Privacy Policy

What processing do we carry out with your personal data?

In compliance with Regulation (EU) 2016/679 and the Organic Law on the Protection of Personal Data, we inform you that your personal data may be subject to some of the following treatments:

TR04 -Advertising campaigns (Legal basis: Law 34/1988, of November 11, General Advertising.)

TR08-Gather the opinion of interested parties (Legal basis: Regulation (EU) 2016/679 on data protection and LOPD.)

TR03 – Selection of own personnel (Legal basis: Royal Legislative Decree 3/2015, of October 23, which approves the consolidated text of the Employment Law.)

TG01 – Own accounting and book management, as responsible. (Legal basis: Royal Decree 1514/2007, of November 16, which regulates the General Accounting Plan.)

TG25 – Data collection for own tax management (Legal basis: Law 58/2003, of December 17, General Tax.)

TG12 – Own labor management: data collection (Legal basis: Royal Legislative Decree 1/1994, of June 20, which approves the Revised Text of the General Law of Social Security.)

TR09 – Assurances on technical and organizational measures in the applied software (Legal basis: Regulation (EU) 2016/679 on data protection and LOPD.)

TE08 – Protection of Personal Data (Legal basis: Regulation (EU) 2016/679 and Organic Law 3/2018.)

TE02 – Prevention of occupational risks (Legal basis: Law 31/1995, of November 8, on the prevention of Occupational Risks.)

TE07 – Destruction of documents (Legal basis: Regulation (EU) 2016/679)

TV01 – Sales / Provision of Services (Legal basis: Commercial and Tax Legislation)

TE03 – Package transportation and/or shipping service (Legal basis: Royal Decree of August 22, 1885 by which the Commercial Code is published.)

TR05 – Emails (Legal basis: Commercial Code and other applicable legislation.)

TR01 – Information requests received (Legal basis: Commercial Code and other commercial provisions.)

TR07 – Management of incidents and/or security violations (Legal basis: Regulation (EU) 2016/679 on data protection and LOPD.)

TE04 – Management of own legal affairs (Legal basis: Applicable commercial and labor legislation.)

TE01 – Maintenance of computer systems (Legal basis: Commercial Code.)

About us?

We are responsible for the processing of your data. Therefore, both the interested parties and the competent bodies are expressly, precisely and unequivocally informed of the following aspects related to the data controller:

NOY - NOT ONLY YOGA
info@notonlyoga.com

What do we use your personal data for?

In this organization, we may process your personal data exclusively for the purposes indicated below:

Check that all the necessary technical measures are being carried out for the correct management of personal data with the applied software. Sending commercial and/or advertising information by email. Management of information requests received by the interested party about our products or services. Exclusive management of internal incidents detected in compliance with the requirements of the RGPD. Carry out advertising campaigns to advertise our services and/or products. Gather the opinion of interested parties. Selection of personnel to fill the necessary job vacancies. Comply with all the requirements provided for in the Occupational Risk Prevention Law. Sending parcels and correspondence. Manage any legal problem that affects the company. Manage, maintain and repair computer storage systems. Actions to carry out one's own labor management Actions to carry out one's own tax and accounting management Comply with the principle of limiting the period of conservation of personal data Compliance with the requirements demanded by Regulation (EU) 2016/679 and the Law Organic 3/2018. Administrative management of private clients PRIVACY POLICY Privacy policy RGPD 1 of 3 NOY - NOT ONLY YOGA, 28028 Madrid, info@notonlyoga.com 09/01/2021 Carry out the sale or provision of the contracted service

A commercial or user profile may be created based on the information provided or obtained. It is expressly reported that, in no case, profiles will be created with the data of a minor.

The personal data provided by you will be kept for the duration of the contractual relationship or, where applicable, while you do not exercise your right to object or withdraw the consent granted. To do this, you can go to the corresponding section on our website or send an e-mail to the address indicated in the section relating to the person responsible.

Why do we use them?

We are entitled to process your personal data for the following reasons:

Your unequivocal, informed and express consent, in those cases in which it is legally required, without, in any case, its withdrawal conditioning the execution of other treatments whose legitimacy is different, and without said withdrawal affecting the legality of the treatment prior to its withdrawal.

A legal obligation of the data controller.

The execution of the contract for the provision of services and/or sale of the corresponding products, signed by you.

