Privacy Policy
Last updated: May 2026
Thank you for visiting our website. In the privacy policy, we would like to inform you about the handling of your data in accordance with Art. 13 of the General Data Protection Regulation (GDPR).
Controller
The controller for the data processing described below is “YogawithChrysi” with authorized representative:
Chrysi Papadaki
Hollerallee 26
28209 Bremen
email: contact@yogawithchrysi.com
Further information can be found also in the imprint.
Data we collect
We may collect from you the following types of data:
Core data: first name, surname, email
Financial data: billing details, transaction metadata
Preferences: Areas of your specific interest drawn from any of the information identified as well as survey forms reflecting your preferences
When you visit our websites, so-called usage data is temporarily stored on the web servers for statistical purposes as a protocol in order to improve the quality of our website. This data set consists of: name and address of the requested content, the date and time of the query, browser type, pages visited, time spent on pages, the referral link, which indicates from which page you reached ours, the IP address of the requesting device, which is processed only to the extent technically necessary for providing and securing the website and, where possible, in truncated or limited form.
Purpose of processing and legal bases
When you visit our website, we might collect and process your personal data for the following purposes and legal grounds:
Recipients of your data
We might share your data with:
Built-in Email marketing tools (e.g. Email Campaigns by Squarespace Inc.)
Hosting and analytics services (e.g. Squarespace Inc, Google Inc. etc.)
Regulators, governments and legal authorities, when required by the applicable regulation.
Each third party has its own privacy policies and complies with relevant data laws.
When we share your personal data with our service providers, the transfer falls under the scope of a data processing agreement which obliges our service providers to follow our strict instructions and comply with contractual obligations in accordance with Art. 28 GDPR.
International Data Transfers
In some cases, we may transfer your personal data to third countries outside the EU to approved service providers. Some of the countries to which your personal data is transferred may not offer an adequate level of protection equivalent to the protection offered by the laws in the EU. In such cases, to ensure that your personal data remains protected when it is transferred outside of the EU, we make sure that appropriate measures are implemented, e.g. Standard Contractual Clauses issued by the European Commission. Additionally, the EU Commission has adopted an adequacy decision for the US concerning EU-US data transfers. Specifically, the US has introduced new safeguards and mechanisms ensuring an adequate level of data protection 'essentially equivalent to the level of protection within the EU', for companies that are certified under a framework which is called Data Privacy Framework (DPF).
Some of our business partners are certified under the DPF e.g. Google, Microsoft. Others may transfer your data to countries (including the United States when the provider is not certified under the DPF) in which data protection laws do not offer an adequate level of protection. When data are transferred under these circumstances, the authorities may have access to the data, without any legal recourse being available. In such cases, we ask you for your consent to perform this transfer based on Art. 49 para. 1 (a) GDPR. You may withdraw your consent at any time with effect for the future by contacting us using the contact details provided in the imprint or privacy policy or you can change your cookie preferences by re-accessing the cooking banner (at the footer of the homepage).
Cookies & Third-Party Tracking Technologies
Cookies: Cookies are small files stored on your computer, smartphone, or other devices when you visit certain web pages. They allow websites to gather and retrieve information about your browsing behavior or device, and can also be used to recognize you on future visits.
We use cookies to improve your browsing experience, analyze website traffic, and deliver personalized content and advertisements. These cookies may be placed by us (first-party cookies) or by external providers (third-party cookies).
There are two main types of cookies: session cookies, which are temporary and deleted when you close your browser; and persistent cookies, which remain on your device for a predefined period. In more detail, session cookies are designed to collect and store data while the user is accessing a website. They are normally used to store information whose retention is only of interest for the provision of the service that the user requests on a single occasion. In the long term, these cookies can be used to provide a better experience by improving content and facilitating use.With persistent or permanent cookies, the data is stored on the terminal device and it is possible to access and process it for a period of time set by the responsible provider for the cookies.
Cookies serve different purposes:
Strictly necessary cookies are processed because they are technically required to ensure the secure and proper functioning of the website.
Performance cookies help us understand how visitors use our site, allowing us to optimize its performance. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.
Functional cookies enable enhanced features and customization. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Advertising cookies are used to track our visitors’ browsing habits. They can be used to build up a profile of search and/or browsing history for every visitor. Identifiable or unique data is collected to show relevant/personalized marketing content to each user. The information that uniquely identifies users’ browsers and internet devices is used to display targeted advertising and/or share this data with third parties for the same purpose.
The processing of strictly necessary cookies is based on our legitimate interest for the purposes explained above. Performance cookies, functional cookies or targeting cookies are processed on users’ consent for the purposes explained above.
You can allow, block or delete the cookies installed on your device by configuring the options of the browser installed on your PC. Please note that if you do so, our web pages may not be displayed and some functions may no longer be technically available.
