ABBYSAN YOGA & WELLNESS PRIVACY POLICY
( Last Updated June 1st, 2019 )
Overview
All personal data collected from this site complies with the principles of the EU GDPR Data Protection Act 1998 and May 25, 2018. By accessing this site you agree to the terms of this Privacy Policy and consent to the collection, processing, use or transfer of data as set out in this policy.
Personal data collected by Abbysan Yoga & Wellness are processed in accordance with the Law on Legal Protection of Personal Data of Thailand Courts and other legal acts. All employees, agents of Abbysan Yoga & Wellness who know the secret of personal data must keep it safe even after termination of the employment or contractual relationship.
For the purpose of the processing personal data, Abbysan Yoga & Wellness may engage data processors and/or, at its sole discretion, hire other persons to perform certain functions on behalf of Abbysan Yoga & Wellness. In Such Cases, Abbysan Yoga & Wellness shall take necessary measures to ensure that such data is processed by the personal data processors in accordance with instructions of Abbysan Yoga & Wellness And Applicable Legislation. Abbysan Yoga & Wellness Shall Also Require The Personal Data Processors To Implement Appropriate Measures For The Security Of Personal Data. In Such Cases, Abbysan Yoga & Wellness shall ensure that such persons will be subject to the non-disclosure obligation and will not be able to use this information for any other purpose, except to the extent necessary to perform the functions assigned to them.
Introduction
This is a notice to inform you of the ABBYSAN YOGA & WELLNESS policy about all information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.
- We regret that if there are one or more points below with which you are not happy, your only recourse is to leave our website immediately.
- ABBYSAN YOGA & WELLNESS takes seriously the protection of your privacy and confidentiality. We understand that all visitors to our website are entitled to know that their personal data will not be used for any purpose unintended by them, and will not accidentally fall into the hands of a third party.
- ABBYSAN YOGA & WELLNESS undertakes to preserve the confidentiality of all information you provide to us, and hope that you reciprocate.
- Our policy complies with the Thailand Courts accordingly implemented, including that required by the European Union General Data Protection Regulation (GDPR) and Data Protection Regulation.
- The law requires us to tell you about your rights and our obligations to you in regards to the processing and control of your personal data.
- Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website.
The operations of ABBYSAN YOGA & WELLNESS are in accordance with the European Union’s General Data Protection Regulation (GDPR), effective May 25, 2018. ABBYSAN YOGA & WELLNESS has made the GDPR a priority, and we are and have always been fully aligned with the regulation’s intended result: the protection of your privacy and personal data
Information Collected By Us via the Website
We collect two types of information from users of the Websites: personal information described below; and non-personal information such as information about traffic patterns on the Websites.
Personal Information We Collect when you register on Our Website
To access certain portions of the Websites, including the portions where the Services are offered, we require you to register and select a user name and password. Some personal data is collected during the registration process. We may then ask for additional information, including personally identifiable and non-personally identifiable information.
When you make a purchase on our Website for a Yoga service, when you subscribe to the Services, and/or when you enter a contest or other promotion, we may ask you for certain personal information such as your name, address, e-mail address, or credit card number, in order to process your order, manage your subscription, administer the contest, or send you promotional e-mails. Providing personal information in these instances is solely your choice; you do not need to provide such information, make purchases, or enter such contests to browse our Websites as a Visitor.
Non-Personal Data We Collect From You
In some cases, we may collect non-personal information. Examples of this type of information include the type of Internet browser you are using, the type of computer operating system application software, and peripherals you are using and the domain name of the web site from which you linked to our Site. We use your information on an aggregated basis to do such things as operate our Websites, enhance our Websites and sell and deliver advertising.
How We Use Your Personal Information
We use the information collected on the Websites for a variety of purposes, including, but not limited to, running the Websites and the Services and contacting users. The Websites and the Services may also make available to other Registered Users information provided by you during registration, such as your screen name. We may use your information to communicate back to you, to update you on products, services and benefits, to personalize the Websites for you, to contact you for market research or to provide you with marketing information, newsletters, or other information we think would be of particular interest. In addition, if you make a purchase on any of the Websites, we may send you order and shipping confirmation emails. We will always give you the opportunity to opt out of receiving such materials.
