Privacy Policy

HomePrivacy Policy

Privacy Policy

Last Updated: October 13, 2025

1. Introduction

Chair Yoga Ireland Ltd (“we”, “us”, or “our”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services or visit our websites.

This policy applies to all our services including live online classes, in-person classes, online courses, corporate wellness programmes, retreats, and our websites at www.chairyogaireland.ie and book.chairyogaireland.ie.

By using our services or websites, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Who We Are

Company Name: Chair Yoga Ireland Ltd
Company Registration Number (CRO): 775842
VAT Number: 4352481WH
Registered Address: The Haven, Ballynamona, Kilmuckridge, Co. Wexford, Y25R289, Ireland

Contact Information:
Email: info@chairyogaireland.ie
Phone: 087-3617100

Data Controller: Chair Yoga Ireland Ltd is the data controller responsible for your personal data under the General Data Protection Regulation (GDPR) and the Irish Data Protection Acts.

3. What Personal Data We Collect

We collect and process the following types of personal data:

3.1 Basic Contact Information

Collected when you:

  • Book a class or course
  • Contact us via email or phone
  • Submit an enquiry through our website
  • Sign up for our mailing list

Information collected:

  • First name and surname
  • Email address
  • Phone number
  • Postal address
  • Eircode

3.2 Health Information (Special Category Data)

Collected via our General Health Questionnaire before your first class.

Information collected:

  • Age group
  • Medical conditions (high/low blood pressure, arthritis, diabetes, epilepsy, heart problems, asthma, depression, eye problems, recent fractures/sprains, recent operations, back problems, knee problems)
  • Pregnancy status
  • Recent pregnancies
  • Mobility limitations or concerns
  • Previous yoga experience
  • Reasons for practising yoga
  • Any other health information you choose to disclose

Legal basis for processing health data: Your explicit consent (provided when you complete and submit the health questionnaire)

Who has access: Only Hazel Nicholl (Owner/Instructor). Administrative staff do NOT have access to health information.

Storage: Stored securely in Google Forms (password-protected, restricted access)

3.3 Purchase and Booking Information

Collected when you book classes or purchase courses:

  • Booking history and class attendance records
  • Purchase history (dates, amounts, products/services purchased)
  • Payment information (processed securely by Stripe or PayPal – we do not store card details)
  • Billing address

3.4 Marketing Preferences

Collected at checkout or when signing up for our mailing list:

  • Whether you consent to receive marketing emails
  • Email engagement data (opens, clicks – via Mailchimp)

3.5 Technical Information

Automatically collected when you visit our websites:

  • IP address
  • Browser type and version
  • Device information (computer, tablet, mobile)
  • Operating system
  • Pages visited and time spent on pages
  • Referring website
  • Cookies (see our Cookie Policy for details)

3.6 Online Class Information

For Zoom classes (if applicable):

  • Display name (as shown in Zoom)
  • Email address (if provided for class links)
  • Attendance records

Note: We do not currently record classes. If we introduce class recordings in future, we will notify you in advance and obtain explicit consent.

3.7 Social Media

When you interact with us on social media platforms (Facebook, Instagram, LinkedIn):

  • Your public profile information as shared by the platform
  • Comments, messages, or content you share with us
  • Likes, follows, and engagement

We accept your interaction on social media as consent to have your name or profile included in our followers. Please manage your own privacy settings on these platforms.

4. How We Use Your Personal Data

4.1 Legal Basis for Processing

We process your personal data under the following legal bases:

Contract Performance:

  • To provide yoga classes and courses you’ve booked
  • To process payments
  • To communicate with you about bookings
  • To manage your attendance

Legal Obligation:

  • To comply with tax and accounting requirements
  • To maintain records for insurance purposes
  • To comply with health and safety regulations

Consent:

  • To send you marketing emails (you can withdraw consent at any time)
  • To process special category health data
  • To include you in photos/videos (obtained separately for each instance)

Legitimate Interests:

  • To improve our services and website
  • To prevent fraud and ensure security
  • To analyse website usage and performance
  • To respond to enquiries and provide customer support

4.2 Specific Purposes

Your health information is used to:

  • Ensure your safety during classes
  • Provide appropriate modifications and adjustments
  • Identify any contraindications or special considerations
  • Respond appropriately in case of emergency
  • Comply with our insurance requirements

Your contact information is used to:

  • Send booking confirmations and class reminders
  • Communicate important information about classes (changes, cancellations)
  • Process refunds or address booking issues
  • Respond to your enquiries
  • Send marketing communications (only if you’ve consented)

Your purchase information is used to:

