Privacy Policy of Greystones Yoga
Personal Data Collected by This Application
This Application collects certain personal data relating to users, either independently or through third-party services.
Types of Data Collected
The personal data collected includes, but is not limited to:
• First Name
• Last Name
• Email Address
• Cookies
• Usage Data
Detailed information about each category of data processed is provided in the dedicated sections of this policy or in specific notices displayed before the data is collected.
Methods of Collection
Data may be:
• Voluntarily provided by the user, for example through contact forms, registration, or access to restricted content;
• Automatically collected during use of the Application (e.g., browsing data, IP addresses, technical preferences, interactions with the site).
Unless otherwise specified, all data requested by this Application is mandatory and necessary to ensure proper functioning of the service. Failure to provide such data may make it impossible for the Application to provide the service.
Where certain data is indicated as optional, users are free not to communicate such data without affecting the availability or functionality of the service.
If you are uncertain about which personal data is mandatory, you are encouraged to contact the Data Controller.
Use of Cookies and Tracking Tools
This Application may use cookies and similar tracking technologies, both proprietary and third-party, to provide the service requested by the user and for other purposes described in this policy and, where available, in the Cookie Policy.
Personal Data of Third Parties
Users are fully responsible for any third-party personal data they share, publish, or communicate through this Application, and confirm that they have the right to do so. The user releases the Data Controller from any liability towards third parties.
Methods and Place of Processing the Collected Data
• Processing Methods
Security of processing and access to personal data.
The Data Controller adopts appropriate technical and organizational security measures to protect personal data from unauthorized access, disclosure, alteration, or unlawful destruction.
Processing is carried out using IT and/or telematic tools, following procedures strictly related to the purposes stated in this policy and in compliance with principles of confidentiality and integrity.
In addition to the Data Controller, data may be accessible—within the limits of their respective duties—to authorized individuals within the organization (such as administrative, sales, legal, or marketing staff, as well as system administrators) and to external service providers (e.g., hosting providers, developers, communication agencies, IT consultants, postal couriers) who are appointed, where necessary, as Data Processors under Article 28 of the GDPR.
An up-to-date list of external Data Processors can be requested from the Data Controller at any time.
• Legal Basis for Processing
The Data Controller may process the User’s Personal Data if one of the following legal bases applies:
• The User has given consent for one or more specific purposes. Note: in some jurisdictions, the Data Controller may be allowed to process Personal Data without the User’s consent or another legal basis as long as the User does not object (“opt-out”) to such processing. However, this is not applicable where the processing of Personal Data is subject to European data protection law;
• Processing is necessary for the performance of a contract with the User and/or for pre-contractual measures;
• Processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
• Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.
In any case, the Data Controller will gladly help clarify the specific legal basis that applies to the processing and, in particular, whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
• Location of Processing
The Data is processed at the operational offices of the Data Controller and in any other place where the parties involved in the processing are located. For more information, please contact the Data Controller.
The User’s Personal Data may be transferred to a country other than the one where the User is located. To obtain more information about the location of processing, the User can refer to the section detailing the processing of Personal Data.
The User also has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to any international organization governed by public international law (such as the United Nations), and the security measures adopted by the Data Controller to safeguard the Data.
Should such a transfer take place, the User may refer to the relevant sections of this document or contact the Data Controller using the contact details provided at the beginning.
• Retention Period
Personal Data is processed and stored for as long as required by the purpose it was collected for. Therefore:
• Personal Data collected for purposes related to the performance of a contract between the Data Controller and the User will be retained until such contract has been fully performed.
• Personal Data collected for the purposes of the legitimate interests of the Data Controller will be retained as long as needed to fulfill such purposes. The User may find specific information regarding the legitimate interests pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller.
When the processing is based on the User’s consent, the Data Controller may retain Personal Data for a longer period until such consent is withdrawn. Furthermore, the Data Controller may be obliged to retain Personal Data for a longer period where required to do so for compliance with a legal obligation or by order of an authority.
Once the retention period expires, Personal Data will be deleted. Therefore, the right to access, erasure, rectification, and the right to data portability can no longer be exercised after this period has expired.
• Purposes of Processing the Collected Data
User Data is collected to allow the Data Controller to provide its services, as well as for the following purposes: contacting the User, interaction with social networks and external platforms, and protection against SPAM.
For more detailed information about the purposes of processing and the specific Personal Data used for each purpose, the User may refer to the relevant sections of this document.
• Details on the Processing of Personal Data
Personal Data is collected for the following purposes and using the following services:
• Use of Google Fonts
Our website uses Google Fonts, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to ensure a consistent and optimized display of typographic fonts.
Usage Details:
• Google Fonts may be loaded locally from our server (GDPR-friendly mode), or
• Loaded from Google’s external servers. In this case, when a user visits our website, their browser automatically establishes a connection with Google’s servers.
Personal Data processed (only when loaded from Google’s servers):
• IP Address
• Browser and device information
• Visited page
Purpose of Processing:
• Consistent display of content
• Enhanced user experience and loading speed
Legal Basis:
Processing is based on our legitimate interest (Art. 6(1)(f) GDPR) in providing efficient and aesthetically pleasing navigation.
