Effective Date: September 20, 2019
This document governs the privacy notice of our website Yogasana LLC Our privacy notice tells you what personal data and nonpersonal data we may collect from you, how we collect them, how we protect them, how we share them, how you can access and change them, and how you can limit our sharing of them. Our privacy notice also explains certain legal rights that you have with respect to your personal data. Any capitalized terms not defined herein will have the same meaning as where they are defined elsewhere on our website.
‘NONPERSONAL DATA’ (NPD) is information that is in no way personally identifiable.
‘PERSONAL DATA’ (PD) means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified directly or indirectly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. PD is in many ways the same as Personally Identifiable Information (PII). However, PD is broader in scope and covers more data. (GDPR) means General Data Protection Regulation.
You Have the Right Not to Have Your Personal Information Sold
You have the right to request that we do not sell any of your personal information.
Personal information for this section means a natural person’s first name or first initial and last name in combination with any one or more of the following data elements when the name and data elements are not encrypted: social security number, driver’s license number, driver authorization card number, or identification card number. Account number, credit card number, or debit card number, in combination with any required security code, access code, or password that would permit access to the person’s financial account. A medical identification number or a health insurance identification number. A username, unique identifier, or electronic mail address in combination with a password, access code, or security question and answer that would permit access to an online account.
If you wish to make this request, please email us at: info @yogasanamats.com telling us that you do not want to have any of your personal information sold. Please include enough personal information so that we can reasonably verify your identification. We will respond to your request within 60 days after receiving it.
When using our services and submitting PD to us, you may have certain rights under the GDPR if you reside or are in any of the countries of the European Union. Depending on the legal basis for processing your PD you may have some or all of the following rights:
As a Californian consumer you have certain rights under the California Consumer Privacy Act (CaCPA) AB 375, some of these rights are:
These rights include the right to request what personal information we collect and disclose about consumers. Provisions with an asterisk (*) only apply to consumers if the business sells personal data about Californian consumers or discloses their personal information for business purposes.
Personal information includes:
Additional Requirements for Companies Who Sell Personal Information:
A business that sells personal information about a California consumer and that is required to comply with Section 1798.120 of AB No. 375 shall, in a form that is reasonably accessible to consumers:
Optional: This provision applies only if your company has 20 or more employees:
Under California Civil Code Section 1798.83 our customers and users who are California residents are permitted to request certain information about the types of information shared by Yogasana with third parties for their direct marketing purposes and the identities of those third parties. To make such a request please send an email to: info@yogasanamats.com or write to us at:
Yogasana
1041 Grand Ave #540
612-812-3535
info@yogasanamats.com
Generally, you control the amount and type of information that you provide to us when using our website.
Instructions:
If visitors from the European Union can interact with your website or mobile app or buy products or services by using them, you are required to state the legal basis for collecting and processing their PD in your website or mobile app privacy notice. You need to choose which of the following legal basis for collecting and processing PD applies to you. It is highly likely that you will be choosing option 1, 2, or 3. If you think that options 4, 5, or 6 apply to your website or business, or you are unsure about how to proceed with choosing a legal basis, you should consider our Privacy Notice Customization and Consulting Service.
You can choose more than one legal basis for collecting and processing users’ information if it makes sense for your website or business. However, you can only choose one legal basis for each type of information collected and processed. As an example, you could choose option 2 for processing and using customers’ information when they place an order for goods and services. But you could not choose another option in addition to option 2 as an example choosing both option 2 and option 3 would not comply with the GDPR because you would be using two different legal bases for the same type of processing activity.
If you have landing pages or other pages where you are trying to get visitors to sign up for a free download, newsletter, or something else, you could use option 1 as a legal basis for processing visitor information you obtained from an online signup form. When using an online form to collect visitors’ information, you are required to disclose how you will use the information at the time they sign up if you will be using it for more than one purpose.
Delete all text/instructions in gray, and any options that you don’t need.
OPTION 1: About This Option – The legal definition of consent:
“Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of PD relating to him or her” for the consent to be verifiable. Consent must be supported by records of the consent.
