Reading time: 5 minutes

Running a yoga studio as a business can be a rewarding endeavour. However, there are various business concerns that you need to consider, and perhaps privacy is not an obvious one. Nevertheless, New Zealand law imposes various privacy obligations on certain businesses, which you may need to meet. A privacy policy can help you meet these obligations. Therefore, this article will explain whether you need a privacy policy when running a yoga studio in New Zealand.

New Zealand Privacy Law

In New Zealand, we have various expectations around how businesses and organisations can handle our private information. NZ privacy law aims to meet those expectations by setting rules for how those businesses and organisations handle personal information, including its:

  • collection;
  • storage;
  • security;
  • usage;
  • disclosure; and
  • disposal.

In New Zealand, personal information is any information about an identifiable individual. This definition means that if you can use the information (either by itself or combined with another piece of information) to identify a living person, it is personal information.

The law classifies any business or organisation that deals with personal information as an agency. Likewise, agencies must meet the law’s requirements for protecting individuals’ privacy. If you do not meet these requirements, you run the risk of both financial and legal penalties. These depend on the severity of what you did wrong. 

Additionally, some compliance measures include meeting the Privacy Act’s requirements for dealing with personal information, such as:

  • having a legitimate and lawful purpose for collecting certain information;
  • legally collecting personal information directly from the source;
  • securing any personal information you hold;
  • allowing individuals to access and correct the information you hold about them;
  • using correct and current information;
  • using and keeping information for no longer than what you need;
  • only sharing information where necessary;
  • meeting legal requirements for sharing information overseas; and
  • telling people how you use their personal information.

What Is a Privacy Policy?

Every agency needs to meet the Privacy Act’s disclosure requirements when they collect peoples’ personal information. To do so, many use a privacy policy or privacy statement. This document or page on your website will include the points above, as well as any other important privacy information.

Many customers are concerned about their privacy and will be on the lookout for a privacy policy when your business asks for their personal information.

Do I Need a Privacy Policy For My Yoga Studio?

If you collect or use personal information about your customers or employees, your yoga studio will classify as an agency under New Zealand privacy law. Examples of personal information include:

  • names;
  • email addresses;
  • telephone numbers;
  • credit card details;
  • bank account details;
  • identifying health information;
  • photos; and
  • anything else that can identify a person.

For example, say that you collect and store the names and contact details of regular studio members that attend your classes in a logbook. You have collected and recorded the personal information of those studio members, so you need to meet your privacy law obligations when doing so. Additionally, if you note down information about members’ physical ailments, such as chronic injuries, this may classify as personal health information.

No matter how you collect this personal information, whether it be through your website or in-person conversations, you need to comply with the law when you do so.

What Should My Privacy Policy Include?

One of the requirements of the Privacy Act is that you take reasonable steps to tell customers when you collect their personal information, as well as:

  • why you collect their information;
  • whether any particular laws apply (such as health laws);
  • who has access to their information;
  • whether giving you the information is optional;
  • the consequences of not giving you their information;
  • their legal right to access and correct the information you hold about them; and
  • your contact details for privacy matters.

Therefore, your privacy policy should cover these points. It should reflect the privacy needs of your yoga studio, so cater it to the personal information you actually use and collect. Its exact contents will vary according to how you use information.

For example, if you use online sign up sheets to enrol new customers at your studio, your privacy policy needs to detail how you handle this personal information. You also need to cover information that customers may not know they are giving you online, such as cookies and IP information that you may use for analytics purposes.

Some yoga studios may collect more information than others, so they may need a more detailed privacy policy. However, if you do not collect a lot of personal information, you may use a privacy statement instead, which the Privacy Commission’s Priv-o-Matic tool can help with.

Key Takeaways

New Zealand privacy law sets certain rules for businesses and organisations that deal with personal information. If your yoga studio handles personal information, such as names or contact details, you need to meet these requirements, such as telling customers that you do so. You can do this with a privacy policy. 

For more information or help with writing your yoga studio’s privacy policy, contact LegalVision’s privacy lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

What is personal information?

Personal information is any information about an identifiable individual. Hence, if you can use this information to identify a living person, it classifies as personal information.

Do I need a privacy policy?

If your business handles personal information, you need to tell your customers that you do so. A helpful way to do this is with a privacy policy or privacy statement.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

Our Awards

  • 2019 Top 25 Startups - LinkedIn
  • 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year - Australasian Law Awards
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards