<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1835777366718549&amp;ev=PageView&amp;noscript=1">
10 Beaverhall Road, Edinburgh, EH7 4JE
0131 659 9922
support@yogaallianceprofessionals.org

Privacy Policy

Effective Date: December 3, 2025
 

Who are we

Yoga Pros (“we”, “us”, “our”) provides professional membership, accreditation, and related services for yoga teachers, schools, and practitioners. This Privacy Policy explains how we collect, use, share, and protect your personal data when you interact with us online (including at www.yogaallianceprofessionals.org, member.theyogapros.org) and offline.

  • Controller: Yoga Pros, 10/2 Beaverhall Road, Edinburgh, EH7 4JE, United Kingdom
  • Privacy contact and General support: [support@yogaallianceprofessionals.org]

Please read this Policy together with our Cookies Policy.

1. The data we collect

Depending on your relationship with us, we collect:

  • Identity & contact: name, professional/“yoga” name, postal address, date of birth, email, telephone.
  • Account & membership: username, membership level/status, membership dates, renewal and payment history, training school and graduation date, CPD/further training information (we do not store copies of certificates by default).
  • Public profile content: biography, website and social links, photos, videos, listings (workshops, retreats, teacher training, jobs), articles, promotions/coupons you choose to publish.
  • Communications: emails, secure messages, webchat, support tickets, survey responses.
  • Transaction & payments: amounts paid, invoice/tax details. We do not store full card numbers or CVV (see Section 7).
  • Technical & usage: IP address, device/browser data, pages viewed, referring site, cookie identifiers (see Cookies Policy).
  • Enquiry data: information you submit via contact forms to reach members (see Section 5).

Special category data. We do not intentionally seek health or other special category data. If you choose to provide such information (e.g., free-text fields), we will process it only where necessary and with appropriate safeguards.

2. Where do we obtain your data

  • Directly from you: applying for or managing membership; creating/updating a profile; posting and sharing content; contacting us; requesting resources; completing forms and surveys.
  • From training schools: name, contact details, and course start/graduation dates (provided by your trainer under their terms) to facilitate trainee/teacher onboarding.
  • From systems we use: analytics, anti-fraud/security tools, and payment processors.
  • From Business Partners and other Third Parties: personal and non-personal information about you from other business partners and other third parties. Examples of information that we may receive include (but are not limited to): updated address information, and additional demographic information.
  • From public sources/partners, where lawful (e.g., address updates).

How Long Do We Keep Your Data?

The relevant information will remain on your public profile and account as long as you maintain your membership.

If you do not renew your membership by the required date, you will have a 7-day window to do so. If you fail to renew within this period, we will remove your online profile from our website. After this time, your account will be downgraded to a free practitioner account, which has limited functionality.

Any information you provide on your public profile, except for your profile photo, will be removed from public view and stored in our secure SQL database temporarily.

If you wish to have your profile information permanently deleted, please complete the data deletion form

If you choose not to have a practitioner account, we will retain a record of your membership on our payment gateway for 7 years following your cancellation date. During this time, we will keep your name, email address, and payment details. After you cancel, we will remove your credit card information from our system.

Additionally, if information has been shared with third parties as described in this Privacy Policy, the retention of that information will be subject to the policies of those third parties.

While we will remove your profile from our website upon your request, we cannot guarantee that this change will be reflected immediately on Google or other search engines, as internet governance is beyond our control. Removal from our website relies on reindexing by Googlebots and other web crawlers.

We may keep your personal information longer than stated for archiving, research, or ongoing disputes. In such cases, we will assess the sensitivity and volume of the information retained and whether the purpose for extending the retention can be achieved through other means.

Security of your personal information

Your personal data security is very important to us, and we take it seriously. We will implement appropriate procedures and security measures to process and protect your information. The information you provide on application forms, contact forms, and your membership profile will be sent to servers located in the IBM/SoftLayer data center in the United States, which adheres to the latest security best practices. Our website developers also operate from the United States.

We employ a range of security measures, including physical, electronic, and procedural safeguards, to protect your personal information from unauthorised access and disclosure. For example, only authorised employees can access your personal information, and they can do so only for approved business purposes. We use firewalls to help prevent unauthorised individuals from accessing your personal information.