Other requirements if you use consent as your legal basis for collecting and processing PD
Unbundled – consent requests must be separate from other terms and conditions. Consent should not be a precondition of signing up to a service unless necessary for that service.
Active opt-in – pre-ticked opt-in boxes are invalid.
Granular: give granular options to consent separately to different types of processing wherever appropriate.
Named – name your organization and any third parties who will be relying on consent. Even precisely defined categories of third-party organizations will not be acceptable under the GDPR.
Documented – keep records to demonstrate what the individual has consented to including what they were told, and when and how they consented.
Here is a common provision when a website collects information through opt-in forms but does not sell products or services. This of course can be edited to include other access to free information etc.
Our legal basis for collecting and processing your PD when you sign up for our newsletter, download free information, access free audios, videos, and webinars through our website, including information you enter using any of our opt-in forms is based on consent.
OPTION 2: About This Option – This is a common legal basis for using and processing users’ PD when you need to collect information to process an order or service requested by a user. It is a better choice and easier to comply with than choosing consent as a legal basis when users are placing orders for products or services. Here is a common provision when a website only sells products and services and has no opt-in forms of any kind and collects personal information only when they sell a product or service:
Our legal basis for collecting and processing your PD when you buy our products or services is based on and the necessity for the performance of a contract or to take steps to enter into a contract.
OPTION 2.1: About This Option – Here is a common provision when a website collects user PD through both opt-in forms and when selling products and services:
Our legal basis for collecting and processing your PD when you buy our products or services is based on and the necessity for the performance of a contract or to take steps to enter into a contract. Our legal basis for collecting and processing your PD when you sign up for our newsletter, download free information, access free audios, videos, and webinars through our website, including information you enter using any of our opt-in forms is based on consent.
OPTION 3: About This Option – Legitimate interests are another basis for legal processing of users’ information when it is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, (including commercial benefit) except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of PD. You should consider the reasonable expectations of the data subject. The existence of a legitimate interest would need careful assessment including whether a data subject can reasonably expect at the time and in the context of the collection of the PD that processing for that purpose may take place. If you are going to use legitimate interest as your legal basis for processing PD and direct marketing, you must identify, analyze and document the legitimate interest by doing a Legitimate Interest Assessment (LIA) to help you demonstrate compliance if required. You are also required to include the details of your legitimate interests in your website or mobile app privacy notice.
Our legal basis for collecting and processing your PD is for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights, or freedoms of the data subject.
OPTION 4: About This Option – Processing of a user’s information is allowed if it is necessary in order to protect the vital interests or physical integrity of a data subject. This generally covers public authorities such as educational institutions, hospitals, governmental institutions, and the police.
Our legal basis for collecting and processing your PD is necessary to protect the vital interests of a data subject or another person.
OPTION 5: About This Option – Processing of a user’s information is allowed if it is essential for the performance of a task carried out in the public interest or in the exercise of official authority entrusted in the data controller.
Our legal basis for collecting and processing your PD is for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
OPTION 6: About This Option – Processing of PD is permitted if it is necessary for compliance with a legal obligation. Processing is permitted if it is necessary for compliance with a legal obligation under the EU law or the laws of a member state.
Our legal basis for collecting and processing your PD is necessary for compliance with a legal requirement.
We automatically receive information from your web browser or mobile device. This information may include the name of the website from which you entered our website, if any, as well as the name of the website you’ll visit when you leave our website. This information may also include the IP address of your computer/the proxy server you use to access the Internet, your Internet service provider’s name, your web browser type, the type of mobile device, your computer operating system, and data about your browsing activity when using our website. We use all this information to analyze trends among our users to help improve our website.
When you enter and use our website and agree to accept cookies, some of these cookies may contain your PD.
Our website uses cookies. A cookie is a small piece of data or a text file that is downloaded to your computer or mobile device when you access certain websites. Cookies may contain text that can be read by the web server that delivered the cookie to you. The text contained in the cookie generally consists of a sequence of letters and numbers that uniquely identifies your computer or mobile device; it may contain other information as well.
