Privacy Policy

This Privacy Policy explains how Silvia Podder, trading as Mayin Wellness(“we”, “us”, “our”), collects, uses, stores, and protects your personal data. We are committed to handling your information lawfully and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our website, booking a class, or contacting us, you confirm that you have read and understood this Policy.

Who we are
What data we collect
How we use your data
Legal basis for processing
Special category data
Who we share your data with
How long we keep your data
Your rights
Security
Cookies
Changes to this policy
Contact us & complaints

1. Who we are

Data Controller: Silvia Podder, trading as Mayin Wellness
Address: London, United Kingdom
Email: info@mayinwellness.com
Website: mayinwellness.com

Mayin Wellness is a sole-trader yoga and wellness business. We are not currently required to register with the Information Commissioner’s Office (ICO) as a mandatory data protection fee payer, but we process all personal data in full compliance with UK GDPR. If our processing activities change such that registration becomes required, we will register promptly.

2. What data we collect

Information you give us directly

Name, email address, phone number
Health information and medical history (via our Health Declaration Form)
Enquiry or message content submitted via our contact form
Booking preferences and class history
Emergency contact details
Payment information (processed securely by third-party payment providers — we do not store card details)

Information collected automatically

IP address and browser type when you visit our website
Pages visited, time spent, and navigation data (via cookies)
Device type and operating system

Information from third parties

Booking or scheduling platforms we use to manage classes
Social media platforms (if you contact us via Instagram, Facebook, etc.)

3. How we use your data

Purpose	Data used
Managing your bookings and class attendance	Name, contact details, booking history
Ensuring your safety during sessions	Health declaration, medical information
Sending booking confirmations and session reminders	Name, email, phone
Responding to enquiries and messages	Name, email, message content
Sending newsletters or promotional content	Email address (with explicit consent only)
Processing payments	Transaction data (handled by payment processor)
Complying with legal and tax obligations	Financial records, invoices
Improving our website and services	Anonymised analytics data

We will never use your data for automated decision-making or profiling that produces legal or similarly significant effects on you.

4. Legal basis for processing

Under UK GDPR, we process your personal data on the following legal bases:

Contract (Article 6(1)(b)): To deliver the yoga and wellness services you have booked.
Legal obligation (Article 6(1)(c)): To maintain financial records as required by HMRC.
Legitimate interests (Article 6(1)(f)): To manage our business, communicate with clients about their sessions, and improve our services — where these interests are not overridden by your rights.
Vital interests (Article 6(1)(d)): In an emergency, to protect your health and safety or that of others.
Consent (Article 6(1)(a)): For marketing communications, photography, and processing health data where explicit consent is required.

5. Special category data

Health information is special category data under Article 9 of UK GDPR and receives the highest level of protection.

We collect health and medical information via our Health Declaration Form to ensure your safety during yoga and Pilates sessions. We process this data only:

With your explicit written consent (given when you complete the Health Declaration Form), or
Where processing is necessary for preventive purposes and the assessment of your capacity to participate safely in physical activity, under Article 9(2)(h).

Health data is stored securely, accessed only by Silvia Podder, and never shared with third parties without your explicit consent except in a medical emergency.

7. How long we keep your data

Data type	Retention period	Reason
Health Declaration Forms	Duration of engagement + 7 years	Potential personal injury claims (Limitation Act 1980)
Financial records & invoices	6 years from tax year end	HMRC requirement
Booking & session records	3 years from last class	Service management and legitimate interests
Contact form enquiries	2 years from last contact	Legitimate interests
Marketing consent records	Until withdrawal + 3 years	Demonstrating consent compliance
Photography / video content	Until consent is withdrawn	Consent-based
Website analytics data	26 months (anonymised)	Website improvement

Once data is no longer needed, it is securely deleted or anonymised. Paper documents are shredded; digital files are permanently deleted.

8. Your rights

Under UK GDPR, you have the following rights:

Right of access: Request a copy of the personal data we hold about you (Subject Access Request).
Right to rectification: Ask us to correct inaccurate or incomplete data.
Right to erasure: Request deletion of your data where we no longer have a legal basis to retain it.
Right to restriction: Ask us to pause processing of your data in certain circumstances.
Right to data portability: Receive your data in a structured, machine-readable format.
Right to object: Object to processing based on legitimate interests or for direct marketing.
Right to withdraw consent: Withdraw consent at any time where processing is consent-based, without affecting the lawfulness of prior processing.

To exercise any right, contact us at info@mayinwellness.com. We will respond within one calendar month. We do not charge a fee for reasonable requests. We may need to verify your identity before processing your request.

9. Security

We take the security of your personal data seriously. Our measures include:

Encrypted, password-protected digital storage
Physical paper records stored in locked storage
Access restricted to Silvia Podder only
Regular review and deletion of data no longer required
SSL/TLS encryption on our website

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform you without undue delay where required by law.

10. Cookies

Our website uses cookies. For full details of the cookies we use, why we use them, and how to control them, please read our Cookie Policy.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by email (where we hold your email address) or by posting a prominent notice on our website. The “Last updated” date at the top of this page will always reflect the most recent version.

Your continued use of our services after any changes constitutes acceptance of the updated policy. If you do not agree with any changes, please discontinue use of our services and contact us to discuss your data.

12. Contact us & complaints

If you have any questions, concerns, or wish to exercise your rights, please contact us:

Get in touch about your data

Silvia Podder — Mayin Wellness

Email: info@mayinwellness.com

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Website: ico.org.uk · Helpline: 0303 123 1113

Contents