Privacy Policy of RhythmRoot Dance Studio

Effective Date: 28 April 2026

1. Introduction and Company Information

This Privacy Policy explains how RhythmRoot Dance Studio (“we”, “us”, “our”) collects, uses, discloses, stores, and protects personal data when you visit our premises, use our website or online services, contact us, register for classes, purchase memberships, attend workshops or events, or otherwise interact with us.

RhythmRoot Dance Studio is the data controller responsible for the processing of your personal data in connection with our dance-studio business in India.

Business Name: RhythmRoot Dance Studio
Address: RhythmRoot Dance Studio, 2nd Floor, Sai Plaza, 18 Brigade Road, Bengaluru, Karnataka 560025, India
Email: [email protected]
Phone: +91 80 4127 6834

This Privacy Policy is intended to be consistent with applicable Indian privacy and data protection laws, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023, and other applicable laws and regulations in India, as amended from time to time.

2. Data Collection and Processing

We may collect and process the following categories of personal data, depending on how you interact with us:

• Identity and contact details: name, phone number, email address, postal address, emergency contact details, date of birth, gender, and parent/guardian details for minors.
• Account and registration information: class registrations, membership details, attendance records, booking history, preferences, and communication preferences.
• Payment and transaction information: billing details, payment status, transaction references, and limited payment-related information necessary to process fees and refunds. We generally do not store full card details unless handled by a payment service provider.
• Health and safety information: information relevant to participation in dance activities, such as injury history, physical limitations, emergency medical information, or accessibility needs, where provided voluntarily or required for safety.
• Media and performance content: photographs, audio, video, and recordings captured during classes, rehearsals, performances, workshops, or events, subject to applicable consent and notices.
• Technical and usage data: IP address, device information, browser type, log data, cookies, analytics data, and interactions with our website or digital communications.
• Communication data: messages, inquiries, feedback, complaints, and records of our correspondence with you.

Where required by law, we will obtain your consent before collecting or processing sensitive personal data or information, and we will process such data only for lawful and necessary purposes.

If you provide personal data relating to another person, you confirm that you have the authority or consent to do so, where required.

3. Purpose of Data Processing

We process personal data for the following purposes:

• to register students, manage memberships, and administer classes, workshops, rehearsals, and events;
• to communicate with you regarding schedules, fees, updates, policies, and service-related notices;
• to process payments, issue invoices or receipts, and manage refunds or adjustments;
• to maintain attendance, safety, and emergency records;
• to assess suitability for classes, including age-appropriate placement and safety considerations;
• to provide customer support and respond to inquiries, complaints, and feedback;
• to improve our services, facilities, website, and customer experience;
• to conduct marketing and promotional activities, including newsletters, offers, and event announcements, where permitted by law and subject to your preferences;
• to capture and share studio-related media for promotional, archival, or community purposes, where consent or other lawful basis applies;
• to comply with legal obligations, regulatory requirements, tax and accounting obligations, and lawful requests from authorities;
• to protect our rights, property, safety, and the safety of our students, staff, instructors, and visitors;
• to detect, prevent, and investigate fraud, misuse, security incidents, or other unlawful activity.

4. Legal Basis for Processing

We process personal data only where we have a lawful basis to do so under applicable Indian law. Depending on the context, our legal bases may include:

• Consent: where you have given clear consent for a specific purpose, such as receiving marketing communications or the use of certain media content.
• Performance of a contract: where processing is necessary to provide classes, memberships, event participation, or related services you have requested.
• Compliance with legal obligations: where processing is necessary to comply with applicable laws, tax rules, accounting requirements, or lawful directions from authorities.
• Legitimate uses / legitimate interests: where processing is necessary for our operational, administrative, safety, security, fraud-prevention, or service-improvement purposes, provided such interests are not overridden by your rights and interests.
• Protection of vital interests: where necessary to protect the life or physical safety of any person, such as in an emergency situation.

Where we rely on consent, you may withdraw it at any time, subject to legal or contractual restrictions and the consequences described in this Policy.

