Privacy Policy

Class Concierge ("we", "us") is committed to protecting your personal data and ensuring compliance with the EU General Data Protection Regulation ("GDPR") and other applicable laws. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use the Class Concierge services or website. Please read this policy carefully to understand our practices.

Personal Data We Collect

We collect and process the following categories of personal data about you, the individual using our concierge services, typically provided via our concierge partners:

• Your full name, email address, and telephone number. This information is necessary for us to recognize you, communicate with you regarding your requests, and deliver our services, such as sending confirmations or contacting you about scheduling changes.
• Payment information and related financial details required to process service transactions. For example, billing address or partial payment card details, and transaction IDs. We use this data to facilitate payments for services you request through Class Concierge and to keep necessary records of those transactions.
• Information about the services you request from us, such as your booking details, preferences, or any instructions you provide (e.g., class types, schedule preferences, special requests). This can include dates, times, or other context needed to fulfill your concierge requests.
• When you interact with our website, we may collect limited technical data such as your IP address, browser type, and operating system via server logs or essential cookies. We do not use this data to identify you, but to ensure the website's security and functionality. (See Cookies below for more on our use of cookies.)

We do not ask for or intentionally collect any sensitive personal data. We also do not target or knowingly collect data from children or vulnerable individuals. Our services are intended for use by adults in a business context. If you are under the age of 16 (or the applicable age of digital consent in your country) or are considered a vulnerable person under applicable law, please do not provide your personal data to us. We do not knowingly process such data, and if we learn that we have received it, we will delete it.

Purpose of Processing Personal Data

We only process your personal data for specified and legitimate purposes. In particular, Class Concierge uses the above categories of personal data for the following purposes:

• We use your name and contact information to identify you and communicate about the concierge services you request. For example, we will email, text, or call you to confirm class or service bookings, provide updates, or respond to your inquiries. We use service request details (such as class preferences or schedules) to arrange and personalize services according to your needs.
• Your financial and contact data are used to process payments and complete transactions for services (e.g., billing you or your organization for a class or an arranged service). We may send payment receipts or invoices to the email address you provided.
• We may need to share limited information with or receive it from our concierge partners (the business or organization through whom you gained access to Class Concierge) to ensure smooth service. For example, if your employer or membership concierge partner introduced you to our services, we might confirm booking fulfillment or eligibility with them. However, we remain an independent controller for any data we handle, and our partners will separately handle your data under their own privacy policies if applicable.
• If you contact us for help, we will use your contact information and request data to assist you, resolve any issues, or answer questions.
• We might use aggregated or de-identified information (not identifiable to you) to analyze service performance and improve our offerings. If we are required by law to process or disclose your data (for example, for tax, accounting, or law enforcement requests), we will do so only to the extent necessary to comply with those legal obligations.

We will not use your personal data for any purpose that is incompatible with the original purposes described above without informing you and, if required, obtaining your consent. In essence, we limit our use of your data to what is necessary for providing our concierge services and fulfilling our contract with you, or other closely related purposes that are compatible with those original aims.

Legal Bases for Processing

Under the GDPR, we must have a valid legal basis to process your personal data. Class Concierge relies on the following legal grounds:

• The primary legal basis for our processing is Article 6(1)(b) GDPR – "necessary for the performance of a contract" to which you (the data subject) are a party. In practice, this means we process your personal data to deliver the services you request and fulfill our obligations to you under the terms of service.
• In certain cases, we may ask for your consent to process data for specific, optional purposes. For instance, if in the future we send out an email newsletter or promotional communications, we will only do so with your prior consent (or as allowed under soft opt-in rules for existing customers). In such situations, Article 6(1)(a) GDPR (your consent) will be our legal basis.
• While not common, if we need to process certain data to comply with a law or regulation (Article 6(1)(c) GDPR) – for example, retaining transaction records for tax or accounting regulations, we will do so strictly to the extent required.