By agreeing to accept our use of cookies you are giving us and the third parties with which we partner permission to place, store, and access some or all the cookies described below on your computer.
We may also use cookies for:
Most web browsers can be set to disable the use of cookies. However, if you disable cookies, you may not be able to access features on our website correctly or at all.
We may also use a technology called web beacons to collect general information about your use of our website and your use of special promotions or newsletters. The information we collect by web beacons allows us to statistically monitor the number of people who open our emails. Web beacons also help us to understand the behavior of our customers and users.
Optional: If users have to register or signup, list all the information you collect from them. What’s listed here is sample information, you can edit it to your needs. If this provision does not apply, delete it.
When you register as a user, we collect your name and email address.
Optional: If users are buying products or services, list all the information you collect from them. What’s listed here is sample information, you can edit it to your needs. If this provision does not apply, delete it.
Optional: If users have to register or signup, list all the information you collect from them. What’s listed here is sample information, you can edit it to your needs. If this provision does not apply, delete it.
If you buy products or services from us, we collect your first and last name, email address, physical address, credit card or other payment information, phone number, and other information listed.
If you buy products or services from us, we collect your first and last name, email address, physical address, credit card or other payment information, phone number, and other information listed.
We use www.Hotjar.com. Hotjar is a technology service that helps us better understand our users’ experience – how much time they spend on which pages, which links they click on, what they do and don’t like, etc. This enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular the IP addresses of their devices captured and stored only in anonymized form); the screen size, type, unique identifiers of devices; browser information; geographic location (country only); and languages used to display our website. Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we use this information to identify individual users or to match it with further data on individual users.
We use a service from www.Disqus.com that can track users’ activity across websites that use the Disqus commenting system unless the do not track option is enabled. Information tracked by Disqus may be disclosed to third parties including pseudonymous analytics data, web browser version, installed addons, referring pages, and exit links. Other users may search for, see, use, and repost any of your user content that you make publicly available through the service. You can choose to install a privacy-enhancing web browser extension which allows some of Disqus to be blocked.
We use a service from www.en.gravatar.com that allows you to have an image that represents you when you are online. It is a picture that appears next to your name when you interact with different Gravatar enabled websites. To make this happen a tracking mechanism is used that follows you from website to website.
We use a service that tracks your behavior from device to device. This technology can track your responses from your desktop computer to your laptop, smartphone, and tablet, in any order when using these devices. We use the information we get from this technology to analyze traffic behavior, improve our marketing and advertising.
Our website contains chat software or contact forms that enable visitors to communicate with us live online or offline by email. In some cases visitors can communicate with us without buying our products and services. When you use our chat software or contact forms, we may collect some or all the following information: your email address, first name, last name, location, and any other information you willingly choose to give us. You should limit the information you give to us to one that is necessary to answer your questions.
Third-party vendors, including Google, use cookies to serve ads based on a user’s past visits to our website. Google’s use of cookies enables it and its partners to serve ads to our users based on their visits to our site and/or other sites on the Internet. Users may opt out of the use of Google’s cookies for interest-based advertising by visiting http://www.aboutads.info/choices/ For European users visit http://www.youronlinechoices.eu
Our website uses Google Analytics to collect information about the use of our website. Google Analytics collects information from users such as age, gender, interests, demographics, how often they visit our website, what pages they visit, and what other websites they have used before coming to our website. We use the information we get from Google Analytics to analyze traffic, improve our marketing, advertising, and website. Google Analytics collects only the IP address assigned to you on the date you visit our website, not your name or other identifying information. We do not combine the information collected using Google Analytics with PD. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit our website, the cookie cannot be used by anyone but Google. Google also uses specific identifiers to help collect information about the use of our website.
Optional: This provision can be used as a general analytics provision when using a company(s) other than Google.
Our website uses analytics and crash reporting services from several companies to collect information about the use of our website. Analytics collects information such as how often users visit our website, what pages they visit, when they do so, what other websites they used before coming to our website, and their IP addresses. We use the information we get from analytics to improve our services.
Our website uses a remarketing advertising service. Our remarketing service is provided by Google and other companies that show our ads on websites across the Internet. With remarketing you may see ads for our products you have previously looked at. As an example, suppose you visit a website that sells computers, but you do not buy a computer on your first visit. The website’s owner might like to encourage you to revisit his/her website and buy a computer by showing you his/her ads again on other websites that you visit. We use remarketing for similar purposes. For this to happen Google will read a cookie that is already in your browser or place a cookie in your browser when you visit our website or other websites using remarketing. You can opt out of Google’s use of cookies and remarketing at this link: https://support.google.com/ads/answer/2662922? or you can opt out using the Network Advertising Initiative opt out page at: https://optout.networkadvertising.org/#!/
Third parties, including Facebook, may use first-party cookies, third-party cookies, web beacons, and other storage technologies to collect or receive information from our services and elsewhere on the Internet, and use that information to provide measurement services and target ads. With Facebook remarketing you may see our ads on Facebook after you have used our services. For this to happen Facebook uses unique cookies that are activated and placed in a visitor’s browser when they land on a webpage. Facebook lookalike audience targeting allows us to show ads on Facebook to people who are similar to those who have already visited or made a purchase from our services. To opt out of Facebook’s collection and use of information for ad targeting visit: https://www.facebook.com/help/568137493302217
An AdRoll pixel has been installed on our website. This, along with AdRoll’s third-party cookies, allows AdRoll to collect data and provide targeted advertising, specifically retargeting advertising on other websites or devices, depending on your online activity.
Our website and applications use Amazon’s remarketing service and conversion pixels to show interest-based ads on websites and devices across the Internet. To opt out of or change your preferences for this type of advertising visit: https://www.amazon.com/adprefs.
Optional: this provision can be used as a general remarketing provision when using companies other than Google, Facebook, AdRoll, and Amazon.
Our website and applications use remarketing advertising services. These remarketing services are provided by companies that show our ads on websites and devices across the Internet. With remarketing you may see ads for our products you have previously looked at. As an example, suppose you visit a website that sells computers, but you do not buy a computer on your first visit to that website. The website’s owner might like to encourage you to revisit their site and buy a computer by showing you their ads on other websites that you visit. We use remarketing for similar purposes. For this to happen remarketing companies will read a cookie in your browser. This can only happen if your browser is set to let it happen. You can opt out of these types of advertising cookies by visiting https://www.networkadvertising.org/choices.
If you do not provide us with enough PD, we may not be able to provide you all our products and services. However, you can access and use some parts of our website without giving us your PD.
We use the information we receive from you to:
When we communicate with you about our website, we will use the email address you provided when you registered as a user or customer. We may also send you emails with promotional information about our website or offers from us or our affiliates unless you have opted out of receiving such information. You can change your contact preferences at any time through your account or by contacting us using the contact information at the top of this privacy notice.
We do not sell or rent your PD to third parties for marketing purposes. However, for data aggregation purposes we may use your NPD, which might be sold to other parties at our discretion. Any such data aggregation would not contain any of your PD. We may give your PD to third-party service providers whom we hire to provide services to us. These third-party service providers may include but are not limited to payment processors, web analytics companies, advertising networks, call centers, data management services, help desk providers, accountants, law firms, auditors, shopping cart and email service providers, and shipping companies.
Some of your user personal information, including your location, first and last name, business type, LinkedIn and Facebook profiles, current place of work, job position, business name, business address, profile picture, email address, friend connections, spoken languages, business phone number, mobile number, business URL, username, and any image or video content that you have uploaded to our website or mobile app may be displayed to other users to help user interaction within our services or address your request for our services.
Your privacy settings in your account may let you limit which users can see your PD in your user profile and what information in your profile is visible to others. You understand that any content you upload to your public user profile, including PD, or content that you disclose online in a way that other users can see, including discussion boards, messaging, or other communication mechanisms becomes publicly accessible and can be used by anyone.
We do not filter or monitor what is posted on discussion boards. If you post on these discussion boards or other communication devices, you should use care when exposing any PD, as such information is not protected by our privacy notice nor are we liable if you disclose your PD through such postings.