We want you to feel confident using our website; however, no system can be completely secure. While we take steps to protect your information, we cannot guarantee that your personal information, searches, or other communications will always remain secure. This Privacy Policy complies with the General Data Protection Regulation (GDPR) 2018.

For further information on how to protect yourself against identity theft, please refer to the National Crime Agency’s website.

3. Our purposes and lawful basis


We process personal data only where we have a lawful basis under UK GDPR.

Purpose Examples Lawful basis

Purpose

Examples 

Lawful Basis 

Membership Administration and Services 

Create/manage accounts, billing, renewals, support, service messages

Contract to provide services, legitimate interests to operate services

Publishing your professional profile

Display profile, listings, event, articles, media you choose to post

Contract and legitimate interests, member directory

Training & accreditation

Record training, school details, graduation date

Contract; Legitimate interests

Insurance facilitation

Share limited details with our broker to facilitate cover where applicable

Contract; Legitimate interests; Legal obligation (where applicable)

Security & integrity

Account security, fraud prevention, misuse detection, platform monitoring

Legitimate interests; Legal obligation

Analytics & improvement

Analyse use of our site/services to improve performance and content

Consent (for non-essential cookies/analytics)

Marketing

Newsletters and information about our services

Consent, or soft opt-in (own similar services) with opt-out

 

You may withdraw consent at any time where consent is our basis. 

Where we rely on legitimate interests, we balance those interests against your rights and expectations.

Use of Cookies 

Upon your first visit to our website on any device or web browser, and every 30 days thereafter, you will be prompted to accept or decline cookies from yogaallianceprofessionals.org. If you choose to decline cookies, you are denying consent for this website to store any cookies and local storage, which will also remove any existing cookies that have already been stored. You may delete or decline cookies by adjusting your browser settings. Please be aware that declining cookies may affect some features and services of our website.

If you choose to accept cookies, we will collect information from your browser, which may include your IP address, browser type and language, access times, the contents of any undeleted cookies previously accepted from us, and the referring website address.

If you want more information about cookies we use please go to our cookies policy page.

4. Contact forms and sharing enquiries with members 

Our directory website includes contact forms that allow yoga practitioners to message Yoga Pros members (e.g., teachers/trainers). When you submit such a form:
  • We create a free practitioner account (if you are not already a member) for you on our site (to manage your enquiry).
  • We share your enquiry details with the relevant member(s) so they can respond.
  • Lawful basis: Legitimate interests (connecting enquirers with members). You can object at any time.
  • When a member receives your details, they act as an independent controller for their replies and processing. Please review the member’s privacy notice for their use of your data.

Blogs, Announcements, Reviews, and Social Media Groups

Our website provides areas for you to share personal information, communicate with others, post reviews, and upload content like pictures and videos. These activities are governed by our Terms & Conditions and may appear on other websites or in search results. We might also share your posts on our social media accounts. 

Please remember that any personal information you disclose on public pages can be accessed and used by others. For example, posting your email address may result in unsolicited messages. We cannot control how others use your information, so be cautious about what you share. Once posted, you may not be able to edit or delete your content.

5. Disclosures of your data

We only share your data where necessary, with appropriate safeguards:

  • Insurance broker: Limited member information to facilitate insurance (see below*).
  • Payment processing: See Section 7.
  • Service providers (processors): Hosting, platform, CRM, payment gateway, email delivery, analytics, customer support tools, developers, and security/anti-fraud providers that act on our instructions.
  • Legal/compliance: HM Revenue & Customs, regulators, law enforcement, courts, auditors, insurers, and professional advisers where required by law or to establish, exercise, or defend legal claims.
  • Corporate events: If we undergo restructuring or a transfer, data may be shared under appropriate safeguards.

* For members residing in the UK and Ireland with insurance coverage under our group Master Insurance Policy, our insurance broker is Balens Ltd, and we are an Authorised Introducer for them. To facilitate the setup of your insurance, we will share your name, email, address, payment date, and membership dates with them.

If you request access to our Dutch or Corporate insurance options, we will provide your name and contact details to Balens Ltd. They will reach out to you directly to discuss your specific needs.

Yoga Pros is confident that Balens Ltd has implemented appropriate and adequate technical and organisational measures to ensure the security of your personal data. Additionally, Balens Ltd will never share your information with anyone else.

