Privacy Policy

Lottie May Yoga customer privacy notice

Charlotte May (Lottie May Yoga) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose and safeguard personal information. 

By booking classes and online and making payments, you agree to this Privacy Policy. 

This privacy notice tells you what to expect us to do with your personal information, including: 

  • Contact details

  • What information we collect, use, and why

  • Lawful bases and data protection rights

  • Where we get personal information from

  • How long we keep information

  • Who we share information with

  • Sharing information outside the UK

  • How to complain

Contact details

Charlotte May (Lottie May Yoga) 

Telephone: 07769341550

Email: hello@lottiemayyoga.com

What information we collect, use, and why

We collect or use the following information to provide services: 

  • Names, email address, telephone number, emergency contact telephone 

We collect or use the following information for service updates or marketing purposes:

  • Names and email address 

  • Website and app user journey information. Our website automatically collects limited technical knowledge such as IP address, browser type and device information. Our website uses cookies to ensure it functions properly and to collect basic analytics. You can control cookies through your browser settings

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website: 

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide services and goods are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are: 

    • that we know who is attending our yoga classes and how to contact you should there be an unforeseen change to the schedule

    • that we know that you have agreed to our liability release and class terms 

    • That we can contact your emergency contact number in the very rare case that we need to 

    • To enhance your experience and improve our services

    • To respond to enquiries 

    • To meet legal and insurance obligations

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information for service updates or marketing purposes are:

  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are: 

    • If people have signed up via our website to hear about new classes/ events or receive our newsletters 

    • To inform you of changes to our services or policies 

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Where we get personal information from

  • Directly from you

How long we keep information

Personal data is retained only as long as necessary for teaching, insurance and legal purposes, typically for up to 7 years (for booking data), after which it is securely deleted. Marketing data (if consented) is retained until you draw your consent. 

Who we share information with

Data processors

  1. Squarespace (website): This data processor does the following activities for us: 

  • They host pages that collect personal data

  • Stores website content and personal data 

  • Processes visitor IP addresses and device info to deliver the site 

  • Collects email address for newsletter sign up form, stores it in our account and sends it to us by email 

  • Ensures technical and security processing to comply with GDPR 

  1. Bookwhen (booking platform): This data processor does the following activities for us: 

  • They manage bookings

  1. Stripe (payment processor): This data processor does the following activities for us: 

  • They manage payments for bookings

Sharing information outside the UK

Where necessary, we will transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place. For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

1. Organisation name: Squarespace

Category of recipient: Website host and data processor 

Country the personal information is sent to: USA

How the transfer complies with UK data protection law: We use Squarespace to host our website and process some personal data. Squarespace may process personal data in the United States. Where personal data is transferred outside the UK, appropriate safeguards such as Standard Contractual Clauses are used. Further information about how Squarespace processes personal data can be found in Squarespace’s own privacy policy. 

2. Organisation name: Stripe

Category of recipient: Payment processor

Country the personal information is sent to: USA / Ireland

How the transfer complies with UK data protection law: We use Stripe to process payments securely. When you make a payment, your personal data (such as your name, address, billing details and payment information) is processed by Stripe on our behalf. Stripe may process data outside of the UK/EU, including the United States. Where personal information is transferred internationally, Stripe relies on appropriate safeguards such as Standard Contractual Clauses approved under data protection law. We do not store or have access to your full card details. Further information about how Stripe processes personal data can be found in Stripe’s own privacy policy. 

Security

We use industry-standard security measures to protect your information. However, no method of transmission over the internet or electronic storage is completely secure, so we cannot guarantee its absolute security.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice. If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Last updated: 23 December 2025