You can remove your e-mail address from our e-mail list at any time by following the procedures set forth in these terms (“Opt Out Procedures”) or by clicking on the “unsubscribe” link in every e-mail from Abbysan Yoga & Wellness. In addition, you can modify your information or change your preferences, as set forth in these terms (“Reviewing or Changing Your Information”). Information obtained through the Websites and/or the Services may be intermingled with and used in conjunction with information obtained through sources other than our Websites, including both offline and online sources.
We also use your personal data for the following purposes:
To provide the Services
We may process your personal data in the scope specified in these terms of this Privacy Policy to identify you when you login to your account and use our Services, to enable us to operate the Services and provide them to you. This may include verification of your payments, purchase orders and billing information. It may also include verification to determine free trial eligibility.
Analysis of data from social networks, which may include personal data in the scope specified in these terms of this Privacy Policy, is the core of our Services. We analyse this data to provide our Services to our customers in the scope and manner set out by the social platform terms for developers.
To communicate with you
We may process data of our customers or their individual users in the scope specified in these terms of this Privacy Policy, in particular email or other contact data, to communicate with our customers and users, for example, when we assist them with setting up or administering their account, when we provide customer care and support, send technical notices, updates of upcoming changes or improvements to the Services, reminders, security alerts and other support and administrative messages.
To provide a better user experience
We may process your personal data in the scope specified in these terms to learn how you use our Services to be able to continuously enhance user experience as well as provide our customers seamless customer support. We may process such personal data also to improve and enhance our existing Services and develop new offerings. This includes product and market statistics, research and analytics, benchmarks and other analyses to better understand your needs and the needs of users in the aggregate, diagnose problems and analyse trends.
To protect our Services and secure our or third party rights
We process your personal data in the scope specified in these terms to keep the Service safe, secure and reliable. This includes detecting, preventing, and responding to fraud, abuse, security risks, and technical issues that could harm Abbysan Yoga & Wellness, our customers and users.
We may process some of data specified in these terms when required by law or to establish, exercise or defend our legal claims or, where necessary, protect rights of Abbysan Yoga & Wellness. For example, we may store data about how you use our Services, including payments for Services, to prove or otherwise support our rights.
For marketing and sales purposes
We may process your contact personal data, in particular email, name, company and job title to offer you our new Services.
Legal Basis We Use Your Data
For the purposes specified in these terms, we process your personal data based on our contract with you (if you are our direct customer and an individual) or based on our legitimate interest to provide our Services to our customers (where our customer is your company or organization and you are an authorized user designated by your company or organization, or if you are social network user whose data are analyzed as descried in these terms).
For the purposes specified in these terms, we process your personal data based on our legitimate interest to develop and improve our Services.
For the purposes specified in these terms, we process your personal data based on our legitimate interest to protect and secure our rights or claims or the rights of our customers or users.
For the purpose specified in these terms, we process your personal data based on your voluntary consent where you have given us such consent. In a limited scope permissible under applicable law, we may also use your electronic contact details to inform you about our Services without your explicit consent, based on our legitimate interest, as described in more detail in these.
Where we use your personal data for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as performance of contract, your consent or a legal obligation). If you have any concerns about our processing, please refer to details of “Your rights” in these terms.
Retention periods
We retain your personal data for the period necessary to fulfil the purposes outlined in this Privacy Policy and/or any Services agreement, unless a longer retention is required by law (e.g. for tax or accounting purposes or due to other legal requirements) or storing of the data is needed for the establishment, exercise or defence of Abbysan Yoga & Wellness legal claims; in such case, we will store only the data necessary for the enforcement of our claims or our defence for the period necessary in the given case and not exceeding the statutory limitation periods.
Sharing your personal data for legal and business purposes
We may use and/or disclose to third parties (including government bodies and law enforcement authorities, our affiliates, professional advisors and our vendors or subcontractors) information about you when:
- Complying with legal process;
- Enforcing or defending the legal rights of Abbysan Yoga & Wellness, and in connection with a corporate restructuring such as a merger, business acquisition or insolvency situations
- Preventing fraud or imminent harm; and
- Ensuring the security and operability of our network and services.
This information will be shared provided that, in all such circumstances, we will only share the limited personal information that is required to be shared in the unique situation.
We share your data with our trusted business partners or individual who process your data as our data processors on our behalf and pursuant to our instructions, in accordance with this Privacy Policy. We select our vendors very carefully and always ensure that they provide adequate data protection and security safeguards. To this effect, we have bound our data processors with data processing agreements concluded pursuant to Article 28 of the GDPR and, where such processor reside outside of the European Economic Area (EEA), we have concluded Standard Contractual Clauses (model clauses) approved by the European Commission (2010/87/EU) with such processors, or (with respect to US-based companies) verified that these processors have an active Privacy Shield certification.
