Privacy Policy of Iyengar Yoga switzerland

1. Goal

Iyengar Yoga Switzerland aims to promote yoga according to the teachings of B.K.S. Iyengar and his descendants as well as support, exchange and connection with the Ramamani Iyengar Memorial Yoga Institute (RIMYI) in Pune, with Iyengar Yoga associations from other countries, as well as with all students and Iyengar Yoga teachers worldwide. The association is denominationally and politically neutral and non-profit oriented.

It is important for Iyengar Yoga Switzerland to handle the data obtained in this context responsibly and to prevent its improper processing and violations of personal rights by handling data in compliance with data protection regulations.

2. Purpose and scope

The present data protection regulations of Iyengar Yoga Switzerland (hereinafter: the office) consider the importance and significance of data protection in terms of respect for privacy and personal rights. It forms the binding basis for the data protection guidelines as well as all data protection-related measures and activities of the office, namely for the processing of:

– Personal data of members (interested parties and teachers)
– Personal data of the service users
– Personal data of the members of the Board of Management, the APK, the Marc Certification and employees in the secretariat
– Information about other third parties (e.g. contractors) insofar as personal data is concerned.

3. Legal basis

The basis for these data protection regulations is the Federal Act on Data Protection of 25 September 2020 (FADP; SR 235.1) and the Ordinance on the Federal Act on Data Protection of 31 August 2022 (DSV; SR 235.11).

4. Terms

The main terms are defined in Annex 1.

5. Scope

These Data Protection Regulations apply to all bodies and employees of the Secretariat who process personal data while fulfilling their functions and tasks.
It also applies to external persons and companies, if they commit themselves to complying with it by means of a corresponding written agreement.

6. Principles of data protection

6.1 Legality
Personal data must be collected and processed in a lawful manner. Unlawfully collected data is, for example, data that has been obtained through threats, deception or malice towards the person concerned.

6.2 Good faith
Contradictory and abusive behaviour is inadmissible.

6.3 Proportionality
Before processing personal data, it must be checked whether and to what extent this data is necessary to achieve the intended purpose of the processing. If it is possible to achieve the purpose and the effort is proportionate to the intended purpose, anonymized or statistical data must be used.

6.4 Transparency
The data subjects must be informed about the handling of their data. For this purpose, these data protection regulations are also publicly available on the website of the office. In principle, personal data must be collected from the data subjects themselves.

6.5 Earmarking
The data may only be processed for the purpose that has been specified, is evident from the circumstances or is provided for by law.

6.6 Destruction or anonymization
Data that is no longer required for the purpose of processing will be destroyed (physically destroyed or electronically deleted) or anonymized.
Personal data that must be retained for archiving purposes will be processed in accordance with the sectoral or activity-specific deadlines and stored for the period specified therein.

6.7 Quality
The personal data processed must be accurate, complete and up-to-date. Appropriate measures must be taken to ensure that incorrect, incomplete or outdated data are corrected, supplemented or destroyed.

7. Admissibility of data processing by the office

The processing of personal data is generally permissible if it is not explicitly prohibited (permission with reservation of prohibition). Processing that violates privacy is unlawful if it cannot be justified by one of the legally provided permission facts.

8. Confidentiality and professional confidentiality

All personal information that employees and bodies learn from or about members and service users as well as other third parties in the course of their work for Iyengar Yoga Switzerland is confidential. They are therefore obliged to maintain confidentiality (professional confidentiality pursuant to Art. 62 FADP).
Employees are prohibited from processing personal data without authorization. Any processing that is not carried out in the context of the performance of the assigned tasks and without authorization is unauthorized. Employees may not use personal data for their own private or economic purposes, transmit it to unauthorized persons or make it accessible to them in any other way.

9. Data integrity

Appropriate organisational and technical measures ensure that data protection is guaranteed and data security breaches are avoided. In particular, personal data may only be accessible to the respective authorised persons, may not be changed or passed on without authorisation or unintentionally, may be processed in a comprehensible manner and may be available if required. This applies regardless of the type of data processing (electronic or paper).

9.1 Organisational measures
Access, access and processing of personal data are regulated at the office according to the principle of “as much as necessary, as little as possible”. Employees of the office may only view or edit data that they need for the tasks assigned to them.

9.2 Technical measures
The protection of personal data is ensured, in particular, by measures of data carrier, storage and transport control, as well as by measures to ensure recovery. The measures consider the risk for the affected groups of people and the current state of the art.

9.3 Service providers for notifications and communications
We send notifications and communications with the help of specialized service providers. In particular, we use:

Swiss Newsletter: newsletter delivery; provider: mailXpert GmbH (Switzerland); information on data protection: Privacy Policy, Data Protection and Security.
Consent and objection
You generally need to give your consent to the use of your email address and other contact details, unless such use is permitted for other legal reasons. To obtain a double-confirmed consent, we may use the “double opt-in” procedure. In this case, you will receive a message with instructions on how to confirm your subscription.
We may record the consents obtained, including the IP address and timestamp, for evidence and security purposes.
You may object at any time to receiving notifications and communications such as newsletters. By doing so, you can also object to the statistical collection of usage data for performance and reach measurement. Required notifications and communications related to our activities and operations remain reserved.

10. Record of data processing activity

The office employs fewer than 250 people, does not process any particularly sensitive personal data on a large scale and does not carry out high-risk profiling. Based on Article 12 (5) of the Data Protection Act and Article 24 of the Data Protection Ordinance, a register of processing activities is therefore dispensed with.

