Privacy Policy

The Pilates Rooms Urmston referred to in this policy statement as “we/us”) respects the privacy of its client’s personal information and takes all personal data issues seriously.  We are open and transparent about the way that data is collected and used by us and therefore we are committed to abiding by the privacy policy explained in this statement.  It will provide you, the client, with details of how we collect, store and use personal data that is supplied to us, and how we will act in accordance with current legislation to meet the regulations with regard to the processing of personal data.  The Pilates Rooms Urmston is a registered company whose contact details can be found at the end of this policy statement.

  1. HOW WE COLLECT PERSONAL INFORMATION

 

1.1. We regard “personal data” as information about you from which we can identify you (either on its own, or by compiling it with other information).

1.2. We collect this information from various sources to help us manage the business and to keep in contact with you.  Typically, these sources are: ‘sign-up’ forms from Internet websites, telephone enquiries, in-person enquiries and email requests.  Additional information may be gathered and recorded once a client attends a class.

1.3. We will ask you to agree to use of this data by giving us your consent (i.e. to ‘opt-in’).  We require that you opt-in to the use of your personal data by ticking a ‘Consent Given’ box. By doing this, you consent to us collecting and processing the data that you have supplied to us, and to us using it to contact you.

  1. WHAT TYPE OF INFORMATION WE COLLECT AND HOLD

2.1. We hold personal contact information such as name, address, email address, and contact telephone number(s).  We may hold contact details for relatives and emergency contact(s). Additionally, we hold some personal data that assists us in providing an efficient clinical service, (such as date of birth and relevant health/medical information).  We hold sufficient financial information to allow us to take payment for our services, through a Third Party. We use GO CARDLESS for direct debit payments and STRIPE for card payments, all payments are taken through our booking system, Team Up.  All Third Parties have their own Privacy Policy also in line with GDPR.

2.2. We also hold information on previous clients.

2.3. All data records are held in a secure manner and for a time period that is considered appropriate for our business needs, typically this will be for a minimum of 7 years unless you specifically request otherwise – see the section on ‘Your Rights’.

  1. HOW WE USE YOUR PERSONAL DATA

3.1. We only use your data for the legitimate interests and running of the business.  Typically, we use your data to enable us to contact and communicate with you, as our current or potential clients.  This may be for booking or re-arranging classes/instructors, getting in touch with you in an emergency, or for the purposes of promoting and marketing our services and/or offers.  We maintain your data on our internal databases to allow us to manage the on-going business and provide an efficient service to you.

3.2. We control the use of limited financial information for the recurring processing of payments.

3.3. We may track your class activity patterns so that we can improve the level of service that you receive from us.

3.4. We do not share, sell or exchange your information with any external parties for the purposes of

marketing nor profiling.

  1. WHO HAS ACCESS TO INFORMATION

4.1. The employees of the company and self-employed contractors (for example, the Instructors) have access to your personal information in order to carry out their day-to-day duties and to maintain the needs of the business.

4.2. Information may be held by, or we may disclose to, our third-party service providers as above for the purposes of providing services to us, or directly to you, on our behalf (for example, financial data to allow them to process payments in a secure manner).  Such third parties may include cloud service providers (such as email and file management); when we use them, we only disclose limited personal information that is necessary for them to provide their service in accordance with our specific instructions.

4.3. Third Party Internet providers may collect and retain basic contact details to notify us of potential clients who have expressed an interest in our services.  They are governed by the legal requirement for clients to ‘opt-in’.

  1. HOW IS YOUR PERSONAL PRIVACY PROTECTED

5.1. We take all reasonable precautions to maintain your personal data in a secure environment.  This includes, but is not limited to, the use of password protection for access to applications, computer folders/files and mobile phones; the secure storage of paper records; the archiving of email correspondence.

5.2. We may keep your data for a limited, reasonable period, as appropriate for the needs of the business.  The only exceptions to this are where the law requires us to hold personal information for a specified period or to delete it sooner – see the section on ‘Your Rights’.

5.3. We ensure, on an on-going basis, that all employees and contracted staff are made aware of their responsibilities in relation to the use, protection and breaches of personal information.

5.4. Whilst we will strive to protect all of your personal information that we hold, we cannot guarantee the security of any information that you transmit to us over the Internet, and so you do so at your own risk.

  1. COOKIES

6.1 Our website uses cookies to distinguish you from other users of our website.  This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.  By continuing to browse the site, you are agreeing to our use of cookies.

6.2 A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree.  Cookies contain information that is transferred to your computer’s hard drive.

6.3 We use the following cookies:

Strictly necessary cookies:  These are cookies that are required for the operation of our website.  They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.