Data Transfers:
If fonts are loaded from Google’s servers, data may be transferred outside the European Economic Area (e.g., to the USA). Google ensures compliance through Standard Contractual Clauses approved by the European Commission.
For more information about how Google processes personal data, please refer to their Privacy Policy:
👉 https://policies.google.com/privacy
• Data Collection via Registration Forms
To access restricted content, such as an informational video, the user may be invited to fill out a registration form. The data requested includes:
• First Name
• Email Address
• Phone Number
Purpose of Processing:
• To allow the user to access the requested content (video or other restricted material)
• To send informational or promotional communications about our services (subject to prior consent)
• Potential follow-up contact from our team for commercial or support-related purposes
Legal Basis:
• Performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR), in order to provide access to the requested video
• User consent (Art. 6(1)(a) GDPR) for sending promotional communications
Data Retention:
The data provided will be retained only for as long as strictly necessary to achieve the purposes described above and, in any case, no longer than 24 months unless the user withdraws consent earlier.
Provision of Data:
Providing the data is optional, but necessary to access the requested content. Failure to provide the data will make it impossible to view the video.
Data Subject Rights:
At any time, the user may exercise their rights under Articles 15–22 of the GDPR, including:
• Access to personal data
• Rectification or deletion
• Restriction of processing
• Objection to processing
• Data portability
• Withdrawal of consent
To exercise these rights, please write to: info@greystonesyoga.ie
• Use of Facebook (Meta) Tools
Our website may incorporate tools and technologies provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, such as:
• Facebook Pixel
• “Like” or “Share” buttons
• Embedded Facebook content (e.g., posts or videos)
These tools may collect personal data even if the user does not have a Facebook account or is not logged in at the time of the visit. The data collected may include:
• IP address
• Browser and device information
• Pages visited
• Actions taken on the site (e.g., form submissions, purchases, clicks)
Such data may be used by Meta for ad profiling, traffic analysis, and ad personalization on Facebook, Instagram, or other sites.
These data may also be transferred outside the European Union, particularly to the United States, with potential risks related to such transfers.
For more information on how Facebook/Meta processes data, please refer to their privacy policy:
👉 https://www.facebook.com/privacy/policy
• Use of Embedded YouTube Content
Our website may embed videos through the YouTube platform, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
YouTube videos are embedded using the “enhanced privacy mode,” which prevents YouTube from storing user information unless the user voluntarily plays the video.
However, once a video is played, YouTube may collect personal data such as:
• IP address
• Device and browser information
• Webpage visited
• User preferences related to YouTube (via cookies)
These data may be transferred to the United States, where data protection standards may not be equivalent to those in the EU. The use of such videos is subject to Google’s privacy policy, available at:
👉 https://policies.google.com/privacy
If you do not wish YouTube to collect personal data, we recommend not interacting with embedded video content.
• Use of Google Analytics
This website uses Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Purpose of Processing:
Google Analytics helps us analyze user behavior on the site in aggregated form to:
• Improve content and user experience
• Detect technical issues
• Monitor traffic and site performance
Data Collected:
• IP address (with IP anonymization enabled)
• Technical data from the browser and device
• On-site events and interactions (clicks, scrolls, time on page, etc.)
• Traffic source (e.g., search engine, social media, referral…)
IP Anonymization:
We have enabled the IP anonymization feature provided by Google Analytics. This means the user’s IP address is truncated within the EU/EEA before transmission to Google servers and is never fully recorded.
Legal Basis:
Processing is based on the user’s explicit consent (Art. 6(1)(a) GDPR), collected via the cookie banner upon first site visit.
Data Transfers:
Data may be transferred to Google servers located outside the EU, particularly in the United States. Google states it ensures adequate protection through Standard Contractual Clauses approved by the European Commission.
Data Retention Period:
Data collected through Google Analytics is retained for a maximum period of 14 months, according to the configuration set by the controller.
Withdrawal of Consent:
You may change or withdraw your consent to the use of Google Analytics at any time by clicking on “Cookie Preferences.” Alternatively, you can install the browser add-on to disable Google Analytics:
👉 https://tools.google.com/dlpage/gaoptout
Further information:
👉 https://policies.google.com/privacy
• Hosting and Backend Infrastructure
Our website is hosted by Blacknight Internet Solutions Ltd, located at Unit 12A, Barrowside Business Park, Graiguecullen, Carlow, R93 X265, Ireland. Blacknight provides the infrastructure needed to ensure site accessibility, security, and performance.
Data Processed by Blacknight:
• User’s IP address – used for technical and security purposes such as traffic monitoring and unauthorized access prevention
• Technical information about the device and browser – such as operating system, browser type, and other connection metadata, used for proper functioning and service optimization
Purpose of Processing:
• Hosting service provision – ensuring the website’s correct operation and availability
• Performance optimization – improving load times and stability through reliable, geographically located server infrastructure
• Data security – protecting the site from unauthorized access and ensuring confidentiality of processed data
• User Rights
As data subjects, users may exercise a range of rights in relation to the processing of their personal data by the Data Controller. In particular, pursuant to Articles 15 et seq. of the GDPR, users have the right to:
• Withdraw Consent: Users may withdraw previously given consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Object to Processing: Users may object to the processing of their personal data where it is carried out on a legal basis other than consent, such as the Data Controller’s legitimate interest. More information is available in the section dedicated to the right to object.