Third-Party Administrative Support

We engage a reliable third-party service provider to help with our administrative processes. This provider has undergone extensive due diligence, including checks for compliance with GDPR, and has shown that they have implemented proper safeguards and security measures to protect personal data. We also have a data processing agreement in place to ensure that your information is handled lawfully, transparently, and securely in accordance with data protection regulations.

Aggregate Information

Aggregate information refers to data that does not include any personal details and consists of numerical statistics, such as the number of visitors to our website and the most popular features accessed. We may share this information with current and prospective members, as well as third parties. This data can be utilised for business analysis and to develop additional website content and services that we believe our members will find interesting. Furthermore, aggregate information may be used to customise content for your personal membership profile newsfeed.

We do not sell your personal data.

6. Payments and card security

Payments are processed by our PCI-DSS compliant payment provider(s) (e.g., Stripe / PayPal / BACS). We do not store full card numbers or security codes on our systems. We retain a token and the last four digits/expiry for recognition, recurring payments you authorise, and chargeback handling.

7. International transfers (other providers)

Some of our other service providers are located outside the UK. If personal data is transferred internationally, we use appropriate safeguards (e.g., IDTA/UK Addendum, adequacy regulations) and conduct transfer risk assessments. 

8. Data retention

  • Member records: payment information is retained for the duration of membership and then for up to 7 years after cancellation for tax, accounting, and record-keeping.
  • Public profile content: removed from public view when membership lapses or you delete it. Copies may persist in backups for a limited period. Search engine results may take time to refresh and are outside our control.
  • Enquiry/practitioner accounts: retained as needed to manage enquiries and for a reasonable period thereafter.
  • Marketing preferences/consent records: retained as long as necessary to evidence compliance.

We retain data only as long as necessary for the purposes described or as required by law.

9. Marketing communications

We send service and administrative messages (e.g., membership, billing, policy updates) as part of our contract with you. 

We send marketing emails about Yoga Pros services:

  • Where we have your consent, or
  • Under the soft opt-in (you purchased or negotiated to buy a similar service and were given a clear opportunity to opt out at collection and in every message).

You can opt out of marketing at any time using the unsubscribe link in each email or by contacting us. Opting out of marketing does not affect service messages.

10. Your rights

You have rights under UK GDPR, including the right to access, rectification, erasure, restriction, portability, and objection to processing (including profiling for direct marketing). Where we rely on consent, you may withdraw consent at any time. To exercise your rights, contact us using the details in Section 1.

You also have the right to complain to the Information Commissioner’s Office (ICO):

  • ico.org.uk/concerns | +44 303 123 1113
  • Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

We will respond to valid requests within one month (extendable by two months for complex requests).

11. Security

We implement appropriate technical and organisational measures to protect personal data, including access controls, encryption in transit and at rest where appropriate, role-based permissions, logging, staff training, and regular testing. No system is entirely secure; we continually assess and enhance our safeguards.

12. Children

Our services and website are not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with data, please contact us, and we will take appropriate steps.

13. Third-party websites

Our site may contain links to third-party websites (e.g., member websites, listings, advertising). Those sites have privacy policies, and we are not responsible for their practices. Please review their policies before providing personal data.

14. Correcting personal data

To update your information, log into your Yoga Pros account and make the necessary changes. 

If the information you need to correct is not found on your Yoga Pros account, you can contact us at support@yogaallianceprofessionals.org or write to Yoga Pros, 10/2 Beaverhall Road, Edinburgh, EH7 4JE. 

Accessing Your Personal Data and Rights 

You can request access to your personal data and exercise your rights, including: 

- Restricting or objecting to the processing of your data (see Note 1). 

- Requesting deletion of your personal data (see Note 1). 

- Receiving a copy of your data in a structured, machine-readable format. 

Note 1

It is important to note, that under the GDPR, your request to restrict or object to processing, or erase your personal data doesn’t automatically lead to a requirement for processing to stop, or for personal data to be deleted, in all cases.

Restricting Data

You can choose not to provide certain information, which may limit your access to some website features. You can also unsubscribe from commercial or promotional emails when you wish. We may still send transactional emails, like service announcements and renewal notifications, without an unsubscribe option.

15. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our services, providers, or the law. We will post the latest version on our website. Where changes materially affect your choices, we will provide a prominent notice.

16. How to contact us

  • Post: Yoga Pros, 10/2 Beaverhall Road, Edinburgh, EH7 4JE, United Kingdom
  • Support: support@yogaallianceprofessionals.org