Analytical/performance cookies:  They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it.  This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies:  These are used to recognise you when you return to our website.  This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

Targeting cookies:  These cookies record your visit to our website, the pages you have visited and the links you have followed.  We will use this information to make our website and the advertising displayed on it more relevant to your interests.  We may also share this information with third parties for this purpose.

6.4 You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies.  However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

6.5 Except for essential cookies, all cookies will expire after 6 months.

6.6 Most web browsers allow some control of most cookies through the browser settings.  To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

  1. YOUR RIGHTS

Your ‘data subject’ rights:  Legislation deems us to be the ‘controllers’ of the personal data that we hold.  Therefore, we are responsible for how it is used by us and our third parties and how we inform you of that.  You have a number of rights in relation to your personal information under data protection law. If we receive a request from you to disclose the personal data that we hold on you, we will respond to you within 30 days, at no charge to you.  Our contact details, and how to contact us, can be found at the end of this policy statement.

7.1. Accessing your personal information:  You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address listed in our contact details.  We may not provide you with a copy of your personal information if it concerns other individuals, or we have another lawful reason to withhold that information.

7.2. Correcting and updating your personal information:  The accuracy of your information is important to us.  If you change any of your personal details, have reason to believe, or, discover that it is inaccurate or out of date, please contact us so that we can correct it.

7.3. Withdrawing your consent:  We rely on your consent as the legal basis for processing your personal data and to receiving direct marketing.  You may withdraw your consent at any time by contacting us. If you would like to withdraw consent to receiving direct marketing, you can also do so by using our unsubscribe tool.  If you withdraw your consent, our use of your personal data before you withdraw is still lawful.

7.4. Objecting to our use of your personal information and automated decisions made about you:  Where we rely on our legitimate business interests as the legal basis for processing your personal information, you may object to us using your personal information for these purposes by contacting us.  We will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes.  Otherwise, we will provide you with our justification as to why we need to continue using your data.  You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request; if you would like to do so, please use our unsubscribe tool.

7.5. Erasing your personal information:  You can ask us to remove your personal information that we hold from our internal systems at any time by emailing or writing to us – see our contact details.  We will make all reasonable efforts to comply with your request in a reasonable timeframe unless there is a reason that the law prohibits us from doing this.

7.6. Restricting your personal information:  You may ask us to restrict the processing of your personal information where you believe it is unlawful for us to do so, or where you have objected to its use and our investigation is pending.  In these circumstances we may only process your personal information where we have your consent, or we are legally permitted to do so – for example, for storage purposes, to protect the rights of another individual or in connection with legal proceedings.

7.7. Transferring your personal information in a structured data file:  Where we rely on your consent as the legal basis for processing your personal information, you may ask us to provide you with a copy of that information in a structured data file format.  We will provide this to you electronically in a commonly used machine-readable form, such as a CSV file. You can ask us to send your personal information directly to another service provider if this is technically possible.  We may not provide you with a copy of your personal data if it concerns other individuals or if we have another lawful reason to withhold that information.

7.8. Data Breaches:  In the unlikely event of a breach of your personal data, we will notify you of this within 72 hours of our discovery.  If we consider this to be a serious breach, we will also notify the Regulator. We will identify and put in place measures to prevent a similar occurrence in a timely manner and ensure appropriate and suitable protection of personal data is incorporated in future design of our systems and processes.

7.9. Complaining to the UK data protection regulator:  You have the right to complain to the Information Commissioners Office (ICO) if you are concerned about the way we have processed your personal information.  Please visit the ICO’s website for further details.

  1. MARKETING

8.1. We will ask you to consent to email/telephone/SMS correspondence if you register with us through our website or if you complete a Health Screening form prior to attending a class.

8.2. We may also ask you to provide us with your preferred additional methods of receiving marketing information from us (for example, by post).  From time to time we may ask you to refresh your marketing preferences by confirming that you consent to continue to receive information from us.

  1. HOW TO CONTACT US

9.1. The Pilates Rooms Urmston is a registered company; Company Reg. No. 09928599.  If you have any questions, suggestions or complaints about the processing of your personal information, would like to see a copy of the information we hold for you, or wish to contact us for any general matters, you can do so by using any of the contact details below.

9.2. The main office and studios are located at the following address, which can also be used for written correspondence: 34 Station Road, Urmston. Manchester M41 9JQ.

9.3. We can be contacted on the following telephone number:  Mobile 07816 913 107.

9.4. We can be contacted at the following email address:  info@thepilatesroomsurmston.com.

  1. LAST UPDATE OF THIS POLICY

10.1. This privacy policy statement was last updated in May 2018 to comply with forthcoming UK legislation.

10.2. We may review this policy at any time and changes will be notified to you by us posting an updated version on our website and/or by contacting you by email.

10.3. We recommend that you regularly check for changes and review this policy when you visit our website.  If you do not agree with any aspect of the updated policy, you should promptly notify us and cease using our services.