5. Data Sharing and Third Parties

We may share personal data with the following categories of recipients, only as necessary and subject to appropriate safeguards:

• Service providers: payment processors, cloud hosting providers, email/SMS providers, customer relationship tools, website analytics providers, and IT support vendors.
• Instructors and staff: internal personnel and contracted instructors who need access to perform their duties.
• Professional advisers: auditors, accountants, lawyers, consultants, and insurers.
• Event partners and venue operators: where needed for workshops, performances, competitions, or collaborative events.
• Authorities and regulators: courts, law enforcement, tax authorities, and other government bodies where disclosure is required or permitted by law.
• Business transferees: in connection with a merger, acquisition, restructuring, sale of assets, or similar corporate transaction, subject to applicable law.

We do not sell personal data in the ordinary course of business. Any sharing is limited to what is necessary for the stated purpose and subject to confidentiality and security obligations where appropriate.

6. Data Transfer to Third Countries

Some of our service providers may process or store personal data outside India, including in countries that may have different data protection standards. Where such transfers occur, we take reasonable steps to ensure appropriate safeguards are in place, such as contractual protections, security measures, and transfer arrangements consistent with applicable law.

By using our services, you acknowledge that your personal data may be transferred, stored, or processed outside India where necessary for the operation of our services and business functions, subject to applicable legal requirements.

7. Storage Duration

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, unless a longer retention period is required or permitted by law.

• Registration and membership data: retained for the duration of your relationship with us and for a reasonable period thereafter.
• Payment and accounting records: retained for periods required under tax, accounting, and audit laws.
• Communication records: retained as needed to address inquiries, disputes, and service history.
• Media content: retained for the period necessary for the purpose for which it was collected, or until consent is withdrawn where consent is the basis.
• Security and technical logs: retained for a limited period unless needed for investigation, legal compliance, or security purposes.

When personal data is no longer required, we will delete, anonymise, or securely archive it in accordance with our retention practices and applicable law.

8. User Rights

Subject to applicable law, you may have the following rights in relation to your personal data:

• Access: to request confirmation of whether we process your personal data and to obtain a copy of such data.
• Rectification: to request correction of inaccurate, incomplete, or outdated personal data.
• Erasure: to request deletion of personal data where it is no longer necessary, consent is withdrawn, or deletion is otherwise permitted by law.
• Restriction: to request limitation of processing in certain circumstances.
• Data portability: to request a copy of certain personal data in a structured, commonly used, and machine-readable format, where applicable.
• Objection: to object to certain processing activities, including direct marketing where applicable.

We may need to verify your identity before responding to a request. We may also refuse or limit a request where permitted by law, such as where processing is required for legal compliance, security, fraud prevention, or the establishment, exercise, or defence of legal claims.

9. Withdrawal of Consent

Where we rely on your consent to process personal data, you may withdraw that consent at any time by contacting us using the details provided below or by using any available unsubscribe or preference-management mechanism.

Withdrawal of consent will not affect the lawfulness of processing carried out before withdrawal. In some cases, withdrawing consent may prevent us from providing certain services, such as participation in specific classes, use of promotional media, or receipt of marketing communications.

10. Right to Complain

If you have concerns about how we handle your personal data, we encourage you to contact us first so that we can address your concern promptly.

You may also have the right to lodge a complaint with the appropriate supervisory or regulatory authority in India, including the Data Protection Board of India or any other competent authority established under applicable law, depending on the nature of your complaint and the law in force at the relevant time.

11. Data Security

We implement reasonable security practices and procedures to protect personal data against unauthorized access, disclosure, alteration, loss, misuse, or destruction. These measures may include:

• access controls and role-based permissions;
• secure storage and transmission methods;
• password protection and authentication measures;
• staff training and confidentiality obligations;
• regular review of security practices and vendor safeguards;
• incident response procedures for suspected data breaches.

While we take reasonable steps to protect personal data, no method of transmission over the internet or method of electronic storage is completely secure. You are also responsible for protecting your own devices, credentials, and account information.

12. Contact Information

If you have any questions, requests, or complaints regarding this Privacy Policy or our processing of personal data, please contact:

RhythmRoot Dance Studio
2nd Floor, Sai Plaza, 18 Brigade Road, Bengaluru, Karnataka 560025, India
Email: [email protected]
Phone: +91 80 4127 6834

13. Changes to Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal obligations, or operational requirements. Any updated version will be posted with a revised effective date, and where required by law or where changes are material, we will provide additional notice.

We encourage you to review this Privacy Policy periodically to stay informed about how RhythmRoot Dance Studio processes personal data.