Data Privacy Policy
BKS Iyengar Yoga Association of Australia Ltd, a non-profit company limited by guarantee (ACN 101 826 779 (Iyengar Yoga Australia, IYA, we, our or us) is committed to protecting and respecting your privacy, having regard to the Privacy Act 1988 (Cth) and similar legislation in other countries (including the General Data Protection Regulation (GDPR) that applies in member states of the European Union).
As a result, IYA has implemented practices, procedures and systems in relation to privacy and, in particular, to:
- maintain the confidentiality and security of personal information and personal data it collects and holds; and
- manage its systems, practices and procedures in an open and transparent way.
By “personal information” and “personal data”, we mean information, data or an opinion about an identified individual, or about an individual who is reasonably identifiable from the information (including by reference to identifiers such as a name, an ID number, location data, an online identifier or to one or more factors specific to the physical, economic, cultural or social identity of that person). Those individuals include people who book for events we run or co-ordinate, or who otherwise contact us, or our agents, suppliers, distributors, contractors or other associates. This policy sets out how we handle the personal information and data we collect and hold.
By continuing to use our site and portals, you agree that we may collect and handle your personal information and data in accordance with this policy (as amended from time to time).
What personal information or data does IYA collect and hold?
The kinds of personal information and data we may collect and hold depend on how you interact with us, but can include:
- contact details (including email addresses, website, phone numbers, residential & mailing address);
- names;
- gender;
- date of birth;
- occupation;
- assessment and assessment application-related information;
- health-related information;
- insurance information;
- qualifications and accreditations;
- credit card details;
- answers to log-in questions that may consist of personal information (such as the name of your first pet);
- details of transactions you carry out through our site;
- details concerning your orders; and
- details of your visits to our site (including traffic and location information, which pages you visit, weblogs and other communication information)
When you visit our site, we may also collect information about your computer, including (where available) your IP address, operating system and browser type.
We do not keep files containing all of the above information on all people who contact us, or with whom we deal. In many cases, we may have only one or two pieces of information or data relating to any particular person.
Why does IYA collect and hold personal information?
We collect and hold personal information for a variety of purposes – and different kinds of personal information and data are used for different purposes.
In each case, however, the personal information and data we collect and hold is reasonably necessary for our functions and activities and for our legitimate interests, including in order to provide you with services you would expect from us. These purposes are:
- (if you are a teacher) for certification and accreditation purposes and to promote you as a teacher with appropriate certification and accreditation;
- to provide you with news and information, products or services that you request from us or which we reasonably believe may interest you;
- for purposes necessary to provide you with goods and services that you have ordered or requested from us (including through our site);
- to personalise and customise your experience when using our sites (including so that our site is presented in the most effective manner for you and your computer);
- to communicate with you (including by email, mail or telephone, and including in relation to changes to our products and services);
- to manage and enhance our services;
- to conduct research;
- to conduct competitions and promotions (both on our own behalf and in conjunction with our affiliates and selected third parties);
- for system administration and for network analysis and security (by ourselves and our IT contractors);
- to report aggregate information to our affiliates and advertisers;
- to allow you to participate in interactive features of our sites that may be available;
- to investigate any complaints about or made by you, or if we have reason to suspect that you are in breach of any of our terms and conditions or that you are or have been otherwise engaged in any unlawful activity; and
- as required or permitted by any law (including privacy legislation).
From time to time, when collecting information or data from you, we may also ask you to “opt-in” to consent to us using or disclosing your personal information and data other than in accordance with this policy or any applicable law.
As part of our commitment to protecting your privacy, however, you will also be given the opportunity to “opt out” from receiving marketing communications from us or from third parties that send communications to you in accordance with this policy or in accordance with any additional consent you give, and we will comply with your decision. (You will be able to “opt out”, for example, by clicking on an “unsubscribe” link at the end of an email, or by contacting our Privacy Officer.) We may continue to send you non-commercial administrative and technical emails, which may relate to your membership or account with us (including as required by law).
How does IYA get the personal information and data it collects and holds?
IYA only collects personal information by fair and lawful means, including when people:
- book for Association events;
- apply for certification or accreditation;
- respond to surveys we may conduct;
- enter competitions or promotions we may hold;
- fill in any contact forms on our sites (including when signing up for newsletters);
- browse our sites (we use cookies to ensure you have the best experience when browsing);
- post material to our sites or to social media that we use (such as Facebook, Twitter, Pinterest and Instagram);
- use any app we might provide;
- link their social media accounts to an Association account;
- contact us for assistance or with questions, or to report problems with our sites or with a product, certification, accreditation or teacher; and
- contact us other than through our sites or social media (for example, if you email us directly, or send us a fax or letter).
