The Hive is required to comply with the General Data Protection Regulation and the Data Protection Act 2018 and we will take all reasonable steps to ensure that we do so.
Looking after the personal information you share with us is very important, and we want you to be confident that your personal data is kept safely and securely and to understand how we use it.
This policy is designed to help you understand:
how and why The Hive collect information from you
who The Hive shares your information with, why and on what basis
what your rights are
Should you have any questions about this policy please write to us at firstname.lastname@example.org
This policy was last updated on the 5th January 2019
Definitions + Interpretations
In this Policy, the following terms shall have the following meanings:
|Locations||Online: Website, Web-based App, MindBody App, Social Media Accounts
Physical : Our studios
|Site||refers to https://www.thehivecheltenham.com|
|Account||means your Hive or MindBody account that is required to access or use certain features of our Locations|
|Personal Data||means and all data, in whatever format that relates to an identifiable person, whether directly or indirectly. This means any personal data that you give to Us via any of our Locations. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”)|
|We, Us, Our||means The Urban Hive Collective Ltd T/A The Hive, registered in England under company number 11476930, whose registered address is 24 Rodney Road, Cheltenham, Gloucestershire, GL50 1JJ|
For the purposes of relevant data protection legislation, we are the controller of the personal data you provide to us and as a controller we use the personal data we hold on you in accordance with this Privacy Notice.
If you wish to access or correct your personal data held by us or if you need to contact us in connection with our use of your personal data, then these should be directed to the Data Privacy Manager (see below) using the following details:
Collecting Your Personal Data
Below is a non-exhaustive list of the times when we collect your personal data:
When you create an account at any of our Locations
When you purchase a product at any of our Locations or apply for concession pricing which requires proof of age, job seekers, student or disabled status
When you book a service at any of our Locations or ask to be added to a waiting list for a service
When you attend a class
When you redeem a gift card at any of our Locations
When you engage with us on social media
When you download or install one of our apps
When you contact us by any means with queries, complaints, send us your CV for a job application or complete an application form for one of our workshops or events
When you enter prize draws or competitions
When you choose to complete any feedback requests or surveys we send you
When you’ve given a third party permission to share with us the information they hold about you
When you use our studios which may have CCTV systems operated for the security of both customers and teachers, therapists and staff. These systems may record your image during your visit.
The categories of personal data about you that we may collect are:
Individual Data which includes personal data you provide to us in person, via our website or by telephone, including the personal and contact details (such as your first name, middle name, last name, username or similar identifier, title, date of birth and gender, billing address, delivery address, email address and telephone numbers, family and associate details, and physical or mental health details) you supply when booking a class, signing up to our newsletter and contact us to let us know we are doing well or to make a complaint or ask a membership / press / brand collaboration / marketing / shop / recruitment / general enquiry;
Audio and Visual Data which includes personal data which is gathered using our CCTV or other recording systems in the form of images or video footage that is taken at one of our studios or otherwise by us for promotional purposes;
Account and Profile Data which includes personal data which relates to your account or profile on our website, such as your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;
Advertising and Marketing Data which includes personal data which relates to your marketing preferences, such as information about your preferences in receiving marketing materials from us and our third parties and your communication preferences as well as your personal interests;
Sales Data which includes personal data which relates to the transactions you have conducted with us, such as details about payments to and from you, details of the products, services, classes and memberships you have purchased from us;
Economic and Financial Data which includes personal data which relates to your finances, such as your bank account and payment card details and information which we collect from you for the purposes of the prevention of fraud;
Market Research Data which includes personal data which is gathered for the purposes of market research, such as price comparison information;
Information Technology Data which includes personal data which relates to your use of our website, such as your internet protocol (IP) address, login data, traffic data, weblogs and other communication data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website; and
Health Data which includes personal data which is gathered for health and safety purposes including any accident report or claim log.
We may also create personal data about you, for example, if you contact us to make a complaint.
We also obtain and use certain aggregated data such as statistical or demographic data for any purpose (“aggregated data”). Aggregated data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate your operational data to calculate the percentage of users accessing a specific feature on our website. However, if we re-combine or re-connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.
Data Protection says that we are allowed to collect and use your personal data only where we have a proper reason to do so. The law says we must have one or more of these reasons:
Contract – your personal information is processed in order to fulfil a contractual arrangement e.g. to place an order or book a class.
Consent – where you agree to us using your information in this way e.g. for storing your payment card details.
Legitimate Interests – this means the interests of The Hive in managing our business to allow us to provide you with the best products and service in the most secure and appropriate way
Legal Obligation – where there is statutory or other legal requirement to share the information e.g. when we have to share your information for law enforcement purposes.