If you sign into our services through a third-party social networking service or website, your “friends” list from that service or website might be automatically imported to our services. We do not have any control over the privacy notices and business practices of other third-party services or websites.
We may share your PD with third parties for similar audience marketing purposes. Similar audience marketing is also called lookalike audience marketing. The third parties we share your PD with for this type of marketing include Facebook and/or Google. Using your PD for similar audience marketing or lookalike audience marketing helps us find new audiences (users and customers) based on similar interests to yours. This helps us improve our marketing services. Your PD is only shared with Facebook and Google for this type of marketing. By using our website and agreeing to our privacy notice you are giving consent for your PD to be used for the marketing purposes described within this section.
We may share your information with third parties such as Facebook.com, Twitter.com, YouTube.com, Instagram.com, and Google.com. If you decide to login to our website using these third parties or other social media websites, you are agreeing to let us use and store your profile information from those websites to make better use of any social media features on our website. This sharing of information helps us provide you a better experience when using our website and services. It also provides us with useful information such as visitor traffic. If you use any of the social sharing icons on our website to share our information, you may also be sharing your personal information through social media websites.
We may share your PD with our business partners. The business partners include general business partners, affiliates, and joint venture partners. We share this information with them so that they can send you information about our products and services as well as their products and services. When you choose to take part in our services and/or offerings, you are authorizing us to provide your email address and other PD to our business partners. Please understand that when we share your PD with our business partners, your PD becomes subject to our business partners’ as well as our privacy notice.
If you provide a mobile telephone number to us, you are giving your consent and authorize us or a third party to send you text messages and push notifications. You are not required to give us your consent for these text messages and push notifications. However, withholding your consent may interfere or prevent us from providing some or all of our services to you. You can stop receiving text messages and push notifications at any time by contacting us.
We may be legally required to disclose your PD if such disclosure is (a) required by subpoena, law, or other legal process; (b) necessary to assist law enforcement officials or governmental enforcement agencies; (c) necessary to investigate violations of or otherwise enforce our terms and conditions; (d) necessary to protect us from legal action or claims from third parties, including you and/or other users; or (e) necessary to protect the legal rights, personal/real property, or personal safety of our company, users, employees, and affiliates.
If our business is sold or merges in whole or in part with another business that would become responsible for providing the website to you, we retain the right to transfer your PD to the new business. The new business would retain the right to use your PD according to the terms of this privacy notice as well as to any changes to this privacy notice as instituted by the new business. We also retain the right to transfer your PD if our company files for bankruptcy and some or all of our assets are sold to another individual or business.
Our website may offer the ability for users to communicate through online community discussion boards, blogs, or other mechanisms. We do not filter or monitor what is posted on such discussion mechanisms. If you choose to post on these discussion mechanisms, you should use care when exposing any PD, as such information is not protected by our privacy notice nor are we liable if you disclose your PD through such postings. Also, PD which you post on our website for publication may be available worldwide by means of the Internet. We cannot prevent the use or misuse of such information by others.
We retain information that we collect from you (including your PD) only for as long as we need it for legal, business, or tax purposes. Your information may be retained in electronic, paper, or a combination of both forms. When your information is no longer needed, we will destroy, delete, or erase it.
You can update your PD using services found on our website. If no such services exist, you can contact us using the contact information found at the top of this privacy notice and we will help you. However, we may keep your PD as needed to enforce our agreements and to comply with any legal obligations.
You have the right to revoke your consent for us to use your PD at any time. Such optout will not affect disclosures otherwise permitted by law including but not limited to: (i) disclosures to affiliates and business partners, (ii) disclosures to third-party service providers that provide certain services for our business, such as payment processors, web analytics companies, advertising networks, call centers, data management services, help desk providers, accountants, law firms, auditors, shopping cart and email service providers, and shipping companies, (iii) disclosures to third parties as necessary to fulfill your requests, (iv) disclosures to governmental agencies or law enforcement departments, or as otherwise required to be made under applicable law, (v) previously completed disclosures to third parties, or (vi) disclosures to third parties in connection with subsequent contests or promotions you may choose to enter, or third-party offers you may choose to accept. If you want to revoke your consent for us to use your PD, please contact us through the contact information at the top of this privacy notice.
