Home
Who We Are
AboutOur TeachersLineageMedia & PressJoin Our TeamContact
Classes
Recommended – Intro ClassRecommended – Prelim ClassFoundation CoursesRegular ClassesGentle ClassKids YogaInner Peace SeriesTheme Based SessionsCorporate Wellness ProgramPrivate YogaOnline ClassesCommunity Classes
Programs
CoursesWorkshopsRetreatsEvents
E-Learning
Practice Library
Wisdom Hub
Free Resource LibraryIyengar Yoga Community ResourcesExplore & LearnFAQ
Schedule
ScheduleMemberships
Need Help? Chat 60124164115

Privacy Policy

1. Introduction

BKS Iyengar Yogashala, managed by Rishi Management Associates Sdn Bhd (“we”, “us”, “our”), is committed to protecting your personal data in compliance with the Personal Data Protection Act 2010 (PDPA) of Malaysia and, where applicable, the data protection laws of other jurisdictions from which our students access our services.

This Privacy Policy explains how we collect, use, store, protect, and disclose your personal information when you interact with us — whether in person at our studio, through our website (www.bksiyengaryogashala.com), via our online platforms, or through any other channel.

By using our services or providing your personal data to us by any means, you agree to the terms of this Privacy Policy.

We serve students in Malaysia and internationally through our in-studio and online classes, workshops, courses, and programs. We take our obligations under applicable data protection laws seriously, including for students in the European Union (EU GDPR), United Kingdom (UK GDPR), Singapore (PDPA SG), and other jurisdictions.

2. Personal Data We Collect

We may collect and process the following types of personal data:

  • Full name, address, phone number, and email address
  • Date of birth
  • Emergency contact details
  • Medical history or health information relevant to yoga practice (see Sensitive Personal Data note below)
  • Payment and billing information (processed securely via third-party payment processors)
  • Photos and videos taken during classes, workshops, events, and promotional activities (see Section 4a for consent details)
  • Records of attendance, class history, and participation
  • Communication preferences (e.g., consent to receive emails or WhatsApp messages)
  • Technical and usage data: IP address, browser type, device information, cookies, and interaction data when you visit our website or use our online platforms

Sensitive personal data: Health and medical information is classified as sensitive personal data under Malaysia’s PDPA. We collect this information only with your explicit written or digital consent, and solely for the purpose of ensuring your safe and appropriate participation in yoga practice.

Children under 18: If you are registering a minor for our classes (including our Kids Yoga program), consent must be provided by a parent or legal guardian. We do not knowingly collect personal data from children under 13 without verified parental consent.

3. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to improve your experience and help us understand how our services are used.

Why we use cookies:

  • Remember your preferences and session state
  • Analyse website traffic and usage patterns
  • Enable third-party integrations (e.g., class booking widgets, embedded video)
  • Deliver relevant marketing content (with your consent)

Types of cookies we use:

  • Strictly necessary — Required for core website functionality. Cannot be disabled.
  • Analytics / performance — Help us understand visitor behaviour and improve our site (e.g., Google Analytics).
  • Functional — Remember your preferences between visits.
  • Marketing / targeting — Used to deliver relevant content and measure campaign effectiveness. Used only with your consent.

You may manage or disable cookies through your browser settings at any time. Please note that disabling certain cookies may affect the functionality of some parts of our website. Where required by applicable law, we will obtain your consent before placing non-essential cookies on your device.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

  • Registering and managing your class package, membership, or course enrolment
  • Delivering yoga classes, workshops, retreats, and online programs
  • Communicating with you about schedule updates, class changes, or emergencies
  • Sending promotional materials, newsletters, and program announcements (only with your consent; you may withdraw at any time)
  • Managing billing, payments, and financial records
  • Using photos or videos for internal study/teaching purposes and/or promotional materials (see Section 4a below)
  • Operating and improving our online platforms, including video streaming and booking systems
  • Complying with legal obligations under Malaysian law and applicable international law
  • Protecting the rights and safety of our students, teachers, and staff

4a. Photography and Video Consent

We may photograph or film during classes, workshops, retreats, and events. We do this for two distinct purposes, each with a different consent basis:

Purpose Examples Consent Basis
Internal study Teacher reviewing alignment in recorded classes; educational review Legitimate Interest — no separate consent required
Promotional use Website, Instagram, Facebook, YouTube, newsletters, marketing materials Explicit Consent Required

What this means for you:

  • One-Time Initial Consent: When you first join or register with us, you will be asked to sign or digitally confirm a Photography and Video Consent form. This consent is granted once and remains valid indefinitely for all future classes, workshops, and events, meaning we will not ask for your permission on a session-by-session basis.
  • Voluntary Participation: Participation in our classes is never conditional on giving promotional consent. You are completely free to opt out when joining and practice without your image being used in any promotional materials.
  • Withdrawal of Consent: You have the right to change your mind and withdraw your consent at any time.
    • How to Request Removal: Please submit your request via email to admin@bksiyengaryogashala.com.
    • Future Use: Upon receiving your request, we will ensure your images are excluded from all future publications, marketing materials, and digital assets.
    • Third-Party Platforms: Please note that for images already published on third-party social media platforms (e.g., Instagram, Facebook), removal is subject to those platforms’ specific technical configurations and archival policies. Complete deletion from these external networks may require additional processing time beyond our direct control.

