Privacy Policy

This Privacy Policy applies to blankayogi.com (English version) and describes how I collect and use personal data when you book yoga, join Yoga Five or Yoga Space, express interest in a retreat, or contact me. I process data in accordance with the GDPR and applicable Portuguese law.

The Czech version of the website follows the same structure and content; the data controller for the Czech market is identified by Czech IČO on the Czech privacy page.

Valid from 2 June 2026

1. Services covered

The same principles apply across my offerings. This includes:

• In-person yoga lessons in Santa Cruz, Portugal
• Yoga Five - workshops, series, and retreats (including interest lists before dates are confirmed)
• Yoga Space - online membership and member area (where available)
• Booking, confirmation, payment coordination, and general enquiries via website forms, email, or WhatsApp

2. What data I collect

I only collect data that is relevant to the service you request. This may include:

• Identity & contact: name, email address, phone / WhatsApp number
• Booking & communication: lesson type, preferred dates, messages you send, booking status
• Health information: only via the online confirmation form, after we agree a date - see section 4
• Payment-related data: amount agreed, payment reference, confirmation that payment was sent (I do not process card payments on this website)
• Photos & video: only if you give separate consent in the confirmation form
• Technical data: IP address, browser type, cookies - when you use the website or member login

I do not ask for passport details, visa information, driving licence numbers, or vehicle registration for yoga services.

3. Why I use your data

Depending on the situation, I process your data on one or more of these legal bases:

• Contract - to confirm and deliver lessons, workshops, retreats, or membership
• Legal obligation - accounting, tax, and records required by law
• Consent - health form, optional photo use, retreat interest updates, marketing messages where applicable
• Legitimate interest - responding to enquiries, coordinating bookings, keeping the website secure

I do not sell your personal data. Marketing (such as retreat updates or news about Yoga Five) is sent only where you have asked to hear from me or where it follows from an enquiry you initiated.

4. Health information

After we confirm a lesson or retreat date, I may ask you to complete an online confirmation form. That form can include health-related information so I can adapt the practice safely.

• Health data is special category data under the GDPR
• I process it only with your explicit consent in the form, or where necessary for your safety during the service
• It is used only for teaching, safety, and related administration - not for unrelated marketing
• Access is limited to me and, where strictly necessary, trusted technical providers that host the form

5. Who may receive your data

I share data only when needed to run the service:

• Website & forms - hosting and form tools that store submissions securely
• Email - to communicate with you about bookings
• WhatsApp (Meta) - if you contact me or confirm payment there; Meta processes data under its own privacy policy
• Accounting - invoices and legally required records
• Embedded services - e.g. Google Maps on the website; those providers may collect technical data when you load the page
• Public authorities - only where the law requires it

Some providers (including Meta and Google) may process data outside the European Economic Area. Where required, appropriate safeguards such as Standard Contractual Clauses apply.

6. How long I keep data

• Bookings & correspondence: for the duration of our client relationship, then typically up to 3 years for ordinary enquiries, unless a longer period is needed to resolve a dispute
• Health information: until your participation ends, then up to 3 years for safety and liability purposes, unless you withdraw consent earlier (subject to legal retention limits)
• Accounting records: as required by Portuguese law (generally up to 10 years)
• Marketing / interest lists: until you unsubscribe or ask to be removed
• Cookies & logs: according to their purpose - see section 7

I review stored data periodically and delete what is no longer needed.

7. Website - comments, cookies & embedded content

Comments

When visitors leave comments on the blog, we collect the data shown in the comment form, plus the IP address and browser user agent string to help detect spam. An anonymised hash of your email address may be sent to Gravatar to check whether you use that service. After approval, your profile picture may appear next to your comment.

Media

If you upload images to the website, avoid files with embedded location data (EXIF GPS). Visitors may be able to extract such data from uploaded images.

Cookies & member login

If you leave a comment, you may opt in to saving your name, email, and website in cookies for one year.

If you use the Yoga Space member login, WordPress sets cookies to manage your session, login, and display preferences (typically from two days up to one year, depending on the cookie).

A temporary cookie may be set to test whether your browser accepts cookies; it contains no personal data and is discarded when you close the browser.

Embedded content

Pages may include embedded content (maps, videos, etc.). Embedded content from other sites behaves as if you visited those sites directly. They may collect data, use cookies, and track your interaction with the embed.

8. Your rights

Under the GDPR you have the right to:

• Access the personal data I hold about you
• Rectify inaccurate or incomplete data
• Erase data where there is no lawful reason to keep it
• Restrict processing in certain circumstances
• Data portability for data you provided, where processing is based on consent or contract
• Object to processing based on legitimate interest
• Withdraw consent at any time (without affecting processing that already took place lawfully)
• Lodge a complaint with a supervisory authority

To exercise your rights, email info@blankayogi.com. I will respond within the time limits set by the GDPR.

9. Changes

I may update this Privacy Policy when services or legal requirements change. The current version is always published on this page with the date above. For significant changes affecting existing clients, I will also notify you by email where appropriate.

10. Supervisory authority

If you believe your data is not processed lawfully, you may contact:

CNPD - Comissão Nacional de Proteção de Dados
www.cnpd.pt