Privacy Policy
1. Introduction
At Oxford School of Gymnastics (“we”, “our”, or “us”), accessible via https://oxfordschoolofgymnastics.com, we are committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal data to ensure full compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Our approach is rooted in integrity and transparency, ensuring that your personal information is handled with the utmost care and in accordance with your rights.
2. Scope and Data Controller
This Privacy Policy applies to personal data collected when you access or use our website, communicate with us, or otherwise engage our services. Oxford School of Gymnastics acts as the data controller for the purposes of GDPR and as the business under CCPA, responsible for the processing of your personal data.
If you are located in the European Economic Area (EEA) or the United Kingdom, Oxford School of Gymnastics is the legal entity determining the purposes and means of processing your personal data.
3. Categories of Data We Process
We may collect, use, store, and transfer the following categories of personal data:
a. Usage Data: This includes information about how you use our website, such as your IP address, browser type, operating system, referral URLs, pages viewed, and session durations.
b. Account Data: Information you provide when creating an account or enrolling, including your full name, billing and delivery address, email address, and telephone number.
c. Profile Data: Includes your interests, preferences, feedback, participation in gymnastic activities, and records of your interactions on our website.
d. Communication Data: All data contained within support requests, email correspondence, contact form submissions, and customer service interactions.
e. Technical Data: Device-related information such as hardware models, device identification numbers, operating systems, and browser settings.
f. Transaction Data: Details about payments made, courses enrolled in, transaction identifiers, and service or product delivery data.
g. Preference Data: Information pertaining to your marketing preferences, communication consents, and product interest declarations.
4. Legal Bases for Processing Personal Data
We process your personal data under the following legal bases, as applicable under the GDPR:
– Consent: Where you have explicitly consented to data processing, i.e., for email marketing or use of cookies beyond those strictly necessary.
– Contractual Necessity: When data processing is required to fulfil a contract, such as managing your account, processing your gymnastic enrollments, or handling transactions.
– Legal Obligation: When we are mandated to process data to comply with legal or regulatory requirements.
– Legitimate Interests: Where it is reasonable and does not override your data protection interests, such as improving our services, ensuring system security, and personalizing your experience.
5. Your Rights Under Data Protection Laws
You have the following rights depending on the jurisdiction applicable to you:
– Right of Access: You may request a copy of the personal data we hold about you.
– Right of Rectification: You can request corrections to any inaccurate or incomplete data.
– Right to Erasure (“Right to Be Forgotten”): You may request that we delete your personal data under specific circumstances.
– Right to Restrict Processing: You can ask us to suspend processing in certain scenarios.
– Right to Data Portability: You are entitled to receive the personal data concerning you in a structured, commonly used, and machine-readable format.
– Right to Object: You can object to processing where we rely on legitimate interest or for direct marketing purposes.
– For California Residents: The CCPA grants additional rights, including the right to know how your data is collected and shared, the right to opt out of the sale of personal information, and freedom from discrimination for exercising these rights.
To exercise your rights, contact us at [email protected].
6. Security Measures
We employ industry-standard organizational and technical safeguards to ensure the security of your personal data:
– Secure encryption protocols to protect data transmissions.
– Role-based access control restricting data to authorized personnel only.
– Regular system and data backups.
– Employee training on privacy best practices and data protection obligations.
7. International Data Transfers
If we transfer personal data outside the EEA or UK—to jurisdictions that may not offer the same level of protection—we ensure that appropriate safeguards are in place. These may include Standard Contractual Clauses approved by the European Commission or other legally recognized mechanisms that ensure equivalent levels of data protection.
8. Data Retention
Your personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, including for the satisfaction of legal, regulatory, accounting, or reporting requirements. Retention periods per category are as follows:
– Usage and Technical Data: Retained for up to 12 months.
– Account and Profile Data: Retained for the duration of your account’s active status and up to 6 years after closure.
– Communication Data: Retained for up to 2 years post interaction.
– Transaction Data: Kept for up to 7 years for auditing and legal compliance purposes.
– Preference Data: Maintained until you withdraw your consent or update settings.
9. Cookie Policy
We utilize cookies and similar technologies that may include:
– Essential Cookies: Necessary for website functionality and security.
– Functional Cookies: Enhance user experience by remembering preferences.
– Analytics Cookies: Help us analyze website usage and traffic patterns.
– Performance Cookies: Improve speed and responsiveness of the site.
10. Cookie Consent and Management
On your first visit to oxfordschoolofgymnastics.com, you will be presented with a cookie banner to manage your preferences. Consent for non-essential cookies is obtained in line with GDPR requirements. CCPA-compliant measures are in place to ensure California residents can opt out of tracking.
You can also manage cookie settings directly through your browser or by reconfiguring preferences via our cookie management tool accessible on our website.
11. Children’s Privacy
Oxford School of Gymnastics is committed to protecting the privacy of children. We do not knowingly collect or solicit personal data from individuals under the age of 13 without verifiable parental consent. If we learn that we have collected personal data from such a child, we will delete that information promptly. Parents or legal guardians should contact [email protected] if they believe we have collected information from their child.
12. Changes to this Privacy Policy
We may revise this Privacy Policy from time to time to reflect changes to our operations or legal obligations. Material changes will be communicated on our website or directly to you when required by law. Please check this page periodically to stay informed of updates.
13. Contact Us
If you have any questions, requests, or concerns regarding this Privacy Policy or our data handling practices, please contact us at:
Oxford School of Gymnastics
Email: [email protected]
Website: https://oxfordschoolofgymnastics.com
We are fully committed to respecting your rights under all applicable data protection laws. For any privacy concerns, do not hesitate to reach out to us directly.