  • Process payments
  • Maintain accurate financial records
  • Comply with tax reporting requirements
  • Analyse business performance
  • Prevent fraud

Technical information is used to:

  • Improve website functionality and user experience
  • Analyse traffic and usage patterns
  • Troubleshoot technical issues
  • Ensure website security

5. Who We Share Your Data With

We do not sell or rent your personal data to third parties. We only share your data with trusted service providers who help us operate our business:

5.1 Third-Party Service Providers

Email Marketing:

  • Mailchimp (Intuit Inc., USA) – Manages our mailing list and sends marketing emails
  • Mailchimp Privacy Policy
  • Safeguards: EU-US Data Privacy Framework, Standard Contractual Clauses

Payment Processing:

  • Stripe (Stripe Inc., USA) – Processes credit/debit card payments securely
  • Stripe Privacy Policy
  • Note: We do not store your card details; they are processed directly by Stripe
  • Safeguards: EU-US Data Privacy Framework, PCI-DSS compliant
  • PayPal (PayPal Holdings Inc., USA) – Alternative payment processing
  • PayPal Privacy Policy
  • Safeguards: EU-US Data Privacy Framework

Automation:

  • Make.com (Celonis SE, Germany/USA) – Automates data flow between WooCommerce and Mailchimp
  • Make.com Privacy Policy
  • What it does: When you purchase a course, Make.com adds you to our Mailchimp list and applies appropriate tags based on your marketing preferences

Analytics:

  • Google Analytics 4 (Google LLC, USA) – Analyses website traffic and user behaviour
  • Google Privacy Policy
  • Data collected: Anonymised usage statistics, page views, session duration
  • Safeguards: EU-US Data Privacy Framework, IP anonymisation enabled

Advertising (Booking Subdomain Only):

  • Facebook Pixel (Meta Platforms Inc., USA) – Tracks conversions and measures advertising effectiveness on book.chairyogaireland.ie
  • Meta Privacy Policy
  • Safeguards: EU-US Data Privacy Framework, Standard Contractual Clauses
  • Note: Used only on booking subdomain, not main website

Forms & Storage:

  • Google Forms (Google LLC, USA) – Collects health questionnaire responses
  • Google Drive (Google LLC, USA) – Securely stores health questionnaire data
  • Google Privacy Policy
  • Access: Restricted to Hazel Nicholl only
  • Safeguards: EU-US Data Privacy Framework, encrypted storage

Video Conferencing:

  • Zoom (Zoom Video Communications Inc., USA) – Hosts online classes when applicable
  • Zoom Privacy Policy
  • Safeguards: EU-US Data Privacy Framework

Website Hosting & E-commerce:

  • WooCommerce (Automattic Inc., USA) – Powers our online store
  • Automattic Privacy Policy
  • WordPress – Content management system
  • LiteSpeed Cache – Website performance optimization

Contact Forms:

  • Contact Form 7 (WordPress plugin) – Processes contact form submissions
  • Data stored on our WordPress hosting servers within EU

5.2 Legal Requirements

We may disclose your personal data if required by law, court order, or legal process, or to:

  • Comply with legal obligations
  • Protect our rights, property, or safety
  • Protect the rights, property, or safety of others
  • Prevent fraud or security threats

5.3 Business Transfers

If Chair Yoga Ireland Ltd is involved in a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change and ensure your data remains protected.

6. International Data Transfers

Some of our service providers are based outside the European Economic Area (EEA), primarily in the United States. When we transfer your data outside the EEA, we ensure appropriate safeguards are in place:

Safeguards include:

  • EU-US Data Privacy Framework – Many of our US providers are certified participants
  • Standard Contractual Clauses – EU-approved contract terms that protect your data
  • Adequacy Decisions – Countries recognised by the EU Commission as providing adequate protection

Providers with international transfers:

  • Mailchimp (USA)
  • Stripe (USA)
  • PayPal (USA)
  • Google (Analytics, Forms, Drive) (USA)
  • Meta/Facebook (USA)
  • Zoom (USA)
  • Make.com (Germany/USA)

These transfers are made in accordance with GDPR Article 46 (appropriate safeguards).

