LAST UPDATE 16.06.2026
This Privacy Policy explains how Ambika Yoga Studio (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit our website, create an account, or purchase tickets and memberships for our studio events.
We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable national data protection law.
1. Who we are (Data Controller)
The controller responsible for your personal data is:
- Jekaterina Matisone
- Registration number: 09028211805
- Address: Dzirnavu iela 149 – 8, Riga, Latvija
- Email: katerina.matisone@gmail.com
- Phone: +37129828735
2. What data we collect
Depending on how you interact with us, we may collect:
Account and identity data Name, email address, phone number, password (stored in encrypted/hashed form), and any profile details you provide.
Order and transaction data Tickets and memberships purchased, order history, billing address, membership status and validity dates, and records of attendance or bookings.
Payment data We do not store full card details on our servers. Payments are processed by our payment provider Colibrix, which receives the payment information directly. We receive only confirmation of payment and limited transaction metadata (e.g. last four digits, transaction ID).
Communications Messages you send us (email, contact forms, support requests) and our replies.
Marketing preferences Your consent status for newsletters and promotional messages.
Technical and usage data IP address, browser type, device information, pages visited, and cookie data (see Section 9).
3. Why we process your data and our legal basis
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Creating and managing your account | Performance of a contract (Art. 6(1)(b)) |
| Processing ticket and membership purchases | Performance of a contract (Art. 6(1)(b)) |
| Managing bookings, attendance, and membership validity | Performance of a contract (Art. 6(1)(b)) |
| Sending order confirmations and service-related messages | Performance of a contract (Art. 6(1)(b)) |
| Accounting, invoicing, and tax records | Legal obligation (Art. 6(1)(c)) |
| Sending newsletters and marketing | Consent (Art. 6(1)(a)) |
| Website security, fraud prevention, and analytics | Legitimate interests (Art. 6(1)(f)) |
| Processing health information | Explicit consent (Art. 9(2)(a)) |
Where we rely on legitimate interests, we have balanced these against your rights and freedoms. You may object to such processing (see Section 7).
4. Who we share your data with
We share personal data only where necessary, with:
- Payment providers — to process your purchases (Colibrix).
- Hosting and IT providers — who host our website and store data on our behalf (InMotion Hosting).
- Email and marketing platforms — to send confirmations and (with consent) newsletters (Mailchimp).
- Booking / scheduling software — if used to manage classes and memberships (custom booking system).
- Accountants and tax authorities — where legally required.
- Professional advisors or authorities — where required by law.
All processors act under data processing agreements that require them to protect your data and process it only on our instructions.
We do not sell your personal data.
5. How long we keep your data
| Data type | Retention period |
|---|---|
| Account data | For as long as your account is active, then deleted [e.g. within 12 months of closure] |
| Order and membership records | [e.g. duration of membership + warranty/dispute period] |
| Accounting and invoice records | As required by law [e.g. 5–10 years depending on country] |
| Marketing consent and preferences | Until you withdraw consent or unsubscribe |
| Health information | Deleted when no longer needed or on withdrawal of consent |
| Technical / cookie data | See cookie lifespans in Section 9 |
When data is no longer needed, we securely delete or anonymise it.
6. Your rights
Under the GDPR you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Erasure (“right to be forgotten”) in certain circumstances.
- Restrict processing in certain circumstances.
- Data portability — receive your data in a structured, machine-readable format.
- Object to processing based on legitimate interests, and to direct marketing at any time.
- Withdraw consent at any time, without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at ambika@ambika-yoga. We will respond within one month.
You also have the right to lodge a complaint with your national supervisory authority. Datu valsts inspekcija — www.dvi.gov.lv.
7. Marketing communications
If you have consented, we may send you newsletters and offers about our events and memberships. You can unsubscribe at any time via the link in each email or by contacting us. Withdrawing marketing consent will not affect service-related messages (e.g. order confirmations).
8. Cookies
Our website uses cookies and similar technologies to function properly, remember your preferences, and analyse usage. Non-essential cookies (e.g. analytics, marketing) are only set with your consent via our cookie banner.
| Cookie type | Purpose | Consent required |
|---|---|---|
| Strictly necessary | Login, cart, checkout, security | No |
| Functional | Remember preferences | Yes |
| Analytics | Understand site usage [e.g. Google Analytics, Matomo] | Yes |
| Marketing | Personalised ads / retargeting | Yes |
You can manage or withdraw cookie consent at any time through [our cookie settings link] or your browser settings. [Add a link to a separate Cookie Policy if you maintain one.]
9. Data Security
We use appropriate technical and organisational measures to protect your data, including encryption in transit (HTTPS/TLS), hashed passwords, access controls, and regular updates. No method of transmission over the internet is completely secure, but we work to protect your data and respond to incidents promptly.
10. Children
Our services are intended for users aged [16 / 18] and over. We do not knowingly collect data from children below this age without parental consent. [Adjust to the digital-consent age in your country — this ranges from 13 to 16 across EU member states.]
11. Changes to This Policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the latest version. Material changes will be communicated via our website or by email where appropriate.
12. Contact Us
For any questions about this Privacy Policy or how we handle your data:
Jekaterina Matisone, Dzirnavu iela 149-8, Riga, Latvia, Email: katerina.matisone@gmail.com Phone: +37129828735