Class Recordings and Advertising:

Recordings of in-person or online classes may occasionally be used for short promotional clips, social media content, or marketing advertisements. We handle these based on the type of footage:

  • General Class Environment: Where recordings show the general studio atmosphere—with multiple students practicing together and no single individual prominently featured—we rely on general notice (this Privacy Policy and the consent form completed at registration) rather than obtaining individual permission from every participant.
  • Promotional Opt-Out: If you do not wish to appear in general class background recordings, please notify us at admin@bksiyengaryogashala.com or inform the front desk. We will gladly make reasonable arrangements to accommodate you (e.g., specific mat placement, seating position, or camera framing adjustment).
  • Featured Content: Where a specific student is individually highlighted, named, or prominently featured in promotional content, we will always obtain explicit, separate written consent from that individual before publication.
  • Online Class Feeds: If you attend a live online class, your video feed may be visible to other active participants in that session. As noted in Section 4a, recordings made strictly for internal teacher review are never used for public promotional purposes.

Legal bases for processing (GDPR / international students): Where GDPR or equivalent legislation applies to you, we process your data on the following legal bases: contractual necessity (class enrolment and delivery), legitimate interests (scheduling communications), legal obligation (financial records), and consent (marketing, sensitive health data, photos/videos).

5. How We Store and Protect Your Data

Your personal data is stored in physical records and/or electronic systems. Access is restricted to authorised staff and service providers on a need-to-know basis. We implement reasonable administrative, technical, and physical safeguards to protect your data against unauthorised access, modification, disclosure, or destruction.

In the event of a data breach that is likely to result in a significant risk to your rights or freedoms, we will notify affected individuals and, where required, the relevant authorities, without undue delay.

6. Third-Party Service Providers and Data Sharing

We do not sell or rent your personal data to any third party.

We may share your data with trusted third-party service providers who assist us in operating our business. These currently include, but are not limited to:

  • Momence.com — class booking, scheduling, attendance tracking, and payment processing
  • WhatsApp Business / Respond.io — student communication, customer support, and automated responses
  • VdoCipher — secure video hosting and delivery for online classes and recorded content
  • Meta (Facebook / Instagram) — social media communications and marketing
  • Google (Workspace, Analytics, Drive, YouTube) — business operations, email, analytics, and video
  • Beehiiv — email newsletter distribution

We may engage additional third-party platforms and service providers from time to time to improve or expand our services. When we do, we will take reasonable steps to ensure they provide adequate data protection. We will update this section when new platforms are adopted on an ongoing basis.

All third-party providers are required to handle your data in accordance with applicable data protection laws and our instructions. We do not authorise them to use your data for their own purposes.

7. International Data Transfers

We serve students from Malaysia and internationally. Your personal data may be processed or stored on servers located outside Malaysia, including in the United States and other countries where our third-party service providers operate.

Where we transfer your data outside Malaysia, we take steps to ensure appropriate safeguards are in place in accordance with the PDPA, including ensuring that overseas recipients provide a standard of protection comparable to the protections under the PDPA.

For students in the EU or UK (GDPR / UK GDPR): In addition to your rights under Malaysia’s PDPA, you have rights under the EU General Data Protection Regulation (GDPR) or UK GDPR, including the right to data portability and the right to lodge a complaint with your national data protection supervisory authority. Where required, we rely on appropriate transfer mechanisms (e.g., standard contractual clauses) for transfers of EU/UK personal data.

For students in Singapore: We handle your personal data in a manner consistent with Singapore’s Personal Protection Act 2012 (PDPA SG), including ensuring that overseas transfers are subject to comparable protection.

For students in other jurisdictions: We endeavour to comply with applicable local data protection laws. Please contact us if you have questions about how your data is handled under the laws of your country.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Under Malaysia’s PDPA 2010 (all students):

  • Access the personal data we hold about you
  • Correct any inaccurate or outdated personal data
  • Withdraw consent to processing at any time (subject to legal or contractual restrictions)
  • Request that we limit or cease processing your personal data
  • Request deletion of your data where it is no longer necessary for the purpose for which it was collected

Additional rights for EU/UK residents (GDPR / UK GDPR):

  • Data portability — receive your personal data in a structured, commonly used, machine-readable format
  • Object to processing based on legitimate interests
  • Restriction of processing
  • Lodge a complaint with your national data protection supervisory authority

To exercise any of these rights, contact us using the details in Section 13. We will respond within the timeframes required by applicable law.

9. Opt-Out of Marketing

You may opt out of receiving marketing communications from us at any time by:

  • Clicking the unsubscribe link in any marketing email we send
  • Replying STOP to any WhatsApp marketing message
  • Contacting us directly at admin@bksiyengaryogashala.com

Opting out of marketing will not affect communications that are necessary for the administration of your classes, packages, or account.

10. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law:

  • Payment and financial records — minimum 7 years, in accordance with Malaysian accounting and tax requirements
  • Health and medical records — retained for the duration of your active participation and for 7 years after your last class.
  • Marketing and communication records — until you withdraw consent or request deletion
  • General account data — retained while your account is active and for a reasonable period thereafter

When personal data is no longer required, we will delete or anonymise it securely.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be published on our website at www.bksiyengaryogashala.com with an updated effective date.

For material changes that affect your rights or how we use your data, we will make reasonable efforts to notify you directly (e.g., by email or WhatsApp). Your continued use of our services after any changes constitutes your acceptance of the updated policy.

12. Related Policies

This Privacy Policy should be read alongside our other governing documents:

13. Contact Us

For questions about this Privacy Policy, to exercise your rights, or to raise a data protection concern, please contact us:

BKS Iyengar Yogashala
Managed by Rishi Management Associates Sdn Bhd

Email: admin@bksiyengaryogashala.com
Phone: +60 12 416 4115
Address: 41, Jalan 109 E, Desa Business Park, Taman Desa, 58100, Kuala Lumpur, Wilayah Persekutuan, Malaysia
Website: www.bksiyengaryogashala.com

We will acknowledge your request within 7 business days and aim to resolve it within 21 days, or within the timeframe required by your applicable data protection law.

Last updated: June 22, 2026