- Collection of Personal Data
- Legal Basis for Holding Personal Data
- Use of Personal Data
- Website Visitor Tracking
- Disclosure of Personal Data to Third Parties
- Adverts and Sponsored Links
- Downloads & Media Files
- External Website Links & Third Parties
- Social Media Policy & Usage
- Security of Personal Data
- Personal Data Retention
- Customer Legal Rights
- Resources & Further Information
Further explanations may be provided for specific pages or features of this website in order to help you understand how we, this website and its third parties (if any) interact with you and your computer / device in order to serve it to you. Our contact information is provided if you have any questions.
The DPA & GDPR May 2018
We and this website complies to the DPA (Data Protection Act 1998) and already complies to the GDPR (General Data Protection Regulation) which comes into affect from May 2018. We will update this policy accordingly after the completion of the UK’s exit from the European Union.
Collection of Personal Data
Personal information (“Personal Data”) means any information about an individual from which that person can be identified. Within our database we hold Personal Data such as name, email address, postal address, telephone numbers, and we may hold medical history that you have declared (strictly as necessary to safely deliver our services).
Our database is composed of Personal Data gathered from website sign-ups (either from hopepilates.com , our main booking system and/or third party partners such as playenable, pilates near you, gympass, groupon, meet up, treatwell, yoga near you, classpass, everbrite, facebook, instagram, gumtree, wonderush, nextdoor, wowcher, and mumsnet ), or face to face, telephone or email communication when you seek our services.
Legal Basis for Holding Personal Data
We hold Personal Data on either of two legal bases as set out in the GDPR: Consent where you have given clear consent for us to hold your personal information (GDPR Article 6.1 (a)) or where we have a Legitimate Interest to hold that information, which interest has been identified and can include commercial interests, individual interests or broader societal interests (GDPR Article 6.1 (f)). We consider that we have a Legitimate Interest to hold personal data on all individuals who are included in our database to properly provide the services that we offer.
Use of Personal Data
Users contacting this us through this website do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use.
Where we have clearly stated and made you aware of the fact, and where you have given your express permission, we may use your information for transactional communications (such as booking updates, receipts, reminders and service cancellation updates), send you products/services information through a mailing list system, and to otherwise promote and market our services, and deliver them according to professional standards.
We ask for your date of birth as this may be relevant to your practice and we also keep emergency contact details in case of an incident at the studio. These information is kept on your file and on our booking system PlayEnable.
This is done in accordance with the regulations named in ‘The policy’ above.
- Understand and save user’s preferences for future visits.
- Memorise the users who have unlocked access to premium content.
If you disable cookies off, some features will be disabled. It will affect the users experience and some of our services will not function properly.
Website Visitor Tracking
This website uses tracking software to monitor its visitors to better understand how they use it. The software will save a cookie to your computers hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information.
Disclosure of Personal Data to Third Parties
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide you with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.
We will disclose you personal data to our service providers, including PlayEnable, which supplies our business management platform and booking apps. PlayEnable is based in United Kingdom and also subject to certain obligations with regard to the security of your personal data in accordance with EU GDPR.
In order to process online debit and credit card transactions we use Stripe, an American company, which stores all of its data on owned and operated servers located in the U.S. only. Stripe has been certified to the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
Email Mailing List & Marketing Messages
We use an email mailing list program, used to inform subscribers about important information such as T&C updates, timetable changes, upcoming reminders to our policy and other transactional email, products, services updates and/or news we supply/publish. Users can subscribe through an online automated process where they have given their explicit permission. Subscriber personal details which includes but not limited to user-names, member names, email addresses, IP addresses, other contact details, survey responses, blogs, photos, payment information such as payment agent details, transactional details, tax information, support queries, forum comments, content you direct us to make available on our Sites (such as item descriptions) and web analytics data are collected, processed, managed and stored in accordance with the regulations named in ‘The policy’ above. Subscribers can unsubscribe at any time through an automated online service, or if not available, other means as detailed in the footer of sent marketing messages. The type and content of marketing messages subscribers receive, and if it may contain third party content, is clearly outlined at the point of subscription.
Email marketing messages may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of subscriber data relating to engagement, geographic, demographics and already stored subscriber data.
In order to distribute occasional newsletters we use Go Daddy Inc, an American company, which stores all of its data on owned and operated servers located in the U.S. only. Go Daddy Inc. has been certified to the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework and, as with Stripe, we will only use data processors or similar organisations which are so certified and meet international regulatory standards.
Adverts and Sponsored Links
This website may contain sponsored links and adverts. These will typically be served through our advertising partners, to whom may have detailed privacy policies relating directly to the adverts they serve.
Downloads & Media Files
Any downloadable documents, files or media made available on this website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available users are advised to verify their authenticity using third party anti virus software or similar applications.
We accept no responsibility for third party downloads and downloads provided by external third party websites and advise users to verify their authenticity using third party anti virus software or similar applications.
External Website Links & Third Parties
Although we only looks to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text / banner / image links to other websites.
Shortened URL’s; URL shortening is a technique used on the web to shorten URL’s (Uniform Resource Locators) to something substantially shorter. This technique is especially used in social media and third party apps (such as buffer). Users should take caution before clicking on shortened URL links and verify their authenticity before proceeding.
We cannot guarantee or verify the contents of any externally linked website despite our best efforts. Users should therefore note they click on external links at their own risk and we cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Social Media Policy & Usage
We adopt a Social Media Policy to ensure our business and our staff conduct themselves accordingly online. While we may have official profiles on social media platforms users are advised to verify authenticity of such profiles before engaging with, or sharing information with such profiles. We will never ask for user passwords or personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with us on social media.
There may be instances where our website features social sharing buttons, which help share web content directly from web pages to the respective social media platforms. You use social sharing buttons at your own discretion and accept that doing so may publish content to your social media profile feed or page. You can find further information about some social media privacy and usage policies in the resources section below.
Security of Personal Data
To ensure the security and confidentiality of Personal Data that we collect online, we use data networks protected by industry standard firewall and password protection. In the course of handling your Personal Data, we take measures reasonably designed to protect that information from loss, misuse, unauthorised access, disclosure, alteration or destruction We have in place safeguards in our procedures and technology to keep Personal Data secure to a standard for an organisation of our type and size.
Personal Data Retention
We will only retain your Personal Data for as long as necessary to fulfil the purposes for which we have collected and retained it.
Our services is not directed towards children under 13 but due to some circumstances (such as an adult availing our services with accompanied children), we collect data via our PARQ forms (health and safety forms). This particular form is offline and stored in our studio securely. Any relevant information is only collected for the purpose of health and safety matters pertinent to the provision of our services with the explicit consent of the individual holding parental responsibility for that child. This particular form is offline and stored in our studio securely. If you learn that a child under 13 has provided us with personal information without consent, please contact us..
Customer Legal Rights
You may “Opt-Out” of receiving any promotional communication from us by Unsubscribing from future newsletters.
You also have the rights under the Legislation, as described in full therein, to:
- Request access to your personal information
- Request correction of your personal information
- Request deletion of your personal information
- Object to processing of your personal information
- Request restriction of processing of your personal information
- Request transfer of your personal information
- Right to withdraw consent.
Resources & Further Information
- Overview of the GDPR – General Data Protection Regulation
- Data Protection Act 1998
- Privacy and Electronic Communications Regulations 2003
- The Guide to the PECR 2003
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact us at firstname.lastname@example.org directly so we can properly assist you.
109 Tierney Rd, London SW2 4QH
Tel: 020 3632 0096