We prefer to obtain any personal information or data we collect directly from you. In some cases, however – such as when a friend or family books a place for you at an event – it may be unreasonable or impracticable to obtain personal information directly, and we may obtain that information or data from someone else. We may also collect personal information and personal data from external service providers to whom we have contracted services as well as from third parties who offer products and services to our members and registrants.
If you are concerned about what personal information or data we may hold about you, please see below for information on how you can access and (if necessary) correct that information and data, and how you can have that information or data deleted.
Cookies
When you visit our website or use an app we may develop we may send your browser a cookie. A cookie is a small file placed on your computer or mobile phone's browser that helps us recognise you when you return to our website or to the app and can tell us whether or not you've visited the site before. Your browser will tell us if you have these cookies, and if you don't, we may generate new ones.
You can disable cookies from our site at any time by changing your browser settings (typically found in the “options” or “preferences” menu of your browser). Please note, however, that changing these settings may prevent areas of our website from working as intended.
We also use third-party cookies, including Google Analytics features (such as Remarketing, e-Commerce Tracking, Demographics and Interest Reporting), Facebook Remarketing tags and tracking pixels and DoubleClick remarketing pixels and Google Ads. Based on your past visits to our website, these enable third-party vendors such as Google and Facebook to provide you with information about products and services that may be of interest to you as you browse the internet more generally (including information about products and services from third-parties).
You can choose to opt out of the above by visiting the Network Advertising Initiative opt out page (available at http://optout.networkadvertising.org/?c=1#!/) or, for Google Analytics, by visiting http://optout.aboutads.info/?c=2#!/ . For more information about cookies, including to see what cookies have been placed, how to manage and delete them, and how to opt-out of being tracked by social networks and third-party advertisers, visit these services:
Children
If you are resident in Europe, our resources and services are only available to people aged 13 years or over. If you are aged under 13 and resident in Europe, you will need to have a parent or guardian sign up for our services or to place orders on your behalf.
Direct marketing
We may use or disclose your personal information or data to promote both our products or services and those of third parties through direct marketing.
You may ask us to identify how we acquired the personal information or personal data that we use or disclose for direct marketing purposes by contacting us via the details set out at the end of this Policy.
If at any time you do not wish to receive any direct marketing communications whether from us or from third parties, you can ask us not to send you any further direct marketing communications and not to disclose your personal information to third parties for that purpose by using the “unsubscribe” facility included in a prominent statement in the direct marketing communications or by contacting us via the details set out below.
Can I interact with IYA anonymously or under a pseudonym?
In many cases, you will need to provide your real name when interacting with us. This will particularly be the case when you are (for example) booking to attend an event.
You may however – wherever lawful and practicable – use a pseudonym (or simply not identify yourself) when dealing with us. For example, if you have a complaint or concern about our site, or a general question about any of our resources or services, you are welcome to contact us without identifying yourself. In some cases, however, if you do not provide us with information, we may not be able to provide you with our resources or services, or we may not otherwise be able to respond adequately to you.
For clarification on when you must identify yourself, please contact our Privacy Officer. (You may use a pseudonym – or simply not identify yourself – when making such an enquiry.)
Who has access to my personal information?
Generally, only our officers and staff will access your personal information and data, and then only on a “need to know” basis.
If you are an accredited and certified teacher, however, we may publish your name and basic contact details (usually just your preferred email address, phone number, website and teaching location address you have provided) for potential students who may be interested in contacting you for lessons.
We may also disclose your personal information and data:
- to people who work for us or for one of our suppliers, or on our behalf, and who may be engaged in, among other things, filling and delivering orders, processing payments and mail-outs, marketing, administration, research and providing other technical and non-technical support (including IT services);
- to enforce or apply our terms of use or where you have otherwise been engaged in any unlawful activity, and we reasonably believe that disclosure is necessary to the police, any relevant authority or enforcement body, or your internet service provider or network administrator;
- to protect the rights, property, health or safety of IYA or its officers, customers or others (including exchanging information with other companies and organisations to protect against fraud and to reduce credit risk);
- to our agents, legal advisers, business partners, joint venture entities and other partners;
- to sponsors and promoters of any competition or event that we conduct or promote;
- to anyone else that you specifically authorise us to receive information held by us; and/or
- as otherwise required or permitted by law (including under privacy legislation).
Also, while we try to link only to websites that share our high standards and respect for privacy, we are not responsible for the privacy policy of any other web sites to which you provide personal information. We recommend that you read the privacy policies of such other web sites.