Marketing communications
We may contact you about our news, events, Services and their features or special offers that we believe may interest you, provided that we have the requisite permission to do so, either on the basis of your consent (where we have requested it and you have provided it to us), or our legitimate interests to provide you with marketing communications where we may lawfully do so, within the limits provided by law. In the latter case, we will only send you marketing communication if you are using or have recently used any of our Services and have not objected to receiving such information (by any means mentioned below).
Your marketing communication preferences may be changed at any time by following the instructions below:
- If you would like to unsubscribe from an email sent to you, follow the ‘unsubscribe’ link and/or instructions placed at the bottom of the email.
- Alternatively, you can contact us using the details in the “Contact Us” section below to change your marketing communication preferences, including the withdrawal of your consent.
If you have received unwanted, unsolicited emails sent via our system or purporting to be sent via our system, please forward a copy of that email with your comments to info@abbysan.com for review.
We may share your contact details with our vendors or business partners who provide the relevant services or functions on our behalf, including event organization, marketing, distribution of surveys customer service, or public relations. These third-party vendors have access to and may collect information only as needed to perform their functions on our behalf and are not permitted to share or use the information for any other purpose.
Please note that we may occasionally send you important information (including via email) about our Services that you are using or have used including changes to applicable terms and conditions and/or other communications or notifications as may be required to fulfil our legal and contractual obligations, as described in these terms. These important Service communications are not affected by your marketing communication preferences.
Security and location of your data
We have implemented and will maintain appropriate technical and organizational measures, internal controls, and information security routines in accordance with good industry practice while keeping in mind the state of technological development in order to protect your data against accidental loss, destruction, alteration, unauthorized disclosure or access or unlawful destruction. Such measures may include, without limitation, taking reasonable steps to ensure the reliability of employees having access to your data and providing for limited access rights and access controls; authentication; personnel training; regular back up; data recovery and incident management procedures; restrictions on storing, printing and disposal of personal data; software protection of devices on which personal data are stored; etc.
We have also implemented Information Security Management in accordance with the requirements of information security standard – ISO 27001, including penetration tests, vulnerability scans, secure development frameworks access management, supplier management and compliance processes.
Data collected from you may be transferred to, and stored and processed in, the Thailand or any other country in which Abbysan Yoga & Wellness, its affiliates, subcontractors, suppliers or other third party vendors maintain facilities. While we reserve the right to change our business partners and /or data locations, when we transfer any personal data to Thailand or any other country outside the EU or EEA in which Abbysan Yoga & Wellness, its affiliates, subcontractors, suppliers or vendors maintain facilities, we will implement such appropriate legal mechanism as are required by EU law to ensure an adequate level of personal data protection by such third parties receiving your personal data (for example, European Commission’s Standard Contractual Clauses).
YOUR RIGHTS AND GETTING IN TOUCH
The General Data Protection Regulation gives EU citizens the following rights:
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decision-making, including profiling
To exercise any of these rights, please contact us at info@abbysan.com and we’ll respond. We work to high standards when it comes to processing your personal information. You can find information specific to the services we use or our activities in the relevant sections of this document.
If you aren’t satisfied by our response, you can contact the Information Commissioner’s Office.
Your rights
If you exercise any of your rights pursuant to this Section or pursuant to applicable laws, we will communicate any rectification or erasure of your personal data or restriction of processing carried out in accordance with your request to each recipient to whom the personal data have been disclosed pursuant to these terms of this Privacy Policy, unless such communication proves impossible or involves disproportionate effort.
If you wish to exercise these rights and/or obtain all relevant information, please contact us at info@abbysan.com. You will be asked to identify yourself; this is necessary to verify that the request has been sent by you. We will respond within 1 month after receipt of your request, but we retain the right to extend this period up to 2 months in exceptional circumstances. We will in any event inform you within 1 month after receipt of your request if we decide to extend the period for our response.
In accordance with applicable laws and as further described below, you have the right to request access to, rectification, erasure or portability (e.g. transfer of your personal data to another service provider) of your personal data we process, as well as to object to the processing of your personal data and/or request restriction of such processing.
Please note that your objection to processing could mean that we are unable to provide you with our Services or otherwise perform the actions necessary to achieve the purposes set out above (see above ‘How we use the data’).