Our cookie banner shows you the list of the cookies and tracking technologies we use, including their provider, purpose, description and other relevant information. You can adjust your preferences and withdraw your consent at any time by editing your cookie settings in the cookie-banner at the footer of the homepage.
We use the following cookies on our website:
Social Links
On our website, we place social media buttons (such as Facebook, Instagram) in the form of links. We only display a button and do not integrate any social media plugins. This means that personal data from you will only be transferred to the social media provider if you click on the button. If you are already logged into the social media service, when you click on the respective social media button, the social media service may also use this data to identify your username and, possibly, even your real name. We have no control over the extent, nature and purpose of such data processing by the social media service. Please note that the social media service might use this data to create pseudonymised and even individualised user profiles. You can find further information about how social media providers use your data on the privacy policies provided on their respective social media platforms.
Zoom
We use Zoom, provided by Zoom Video Communications Inc., to conduct our online courses. The legal basis for data processing is the performance of (pre)contractual obligations for delivering the booked classes and sending Zoom invitations, our legitimate interest regarding usage statistics and session logs and your consent if provided e.g. for video recordings or other optional features.
During meetings, the following data may be processed: participant information (e.g., name, email, phone number), metadata (e.g., meeting topic, IP address, device type), chat and message content, audio and video recordings. Use of microphone or camera is optional and can be disabled at any time.
Video recordings are only made with prior consent and information notice. Data is encrypted during transmission. Zoom may store data on servers located outside the European Economic Area, including the United States. For more details on international data transfers and the processing of your data, please refer to section “International Data Transfers” of this privacy policy and to Zoom’s Privacy Policy.
Videos on Our Website
We provide videos directly on our website. These videos are stored on the servers of our hosting provider and are delivered to you when you access the relevant pages.When you view a video, the same usage data that is technically required for accessing any part of our website is processed (e.g., IP address, device information, browser type, date and time of access). No data is transmitted to third-party video platforms.
The legal basis for processing this data is our legitimate interest in providing multimedia content on our website and, where applicable, the performance of (pre)contractual obligations if video content is necessary for the services you have booked.
Contact form
You may contact us via our contact form. In order to use our contact form, we require the data marked with an asterisk as mandatory: name, email and message. The legal basis for this processing is Art. 6 (1) (f) GDPR in order to respond to your request. Your data will only be processed to respond to your enquiry. We delete your data if it is no longer required and there are no legal retention obligations in conflict to that. Concerning the processing according to Art. 6 (1) (f) GDPR, you have the right to object at any time. To do so, please contact the e-mail address stated in the imprint.
Newsletters
On our website you have the possibility to subscribe to our free newsletter. For the subscription we use the double opt-in procedure. Once you have submitted the registration form to us, you will receive a confirmation email from us. Your subscription will only be activated after you have clicked on the link in the confirmation e-mail. By subscribing to the newsletter, you agree to receive advertising in the form of newsletters. We process your personal data in accordance with Article 6(1)(a) GDPR on the legal basis of consent.
You can unsubscribe from the newsletter at any time. To do so, use the unsubscribe link at the end of each e-mail. Your e-mail address will then be deleted from the distribution system immediately.
Data Retention
Unless we have already informed you in detail about the storage period, we delete personal data when they are no longer required for the aforementioned processing purposes and no legitimate interests or other (legal) reasons for storage prevent deletion. Data no longer required will be deleted.
Data Security
In order to protect your data as comprehensively as possible from unwanted access, we implement technical and organisational measures. These measures include encryption procedures on our websites. Your data is transferred from your computer to our server and vice versa via the internet using TLS encryption. You can usually recognize this by the fact that the lock symbol in the status bar of your browser is closed.
Your rights as a data subject
According to Art. 12-22 GDPR you have the following rights. You have the right to request information about what personal data is stored by us, for what purpose it is stored as well as receive a copy of your data. In addition, you may have incorrect data corrected or data deleted that is inadmissible or no longer necessary to be stored. Additionally, you have the right to demand the restriction of the processing of your data, to have your automatically processed data transferred, if we process them by your consent or contract, and to complain to a regulator, if you believe that the processing of your data by us is unlawful.
Finally, you have the right to object to the processing, if your data are processed due to Art. 6 para. 1 lit. f GDPR. We will then cease to process your data unless there are demonstrable compelling reasons for the processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims. If the processing of data is based on your consent, you are entitled to withdraw your consent to the processing of your personal data at any time in accordance with Art. 7 (3) GDPR. Please note that the withdrawal of the consent only effective for the future. Processing that took place before the withdrawal is not affected.
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates data protection regulations. You can assert this right in particular with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.
Unless otherwise described above, please contact the controller of the data processing named in the imprint to assert your rights as a data subject.
Changes to this Policy
We may update this Privacy Policy occasionally. The latest version will always be posted on this page with an updated effective date.
Contact
For any questions about this Privacy Policy or your data, please contact us at contact@yogawithchrysi.com