• Access Their Data: Users have the right to obtain confirmation as to whether or not personal data concerning them is being processed, and, if so, to access such data and receive a copy, as well as information about the methods and purposes of the processing.
• Request Rectification: Users may request that their personal data be updated, amended, or corrected if inaccurate or incomplete.
• Request Restriction of Processing: Under certain conditions, users may request the restriction of the processing of their personal data. In this case, the Data Controller will retain the data but will not process it for any other purpose except as required for legal claims or defenses.
• Request Deletion of Data: Where the conditions of the law are met (e.g., the data is no longer necessary for the purposes for which it was collected, or consent has been withdrawn), users may request the deletion of their data (“right to be forgotten”).
• Request Data Portability: Users have the right to receive their personal data in a structured, commonly used, machine-readable format and, where technically feasible, to have it transmitted directly to another controller. This right only applies to data processed by automated means and based on consent or contract.
• Lodge a Complaint: Users may lodge a complaint with the Irish Data Protection Commission (www.dataprotection.ie) or with the competent supervisory authority in their Member State. They also have the right to pursue legal action if they believe their data protection rights have been violated.
• Right to Object to Processing
Users have the right to object, at any time, to the processing of their personal data when it is carried out:
• for the performance of a task in the public interest,
• in the exercise of official authority vested in the Controller,
• or for the purposes of the legitimate interests pursued by the Controller.
Objection must be justified only in cases where processing is based on one of these legal bases, and must include reasons related to the user’s particular situation.
Where personal data is processed for direct marketing purposes, users may object at any time without providing any justification. To verify whether the Controller processes data for marketing purposes, please refer to the relevant sections of this document.
• How to Exercise Your Rights
To exercise their rights, users may contact the Data Controller using the contact details provided in this notice. Requests are free of charge and will be handled by the Data Controller as soon as possible and in any event within one month, in accordance with Article 12 of the GDPR.
• Legal Defense
The User’s personal data may be used by the Data Controller in legal proceedings or in the preparatory stages thereof to defend against misuse of this Application or related Services.
The User acknowledges that the Data Controller may be required to disclose personal data by order of public authorities.
• Additional Information
Specific Information Requests:
Upon request, this Application may provide users with contextual information regarding specific services or the collection and processing of personal data not otherwise detailed in this privacy policy.
System Logs and Maintenance:
For operational and maintenance purposes, this Application and any third-party services it uses may collect system logs, i.e., files that record interactions and may also contain personal data such as the user’s IP address.
Information Not Contained in This Policy:
Further information regarding the processing of personal data may be requested at any time from the Data Controller using the contact details provided in this document.
• “Do Not Track” Requests
This Application does not support “Do Not Track” requests.
To determine whether any third-party services used support such functionality, users are encouraged to consult their respective privacy policies.
In any case, cookie and privacy preferences may be managed directly through the user’s browser settings.
• Changes to This Privacy Policy
The Data Controller reserves the right to make changes to this privacy policy at any time, notifying users on this page and, where technically and legally feasible, also via direct notification (e.g., by email or through the Application).
Users are therefore encouraged to check this page regularly, referring to the “Last Updated” date shown at the bottom.
If the changes concern processing activities based on user consent, the Data Controller will collect the user’s consent again if necessary.
• Definitions and Legal References
• Personal Data (or Data): Any information that, directly or indirectly, in connection with other information, identifies or makes a natural person identifiable.
• Usage Data: Information collected automatically through this Application (or third-party services used), such as IP addresses, URI of requested resources, request timestamps, browser type, operating system, time spent on pages, and the navigation path within the Application.
• User: The individual using this Application who, unless otherwise specified, coincides with the Data Subject.
• Data Subject: The natural person to whom the personal data refers.
• Data Processor: A natural or legal person who processes personal data on behalf of the Data Controller, as defined by the GDPR.
• Data Controller: The natural or legal person who determines the purposes and means of processing personal data, including the security and organization of processing.
• Application: The tool, software, or hardware through which the user’s personal data is collected and processed.
• Service: The service provided by this Application as described in its terms and conditions (if available).
• European Union (EU): Unless otherwise specified, any reference to the EU includes all current member states of the European Economic Area (EEA).
• Cookies: Small files stored on the user’s device, used for various purposes such as technical operation of the site, traffic analysis, or advertising profiling.
• Data Processing
Greystones Yoga
Email address of the Data Controller: info@greystonesyoga.ie
Legal References
This privacy notice is drafted in accordance with multiple legal frameworks, including Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR).
Unless otherwise specified, this policy applies exclusively to this Application.
Last Updated: July 31, 2025
This page is hosted on greystonesyoga.ie, which collects only the data necessary for its display and correct functioning.