Privacy Policy

Privacy Policy

This Privacy Policy explains how Bristol Yoga Festival ("we", "us", "our") collects and uses your personal information when you visit our website www.bristolyogafestival.com (the "Site"), buy tickets, join our mailing list, or contact us.

We are committed to treating your data with care and in line with UK data protection law, including the UK GDPR and Data Protection Act 2018.

If you have any questions, you can contact us here.

1. Who is responsible for your data

For the purposes of data protection law, Bristol Yoga Festival is the "data controller" of the personal information we collect and use about you in connection with the festival and this Site.

We also work with third parties who may act as data processors or independent controllers (for example, our ticketing partner). Where that’s the case, we only share what is necessary and we ensure appropriate protections are in place.

2. The information we collect

The type of information we collect depends on how you interact with us.

2.1 Information you give us directly

You may give us information when you:

  • Purchase tickets

  • Join our email list or marketing updates

  • Contact us with a query or feedback

  • Apply to be a teacher, speaker, performer, volunteer or vendor

  • Complete a form on our Site

This may include:

  • Identity details – name, pronouns, organisation, role

  • Contact details – email address, phone number, postal address

  • Ticket information – ticket type, purchase history, order ID

  • Accessibility or wellbeing information – if you choose to share access needs or health information so we can support your attendance

  • Application information – biography, website or social links, images, and any other details you choose to submit

  • Communication preferences – what kind of emails you’d like to receive from us

We do not store your full payment card details. When you pay for tickets, this information is handled securely by our ticketing provider (see Section 5).

Where you share information about your health or access needs, we will treat this as special category data and only use it with your explicit consent and for the purpose of supporting your safe participation in the festival.

2.2 Information we collect automatically

When you visit our Site, certain information is collected automatically, mainly through cookies and similar technologies. This may include:

  • IP address

  • Device and browser type

  • Rough location (city/country level, not precise address)

  • Pages visited, time on page, and how you found our Site

We use Google Analytics for this (see Section 5.2 and Cookies section).

2.3 Information from third parties

We may receive limited personal data from:

  • Ticket Tailor – when you buy a ticket, they share necessary order and contact information with us so we can manage your booking, communicate event updates and comply with safety and licensing requirements.

  • Brevo – if you sign up to our mailing list via a form hosted or powered by Brevo, your details are stored there for email communication.

3. How we use your information and our legal bases

We use your personal information for the following purposes and on the following legal bases:

3.1 To provide tickets and run the festival (contract)

  • Process your ticket orders and payments

  • Send you booking confirmations and essential pre‑event information

  • Manage entry to the festival and, where relevant, camping or other add‑ons

  • Handle customer service enquiries related to your booking

Legal basis: Necessary for the performance of a contract (your ticket purchase or application) or to take steps at your request before entering into a contract.

3.2 To communicate with you (contract and legitimate interests)

  • Respond to your questions or feedback

  • Contact you about material changes affecting your booking (schedule changes, access updates, safety information, etc.)

Legal basis: Contract (for booking‑related messages) and legitimate interests (to respond to general enquiries and maintain good customer service).

3.3 To send you news and marketing (consent and legitimate interests)

  • Send email newsletters about Bristol Yoga Festival, including ticket information, programme updates and related offerings

  • Share early‑bird tickets, programme announcements, and post‑event surveys

We use Brevo to manage our email communications (see Section 5.1).

Legal basis:

  • Consent where you actively sign up to our mailing list or opt‑in at checkout.

  • Legitimate interests where we email existing ticket buyers about similar events or festival updates, in line with UK e‑privacy rules. You can opt out at any time (see Section 8).

3.4 To support accessibility, safeguarding and safety (vital interests, legal obligations, legitimate interests)

  • Record access needs or relevant health information you choose to share, so we can support your safe and comfortable participation

  • Maintain incident logs and safeguarding records where necessary

  • Comply with health and safety, licensing or insurance requirements

Legal basis: Vital interests (where necessary to protect life), legal obligations, and legitimate interests (to provide a safe environment).

For special category data (e.g. health information), we rely on your explicit consent or, where appropriate, the vital interests/legal claims provisions under UK GDPR.

3.5 To improve our Site and understand interest in the festival (legitimate interests)

  • Use analytics to understand which pages are visited, how long people stay and which content is helpful

  • Monitor the performance of our website and fix technical issues

Legal basis: Legitimate interests (to understand how our Site is used and to improve it), balanced with your privacy rights. Where required, we will ask for your consent to non‑essential cookies.

4. How long we keep your data

We keep your personal data only for as long as is reasonably necessary for the purposes set out in this Policy, including:

  • Ticketing records: usually up to 7 years for accounting, tax and legal purposes.

  • Mailing list data: until you unsubscribe or we identify your address as inactive.

