en
Yoga Method
Cart
0
0.00 €

Privacy Policy 

This privacy policy is based on the EU General Data Protection Regulation (EU 2016/679, GDPR) and the Finnish Data Protection Act (1050/2018).

Date of creation: 1 February 2026

Data Controller:
Bare Yoga Method
Lotta Leinonen
bareyogamethod@gmail.com

Definition of Personal Data
Personal data means all information relating to an identified or identifiable natural person.

1. Legal Bases for Processing Personal Data

The legal bases for processing your personal data are:

  • Performance of a contract (BYM Club membership and purchases)

  • Legal obligations of the data controller (accounting)

  • Consent of the data subject (newsletters and marketing)

2. Personal Data Processed

The data controller processes only personal identifiers and contact details necessary to fulfill the purchase contract:

  • First and last name

  • Email address

  • Address

  • Phone number

The data may also be used for marketing and accounting purposes, as well as sharing necessary information between contracting parties for the legally required duration. Some service providers may be located outside the EU/EEA; in such cases, data transfers are protected by GDPR-approved safeguards, such as Standard Contractual Clauses (SCC).

3. Purpose of Processing

Personal data is processed for the following purposes:

  1. Registration on the website [Membership Registration]

  2. Processing customer orders (name, address, email, phone); BYM Club membership

  3. Order processing

  4. Billing and payment management

  5. Sending newsletters and marketing communications with explicit consent

  6. Service development and website analytics

  7. Fulfilling legal obligations

Personal data is necessary to fulfill the purchase contract; the contract cannot be concluded without it.

4. Retention of Personal Data

  1. Personal data is retained as long as BYM Club membership is active. Data may be retained longer for legal accounting purposes or to fulfill contractual rights and obligations for up to three years after the contract ends.

  2. Marketing data (email) may be retained indefinitely; users can opt out if they are no longer active members.

  3. Data is deleted when retention is no longer legally required.

5. Recipients and Processors

Third parties processing personal data on behalf of the data controller include:

  • Webnode AG (e-commerce platform)

  • Google Analytics (website analytics)

  • POWR (membership area, login via Instagram or Facebook)

6. Data Subject Rights

Under GDPR, you have the right to:

  1. Access your personal data

  2. Request correction or deletion

  3. Restrict or object to processing

  4. Data portability

  5. Withdraw consent at any time (e.g., unsubscribe from newsletters or contact bareyogamethod@gmail.com with the subject: "PERSONAL DATA CHANGE")

  6. Lodge a complaint with the supervisory authority (Data Protection Ombudsman)

7. Data Security

The data controller implements appropriate technical and organizational measures to prevent unauthorized access, loss, or misuse of personal data, including:

  • Password protection for computer access

  • Antivirus software

  • Regular maintenance of computer systems

8. Cookies

The website uses cookies to improve user experience and analyze website performance. Analytics cookies are used only with the user's consent. Users can manage cookie settings in their browser.

9. Final Provisions

The data controller may update this policy at any time. The updated version will be published on the website.

Effective date: 2 February 2026