How long we keep your personal information and data
We only keep your personal information and data for as long as is necessary to provide you with the goods or services you have requested from us or for as law as we reasonably need to retain the information for our legitimate interests.
We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time we need to keep it.
Your rights and choices
As set out in more detail below, you may:
- object to our using your information for direct marketing and on the basis of our legitimate interests;
- withdraw any consent you have given to us in relation to our use of your personal information and data (including by contacting us as set out below or by “unsubscribing” to emails sent to you;
- request access to the information or data we hold about you;
- receive a copy of information or data we hold about you;
- ask us to transfer the information or data we hold about you to another service provider;
- ask us to correct information or data we hold about you;
- in certain circumstances, restrict the processing of information or data we hold about you;
- in certain circumstances, delete information and data we hold about you; and
- make a complaint (as further discussed below) in relation to how we have collected or used your personal information and data.
How can I access (and, if necessary, correct or delete) personal information and data that IYA has collected and holds about me?
Members and registrants may access and update their contact details and profiles by logging on to our website.
If you otherwise want to review (and, if necessary, correct, delete or update) personal information and data that IYA may have collected and hold on you, please contact our Privacy Officer (privacy@iyengaryoga.asn.au).
We will respond to your requests to access and to correct or delete your personal information as soon as possible (but in any case, within a reasonable period).
How can I complain about IYA if it breaches any of applicable privacy principles or any registered code that binds it?
Contact our Privacy Officer (details below) if you have any complaints about breaches by IYA of any applicable privacy principles or of any registered code that binds it. If you qualify as a “European Union data subject”, you may also lodge a complaint about us and our use of your personal information or data to the relevant supervisory authority. Information on how to file such a complaint is available at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
How will IYA deal with complaints I might have about breaches of applicable privacy legislation or any relevant registered code?
We will treat any complaint about a breach of privacy legislation or any relevant registered code seriously, and will investigate any breach of which we become aware – including how it occurred and how best to prevent such a breach occurring again.
What steps does IYA take to secure personal information and data?
We take reasonable steps to ensure that your personal information and data is treated securely and in accordance with this policy and is not subject to misuse, interference or loss, or unauthorised access, modification or disclosure. For example, apart from using secure servers, we implement firewalls, password access and challenge phrases and, where relevant, we impose limits on who can access personal information. We also encrypt payment transactions using Secure Socket Layer (SSL) certificates.
You understand, however, that the transmission and storage of personal information is not necessarily wholly secure, and that the steps we take to protect your information and data, though reasonable, may not always be effective. In those circumstances, except insofar as the GDPR requires, we do not accept responsibility for any misuse or loss of, or unauthorised access to, your personal information. If you suspect any misuse or loss of, or unauthorised access to, your personal information, please let us know immediately.
If we have given you (or where you have chosen) a password which enables you to access our services or parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Does IYA disclose personal information or data to people or organisations outside Australia?
IYA holds personal information and data securely, with most hosted on secure servers in the United States.
Personal information may also be processed by staff or agents operating outside Australia or the European Economic Area. Such staff may be engaged in, among other things, filling your orders, processing payment details and providing support services.
By submitting your personal information or data to us, you agree to such transfers, storing and processing. In return, we will take all steps reasonably necessary to ensure that your information and data is treated securely and in accordance with this privacy policy and to Australian and European standards.
We will not, however, transfer your personal information or data overseas to a country that is not subject to a comparable privacy scheme unless the organisation to which we disclose that information implements privacy policies at least comparable to the obligations that apply under Australian law and the GDPR.
Does IYA ever change its privacy policy?
We will review our privacy policy from time to time, to ensure it is in line with best practice and up-to-date with any legislative changes. Any changes to our privacy policy will be incorporated into a new version of this Policy and posted on this page, stating the date from which it operates. Our use of your personal information and data will be governed by our most recent policy.
Contact our Privacy Officer if you have any questions, comments or requests in relation to this privacy policy.
Who do I contact about privacy issues?
If you have any concerns or questions about privacy issues, including how IYA is dealing with or holding your personal information and data, contact our Privacy Officer (by mail addressed to “Privacy Officer, Iyengar Yoga Australia, PO Box 7, Semaphore SA 5019”, or by email to privacy@iyengaryoga.asn.au). Please also contact our Privacy Officer if, for example:
- you want to review and/or correct any personal information or data we hold about you;
- you would like to withdraw any consent you have given to us in relation to how we use your personal information or data;
- you would like us to delete your personal information and data; or
- you receive communications purporting to be connected with IYA or our services that you believe have been sent other than in accordance with this policy or in breach of any law.
(as at May 2019)