Cookies and Online Tracking

At present, Class Concierge's website does not use any cookies or tracking technologies that collect personal data beyond what is necessary for the website to function. We do not use Google Analytics or advertising/tracking cookies that profile you. If you simply browse our site, we may place only essential cookies (for example, a session ID to remember your login or preferences), which are needed to provide you with the service you explicitly request. Such necessary cookies do not require consent under the law.

However, we want to be transparent and proactive about potential future changes. If we introduce cookies or similar technologies in the future for analytics, personalization, or advertising purposes, we will first obtain your consent before storing or accessing information on your device, in accordance with the EU ePrivacy Directive's requirements and applicable national laws.

Data Sharing and Disclosure

We treat your personal data with care and confidentiality. We do not sell or rent your personal information to third parties. We will only share your data with third parties in the following circumstances, and always under data minimization and purpose limitation principles:

• With Concierge Partners: If you were introduced to Class Concierge through one of our concierge partners, we may share limited information back to that partner to fulfill our service arrangement.
• Service Providers: We use trusted third-party service providers to help us operate our business and deliver our services. These may include cloud hosting providers, payment processors, or customer support tools.
• Legal Requirements: We may disclose personal data if we are legally compelled to do so or if disclosure is necessary to protect vital interests.
• Business Transfers: In the unlikely event that Class Concierge undergoes a major business change, such as a merger or acquisition, personal data might be part of the transferred assets.

Data Storage and International Transfers

All personal data we collect from you is stored on secure servers located within the European Union (EU). We do not transfer or store your personal data in countries outside the European Economic Area (EEA) in the ordinary course of business. This means your data remains under the protection of the GDPR and EU privacy laws.

We retain personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. When the retention period expires or the data is no longer needed, we erase or anonymize it in a secure manner.

Data Security

Class Concierge takes the security of your personal data seriously. We implement appropriate technical and organizational measures to prevent unauthorized access, loss, alteration, or disclosure of your information. These measures include encrypted connections (SSL/TLS) for all data transmissions, encryption of sensitive data at rest, access controls to limit who can access personal data, and regular review of our security practices.

Your Data Protection Rights

As a data subject under the GDPR, you have certain rights regarding your personal data that we respect and uphold. In summary, your rights include:

• Right to Information and Access: You have the right to be informed about how we process your data and to access the personal data we hold about you.
• Right to Rectification: If any of your personal data is inaccurate or incomplete, you have the right to request that we correct or update it.
• Right to Erasure: You have the right to ask us to delete your personal data in certain circumstances.
• Right to Restrict Processing: You have the right to request that we limit the processing of your personal data under certain conditions.
• Right to Data Portability: You have the right to obtain your data in a structured, commonly used, machine-readable format.
• Right to Object: You have the right to object to our processing of your personal data in certain situations.
• Right to Withdraw Consent: In cases where we rely on your consent, you have the right to withdraw it at any time.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe we have infringed your data protection rights.

How to Exercise Your Rights

You can exercise any of your rights by contacting us (see Contact Us below). We will respond to your request as soon as possible, and in any event within the GDPR's required timeframe (generally within one month, extendable to two months for complex requests – we will inform you if an extension is needed).

Automated Decision-Making and AI

Class Concierge does not use any personal data for fully automated decision-making, including profiling, that produces legal effects or similarly significant effects for you. In other words, you will not be subject to a decision solely by a computer or algorithm without any human involvement in the decision-making process. Should we implement any AI that processes personal data, we will conduct the necessary Data Protection Impact Assessments (DPIA) as required under GDPR.

Update to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. If we make significant changes, we will notify our users through appropriate channels. The "last updated" date of this Policy will always indicate when the latest changes were made. We encourage you to review this Policy periodically to stay informed about how we are protecting your data.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how Class Concierge handles your personal data, please do not hesitate to contact us. We are here to help and are committed to addressing any issues promptly. You can reach our team at:

Your privacy is extremely important to us, and we welcome your feedback. Thank you for trusting Class Concierge with your personal data. We will continue working hard to keep that trust.