Pilates in Motion Studio Ltd ("PIMS") is a limited company established under the laws of England and Wales, company no. 06714242.
When we hold an individual’s personal information we do so in accordance with all applicable legislation including the Data Protection Act 1998 (“DPA”) and the EU General data Protection Regulation in force from 25 May 2018 (“GDPR”) as they are now and as they may be amended and superseded from time-to-time. (together the “Legislation”).
Under the Legislation PIMS is a data controller.
1. Information we may collect about you
Personal information (“Personal Data”) means any information about an individual from which that person can be identified. Within our database we hold Personal Data such as name, email address, postal address, telephone numbers, and we may hold medical history that you have declared (strictly as necessary to safely deliver our services).
2. How we collect that Personal Data
Our database is composed of Personal Data gathered from website sign-ups, or face to face, telephone or email communication when you seek our services.
3. Our legal basis for holding that Personal Data
We hold Personal Data on either of two legal bases as set out in the GDPR: Consent where you have given clear consent for us to hold your personal information (GDPR Article 6.1 (a)) or where we have a Legitimate Interest to hold that information, which interest has been identified and can include commercial interests, individual interests or broader societal interests (GDPR Article 6.1 (f)). We consider that we have a Legitimate Interest to hold personal data on all individuals who are included in our database to properly provide the services that we offer.
4. How we may use that Personal Data
We use that Personal Data for transactional communications, and to otherwise promote and market our services, and deliver them according to professional standards.
5. Disclosure of Personal Data to third parties
We will not sell, transfer or share Personal Data nor disclose Personal Data to third parties except as we are otherwise obliged to do by law, or as outlined below.
We will disclose you personal data to our service providers, including Glofox, which supplies our business management platform and booking apps. Glofox is based in Irleand and also subject to certain obligations with regard to the security of your personal data in accordance with EU GDPR.
In order to process online debit and credit card transactions we use Stripe, an American company, which stores all of its data on owned and operated servers located in the U.S. only. Stripe has been certified to the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
In order to distribute occasional newsletters we use MailChimp, an American company, which stores all of its data on owned and operated servers located in the U.S. only. MailChimp has been certified to the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework and, as with Stripe, we will only use data processors or similar organisations which are so certified and meet international regulatory standards.
6. Security of Personal Data
We have in place safeguards in our procedures and technology to keep Personal Data secure to a standard for an organisation of our type and size.
7. Personal Data retention
We will only retain your Personal Data for as long as necessary to fulfil the purposes for which we have collected and retained it.
8. Your legal rights
You may “Opt-Out” of receiving any promotional communication from us by Unsubscribing from future emails, or using the Opt Out button on your profile within the booking system.
You also have the rights under the Legislation, as described in full therein, to:
9. Uses of our website (www.pilatesinmotion.org)