MOORE YOGA | POLICIES

1. Scope and Agreement

This policy applies to all yoga classes, workshops, and digital services. By using our website and booking platform, you consent to the collection and use of information as described herein.

2. Personal Data Collected

• Contact Information: Name, email address, phone number, and mailing address for class registrations.

• Health and Wellness Data: Information regarding physical limitations, injuries, or medical conditions provided in Liability Waivers to ensure safe instruction.

• Marketing Preferences: Opt-in status for newsletters and promotional events.

3. Payment Processing

• PCI-DSS Compliance: All online payments are handled by third-party processors (e.g., Stripe or Square).

• Transaction Data: We do not store full credit card numbers or CVV codes on our servers. We only retain transaction ID, date, and amount for Accounting Purposes.

4. Protected Health Information (PHI)

Under HIPAA, any medical history shared for therapeutic yoga sessions is subject to:

• Administrative Safeguards: Staff training on data privacy.

• Technical Safeguards: Encrypted storage of digital intake forms.

5. User Rights

Under GDPR, you have the following rights regarding your Personal Data:

• Right to Access: Request a copy of the personal data we hold about you.

• Right to Rectification: Request correction of inaccurate or incomplete information.

• Right to Erasure: Also known as the "Right to be Forgotten," allowing you to request data deletion.

• Right to Restriction: Limit how we use your data under specific circumstances.

6. Data Retention

We retain Personal Data and PHI only for as long as:

• Necessary to provide requested yoga services and classes.

• Required by Tax and Accounting Laws (typically 7 years for transaction records).

• Mandated by Liability Insurance requirements for injury and health history documentation.

7. Security Protocols

We employ Technical and Organizational Measures to safeguard information:

• Encryption: All digital health forms and payment transmissions are encrypted using SSL/TLS technology.

• Physical Safeguards: Physical records (if any) are stored in locked, restricted-access cabinets.

• Breach Notification: In the event of a Data Breach, we will notify affected users and relevant authorities within 72 hours of discovery.

8. Changes and Contact

We reserve the right to update this policy. Updates will be posted on our website with a revised "Effective Date." For privacy inquiries, contact our Privacy Lead at MooreYoga727@Gmail.com.