  • Accessibility and safeguarding records: for as long as reasonably required to ensure safety, manage any incidents, and comply with legal and insurance obligations.

When we no longer need your data, we will delete or anonymise it.

5. Third‑party services we use

We use a small number of trusted providers to help us run the festival. They may process your personal data on our behalf or as independent controllers.

5.1 Brevo (email and marketing)

We use Brevo to:

  • Store and manage email subscription lists

  • Send newsletters and festival updates

  • Track basic metrics like open and click‑through rates

Brevo processes your name, email address and any segmentation data (for example which lists you’re on). Data may be stored on servers in or outside the UK/EEA, with appropriate safeguards such as Standard Contractual Clauses.

You can unsubscribe from our emails at any time using the link in the footer of any Brevo email.

5.2 Google Analytics (website analytics)

We use Google Analytics to understand how visitors use our Site. Google Analytics collects information such as:

  • Pages visited, time spent on pages, and links clicked

  • Approximate location (based on IP address)

  • Device and browser information

This helps us improve the Site and understand which content is most useful. Where required, we will seek your consent to analytics cookies when you first visit the Site.

You can opt out of Google Analytics by using the Google Analytics opt‑out browser add‑on or by adjusting your cookie preferences in your browser.

5.3 Ticket Tailor (ticketing)

We use Ticket Tailor as our ticketing provider. When you purchase tickets:

  • You provide Ticket Tailor with your personal and payment details.

  • Ticket Tailor securely processes your payment and shares relevant details (such as your name, email address, ticket type and order ID) with us so we can manage your booking.

Ticket Tailor is an independent data controller for certain aspects of this processing. You can read their privacy policy on their website for further details about how they handle your data.

6. Sharing your information

We do not sell your personal data.

We may share your information with:

  • Service providers who support our operations (e.g. Brevo, Ticket Tailor, website hosting, IT support), under appropriate contracts

  • Our professional advisers, such as accountants, insurers or legal advisers, where necessary

  • Emergency services, authorities or insurers if there is an incident, safeguarding concern or legal requirement

  • Other parties where we are required to do so by law or where it is necessary for the establishment, exercise or defence of legal claims

We only share what is necessary and always aim to protect your privacy.

7. International transfers

Some of our service providers (for example Brevo and Google) may store or process data outside the UK and European Economic Area.

Where this happens, we will ensure that appropriate safeguards are in place, such as:

  • An adequacy decision from the UK government, or

  • Standard Contractual Clauses or similar contractual protections

You can contact us for more information about specific transfers.

8. Your rights

Under UK data protection law, you have certain rights regarding your personal data. These include:

  • Right of access – to ask for a copy of the personal information we hold about you

  • Right to rectification – to have inaccurate or incomplete data corrected

  • Right to erasure – to ask us to delete your data in certain circumstances

  • Right to restrict processing – to ask us to limit how we use your data in certain situations

  • Right to data portability – to receive certain data in a structured, commonly used, machine‑readable format and have it transmitted to another controller

  • Right to object – to object to processing based on our legitimate interests or to direct marketing

  • Rights in relation to automated decision‑making and profiling – we do not currently undertake automated decision‑making that produces legal or similarly significant effects

You also have the right to:

  • Withdraw consent where we rely on consent (e.g. for marketing emails or certain health information). Withdrawing consent will not affect the lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, please contact us at [email protected].

If you are unhappy with how we handle your data, you can also complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk, though we would appreciate the chance to address your concerns first.

9. Cookies

Our Site uses cookies and similar technologies to:

  • Make the Site work properly and securely

  • Remember your preferences (for example, cookie choices)

  • Understand how the Site is used (via Google Analytics)

Where required by law, we will ask for your consent before setting non‑essential cookies (such as analytics cookies).

You can control cookies through:

  • The cookie banner or settings (if enabled on the Site)

  • Your browser settings, where you can refuse some or all cookies or delete existing cookies

Please note that disabling some cookies may affect the functionality of the Site.

10. Data security

We take appropriate technical and organisational measures to protect your personal information from unauthorised access, loss, misuse or disclosure. While no system is completely secure, we work to ensure that access to your data is limited to those who need it and that they are subject to duties of confidentiality.

11. Children

Our festival is designed primarily for adults and older young people, though families and children may attend. We do not knowingly collect personal data directly from children under 13 without the consent of a parent or guardian.

Where a child’s information is included in a booking or enquiry, we treat it with particular care and only use it for safety, safeguarding and operational purposes.

12. Changes to this Policy

We may update this Privacy Policy from time to time, for example if our practices change or the law is updated. The latest version will always be posted on this page and will show the “Last updated” date at the top.

Where changes are material, we will take reasonable steps to let you know, for example by email or a notice on the Site.

