1.1 Kabbalah Centre (the 'Centre', with 'we', 'our' or 'us' being interpreted accordingly) is committed to protecting the personal information of our website users, students, teachers and others who contact us in the UK. Personal information relating to you from which you can be identified that we collect or which you provide is called personal data ('Personal Data').
3. Our legal obligations regarding your Personal Data
3.1 We collect and process your Personal Data in accordance with applicable laws that regulate data protection and privacy. This includes, without limitation, the EU General Data Protection Regulation (2016/679) ('GDPR') and the UK Data Protection Act 2018 ('DPA') together with other applicable UK and EU laws that regulate the collection, processing and privacy of your Personal Data (together, 'Data Protection Law').
4. Information Collected
4.1 The Personal Data about you that we may collect and use includes the following:
(a) Your name;
(b) Your email address, postal address, telephone and other contact details;
(c) Your participation and attendance at our courses and events;
(d) Payment information;
(e) Records of your communication with us (including your communication with your teacher(s));
(f) Your opinions, beliefs and other information you choose to provide when you participate in our courses or contribute to online message boards or forums we provide;
(g) Information about your visits to our website (see 'Cookies' below).
4.2 Please also note that some of the Personal Data you supply and that we process may include what is known as 'sensitive' data about you, for example, information regarding your ethnic origin or political, philosophical and religious beliefs.
4.3 If you do not provide us with specific Personal Data when requested, we may not be able to register you as a student, respond to a query or otherwise provide you with our courses or products.
5. How your Personal Data is collected
5.1 We collect Personal Data about you in various ways as follows:
(a) When you register as a student with us directly;
(b) When you join our mailing list to receive information, newsletters or other marketing communications from us;
(c) When you pay for courses or make purchases in our online shop;
(d) Through your relationship and communications with us, for example, if you contact us to ask a question about a course, or when you exchange emails with your teacher;
(e) When you sign up to attend a course or event via a third party online reservation service (e.g. via Eventbrite);
(f) When you contribute to online message boards or forums we provide (you will be identified when you post);
(g) When you interact with us via Facebook, Twitter, Instagram or other online platform; or
(h) When you visit our website (see 'Cookies' below).
6. Information about third parties
6.1 Please ensure that any Personal Data you supply to us which relates to third party individuals is provided to us with their knowledge of our proposed use of their Personal Data.
7. How and why we use your Personal Data
7.1 Under Data Protection Law, we can only use your Personal Data if we have a proper reason for doing so, for example:
(a) for the performance of a contract with you or to take steps at your request before entering into a contract;
(b) to comply with our legal and regulatory obligations,
(c) where we pursue our legitimate interests except where such interests are overridden by your own rights and interests; or
(d) where you have given consent.
7.2 If we process sensitive data as referred to under paragraph 3.2, including information about your philosophical or religious beliefs, we will only do this with your explicit consent, where you have already made public such information, where the processing is carried out in the course of our legitimate activities (in which case we will not disclose that Personal Data outside the Kabbalah Centre without your consent), or if otherwise permitted by Data Protection Law.
7.3 We may use your Personal Data for one or more of the following purposes:
(a) Class and event administration: including responding to any queries you may have regarding classes or events you may be interested in, registering you as a student, confirming your class registration, providing you with all the information you need to attend events and to participate in classes you have enrolled in, recording your milestones, providing our events, classes and connected resources to you. We may contact you for the purposes of class and event administration using any of the contact details you provide to us, including text message.
(b) Fulfil an order for a product: processing your order and payment, keeping in touch regarding your order and delivering it to you.
(c) Identity checking: where necessary, conducting checks to identify our donors and verifying their identities.
(d) Operational reasons within our legitimate interests: such as improving efficiency, ensuring your teacher(s) have all the information they need to help you get the most out of the classes (this may involve teachers sharing information about students when necessary), training and quality control, responding to queries you may have, ensuring that our internal policies are complied with, maintaining and updating our records, preventing unauthorised access and modifications to systems.
(e) To comply with legal or regulatory requirements: keeping health and safety records in relation to our premises, keeping all relevant tax records and for any other purpose required by law, regulation, the order of a court or regulatory authority.
(f) Marketing within our legitimate interests: providing you with direct marketing communications about what we are doing as well as products, courses and/or events which may be of interest to you by post or phone. If required under applicable law, where we contact you by SMS, email, fax, social media and/or any other electronic communication channels for direct marketing purposes, this will be subject to you providing your express consent. You can object or withdraw your consent to receive direct marketing from us at any time, by contacting us using the email address below.
(g) To enforce and/or defend any of our legal claims or rights.
7.4 We do not intend to collect Personal Data relating to children. In the event that we receive Personal Data from children under the age of thirteen, it will be used only for class or event administration purposes and as may be otherwise required by law.
8. Disclosing your Personal Data to third parties
8.1 We do not sell or rent your Personal Data. We may however share your Personal Data with:
(a) Other Kabbalah Centre locations, who may assist us in providing you with newsletters, products and services, and provide us with operational assistance; and
(b) Third parties we use to help deliver our products and services to you e.g. payment service providers, online reservation service providers, delivery companies.
