Data Protection & GDPR Privacy Policy

Introduction

We’re committed to protecting your personal data and being transparent about how we collect and use it. This policy applies to all personal data we process.

Data Protection & Privacy Policy Summary

Data Protection Principles

We process your personal data lawfully, fairly, and transparently. We collect it only for specific, legitimate purposes, minimize the data we hold, keep it accurate and secure, and retain it only as long as necessary.

Legal Basis for Processing
We rely on one or more of the following lawful bases for processing your data:

• Consent: e.g., when you sign up, subscribe to newsletters, or agree to receive marketing.
  
  

• Contract: e.g., managing your memberships, bookings, and payments.
  
  

• Legal obligation: e.g., tax or health and safety requirements.
  
  

• Vital interests: e.g., emergency contact information to protect your health or safety.
  
  

• Legitimate interests: e.g., improving our services, unless your rights override these interests.
  
  

What Data We Collect
We collect:

• Contact details (name, email, phone, address)
  
  

• Health and emergency information relevant to your classes
  
  

• Booking, payment, and membership records
  
  

• Marketing preferences (only with your consent)
  
  

• Photos and videos, only with your explicit consent
  
  

• Technical data (such as IP addresses) when you use our website or app
  
  

How We Use Your Data
We use your data to:

• Manage bookings, payments, memberships, and class attendance
  
  

• Communicate important updates and respond to enquiries
  
  

• Ensure health, safety, and emergency support
  
  

• Send marketing communications if you’ve opted in
  
  

• Comply with legal and regulatory obligations
  
  

Data Sharing
We do not sell your data. We only share it:

• With trusted service providers who help us run our studio (e.g., Mindbody, payment processors), all of whom are GDPR compliant
  
  

• With emergency services if necessary to protect your health or safety
  
  

• With law enforcement or regulators when legally required

If any of these involve transfers outside the UK or European Economic Area, we ensure adequate protections are in place.

Data Security & Retention
We protect your data with appropriate technical and organisational measures. We retain personal data only as long as necessary—for example, financial records for up to 7 years in compliance with tax law—and securely delete or anonymize it thereafter.

Your Rights
You have the right to:

• Access your personal data
  
  

• Correct any inaccuracies
  
  

• Request deletion or restriction of your data
  
  

• Object to certain processing, including marketing
  
  

• Withdraw consent at any time (without affecting prior processing)
  
  

• Request data portability
  

Photos & Videos
Photos and videos are only taken or used with your explicit consent, as agreed in our waiver and terms. You can withdraw consent at any time, and we will stop using your images going forward.

Cookies
We use cookies on our website to improve your experience. By continuing to use the site, you consent to our cookie use. Please see our full Cookie Policy for details.

Data Breaches

If we discover a data breach that risks your rights or freedoms, we will notify the Information Commissioner’s Office and affected individuals promptly, in accordance with legal requirements.

Contact
If you have any questions or concerns about how we handle your personal data, please contact us.