services and/ or activities.

  • Enabling the business to manage all interactions with you. &

  • Where the business has a legal right or duty to disclose your information (for example in relation to an investigation by a public authority or in a legal dispute). 

Marketing

Promotional communications

The business may use your personal data for electronic marketing purposes and for providing updates on services and/ or activities which are of interest and relevant to you as an individual. 

You have the right to opt out of receiving promotional communications at any time by:

  1. Clicking the “unsubscribe” link at the bottom of emails.

  2. Contacting the business directly via the contact details within this policy.

Usage Data

The business may process data about your use of its website and services ("usage data").  The usage data may include your IP address, location, browser type and version, operating system, referral source, length of visit, page views and virtual platform navigation paths, as well as information about the timing and pattern of your service use.  This is used to allow the business to process and analyse the use of its virtual platforms. 

Legal basis for using your data

The business is required to set out the legal basis for its processing of your personal data. 

The business collects and uses your personal data as it is necessary:

  • To pursue its legitimate interests. 

  • For the purposes of complying with the business duties and exercising its rights under a contract for the sale of services and/ or activities to a customer. 

  • To comply with the business legal obligations.  And/ or,

  • Where you have consented to the use.

You have the right to withdraw your consent at any time. Where consent is the only legal basis for processing, the business will cease to process data after consent is withdrawn. 

The business legitimate interests

The usual legal basis for processing your data is that it is necessary for the business legitimate interests, which include:

Selling services and/ or activities to customers:

  • Promoting, marketing, and advertising the business services and/ or activities.

  • Sending promotional communications which are relevant and tailored to customers.

  • Understanding customer behaviours, preferences and needs.

  • Improving existing services and/ or activities and developing new services and/ or activities.

  • Complying with legal and regulatory obligations.

  • Preventing crime and/ or fraud.

  • Handling customer memberships, queries, complaints, and disputes (including refunds).

  • Managing any claims made by customers (including legal).

Sharing data with third parties

The business services and/ or activities providers and suppliers

To make certain services available to you, the business may need to share your personal data with some of its services and/ or activities providers.  These include services and/ or activity providers related to the nature of the business - yoga. 

The business only allows its services and/ or activities providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls.  The business does not allow its third-party services and/ or activities providers to use your personal data for their own purposes and only permits them to process your personal data for specified purposes and in accordance with its instructions.

Other third parties

Aside from the business services and/ or activities providers, we will not disclose your personal data to any other third party, except for those set out below:

  • Third party marketing partners such as Google or Facebook (to deliver advertising).

  • We store your information on all or some of the following: Mailchimp, Gmail, and Google Drive.

  • Government bodies, regulators, law enforcement agencies, courts/tribunals, and insurers where the business is required to do so. 


The business will never sell or rent your data to other businesses and/ or organisations.

The business website may include links to third-party websites, plug-ins, and/ or applications.  Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  The business does not control these third-party virtual platforms.  As such, we are not responsible for their privacy arrangements.  When you leave the business virtual platform, we encourage you to read the privacy policy or notice of every virtual platform you visit.

International transfers

To deliver services and/ or activities to you, it may be necessary for the business to share your data outside of the UK.  This will occur when service and/ or activity providers are located outside the UK.  Whenever the business transfers your personal data out of the UK, it ensures a similar degree of protection is afforded to it as it does with data managed in the UK.

How the business protects your data

The business is committed to keeping your personal data safe and secure.  We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. 

  • Strong passwords. 

  • High quality anti-virus & security software.

  • Access to personal data is limited to only those people who have a business need to know.


The business will strive to protect your data in all means reasonably required by it to do so.  However, no virtual platform can be 100% secure.  As such, we cannot be held responsible for unauthorised or unintended access that is beyond the business control.

We have appropriate measures in place to deal with any personal data breaches and will notify you and any applicable regulator of a breach where the business is legally required to do so.

How you can help the business protect your data

The business will never ask you to confirm any bank account or credit details via email, if you receive an email claiming to be from the business asking you to do this, please ignore it and do not respond.  (In this instance, please contact the Director (Andrea Everingham) on andrea@oneyoga.uk / 07956 244959).

How long we keep your data

The business will only retain your data for as long as necessary for the purpose it has been collected.  The longest we will normally hold any personal data is 7 years. 

If you no longer wish for the business to hold your information, you can contact the business (see rights below) and request that any personal data we hold is destroyed. However, please note the business has a legal requirement to keep some of your personal data even after you have asked the business to destroy it to ensure it can meet the business legal or regulatory requirements, resolve disputes, prevent fraud, and/ or enforce our contractual obligations with you.

It is important that the personal data the business holds about you is accurate and current.  Please keep the business informed if your personal data changes during your relationship with the business.

Your rights in respect of your data

You have rights relating to your personal information.  These are:

  • To ask for a copy of the personal data that the business holds about you and check that I we are lawfully processing it (right to access).

  • To request that the business delete / remove / destroy personal data held on you, where we no longer have any legal reason to retain it (right of erasure). (Please note, the business may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request).

  • To ask the business to update and correct any incomplete or inaccurate personal data that we hold about you (right of rectification).

  • To opt out of any marketing communications which the business may send to you and to object to using and/ or holding your personal data if we have no legitimate reasons to do so (right to object).

  • To ask the business to restrict processing of data, enables you to ask the business to suspend the processing of your personal data (only in certain circumstances). 

  • To ask the business to supply you or a third party with some of the personal data we hold about you in a machine-readable format (right to data portability/transfer).

  • To withdraw consent at any time where the business is relying on consent to process your personal data. If you withdraw your consent, we may not be able to provide services and/ or activities to you.  (The business will advise you if this is the case at the time you withdraw your consent).


If you wish to exercise any of the above rights, please contact the business using the details below. 

You will not have to pay a fee to exercise any of the rights above.  The business may need to request specific information from you to help confirm your identity.  This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

The business tries to respond to all requests within one month.  This may be longer if the request is complex.  (We will let you know if this is the case).

Cookies

The business uses cookies on its virtual platforms.  You can set your browser to refuse or block all or some of these cookies.  Please note that if you disable or refuse cookies, some parts of the business virtual platforms may become inaccessible or not function properly.

Exercising your rights

I am the data controller and as such, responsible for your personal data (Andrea everingham. Company Director).

If you have questions about this privacy policy or want to exercise your rights, you may contact me using the details set out below.

Contact Details

Email address: andrea@oneyoga.uk

Phone number: 07956 244959

You have the right to lodge a complaint at any time with the Information Commissioner’s Office (ICO).  You can find further information, including contact details at https://ico.org.uk/

Policy updates

This policy was last updated on 10 October 2024. 

The business may update this policy from time to time so please check this page occasionally to ensure you are happy with any changes to this policy.