Privacy Policy – Simonhoten360
Last updated: 11th December 2025
1. Who We Are
This Privacy Policy explains how Simon Hoten, trading as Simonhoten360 (“I”, “me”, “my”) collects, uses and protects your personal data.
I am the Data Controller for your personal information.
Email: simon@simonhoten360.co.uk
Phone: 07984613826
Address: 38 Cholmley Gardens, Hillfield Road, NW61AH
2. What Personal Data I Collect
I collect the following information:
2.1 Information you provide when booking
Full name
Email address
Mobile phone number
Payment information (handled securely by Bookwhen / Stripe - payment processor. I do not store card details)
2.2 Health information (special category data)
Health Questionnaire responses
This may include information about injuries, health conditions, pregnancy, or other relevant details needed to safely tailor your yoga classes.
2.3 Emergency contact information
Name and phone number of a next of kin or emergency contact
2.4 Website usage information
Cookies
IP address
Basic device information
Collected for website functionality and analytics.
3. How and Why I Use Your Data (Lawful Basis)
UK GDPR requires me to explain the lawful basis for each use of your data:
3.1 To provide yoga classes, workshops and services
Lawful basis: Contract
I use your booking details to register you, manage attendance, send class information, and process payments.
3.2 To tailor sessions and ensure your safety
Lawful basis for personal data: Legitimate Interests
Lawful basis for health data: Explicit Consent (Article 9(2)(a))
Health information is only collected with your clear consent and is used solely to adapt classes to your needs and support your wellbeing.
3.3 To contact you about urgent class changes
Lawful basis: Legitimate Interests
I may send service-related messages such as cancellations or waiting-list availability.
3.4 To send email marketing (news, updates, offers)
Lawful basis: Consent (PECR + GDPR)
You will only receive marketing emails if you have opted in.
You can unsubscribe at any time.
3.5 To ensure the website works properly and understand how it is used
Lawful basis:
Essential cookies: Legitimate interests
Analytics cookies: Consent (via cookie banner)
3.6 To use emergency contact details in urgent situations
Lawful basis: Vital Interests
4. How I Store and Safeguard Your Data
I take appropriate security measures to protect personal data, including:
Secure password-protected devices
Encrypted and reputable cloud service providers
Limited access to personal data
Secure storage of paper forms
Use of reputable third-party platforms with established security practices (Bookwhen, Mailchimp, Google)
5. Data Retention – How Long I Keep Your Information
I retain personal data only for as long as necessary:
Data Type Retention Period
Booking & attendance records. 6 years (legal accounting requirement)
Contact details (email/phone). As long as you remain an active client or until you request deletion
Health questionnaire forms. 4 years after your last class (per BWY professional guidelines)
Emergency contact details. Deleted when you are no longer an active client
Marketing email list data. Until you unsubscribe or withdraw consent
Website analytics data. In line with Google’s default retention settings
If you withdraw consent where applicable, I will delete the relevant data promptly unless I must keep it for legal reasons.
6. Sharing Your Data with Third Parties
I do not sell your data.
I may share your data only with:
6.1 Service providers I use to run my business
Bookwhen – class bookings and payment processing
Mailchimp – marketing email platform
Google Analytics – website analytics
These providers act as “data processors”, processing information on my behalf under strict contracts.
6.2 Emergency services
Emergency contact details may be shared only in an urgent situation affecting your safety.
7. International Data Transfers
Some third-party services I use (such as Google and Mailchimp) may store or process data outside the UK.
Where this occurs, I rely on legally approved safeguards such as:
The UK Addendum to the EU Standard Contractual Clauses (SCCs)
Adequacy decisions
Other appropriate safeguards recognised under UK GDPR
These measures ensure your data is protected to UK standards.
8. Cookies
The website uses essential cookies to function and optional analytics cookies to help me understand website use.
Essential cookies: Always active
Analytics cookies (Google): Used only with your consent via the cookie banner
You can manage your preferences using the cookie banner or through your browser settings.
For more information, visit:
https://ico.org.uk/your-data-matters/online/cookies/
9. Your Rights Under UK GDPR
You have the following rights over your personal data:
Right to be informed
Right of access (request a copy of your data)
Right to rectification
Right to erasure (“right to be forgotten”)
Right to restrict processing
Right to data portability
Right to object
Rights regarding automated decision-making and profiling (not currently used)
To exercise any of these rights, contact me at:
simon@simonhoten360.co.uk
Right to withdraw consent
Where I rely on your consent (e.g., health info or marketing), you may withdraw that consent at any time.
10. Links to Other Websites
My website may contain links to external sites.
I am not responsible for the privacy practices of those websites.
Please check their privacy policies before providing personal information.
11. Changes to This Policy
I may update this Privacy Policy occasionally.
When I do, I will update the “last modified” date at the top of the page.
Significant changes may also be announced via email or on my website.
12. Complaints
If you have concerns about how I use your data, please contact me first so I can try to resolve the issue.
You also have the right to lodge a complaint with:
The Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Phone: 0303 123 1113