11. Disclosure of personal data abroad

Personal data will be disclosed abroad if the data subject wishes to do so or is informed.

12. Disclosure of data to third parties

Data may be passed on to third parties, in compliance with the permissibility requirements for the processing of personal data. The data recipients must be obliged to use the personal data only for the specified purposes.

13. Data processing by third parties (order processing)

Order processing occurs when a third party processes personal data on behalf of the office. In these cases, the data processing with the contracting party must be regulated by contract or in an agreement, whereby the processing of personal data must be carried out within the framework of Swiss data protection legislation and the regulations of the office.

14. Rights of data subjects

14.1 Right of information / inspection
The data subject to the processing of their data may request information at any time and free of charge on:

– The identity and contact details of the controller
– The purpose of processing
– Where applicable, the recipients or categories of recipients to whom personal data is disclosed
– The categories of personal data processed, if they are not obtained directly from the data subject

The person requesting information must prove his or her identity.
The information must be provided in writing and free of charge within 30 days. If the deadline cannot be met, the data subject must be informed with an indication of when he or she will receive the information.
The provision of information may be restricted or refused if a law or overriding interests of third parties’ conflict with it, if the request pursues a purpose contrary to data protection or is manifestly querulatory. Provided that the personal data in question is not disclosed to third parties, Iyengar Yoga Switzerland may also assert its own overriding interests.

14.2 Right to rectification
Unlawfully or incorrectly processed or incorrect data will be destroyed or corrected.

14.3 Blocking / refusal of data disclosure
Any data subject can have the disclosure of their data blocked. This does not apply if the disclosure of data constitutes a legal obligation, is necessary due to overriding interests of third parties or is necessary to clarify alleged abusive actions of the data subject.

14.4 Data release or transfer
If the personal data has been processed by automated means and this is done with the consent of the data subject or in direct connection with the conclusion or execution of a contract, the data subject may request that the data be handed over in a commonly used electronic format or that it be transmitted to another controller. Like the information, the disclosure or transmission of data may be postponed, restricted or refused if this is justified on one of the reasons listed in 14.1.

15. Data breaches

All bodies and staff shall immediately report cases of violations of these Data Protection Regulations or other regulations for the protection of personal data (data protection incidents).
The fulfilment of the statutory obligation to report data protection incidents is coordinated by the person responsible for data protection or his/her deputy.
Employees who violate data protection legislation can expect sanctions. Depending on the severity of the violation, the sanctions range from a written warning to dismissal.

16. Internal information and implementation

To ensure that situations that regularly occur in everyday life are handled correctly under data protection law, the Board of Management issues further data protection guidelines and, if necessary, action-related information sheets.

17. Responsibilities

17.1 Board
The Board of Management is responsible for ensuring data protection at the strategic and operational level.
It includes data protection as a relevant topic in its risk management system. It issues these Data Protection Regulations and reviews them periodically.
Regarding the implementation of the data protection requirements, it appoints a person responsible for data protection issues and his/her deputy.
The Board of Management ensures that all employees are regularly sensitized to the concerns of data protection and are informed about the requirements of these regulations and their application in everyday professional life.

17.2 The person responsible for data protection issues
The person responsible for data protection issues or his/her deputy is the contact person for all questions regarding data protection both internally and externally and coordinates the fulfilment of the tasks arising from data protection legislation.
If there is a data breach that is likely to lead to a high risk to the personality or fundamental rights of the data subject, he/she will report it to the Federal Data Protection Commissioner in consultation with the Board of Directors and inform the data subject if necessary.
She/he reports to the board on the data processing at the office as needed, points out identified risks and makes recommendations for possible improvements. He/she will inform you immediately about special incidents of major importance.

17.3 Governing bodies / Staff
All bodies and employees of Iyengar Yoga Switzerland who process personal data take data into account on their own responsibility and act in accordance with these regulations as well as the data protection guidelines and instructions of the management.

18. Scope

These Data Protection Regulations were approved by the Board of Directors on and will come into force on September 1, 2023.

Berne, 17 November 2023

Iyengar Yoga Switzerland
Susanne Kienberger, President
Hermann Leu, Vice President

Privacy Policy of Iyengar Yoga switzerland

Contact

Iyengar Yoga Schweiz
3000 Bern

c/o Bettina Ledesma
Höhenstrasse 60, 8127 Forch
info@iyengar.ch
T +41 79 701 41 20

Members

Become a member
Webling > Login

Online-Shop

Shop
Terms and Conditions

Media

Nadja Orfei
nadja.orfei@iyengar.ch

Iyengar Yoga Switzerland

2025 © Iyengar Yoga Schweiz / Imprint Privacy / web by gestaltbar

Privacy Policy of Iyengar Yoga switzerland

Contact

Iyengar Yoga Schweiz 3000 Bern c/o Bettina Ledesma Höhenstrasse 60, 8127 Forch info@iyengar.ch T +41 79 701 41 20

Members

Become a member Webling > Login

Online-Shop

Shop Terms and Conditions

Media

Nadja Orfei nadja.orfei@iyengar.ch

Iyengar Yoga Switzerland

2025 © Iyengar Yoga Schweiz / Imprint Privacy / web by gestaltbar

Iyengar Yoga Schweiz
3000 Bern

c/o Bettina Ledesma
Höhenstrasse 60, 8127 Forch
info@iyengar.ch
T +41 79 701 41 20

Become a member
Webling > Login

Shop
Terms and Conditions

Nadja Orfei
nadja.orfei@iyengar.ch