1. Introduction

This policy explains how Element 8 Pilates | Wellbeing collects, uses and protects your personal information.

We are responsible for handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are registered with the Information Commissioner’s Office (ICO) as a data controller. Our registration number is [insert number].

If you have any questions about how your information is managed, you are welcome to contact us.

2. The Information We Collect

We collect information necessary to provide safe, structured and professional Pilates instruction.

Personal information

·       Name

·       Email address

·       Telephone number

·       Postal address

Booking and account details

·       Class bookings and attendance records

·       Membership information

·       Payment confirmation

Payments are currently processed via direct debit but may be processed via direct debit through a secure third-party provider. We do not store bank details.

Health information

Where relevant, we collect health information through a pre-exercise questionnaire (PAR-Q) or consultation. This may include:

·       Injury history

·       Medical conditions

·       Relevant physical considerations

This information is classified as special category data under UK GDPR. It is collected only where necessary to support safe participation and is handled with additional care.

Website usage information

Our website may collect technical information such as:

·       IP address

·       Browser type

·       Device information

·       Cookie data

3. How We Use Your Information

Your information is used to:

·       Manage bookings and memberships

·       Communicate essential studio information

·       Support safe participation in sessions

·       Respond to enquiries

·       Maintain appropriate business records

·       Improve our services

If you choose to receive studio updates or newsletters, we will use your email address for this purpose. You may withdraw consent at any time by using the unsubscribe link or contacting us directly.

We do not sell personal data.

4. Automated Decision-Making

We do not use automated systems that make significant decisions about you without human involvement.

Any decisions relating to your bookings, participation or communication are made with human oversight.

5. Lawful Basis for Processing

We process personal data under the following lawful bases:

·       Contract – to deliver services you have booked

·       Legal obligation – to meet accounting and regulatory requirements

·       Legitimate interests – to manage and develop our classes and studios, where relevant, responsibly

·       Consent – for marketing communications and certain health information

Health information is processed on the basis of explicit consent and for the purpose of providing safe instruction.

Where processing is based on consent, you may withdraw it at any time.

6. How We Store and Protect Your Data

Personal information is stored securely using reputable third-party systems, including booking, communication and payment platforms.

We take appropriate technical and organisational measures to protect your information from unauthorised access, misuse or loss.

We retain data only for as long as necessary:

·       Financial records are retained in line with HMRC requirements (typically six years).

·       Health and participation records are retained for insurance and professional accountability purposes.

·       Marketing information is retained until you opt out.

When data is no longer required, it is securely deleted.

7. Sharing Information

We do not sell or trade personal data.

We may share information with trusted service providers where necessary, including:

·       Direct debit and payment providers

·       Booking software providers

·       Email communication platforms

·       Accountants or professional advisers

·       Insurers, where required

All third parties are required to process data securely and in accordance with UK data protection law.

8. International Data Transfers

Some of the third-party systems we use may store or process data outside the United Kingdom.

Where this occurs, we ensure appropriate safeguards are in place, such as UK adequacy regulations or standard contractual clauses, to protect your personal information.

9. Your Rights

You have the right to:

·       Request access to your personal data

·       Request correction of inaccurate information

·       Request deletion of your data where applicable

·       Restrict or object to certain types of processing

·       Request transfer of your data to another provider

To exercise any of these rights, please contact us.

If you are concerned about how your data is handled, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

10. Cookies

Our website may use cookies to ensure proper functionality and to understand how visitors use the site.

You can manage cookie preferences through your browser settings.

Where analytics tools are used, they collect anonymised usage data to help us improve the website experience.

11. Updates to This Policy

This policy may be updated periodically to reflect changes in our services or legal requirements. The most current version will always be available on our website.