7. How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

7.1 Retention Periods

Purchase and booking records:

  • 6 years from date of purchase/booking
  • Reason: Irish tax law requires financial records kept for 6 years; also matches statute of limitations for insurance claims

Class attendance records:

  • 6 years from last attended class
  • Reason: Insurance requirements and potential liability claims

Health information (questionnaire responses):

  • 6 years from last attended class
  • Reason: Insurance requirements and duty of care
  • Exception: Deleted immediately upon your request (unless required for active insurance claim)

Marketing data (Mailchimp):

  • Kept until you unsubscribe OR 3 years of complete inactivity (no email opens/clicks)
  • Reason: Demonstrates good data hygiene and respects engagement levels

Contact form enquiries (no booking made):

  • 1 year from submission
  • Reason: Allows reasonable time for follow-up, then automatically removed

Website analytics data:

  • 14 months (Google Analytics 4 default)
  • Anonymised and aggregated

Social media interactions:

  • As long as the social media post remains public OR until you request removal
  • Subject to social media platform policies

7.2 Deletion

After retention periods expire, we securely delete or anonymise your personal data in accordance with our data retention schedule.

8. Your Rights Under GDPR

As an individual in Ireland/EU, you have the following rights regarding your personal data:

8.1 Right of Access

You have the right to request:

  • Confirmation of whether we process your personal data
  • A copy of your personal data
  • Information about how we use your data

How to exercise: Email info@chairyogaireland.ie with subject line “Data Access Request”

Response time: Within 1 month (may extend to 2 months for complex requests)

8.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

How to exercise: Email info@chairyogaireland.ie with updated information

Response time: Within 1 month

8.3 Right to Erasure (“Right to be Forgotten”)

You have the right to request deletion of your personal data when:

  • The data is no longer necessary for its original purpose
  • You withdraw consent (for data processed based on consent)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with legal obligations

Exceptions: We may retain data if required by law (e.g., tax records for 6 years) or for insurance/legal claims.

How to exercise: Email info@chairyogaireland.ie with subject line “Data Deletion Request”

Response time: Within 1 month

8.4 Right to Restrict Processing

You have the right to request restriction of processing when:

  • You contest the accuracy of the data (while we verify accuracy)
  • Processing is unlawful but you prefer restriction over erasure
  • We no longer need the data but you need it for legal claims
  • You’ve objected to processing (while we verify legitimate grounds)

How to exercise: Email info@chairyogaireland.ie with subject line “Restrict Processing Request”

8.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format (e.g., CSV, PDF) and to transmit it to another data controller.

Applies to: Data processed based on consent or contract, and processed by automated means

How to exercise: Email info@chairyogaireland.ie with subject line “Data Portability Request”

8.6 Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

For marketing: You can unsubscribe from marketing emails at any time by:

  • Clicking “Unsubscribe” in any marketing email
  • Emailing info@chairyogaireland.ie
  • Calling 087-3617100

For legitimate interests: You can object to processing; we must cease unless we demonstrate compelling legitimate grounds that override your interests.

8.7 Right to Withdraw Consent

Where processing is based on consent (health data, marketing communications), you have the right to withdraw consent at any time.

Note: Withdrawal does not affect the lawfulness of processing before withdrawal.

How to exercise:

  • Marketing: Unsubscribe from emails or email info@chairyogaireland.ie
  • Health data: Email info@chairyogaireland.ie (note: may affect our ability to provide safe yoga instruction)

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Irish Data Protection Commission if you believe we have not handled your data appropriately.

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland

Phone: +353 (0)761 104 800
Email: info@dataprotection.ie
Website: www.dataprotection.ie

9. How We Protect Your Data

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it from unauthorised access, loss, misuse, alteration, or destruction.

9.1 Security Measures

Technical measures:

  • Encryption of data in transit (SSL/TLS certificates on all websites)
  • Secure password-protected systems
  • Regular security updates and patches
  • Restricted access to personal data
  • Secure cloud storage with reputable providers

Organisational measures:

  • Data protection policies and procedures
  • Limited access to personal data (need-to-know basis)
  • Staff training on data protection
  • Regular review of data processing activities
  • Secure disposal of data when no longer needed

Health data (special category):

  • Stored separately in Google Forms with restricted access
  • Accessible only to Hazel Nicholl
  • Not shared with administrative staff
  • Encrypted at rest and in transit

9.2 Payment Security

  • We do not store card details on our systems
  • All payment processing is handled by PCI-DSS compliant providers (Stripe, PayPal)
  • Payment data is encrypted during transmission
  • Tokenisation ensures card details are never exposed

9.3 Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms:

  • We will notify the Data Protection Commission within 72 hours
  • We will notify affected individuals without undue delay
  • We will explain the breach, potential consequences, and measures taken to remedy it
  • We will provide guidance on steps you should take to protect yourself

10. Children’s Data

Our services are available to people of all ages, including children and young people under 18.