Consent is not required if the processing if for one of the legal reasons laid out above.
Processing Your Data
|WHAT||WHEN||WHY (Legal Basis)|
|Name, date of birth, email, telephone number.For your security, we’ll also keep an encrypted record of your login password.||We need this information as a minimum in order to process your orders and bookings||Fulfilling a Contract|
|Email address||Supplying you with email Marketing communications that you have opted into to keep you informed of special offers, promotions and new events.||Consent|
|Notifying you about enhancements to our services, such as changes to pricing and schedules or new services.
Contacting you to request feedback and undertake customer satisfaction surveys
|Sending you payment invoices or reminders by email||Fulfilling a Contract|
|Date of Birth||For health and safety reasons under 14s cannot practice yoga in a general class.
Under 18’s require parental consent and between the ages of 0 – 12 children are required to be accompanied by a parent or guardian.
Over 12’s can practice independently with the consent of a parent or guardian.
|Payment card number, expiry date and billing address||If you request that we do for ease of future payment.||Consent|
|For reoccurring payments and to prevent fraud and no-shows or breaches of the cancellation policy.||Legitimate Interest|
|If you purchase a service, class or make a booking||We use information about services bought and volumes, to help us with planning, demand forecasting, management information and research||Fulfilling a Contract
|Time and date of your check-ins for any booked services or classes||To help us with planning and handling our customer contact efficiently and effectively||Legitmate Interests|
|Details of your interactions with us through any of our Locations. Examples may include notes on enquires or complaints etc.||Keeping our records up to date, handling our customer contact efficiently and effectively||Legitmate Interests|
|Health information and emergency contact (this is only requested by specific therapists and this information is held, stored and processed by them).|
|Next of Kin||To enable us safeguard your health.||Legitimate Interests|
Use of Personal Data
We may disclose the personal data you provide to us to:
our group companies and affiliates or third-party data processors who may process data on our behalf to enable us to carry out our usual business practices. Any such disclosure will only be so that we can process your personal data for the purposes set out in this Privacy Notice;
HMRC, legal and other regulatory authorities, including those who request your personal data or to report any potential or actual breach of applicable law or regulation;
external professional advisers such as accountants, auditors, bankers, insurers and lawyers;
law enforcement agencies, courts or other relevant party, to the extent necessary for the establishment, exercise or defence of legal rights;
third parties where necessary for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
third parties which are considering or have decided to acquire some or all of our assets or shares (including in the event of a reorganisation, dissolution or liquidation);
third parties operating plugins or content (such as Facebook, Twitter, Instagram) on our website which you choose to interact with.
Limitation of liability
We contract with third parties to supply products and services to you on Our behalf. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, We will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law.
We use the following third party data processors who are based outside the EU, but who are protected by the Privacy Shield, which allows them to store EU data on US soil with the GDPR.
MINDBODY Online, California USA – we use MindBody online for web scheduling, registration, order processing and online payments.
Google, California USA – We may compile statistics about the use of Our Locations using Google Analytics including data on traffic, usage patterns, user numbers, sales, and other information. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you. We may from time to time share such data with third parties such as prospective investors, affiliates, partners, and advertisers. Data will only be shared and used within the bounds of the law.
Storage + Retention
Your data will be stored in the UK and MINDBODY Online in the US, protected by the Privacy Shield that allows MINDBODY Online to store EU data on US soil within the GDPR.
If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws.
We may need your personal information to establish, bring or defend legal claims. For this purpose, we will always retain your personal information for 7 years after the date it is no longer needed by us for any of the purposes listed under ‘What data do we collect and how do we use it’.
the law requires us to hold your personal information for a longer period, or delete it sooner;
you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law;
we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible; or
in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.
the right to request access to your personal data that we process or control;
the right to request rectification of any inaccuracies in your personal data or, taking into account the purposes of our processing, to request that incomplete data is completed;
the right to request, on legitimate grounds as specified in law:
erasure of your personal data that we process or control; or
restriction of processing of your personal data that we process or control;
the right to object, on legitimate grounds as specified in law, to the processing of your personal data;
the right to receive your personal data in a structured, commonly used and machine-readable format and to have your personal data transferred to another controller, to the extent applicable in law; and
the right to lodge complaints regarding the processing of your personal data with the Information Commissioner’s Office or other relevant supervisory body. Please see https://ico.org.uk/concerns/ for how to do this.
If you would like to exercise any of the rights set out above, please email email@example.com