Your Privacy Policy sets out how you will collect personal and sensitive information from your customers, visitors to your website or visitors to your yoga studio.

What should be included in a Privacy Policy

In the course of business, it is likely that you will be collecting lots of different types of personal information from the customers using your yoga studio, including their name, contact details, emergency contact details and other information about their preferences. Your Privacy Policy should list all of the different types of information you will collect.

You should list how this information will be used, for example, you will be using customers’ email addresses to email them new class details or for marketing other opportunities to them. You should also include details of any third parties to whom you may be providing their personal information.

Sensitive Information

Sensitive information is a sub-set of personal information that is given a higher level of protection under the Australian Privacy Principles. As a yoga studio, it is likely that you will be collecting sensitive information.

Some of the types of sensitive information that you may collect includes health information, such as injuries and ailments, their weight and other types of health information. You may also be collecting sensitive information that relates to religious or philosophical beliefs, as this may be addressed as a part of the yoga services you are providing. Your yoga studio may also subscribe to spiritual practices which may be reflected in the personal information you keep about clients.

You should set out when this information will be disclosed, for example, will any of this information be disclosed to third parties, or will it only be disclosed when required for by law?

Rights under the Privacy Act

Your Privacy Policy should address the rights provided for in the Privacy Act 1988 (Cth). This includes that each person has a choice as to the material they provide and should be aware of how their information will be used. Each person who is providing you with personal information can limit how this information is used, for example they may have provided you with their personal information to find out about classes. They should have the option to remove their name from any marketing lists by unsubscribing from them or emailing you.

Each customer and visitor to your website should have access to their personal information if requested, and under certain circumstances set out in the Privacy Act 1988 (Cth). Depending on the complicated nature of retrieving the information, you may be able to charge fees for its retrieval.

Visitors should also have the opportunity to correct or amend incomplete or out-of-date information and you should respond to these requests promptly and appropriately. You should provide contact details on your Privacy Policy and have a complaints procedure in place to deal with any complaints as they arise.

Conclusion

As a yoga studio you have access to a number of different types of personal information including health and sensitive information. Therefore it is important to have a Privacy Policy that addresses how and why you are collecting information as well as put into practice the appropriate privacy policies and procedures. So if you’re in need of legal advice in regards to drafting a Privacy Policy for your yoga studio, contact us on 1300 544 755 and speak with one of our experienced privacy lawyers.

 

Edith Moss

Next Steps

If you would like further information on any of the topics mentioned in this article, please get in touch using the form on this page.