This Privacy Policy explains how Bristol Yoga Festival ("we", "us", "our") collects and uses your personal information when you visit our website www.bristolyogafestival.com (the "Site"), buy tickets, join our mailing list, or contact us.

We are committed to treating your data with care and in line with UK data protection law, including the UK GDPR and Data Protection Act 2018.

If you have any questions, you can contact us here.

1. Who is responsible for your data

For the purposes of data protection law, Bristol Yoga Festival is the "data controller" of the personal information we collect and use about you in connection with the festival and this Site.

We also work with third parties who may act as data processors or independent controllers (for example, our ticketing partner). Where that’s the case, we only share what is necessary and we ensure appropriate protections are in place.

2. The information we collect

The type of information we collect depends on how you interact with us.

2.1 Information you give us directly

You may give us information when you:

  • Purchase tickets

  • Join our email list or marketing updates

  • Contact us with a query or feedback

  • Apply to be a teacher, speaker, performer, volunteer or vendor

  • Complete a form on our Site

This may include:

  • Identity details – name, pronouns, organisation, role

  • Contact details – email address, phone number, postal address

  • Ticket information – ticket type, purchase history, order ID

  • Accessibility or wellbeing information – if you choose to share access needs or health information so we can support your attendance

  • Application information – biography, website or social links, images, and any other details you choose to submit

  • Communication preferences – what kind of emails you’d like to receive from us

We do not store your full payment card details. When you pay for tickets, this information is handled securely by our ticketing provider (see Section 5).

Where you share information about your health or access needs, we will treat this as special category data and only use it with your explicit consent and for the purpose of supporting your safe participation in the festival.

2.2 Information we collect automatically

When you visit our Site, certain information is collected automatically, mainly through cookies and similar technologies. This may include:

  • IP address

  • Device and browser type

  • Rough location (city/country level, not precise address)

  • Pages visited, time on page, and how you found our Site

We use Google Analytics for this (see Section 5.2 and Cookies section).

2.3 Information from third parties

We may receive limited personal data from:

  • Ticket Tailor – when you buy a ticket, they share necessary order and contact information with us so we can manage your booking, communicate event updates and comply with safety and licensing requirements.

  • Brevo – if you sign up to our mailing list via a form hosted or powered by Brevo, your details are stored there for email communication.

3. How we use your information and our legal bases

We use your personal information for the following purposes and on the following legal bases:

3.1 To provide tickets and run the festival (contract)

  • Process your ticket orders and payments

  • Send you booking confirmations and essential pre‑event information

  • Manage entry to the festival and, where relevant, camping or other add‑ons

  • Handle customer service enquiries related to your booking

Legal basis: Necessary for the performance of a contract (your ticket purchase or application) or to take steps at your request before entering into a contract.

3.2 To communicate with you (contract and legitimate interests)

  • Respond to your questions or feedback

  • Contact you about material changes affecting your booking (schedule changes, access updates, safety information, etc.)

Legal basis: Contract (for booking‑related messages) and legitimate interests (to respond to general enquiries and maintain good customer service).

3.3 To send you news and marketing (consent and legitimate interests)

  • Send email newsletters about Bristol Yoga Festival, including ticket information, programme updates and related offerings

  • Share early‑bird tickets, programme announcements, and post‑event surveys

We use Brevo to manage our email communications (see Section 5.1).

Legal basis:

  • Consent where you actively sign up to our mailing list or opt‑in at checkout.

  • Legitimate interests where we email existing ticket buyers about similar events or festival updates, in line with UK e‑privacy rules. You can opt out at any time (see Section 8).

3.4 To support accessibility, safeguarding and safety (vital interests, legal obligations, legitimate interests)

  • Record access needs or relevant health information you choose to share, so we can support your safe and comfortable participation

  • Maintain incident logs and safeguarding records where necessary

  • Comply with health and safety, licensing or insurance requirements

Legal basis: Vital interests (where necessary to protect life), legal obligations, and legitimate interests (to provide a safe environment).

For special category data (e.g. health information), we rely on your explicit consent or, where appropriate, the vital interests/legal claims provisions under UK GDPR.

3.5 To improve our Site and understand interest in the festival (legitimate interests)

  • Use analytics to understand which pages are visited, how long people stay and which content is helpful

  • Monitor the performance of our website and fix technical issues

Legal basis: Legitimate interests (to understand how our Site is used and to improve it), balanced with your privacy rights. Where required, we will ask for your consent to non‑essential cookies.

4. How long we keep your data

We keep your personal data only for as long as is reasonably necessary for the purposes set out in this Policy, including:

  • Ticketing records: usually up to 7 years for accounting, tax and legal purposes.

  • Mailing list data: until you unsubscribe or we identify your address as inactive.