10.1 Parental/Guardian Consent

For children under 16:

  • Parental or guardian consent is required before booking
  • Parent/guardian must complete the health questionnaire on behalf of the child
  • Parent/guardian must provide their contact information

For young people aged 16-17:

  • May book independently
  • We recommend parental awareness
  • Health questionnaire must be completed before first class

10.2 Data Collected About Children

We collect the same categories of data for children as for adults:

  • Contact information (provided by parent/guardian for under 16s)
  • Health information via questionnaire
  • Attendance records
  • Purchase/booking history

Protection: Health data for children receives the same heightened protection as adult health data (restricted access, encrypted storage).

11. Marketing Communications

11.1 How We Use Your Data for Marketing

With your consent, we may use your email address to send you:

  • Information about upcoming classes, courses, and workshops
  • Special offers and promotions
  • Wellness tips and yoga advice
  • Newsletter with updates about Chair Yoga Ireland

11.2 Consent

When you provide consent:

  • At checkout (optional checkbox: “I want to receive marketing emails”)
  • When subscribing to our mailing list
  • When entering a competition or promotion

You can withdraw consent at any time by:

  • Clicking “Unsubscribe” in any marketing email
  • Emailing info@chairyogaireland.ie
  • Calling 087-3617100

11.3 What We Don’t Do

We do NOT:

  • Sell or rent your email address to third parties
  • Send marketing emails without your consent
  • Share your data with other organisations for their marketing purposes

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our websites to improve functionality, analyse usage, and deliver relevant advertising.

For detailed information about cookies, please see our Cookie Policy.

Summary:

  • Essential cookies: Necessary for website function (always active)
  • Analytics cookies: Google Analytics 4 (tracks usage anonymously)
  • Marketing cookies: Facebook Pixel on booking subdomain only (tracks conversions)

You can manage cookie preferences through your browser settings or our cookie consent banner.

13. Third-Party Websites

Our websites may contain links to third-party websites, social media platforms, or services not operated by us:

Examples:

  • Social media links (Facebook, Instagram, LinkedIn)
  • Partner websites
  • Payment processors (Stripe, PayPal checkout pages)
  • Google Maps

We are not responsible for:

  • The privacy practices of third-party websites
  • The content of external sites
  • How third parties collect or use your data

We recommend reviewing the privacy policies of any third-party sites you visit.

14. Social Media

When you interact with us on social media platforms (Facebook, Instagram, LinkedIn):

14.1 Information Collected

We may see your:

  • Public profile information
  • Comments, messages, or posts mentioning us
  • Likes, shares, and engagement with our content

14.2 Platform Privacy Policies

Your interactions are also governed by the privacy policies of each platform:

14.3 Photos and Videos

If we wish to use photos or videos that identify you:

  • We will ask for your explicit consent
  • Consent may be requested in person, via email, or through social media
  • You can withdraw consent at any time by contacting us

If content is posted without your consent:

  • Contact us immediately at info@chairyogaireland.ie
  • We will remove it as soon as possible

14.4 Managing Your Privacy

Please manage your own privacy settings on social media platforms to control:

  • Who can see your profile
  • What information is public
  • What content you share

15. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

All decisions about your participation in classes, bookings, or service provision are made by human review.

16. Changes to This Privacy Policy

16.1 Updates

We may update this Privacy Policy from time to time to reflect:

  • Changes in our services or business practices
  • Changes in data protection laws or regulations
  • New technologies or security measures
  • Feedback from data protection authorities

16.2 Notification of Changes

When we make significant changes:

  • We will update the “Last Updated” date at the top of this policy
  • We may notify you via email (if we have your email address)
  • We may display a notice on our website

16.3 Your Continued Use

Your continued use of our services after changes are posted constitutes acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

17. Contact Us

17.1 Data Protection Enquiries

If you have questions about this Privacy Policy or how we handle your personal data, please contact us:

Chair Yoga Ireland Ltd
Email: info@chairyogaireland.ie
Phone: 087-3617100
Address: The Haven, Ballynamona, Kilmuckridge, Co. Wexford, Y25R289, Ireland

17.2 Exercising Your Rights

To exercise any of your data protection rights, please email us at info@chairyogaireland.ie with:

  • Subject line indicating your request (e.g., “Data Access Request”)
  • Your full name
  • Contact details (email and phone)
  • Clear description of your request
  • Proof of identity (to prevent unauthorised access)

We will respond within 1 month of receiving your request. For complex requests, we may extend this to 2 months and will inform you of the delay.

18. Related Policies

For more information about how we operate, please review:

Thank you for trusting Chair Yoga Ireland Ltd with your personal data. We are committed to protecting your privacy and providing you with safe, accessible yoga for every body and every ability.

Chair Yoga Ireland Ltd
CRO: 775842 | VAT: 4352481WH
Accessible yoga for every body, every ability, across Ireland.

Last Updated: October 13, 2025