The legal basis for the processing of your data is a legitimate interest of the controller. Said interest is supported by the prior carrying out of a proportionality or weighing judgment between the legitimate interest of the person responsible and the interests or rights and freedoms of the interested parties. This weighing has involved the evaluation of interest, the evaluation of the impact of the treatment on the interested parties, the balance between the two previous concepts and the implementation of additional guarantees. The final weight being favorable to the controller, the processing can be carried out in accordance with the applicable regulations on the protection of personal data. For any questions or clarifications, you can contact us through the email provided in the section corresponding to the data controller.

Who can we share your personal data with?

Your personal data will be communicated to the following companies and organizations: Tax Agency State Public Employment Service General Treasury of Social Security National Data Protection Agency Banks and savings banks

Your personal data will not be transferred to any third country or international organization.

What data do we process and how have we obtained it?

Your personal data will be incorporated into the following files, owned by the organization: FG01 Own accounting management FG02 Own labor management FG15 Own tax management. Data collection FE01 Computer maintenance FE02 Occupational risk prevention FE03 Transportation and shipping FE04 Own legal matters FR01 Requests for information received FR03 Selection of own personnel FR04 Advertising campaigns FR05 Emails FR07 Management of incidents and/or security violations FR08 Obtain the opinion of interested parties FR09 Security in software and hardware FE07 Destruction of documents FE08 Protection of Personal Data FP01 Clients

The personal data that we process in our organization comes from the following sources: The interested party himself.

What rights can you exercise?

PRIVACY POLICY Privacy Policy GDPR 2 of 3

PRIVACY POLICY Privacy policy GDPR 1 of 3 NOY - NOT ONLY YOGA , 28028 Madrid, 09/01/2021 – We guarantee the exercise of the rights that assist you in relation to the processing of your personal data. In particular, we inform you that you have the right to:

·Get confirmation as to whether your data is being processed.

·Exercise the right of access to the personal data that we have, obtaining information about the purposes of the treatment, the category of data processed, the possible recipients, the conservation period, the origin of the data and, where appropriate, the profiling or automated decision making.

·Exercise the right of rectification. For these purposes, we remind you that the personal data we have must always be a faithful reflection of reality, so do not hesitate to use your right in the event that any data is modified, changed or cancelled. You guarantee that the personal data that you have provided us by any means are true and accurate, and you undertake to notify any change or modification thereof, being your sole responsibility for any loss or damage caused to the person responsible or to any third party due to a communication of erroneous, inaccurate or incomplete information.

·For reasons related to your particular situation, you may object to the processing of your data, in which case our organization will stop processing the data, unless there are legitimate reasons that prevent it.

·Request the deletion of your personal data when, among other reasons, they are no longer necessary for the purposes described above or we no longer have the legitimacy to process them.

·Request the portability of your data, when the processing is carried out by automated means and provided that you are linked to our entity based on a signed contract or have given consent for the processing carried out. In these cases, you will have the right to receive your personal data in a structured, commonly used and machine-readable format, or to have it transmitted directly to another controller, when technically possible.

·In certain circumstances, you may request the limitation of the processing of your data, in which case we will only keep them for the exercise or defense of claims.

·Object to automated decision making, including profiling. These rights may be exercised free of charge, except in the cases legally provided for, by means of a written request signed by you or, where appropriate, by whoever represents you, addressed to the person responsible, at the addresses provided for this purpose in the first section, or physically in any of our establishments.

You also have the right to file complaints, either with the Spanish Data Protection Agency (on the website https://www.agpd.es/) or with the corresponding control authority.

Likewise, you may go to the Courts of Justice to claim compensation.

Finally, you have the right to withdraw your consent, as easily as you gave it. To do this, you can go to our website, where you will find the necessary information to quickly and easily cancel the authorization that has been granted to us to make these communications. You can also send an email to the address indicated in the section relating to the person responsible.

We also inform you that in each processing of your personal data, the possible threats and impacts that may occur as a consequence of the same are determined, mitigating or eliminating, if possible, the potential damages, through the application of the corresponding security measures that periodically They are reviewed to determine their effectiveness. Our control system also allows us to comply with the principles of the processing of your data, being able to prove to the interested party the principle of limitation to the purpose of the processing, the principle of limitation to the retention period, the principle of data minimization, as well as the principle of integrity and confidentiality.

Finally, we also inform you that you will periodically receive surveys that will allow us to know your opinion on any suggestion regarding the processing of your personal data, as well as to be able to comply with the principle of transparency and accuracy of the data processed.