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by contacting us via the contact details in these terms ‘Contact Us’.
Rectification Of Your Personal Data
According to applicable laws, you have the right to rectify your personal data you have shared with us. Through your settings of the Services, you can update your account information, change your profile settings.
If you wish to limit or change access to or the sharing of your personal data with a social network, please do this via your account settings on that social network.
Accuracy Of Your Personal Data
We take reasonable measures to ensure that you are able to keep your personal data accurate and updated. You can always approach us in order to obtain confirmation whether or not we still process your personal data.
If you find out that your personal data processed by us is inaccurate or incomplete and you are unable to update your personal data according to these terms of this Privacy Policy, you may request us to update such personal data. We will verify your identity and update your personal data on your behalf.
Erasure Of Your Personal Data
You can ask us to erase your personal data at any time. If you approach us with such a request, we will delete all your personal data we have without undue delay, provided that your personal data is no longer necessary for the provision of the Services or other permitted purposes, in particular in connection with exercising and defending our legal rights, or meeting our legal obligations. We will also delete (and ensure deletion by the processors that we engage) all your personal data in case you withdraw your consent or in the circumstances that the law requires us to do so.
Restriction Of Processing
If you request us to restrict the processing of your personal data, e.g. in circumstances when you contest the accuracy, lawfulness or our need to process your personal data, we will limit processing of your personal data to the necessary minimum (storage) and, if applicable, will process them only for the establishment, exercise or defence of legal claims or, where necessary, for protection of rights of another natural or legal person, or other limited reasons dictated by the applicable law. In case the restriction is lifted and we continue processing your personal data, you will be informed accordingly without undue delay.
Portability Of Your Personal Data
You have the right to receive personal data relating to you and which you have provided to us. If you approach us with such request, we will provide your personal data in commonly used and machine-readable format to you without undue delay from receipt of your request. If you request so, we will send your personal data to a third party (another data controller) which you will identify in your request, unless such request would adversely affect rights or freedoms of others and where technically feasible.
Objection To Processing
You have the right to object to our using your personal data on the basis of our legitimate interests (refer to the terms above to see when we are relying on our legitimate interests) (or those of a third party)) and there is something about your particular situation which makes you want to object to processing on this ground. In such case, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for their further processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of our legal claims. If you object to processing of your data for direct marketing purposes, we will cease to process your data for these purposes.
Withdraw Your Consent
If you have provided us any consent with the processing of personal data, for example for marketing communication, you can withdraw your given consent at any time without stating any reason. We will block your personal data for any further processing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing based on consent before its withdrawal.
European Union GDPR Compliance (Data Processing Notice)
We are committed to ensuring your privacy is protected. This Data Protection Notice (“DPN”) sets out details of the personal information that we may collect from you and how we may use that information. Please take your time to read this DPN carefully.
We as an entity set out in more detail in this DPN, personal data is shared between companies within the ABBYSAN YOGA & WELLNESS in order to provide you with relevant information.
You can find permanently updated information about the ABBYSAN YOGA & WELLNESS on the following website: https://abbysan.com
By providing your personal information to us, you acknowledge that we may use it in the ways set out in this DPN. We may provide you with further notices highlighting certain uses we wish to make of your personal information. We may also give you the ability to opt-in or opt-out of selected uses, such as marketing, when we collect your personal information.
In addition to this DPN, some of our products and contents may have their own notices, which describe in more detail how your personal information is used in a particular context).
From time to time we may need to make changes to this DPN, for example, as a result of government regulation, new technologies, or other developments in data protection laws or privacy generally. If we change this DPN, we will notify you of the changes. Where changes to the DPN will have a fundamental impact on the nature of our processing of your personal information, or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights in relation to your personal information.
Complaint To A Data Protection Authority
You have the right to submit a complaint concerning our data processing activities to our Data Protection Officer.
Contact Us
If you have any queries regarding our data collection and protection practices or your rights, please do not hesitate to contact our Data Protection Officer, at info@abbysan.com
Privacy Policy Changes
If we are involved in a reorganization, merger, acquisition, or sale of our assets, your information may be transferred as part of that deal. We will notify you (for example, via a message to the email address associated with your account) of any such deal and outline your choices in that event. We may revise this Privacy Policy from time to time, and will post the most current version on our website. If a revision meaningfully reduces your rights, we will notify you.