Privacy Policy - Oxford School of Gymnastics

Oxford School of Gymnastics (“we,” “us,” or “our”) values your privacy and is committed to protecting your personal data. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit our website, oxfordschoolofgymnastics.com, and interact with our services. We are dedicated to handling your data with transparency, security, and in full compliance with applicable laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Commitment to Privacy and Data Protection

We respect your privacy and are committed to maintaining the confidentiality and integrity of your personal data. Our privacy practices are designed to provide transparency and to uphold your rights regarding your personal information. Safeguarding your data is a cornerstone of our digital ethics and operations.

2. Scope of Policy and Data Controller Role

This Privacy Policy applies to all users of our website, oxfordschoolofgymnastics.com, and to all personal data collected through our services. For purposes of the GDPR, Oxford School of Gymnastics is the data controller responsible for your personal data.

If you reside in California, this policy also reflects our obligations as a “business” under the CCPA regarding your personal information.

3. Categories of Data Processed

We may collect, use, store, and transfer several categories of personal data, which are detailed as follows:

a. Usage Data:
We collect information related to your browsing behavior, such as device type, browser type and version, IP address, pages visited, session duration, and other analytical data on user interaction and website performance.

b. Account Data:
When you register or sign up for services, we may collect your full name, residential address, email address, and phone number.

c. Profile Data:
This includes data related to your preferences, service history, behaviors on our platform, and past purchases or event registrations.

d. Communication Data:
We store communication records such as form submissions, support queries, correspondence via email, or other contact history when you engage with our team.

e. Technical Data:
Such data may include device model, operating system, settings and configurations, network identifiers, and diagnostic information.

f. Transaction Data:
We process payment-related data such as billing details, transaction amounts, delivery addresses, and confirmation records for services rendered.

g. Preference Data:
This includes choices regarding marketing communications, product interests, and notification preferences submitted via forms or your user account.

4. Legal Bases for Processing

We process your personal data only when a valid legal basis under applicable data protection law exists:

– Consent: Where you have freely given clear permission for processing related to marketing or optional data collection.
– Contract: When processing is necessary for fulfilling our obligations to you under a contract (e.g., event registration, service delivery).
– Legal Obligation: When required to comply with a legal or regulatory obligation.
– Legitimate Interest: When processing is necessary for our legitimate business purposes, unless those interests are overridden by your rights (e.g., fraud prevention, service improvement).

5. Your Rights

Under applicable data protection laws, you have the following rights:

– Right of Access: You can request copies of your personal data we hold.
– Right to Rectification: You may ask us to correct or complete inaccurate or incomplete information about you.
– Right to Erasure: In certain circumstances, you may request deletion of your personal data.
– Right to Restriction: You may request a limitation on how we use your data.
– Right to Data Portability: You have the right to receive your data in a structured, machine-readable format for transfer to another provider.
– Right to Object: You can object to processing based on our legitimate interests or for direct marketing purposes.

To exercise any of these rights, please contact us at [email protected].

6. Security Measures

We utilize state-of-the-art security protocols to ensure the confidentiality, integrity, and availability of your personal data:

– Data is secured using SSL encryption during transmission.
– Access controls are in place to restrict data access to authorized personnel only.
– Regular system backups and audits are performed.
– Staff receive training regarding data protection procedures and safe information handling.

While we strive to use commercially acceptable means to protect your personal data, no transmission or storage system can be guaranteed as completely secure.

7. International Transfers

Where your personal data is transferred outside of the European Economic Area (EEA) or other regions with comprehensive data protection laws, we implement appropriate safeguards, including Standard Contractual Clauses approved by the European Commission or other legally recognized mechanisms to protect your personal data abroad.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

– Usage and Technical Data: Kept for up to 12 months for analytics and performance monitoring.
– Account & Profile Data: Retained for the duration of your engagement with us and for 6 years afterwards to maintain legal records.
– Communication Data: Retained for up to 3 years following the last point of contact.
– Transaction Data: Retained for at least 7 years for compliance with tax and accounting laws.
– Marketing Preference Data: Kept until you unsubscribe or exercise your right to object.

When data is no longer required, it will be securely deleted or anonymized.

9. Cookie Policy

Our website uses cookies and similar technologies to distinguish you from other users. These include:

– Essential Cookies: Necessary for website functionality and security.
– Functional Cookies: Enhance usability and site personalization.
– Analytics Cookies: Collect aggregate data to improve user experience.
– Performance Cookies: Monitor website load times, navigation issues, and technical performance.

10. Cookie Management and Compliance

To comply with both GDPR and CCPA, we provide clear options for managing cookies. Through our cookie banner and consent management tool, users can:

– Accept or reject non-essential cookies.
– Change or withdraw consent at any time by accessing settings on our website.
– Access detailed information about each type of cookie used.

You may also adjust your browser settings to restrict or delete cookies.

11. Children’s Privacy

We do not knowingly collect or solicit personal information from children under the age of 13. If we learn that we have collected information from a child without verifiable parental consent, we will take appropriate steps to delete it. If you believe we may have collected data from a child, please contact us at [email protected].

12. Policy Updates and User Notifications

We may update this Privacy Policy to reflect operational, legal, or regulatory changes. You are advised to review this page periodically for any modifications. Material changes will be communicated via the website or direct notice when appropriate. Continued use of our services constitutes your acknowledgment of such changes.

13. Contact Information

For any questions regarding this Privacy Policy, your personal data, or to exercise your rights, please contact us at:

Oxford School of Gymnastics
Email: [email protected]
Website: https://oxfordschoolofgymnastics.com

We are fully committed to complying with all applicable privacy laws, including the GDPR and CCPA. If you have concerns about how your data is being used, please reach out to us — your privacy matters.