If any postings you make on our website contain information about third parties, you agree to make sure that you have permission to include that information. While we are not legally liable for the actions of our users, we will remove any postings about which we are notified, if such postings violate the privacy rights of others.
Some web browsers have settings that enable you to request that our website not track your movement within our website. Our website does not obey such settings when transmitted to and detected by our website. You can turn off tracking features and other security settings in your browser by referring to your browser’s user manual.
Our website may contain links to other websites. These websites are not under our control and are not subject to our privacy notice. These websites will likely have their own privacy notices. We have no responsibility for these websites and we provide links to these websites solely for your convenience. You acknowledge that your use of and access to these websites are solely at your risk. It is your responsibility to check the privacy notices of these websites to see how they treat your PD.
Optional: This provision should not be deleted; however, you should change the age of your user to reflect your company policy and understand that if you collect information from users under the age of 13 in the U.S. or 16 in the European Union, you will need to get express consent from their parents or legal guardian before doing so.
Even though our website is not designed for use by anyone under the age of 16, we realize that a child under the age of 16 may attempt to access our website. We do not knowingly collect PD from children under the age of 16. If you are a parent or guardian and believe that your child is using our website, please contact us. Before we remove any information we may ask for proof of identification to prevent malicious removal of account information. If we discover that a child is accessing our website, we will delete his/her information within a reasonable period of time. You acknowledge that we do not verify the age of our users nor have any liability to do so.
You can always opt out of receiving email correspondence from us or our affiliates. We will not sell, rent, or trade your email address to any unaffiliated third party without your permission except in the sale or transfer of our business, or if our company files for bankruptcy.
We have built our website using industry-standard security measures and authentication tools to protect the security of your PD. We and the third parties who provide services to us also maintain technical and physical safeguards to protect your PD. Unfortunately we cannot guarantee prevention of loss or misuse of your PD or secure data transmission over the Internet because of its nature. We strongly urge you to protect any password you may have for our website and not share it with anyone.
You may have to provide a credit card to buy products and services from our website. We use third-party billing services and have no control over them. We use commercially reasonable efforts to ensure that your credit card number is kept strictly confidential by using only third-party billing services that use industry-standard encryption technology to protect your credit card number from unauthorized use. However, you understand and agree that we are in no way responsible for any misuse of your credit card number.
PD that we collect from you may be stored, processed, and transferred among any countries in which we operate. The European Union has not found the United States and some other countries to have an adequate level of protection of PD under Article 45 of the GDPR. Our company relies on derogations for specific situations as defined in Article 49 of the GDPR. If you are a European Union customer or user, with your consent your PD may be transferred to the United States or other countries outside the European Union when you request information from us. When you buy goods or services from us, we will use your PD for the performance of a contract or to take steps to enter into a contract. Wherever we transfer, process, or store your PD, we will take reasonable steps to protect it. We will use the information we collect from you in accordance with our privacy notice. By using our website, services, or products you agree to the transfers of your PD described within this section.
We reserve the right to change this privacy notice at any time. If our company decides to change this privacy notice, we will post those changes on our website so that our users and customers are always aware of what information we collect, use, and disclose. If at any time we decide to disclose or use your PD in a method different from that specified at the time it was collected, we will provide advance notice by email sent to the email address on file in your account. Otherwise we will use and disclose our users’ and customers’ PD in agreement with the privacy notice in effect when the information was collected. In all cases your continued use of our website, services, and products after any change to this privacy notice will constitute your acceptance of such change. If you have questions about our privacy notice, please contact us through the information at the top of this privacy notice.
Copyright © This Privacy Notice is protected under United States and foreign copyrights. The copying, redistribution, use or publication by you, is strictly prohibited.
Richard Freeman
Subscribe to our newsletter and get 10% off your first purchase.