Our website address is: http://totalchi.com.
We will only keep your information for as long as we are either required to by law, or as is relevant for the purposes for which it was collected.
Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:
This website collects and uses personal information for the following reasons:
Should you choose to contact us using the contact form on our Contact us page or an email link like this one, none of the data that you supply will be stored by this website or passed to / be processed by any of the third party data processors defined in section 6.0. Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our own SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices. However, not all mail servers are secured in such a way. Therefore, we would suggest that you always consider email as an insecure medium and not include personal, confidential or otherwise sensitive information within an email.
If you choose to join our email newsletter, the email address that you submit to us will be forwarded to MailChimp who provide us with email marketing services. We consider MailChimp to be a third party data processor (see section 6.0 below). The email address that you submit will not be stored within this website’s own database or in any of our internal computer systems.
Your email address will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.
If you are under 16 years of age you MUST obtain parental consent before joining our email newsletter.
While your email address remains within the MailChimp database, you will receive periodic (approximately one per month) newsletter-style emails from us.
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor (see section 6.0 below).
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
All booking requests and payments are processes by MINDBODY. We consider MINDBODY to be a third party data processor (see section 6.0 below). We have embedded the class schedule from MINDBODY on our Schedule page and we have various links within our website linking to MINDBODY in-order to allow Users to join and book classes.
MINDBODY is currently creating tools and processes to assist customers with fielding requests from their clients who ask to remove their information from MINDBODY databases.
MINDBODY is reviewing their procedures to ensure that data is retained no longer than is required. Identifiable consumer data will be removed if requested by the consumer and approved by us.
Clients can opt out of texts and emails through Consumer Mode, or we can do it on their behalf through Business mode by changing their communication preference.
We do not store any personal data within this website’s database.
We do not sell, trade, or rent Users personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above.
For users that register on our website, if any, we store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
We do not store or send any personal data on this website.
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.
This website is hosted by PageCloud.
PageCloud is a fully managed service with hosting bundled in. Hosted on Amazon Web Services (AWS), PageCloud is secure and available whenever you need it.
Full details of Amazon Web Services (AWS) data centers can be found here.
MINDBODY co-locates with secure, Tier 4 data centers in Irvine, California, and Las Vegas, Nevada. Each data center is monitored 24/7, 365 days a year by skilled and experienced IT professionals.
SSAE Type II and Type III compliant
Zone 4 earthquake-rated reinforced structure
Monitoring system providing real-time data on equipment operation, enabling instant identification of problems
Multiple paralleled N+1 UPS modules configured in redundant systems to allow for A/B power configuration
Twenty megawatts of expandable N+1 power backup utilizing generators
A Very Early Smoke Detection Alarm (VESDA) with pre-action dry pipe fire suppression systems
Multiple fiber route entrances to structures
Access control systems (biometric scans and Personal Identification Number (PIN) access) with separate locks for each MINDBODY server cabinet
Full details of MINDBODY data centers can be found here.
MindBody (Security policy)
We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the legislation set out in section 2.0. All 3 of these third parties are based in the USA and are EU-U.S Privacy Shield compliant.
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
25/05/2018 – version 1.1
3.0 PERSONAL INFORMATION THAT THIS WEBSITE COLLECTS AND WHY WE COLLECT IT
4.0 HOW WE STORE YOUR PERSONAL INFORMATION
6.0 OUR THIRD PARTY DATA PROCESSORS
25/05/2016 – version 1.0
By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.