Web Site Terms and Conditions of Use

Privacy policy for Rört ApS

This privacy policy explains how Rört ApS, a yoga and movement studio located at Thoravej 35, 2400 Copenhagen, Denmark, processes your personal data when you use our website, sign‑up for classes, or subscribe to our newsletter. The processing of your personal data is carried out in accordance with the General Data Protection Regulation (GDPR) and the Danish Data Protection Act.

1. Who is responsible for your data?

Data controller:
Rört ApS
Address: Thoravej 35, 2400 Copenhagen, DK
Email: hello[at]rort.dk
CVR‑nr: 39287188

If you have any questions about this privacy policy or your data rights, you may contact us at the details above.

2. What personal data do we collect?

We may collect the following categories of personal data:

• Contact information: Name, email address, phone number and other information you enter when you create an account with us
• Booking and membership data: Class or package bookings, membership type, chosen yoga styles, and attendance history.
• Payment information: We only receive payment details indirectly through secure third‑party providers (e.g., Stripe, mobilePay, your bank); we do not store full card numbers ourselves.
• Newsletter and marketing: If you subscribe, we store your email and any consent you give for marketing.
• Technical data: When you visit our website, our hosting and analytics tools may collect IP address, browser type, device information, and cookies to help us operate and improve the site.

3. Why and on what legal basis do we process your data?

We process your data for the following purposes:

• To provide movement classes and services: Register you for classes, manage your membership, and enable online booking.
  Legal basis: Article 6(1)(b) GDPR (necessary for performance of a contract).​
• To send you information you have requested: Class schedules, event reminders, or administrative emails.
  Legal basis: Article 6(1)(b) GDPR (contract‑related communication).​
• To send newsletters and marketing: Only if you have consented.
  Legal basis: Article 6(1)(a) GDPR (your consent). You may withdraw consent at any time (see “Your rights” below).
• To improve our website and services: Analyse traffic and usage with cookies and analytics tools.
  Legal basis: Article 6(1)(f) GDPR (legitimate interest in improving our online services).
• To comply with legal obligations: Such as invoicing, accounting, and tax rules.
  Legal basis: Article 6(1)(c) GDPR (necessary for legal obligations).

We retain your data only for as long as necessary for the purposes described above, and in accordance with applicable Danish law. Specific retention periods may vary depending on local accounting and tax requirements.

4. Who receives your data?

We share your personal data only with parties that need it to support our services, and always under strict data‑protection‑compliant agreements.

4.1. YOGO (Yogo.DK ApS)

• Purpose: We use YOGO, a booking and member‑management system operated by Yogo.DK ApS (CVR: 39467542, Njalsgade 21F, 6. sal, 2300 København), to manage your bookings, memberships, class tickets, workshops, courses, and festival participation.
• Data processed by YOGO: Name, email, phone number, address (if provided), date of birth, membership type, booking history, attendance, and payment references (no full card‑number storage by us).
• Legal basis: YOGO acts as a data processor on our behalf under a GDPR‑compliant data‑processing agreement compliant with Article 28 GDPR.

4.2. Mailchimp (or similar email‑marketing provider)

• Purpose: We use Mailchimp (or a similar service) to send you newsletters, event reminders, and promotional information, where you have explicitly consented.
• Data shared: Your name and email address (and possibly your membership or class‑type preferences, if relevant and consented).
• Legal basis: Your consent under Article 6(1)(a) GDPR (and you can withdraw consent at any time, for example via the unsubscribe link in each email).

4.3. WordPress and hosting/technical providers

• Purpose: Your website runs on WordPress and is hosted by a technical‑service provider that supports our online presence, forms, and possible online payments.
• Data processed: Technical data such as IP address, browser type, and device information, as well as any data you submit via website forms (e.g., contact or class‑inquiry forms).
• Legal basis: Performance of our service (Article 6(1)(b) GDPR) and our legitimate interest in operating and improving our website (Article 6(1)(f) GDPR).

4.4. Payment and financial partners

• Purpose: To process payments for memberships, class tickets, workshops, courses, and festival tickets.
• Data shared: Payment information is handled directly by secure payment partners (e.g., Stripe, MobilePay, your bank), and we only receive confirmation and reference numbers; we do not store full card‑number details ourselves.
• Legal basis: Performance of the contract (Article 6(1)(b) GDPR) and compliance with tax and accounting obligations (Article 6(1)(c) GDPR).

4.5. Other recipients

We may disclose your data to:

• Legal authorities or courts if required by Danish law (e.g., tax audits or legal proceedings).
• Event partners (e.g., for a joint workshop or festival) only where you have explicitly consented and the partner is bound by appropriate data‑protection safeguards.

We do not sell your personal data to third parties or use it for unrelated commercial purposes.

5. Your rights

You have the following rights under GDPR and Danish law:

• Right to access: Request a copy of the personal data we hold about you.
• Right to rectification: Ask us to correct inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”): Ask us to delete your data, where there is no overriding legal reason to keep it.
• Right to restrict processing: In certain situations (e.g., while a dispute about accuracy is being resolved).
• Right to data portability: Receive your data in a structured, commonly used format and transfer it to another provider.
• Right to object or withdraw consent: For marketing and certain types of processing, you may object or withdraw consent at any time.

To exercise any of these rights, please contact us at hello[at]rort.dk. We will respond within the time limits set by law (usually within one month).

6. Cookies and similar technologies

Our website may use cookies and similar technologies to:

• Remember your preferences (e.g., language or consent settings).
• Measure traffic and usage (e.g., via Google Analytics or similar tools).

We only place cookies after you have given your consent (via a cookie banner), except where strictly necessary for the website to function (e.g., technical and security‑related cookies). You can change your cookie preferences at any time via our cookie banner or your browser settings.

7. Security of your data

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These include:

• Secure hosting and encrypted connections (HTTPS).
• Access controls so only necessary staff and service providers can access your data.
• Regular reviews of our data‑handling and security practices.

8. Changes to this privacy policy

We may update this privacy policy from time to time to reflect changes in our services, technologies, or legal requirements. When we make significant changes, we will notify you via our website or, where appropriate, by email or in‑studio notice.

9. Contact us

If you have any questions about this privacy policy or how we handle your data, please contact:

Rört ApS
Thoravej 35, 2400 Copenhagen, DK
Email: hello[at]rort.dk

You may also contact the Danish Data Protection Agency (Datatilsynet) if you believe your data‑protection rights have been violated.

 

This policy is effective as of 2018-05-25, last updated on 2026-03-03.