8.2 We only allow our service providers to handle your Personal Data if we are satisfied they take appropriate measures to protect your Personal Data. We also impose contractual obligations on our service providers to ensure they can only use your Personal Data to provide services to us and to you.
8.3 We may also share Personal Data with external auditors, e.g. in relation to the audit of our accounts.
8.4 We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
8.5 In the event of a reorganisation or change of control of Kabbalah Centre, Personal Data may be transferred to that reorganised entity or incoming controlling entity so that Kabbalah Centre can continue to operate.
9. How long we retain your Personal Data for
9.1 Kabbalah Centre only retains Personal Data identifying you for as long as you have a relationship with us, or as necessary to perform our obligations to you (or to enforce or defend contract claims), or as is required by applicable law.
9.2 We have a data retention policy that sets out the different periods we retain data for in respect of relevant purposes in accordance with our duties under Data Protection Law. The criteria we use for determining these retention periods is based on various legislative requirements; the purpose for which we hold data; and guidance issued by relevant regulatory authorities including but not limited to the UK Information Commissioner's Office (ICO).
9.3 Personal Data we no longer need is securely disposed of and/or anonymised so you can no longer be identified from it.
10. Links to other websites
11.2 Our website uses the following types of cookies:
(a) Necessary cookies: these cookies are essential for the website to function properly and cannot be disabled without severely affecting the usability of the website. The law does not require us to ask consent to use these cookies and they will always be placed when you use our website.
(b) Functional cookies: these cookies remember various choices you make on the website to improve your experience. They are also used to display recommendations for you based on your past activity on the website. Functional cookies may be required for actions such as watching a video.
Any Personal Data that these cookies collect is anonymised before being used for any other purpose, so we don’t keep records of your data or track you personally, or monitor how you browse on other websites.
(c) Analytics cookies: these cookies gather anonymous data on how visitors use the website, for example, what pages are most visited and how long visitors stay on them. They also gather information on errors which may occur during visits which can help us fix them.
11.3 Managing cookies: most web browsers allow you to manage which cookies you accept via their settings. You can normally use the ‘Help’ functionality on your browser to find out about how it handles cookies and how you can manage your cookie preferences.
11.4 You can also view and manage the advertising cookies placed on your device by visiting Your Online Choices here.
12. Transferring your Personal Data out of the EEA
12.1 We may transfer your Personal Data to Kabbalah Centre in the United States where laws are currently not considered to meet the same legal standards of protection for Personal Data as in the EU and as set out under Data Protection Law. However, in order to safeguard your Personal Data, we only conduct such a transfer under a contract or another appropriate mechanism which is authorised under Data Protection Law. This is to make sure that your Personal Data is safeguarded in accordance with the same legal standards that apply to us in the United Kingdom.
12.2 We may transfer your Personal Data to Israel, which has been assessed by the European Commission as providing an adequate level of protection for your Personal Data.
13.1 We have implemented technology and security policies, rules, and other measures to protect the Personal Data that we have under our control from unauthorised access, improper use, alteration, unlawful or accidental destruction, and accidental loss. We limit access to your Personal Data to those who have a genuine business need to access it. Those processing your Personal Data will do so only in an authorised manner and are subject to a duty of confidentiality. In addition, we have reasonable security measures in place in our physical facilities to protect against the loss or misuse of information at our site that we have collected from you.
13.2 We also endeavour to take all reasonable steps to protect Personal Data from external threats such as malicious software or hacking. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of all data sent to us (including Personal Data).
14. Your personal data rights
14.1 In accordance with your legal rights under applicable law, you have a 'subject access request' right under which you can request information about the Personal Data that we hold about you, what we use that Personal Data for and who it may be disclosed to as well as certain other information. Usually we will have a month to respond to such a subject access request. We reserve the right to verify your identity if you make such a subject access request and we may, in case of complex requests, require a further two months to respond. We may also charge for administrative time in dealing with any manifestly unreasonable or excessive requests for access. We may also require further information to locate the specific information you seek before we can respond in full and apply certain legal exemptions when responding to your request.
14.2 Under Data Protection Law you also have the following rights, which are exercisable by making a request to us in writing:
(a) that we correct Personal Data that we hold about you which is inaccurate or incomplete;
(b) that we erase your Personal Data without undue delay if we no longer need to hold or process it;
(c) to object to any automated processing (if applicable) that we carry out in relation to your Personal Data;
(d) to object to our use of your Personal Data for direct marketing;
(e) to object and/or to restrict the use of your Personal Data for purposes other than those set out above unless we have a legitimate reason for continuing to use it; or
(f) that we transfer Personal Data to another party where the Personal Data has been collected with your consent or is being used to contact you with and is being carried out by automated means.
14.3 All of these requests may be forwarded on to a third party provider who is involved in the processing of your Personal Data on our behalf.
14.4 If you would like to exercise any of the rights set out above, please contact us at the address below.
14.5 If you make a request and are not satisfied with our response, or believe that we are illegally processing your Personal Data, you have the right to complain to the Information Commissioner's Office (ICO) – please see https://ico.org.uk/ for details.
020 7499 4974