  • Accessibility and safeguarding records: for as long as reasonably required to ensure safety, manage any incidents, and comply with legal and insurance obligations.

When we no longer need your data, we will delete or anonymise it.

5. Third‑party services we use

We use a small number of trusted providers to help us run the festival. They may process your personal data on our behalf or as independent controllers.

5.1 Brevo (email and marketing)

We use Brevo to:

  • Store and manage email subscription lists

  • Send newsletters and festival updates

  • Track basic metrics like open and click‑through rates

Brevo processes your name, email address and any segmentation data (for example which lists you’re on). Data may be stored on servers in or outside the UK/EEA, with appropriate safeguards such as Standard Contractual Clauses.

You can unsubscribe from our emails at any time using the link in the footer of any Brevo email.

5.2 Google Analytics (website analytics)

We use Google Analytics to understand how visitors use our Site. Google Analytics collects information such as:

  • Pages visited, time spent on pages, and links clicked

  • Approximate location (based on IP address)

  • Device and browser information

This helps us improve the Site and understand which content is most useful. Where required, we will seek your consent to analytics cookies when you first visit the Site.

You can opt out of Google Analytics by using the Google Analytics opt‑out browser add‑on or by adjusting your cookie preferences in your browser.

5.3 Ticket Tailor (ticketing)

We use Ticket Tailor as our ticketing provider. When you purchase tickets:

  • You provide Ticket Tailor with your personal and payment details.

  • Ticket Tailor securely processes your payment and shares relevant details (such as your name, email address, ticket type and order ID) with us so we can manage your booking.

Ticket Tailor is an independent data controller for certain aspects of this processing. You can read their privacy policy on their website for further details about how they handle your data.

6. Sharing your information

We do not sell your personal data.

We may share your information with:

  • Service providers who support our operations (e.g. Brevo, Ticket Tailor, website hosting, IT support), under appropriate contracts

  • Our professional advisers, such as accountants, insurers or legal advisers, where necessary

  • Emergency services, authorities or insurers if there is an incident, safeguarding concern or legal requirement

  • Other parties where we are required to do so by law or where it is necessary for the establishment, exercise or defence of legal claims

We only share what is necessary and always aim to protect your privacy.

7. International transfers

Some of our service providers (for example Brevo and Google) may store or process data outside the UK and European Economic Area.

Where this happens, we will ensure that appropriate safeguards are in place, such as:

  • An adequacy decision from the UK government, or

  • Standard Contractual Clauses or similar contractual protections

You can contact us for more information about specific transfers.

8. Your rights

Under UK data protection law, you have certain rights regarding your personal data. These include:

  • Right of access – to ask for a copy of the personal information we hold about you

  • Right to rectification – to have inaccurate or incomplete data corrected

  • Right to erasure – to ask us to delete your data in certain circumstances

  • Right to restrict processing – to ask us to limit how we use your data in certain situations

  • Right to data portability – to receive certain data in a structured, commonly used, machine‑readable format and have it transmitted to another controller

  • Right to object – to object to processing based on our legitimate interests or to direct marketing

  • Rights in relation to automated decision‑making and profiling – we do not currently undertake automated decision‑making that produces legal or similarly significant effects

You also have the right to:

  • Withdraw consent where we rely on consent (e.g. for marketing emails or certain health information). Withdrawing consent will not affect the lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, please contact us at [email protected].

If you are unhappy with how we handle your data, you can also complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk, though we would appreciate the chance to address your concerns first.

9. Cookies

Our Site uses cookies and similar technologies to:

  • Make the Site work properly and securely

  • Remember your preferences (for example, cookie choices)

  • Understand how the Site is used (via Google Analytics)

Where required by law, we will ask for your consent before setting non‑essential cookies (such as analytics cookies).

You can control cookies through:

  • The cookie banner or settings (if enabled on the Site)

  • Your browser settings, where you can refuse some or all cookies or delete existing cookies

Please note that disabling some cookies may affect the functionality of the Site.

10. Data security

We take appropriate technical and organisational measures to protect your personal information from unauthorised access, loss, misuse or disclosure. While no system is completely secure, we work to ensure that access to your data is limited to those who need it and that they are subject to duties of confidentiality.

11. Children

Our festival is designed primarily for adults and older young people, though families and children may attend. We do not knowingly collect personal data directly from children under 13 without the consent of a parent or guardian.

Where a child’s information is included in a booking or enquiry, we treat it with particular care and only use it for safety, safeguarding and operational purposes.

12. Changes to this Policy

We may update this Privacy Policy from time to time, for example if our practices change or the law is updated. The latest version will always be posted on this page and will show the “Last updated” date at the top.

Where changes are material, we will take reasonable steps to let you know, for example by email or a notice on the Site.