PRIVACY POLICY

(Regulation (EU) 2016/679 – GDPR & French Data Protection Law)

1. Data Controller

The European Union of Yoga (EUY) is the controller of personal data collected via the website europeanyoga.org.

Legal form: Association under French Law of 1 July 1901
Registration number (RNA): W751138471
SIRET: 895 124 972 00012
Registered office:

24 Rue Jean-Baptiste Pigalle, 75009 Paris, France

Director of publication: the current President of the EUY
Contact: [email protected]

2. Purpose of this Policy

This Privacy Policy aims to inform users, members, teachers, and participants in a clear and transparent manner about:

the personal data collected,
the purposes of processing,
the applicable legal bases,
data retention periods,
data recipients,
and the rights of data subjects.

All processing is carried out in accordance with the GDPR and the French Data Protection Act (Loi Informatique et Libertés).

3. Categories of Personal Data Processed

Depending on your relationship with the EUY, the following categories of data may be processed.

3.1 Identification Data

• First and last name
• Email address
• Postal address
• Telephone number

3.2 Professional and Training Data

• Diplomas, certificates, and training history
• Schools and yogic background
• Teaching activity, types of classes, locations
• Professional website or public links

3.3 EUY Teacher Directory

• Data submitted when applying for inclusion in the Teacher Directory
• Certification and verification data
• Public profile information only where explicit consent has been given

3.4 Event-Related Data (Congress, seminars, etc.)

• Registration and participation information
• Organisational and logistical data

3.5 Administrative and Financial Data

• Membership status
• Invoices and payment records
• Orders of teacher certification cards
• Data required to arrange insurance coverage at the teacher’s request

3.6 Communication Data

• Requests for information
• Complaints
• Correspondence with the EUY

3.7 Technical Data

• IP address
• Browser type and operating system
• Pages visited, date and time of access

4. Purposes of Processing

Personal data is processed exclusively for the following purposes:
• management of EUY membership,
• organisation of trainings, seminars, and congresses,
• management of the Teacher Directory and certification processes,
• issuance of certificates, attestations, and teacher cards,
• arrangement of insurance coverage at the teacher’s request,
• accounting, administrative management, and legal obligations,
• institutional communication related to EUY activities,
• handling requests and complaints,
• improvement of website functionality and security.

5. Legal Bases for Processing (Article 6 GDPR)

Processing activities are based on one or more of the following legal grounds:
• Performance of a contract
(membership, event registration, certification services)
• Compliance with legal obligations
(accounting, insurance, statutory retention)
• Legitimate interests of the EUY
(management of a professional association, certification traceability, fraud prevention, website security)
• Consent, where required
(public teacher profiles, non-essential cookies, analytics and marketing tools)

Consent may be withdrawn at any time.

6. Data Recipients

Personal data is never sold or rented.

It may be transmitted, strictly where necessary, to authorised service providers acting as data processors, including:
• payment service providers (Stripe, Mollie),
• website hosting providers,
• IT service providers and WordPress plugins,
• insurance partners (at the teacher’s request),
• service providers responsible for producing and shipping teacher cards,
• accounting, legal, and financial advisors.

All such providers are bound by GDPR-compliant data processing agreements.
No data is transferred outside the European Union without appropriate safeguards.

7. Data Retention Periods

• Membership data: retained for the duration of membership
• Event-related data: retained for the period necessary for organisation and legal obligations
• Accounting data: retained in accordance with French legal requirements
• Training, certification, and diploma data:
retained without time limitation in order to ensure certification traceability, fraud prevention, and preservation of EUY’s institutional records
• Public directory data: removed at any time upon withdrawal of consent

8. Cookies, Trackers, and Analytics Tools

8.1 Use of Cookies

The website uses cookies and similar technologies (“trackers”) to ensure proper functioning, measure audience, and, where applicable, provide adapted content.

A cookie is a small text file stored on your device.

8.2 Categories of Cookies

Strictly Necessary Cookies
These cookies are essential for the operation of the website (security, forms, consent management).

Legal basis:
Article 6(1)(c) GDPR and legitimate interest – consent exemption in accordance with CNIL guidelines.

Analytics Cookies

Subject to your consent, the website uses analytics tools to measure traffic and usage.

Tool used:
• Google Analytics (Google Ireland Limited)

Data collected may include pages viewed, navigation duration, and anonymised technical data.
Transfers to servers outside the EU may occur and are governed by EU Standard Contractual Clauses.

Legal basis:
Article 6(1)(a) GDPR – consent.

Marketing and Social Media Cookies

Subject to your explicit consent, trackers may be used to measure the effectiveness of communication campaigns.

Tool used:
• Meta Pixel (Meta Platforms Ireland Ltd)

These tools may associate your browsing activity with a social media account, in accordance with the provider’s own privacy policies.

Legal basis:
Article 6(1)(a) GDPR – explicit consent.

8.3 Consent Management – Cookiebot

The website uses Cookiebot (Cybot A/S, Denmark) to collect, manage, and store proof of your consent in compliance with the GDPR.

On your first visit, a banner allows you to:
• accept or refuse cookies by category,
• modify your preferences at any time,
• withdraw your consent.

A “Cookie settings” link is available in the website footer.

8.4 Server Log Files

The hosting provider automatically collects certain technical data (IP address, date and time of access, browser type) for security and maintenance purposes.

Legal basis:
Article 6(1)(f) GDPR – legitimate interest.

9. Data Security

The EUY implements appropriate technical and organisational measures to ensure the security, confidentiality, and integrity of personal data and to prevent unauthorised access, loss, or alteration.

10. Data Subject Rights

You have the following rights under the GDPR and French law:
• right of access,
• right to rectification,
• right to erasure,
• right to restriction of processing,
• right to object,
• right to data portability,
• right to define instructions regarding the use of your data after death (French law).

11. Exercise of Rights

To exercise your rights, please contact:

European Union of Yoga (EUY)
Email: [email protected]
Address: 24 Rue Jean-Baptiste Pigalle, 75009 Paris, France

Proof of identity may be requested.

12. Right to Lodge a Complaint

If you believe that your rights are not respected, you may lodge a complaint with the competent supervisory authority:

CNIL – Commission Nationale de l’Informatique et des Libertés
www.cnil.fr

13. Hosting

The website is hosted within the European Union by:
• THINline s.r.o., Prague, Czech Republic
• Hetzner Online GmbH, Gunzenhausen, Germany

14. Changes to this Policy

This Privacy Policy may be updated at any time to reflect legal or operational changes. The version published on the website is the one currently in force.