This website is managed and owned by Paula Malloy, business name Hey Karma Yoga, please
In accordance with the General Data Protection Regulation (GDPR) which came into force on the 25th May 2018, the information below shows how your data will be stored, used and protected by Paula Malloy.
to seek consent.
1. The identity of the controller
You are hereby informed that the Data that you provide is collected, used, protected and processed by Paula Malloy and her administrative staff.
2. Collection of Data
Your data is collected when you browse our website, contact us via email, phone or in person or through my website and when you submit information in the form of booking or health forms. Data I collect falls into the following categories:
Identification information (name)
Contact information (email, phone)
Medical information (the information provided in health forms supplied by clients)
Data is gathered directly from you from direct communication, i.e. client health form, registration
form, health questionnaire, emails, phone calls, booking for events, transactions.
2.1. Information you provide
I process data you provide directly to me, in particular when you complete a registration form, client intake form or class booking form.
For example, I collect data when you create a booking, register for an event or a course, or otherwise, communicate with us.
The data may include the following as well as any other type of information that I specifically request you to provide to me through my booking or client intake forms, such as:
Date of Birth
Contact in case of emergency
3. How I use the Data
I may use information about you for the following purposes:
Medical history – to be aware of your medical history to ensure that you are best served in group classes and one-to-one sessions.
Process transactions including confirmation / receipts of payments, invoicing for payment for services requested.
To inform you about when courses that you have or regularly book onto are taking place, or of any class cancellations due to unforeseen circumstances.
To send email updates about forthcoming yoga, meditation and mindfulness offerings including classes, workshops, courses and retreats.
Monitor and analyse trends, usage and activities in connection with my services.
4. How I share your data
Your data is NOT shared with anyone else. The only people who have access to your data is myself and admin staff where applicable.
In response to a request for information if we are required by, or believe disclosure is required by, any applicable law, regulation or legal process, including in connection with lawful requests by law enforcement, national security, or other public authorities.
5. The period of data retention
My insurance providers require us to retain all records for a period of 7 years after the last appointment, or in the case of minors, for 7 years after their 18th birthday. I use this timeframe for all of my data. After 7 years have elapsed without use, files are destroyed. I hold transaction data indefinitely on my online system to provide the best customer service.
I am committed to taking appropriate measures designed to keep your data secure. My technical, administrative and physical procedures are designed to protect data from loss, theft, misuse and accidental, unlawful or unauthorized access, disclosure, alteration, use and destruction. I follow generally accepted standards to protect the personal information submitted, both during transmission and once it is received.
7. Your rights
Under the General Data Protection Regulations 2018 (GDPR) individuals have the significantly strengthened right
Obtain details about how their data is processed by an organisation or business
Obtain copies of personal data that an organisation holds on them
Have incorrect or incomplete data corrected
Have their data erased by an organisation, where, for example, the organisation has no legitimate reason for retaining the data
Obtain their data from an organisation and to have that data transmitted to another organisation (Data Portability)
Object to the processing of their data by an organisation in certain circumstances
Not to be subject to (with some exceptions) automated decision-making, including profiling.
8. In the event of a Breach
Every precaution will be taken to avoid a breach of your data, but if such a breach should occur, it will be documented, assessed as to its severity and appropriate action taken. The Data Protection Commissioner will be informed and you will be contacted to help you take steps to mitigate the risks to yourself, if it is deemed a severe enough breach as to put you, your identity, your financial means etc. at risk.
Should you have any questions in relation to how your data is stored, please do send me a message using the form on the contact page.
Updated 12th April 2022