Privacy Policy

1. Who We Are

Skyline Pilates Ltd is the data controller of your personal data. This means we are responsible for deciding how and why your personal information is processed.

If you have any questions about this Privacy Policy or how we handle your data, you can contact us at:

2. The Information We Collect

We may collect, use, store, and process different types of personal data depending on how you interact with us.

2.1 Identity Data

• Full name
• Date of birth
• Title

2.2 Contact Data

• Email address
• Telephone number
• Postal address, if provided
• Emergency contact name and number

2.3 Booking and Account Data

• Booking history
• Class attendance
• Cancellations
• Class credits
• Membership block information
• Login details or account-related information if using an online booking system

2.4 Health and Special Category Data

Because Pilates is a physical activity, we may collect health-related information that is relevant to your safe participation.

• Injuries
• Medical conditions
• Pain symptoms
• Physical limitations
• Surgeries
• Pregnancy or postnatal status
• Dizziness or fainting history
• Relevant rehabilitation background
• Exercise restrictions
• GP or healthcare clearance where appropriate

This type of information is considered special category data under UK data protection law and requires a higher level of protection.

2.5 Communication Data

• Emails you send to us
• Messages sent through forms
• WhatsApp or social media messages
• Customer service enquiries
• Notes made in relation to your bookings or support requests

2.6 Payment Data

• Payment status
• Amount paid
• Package type purchased
• Transaction reference

We do not store full card details where payments are processed through secure third-party payment providers.

2.7 Technical Data

When you visit our website, we may collect technical information such as:

• IP address
• Browser type and version
• Device type
• Operating system
• Referring website
• Pages viewed
• Date and time of website access

2.8 Marketing Preferences

We may collect your preferences in relation to receiving:

• Newsletters
• Updates
• Promotions
• Studio announcements

3. How We Collect Your Data

3.1 Directly from you

For example when you:

• Complete a booking
• Fill out a health questionnaire
• Submit an enquiry form
• Email or message us
• Sign up for a membership
• Create an account
• Subscribe to updates

3.2 Automatically

Some website and technical data may be collected automatically through:

• Cookies
• Analytics tools
• Website logs

3.3 From third-party systems

We may receive your data from systems used to operate our business, such as:

• Online booking platforms
• Website form providers
• Payment processors
• Email marketing systems

4. Why We Use Your Data

We only use your personal data where we have a lawful reason to do so.

4.1 To provide our services

• Process bookings
• Manage memberships
• Reserve your place in class
• Issue class credits where applicable
• Administer attendance
• Respond to cancellations
• Communicate important class information

4.2 To keep you safe

We use health information to:

• Assess whether Pilates is suitable for you
• Identify risks
• Modify exercises where needed
• Support instructors in delivering classes safely
• Determine whether medical clearance may be appropriate

4.3 To communicate with you

• Send booking confirmations
• Send reminders
• Notify you of timetable changes
• Reply to questions or requests
• Contact you regarding your account or membership

4.4 To manage the business

• Keep internal records
• Manage accounts and payments
• Monitor service quality
• Investigate incidents or complaints
• Protect the studio, staff, and clients

4.5 To comply with legal or insurance obligations

• Health and safety
• Legal claims
• Insurance matters
• Fraud prevention
• Regulatory compliance

4.6 For marketing, where allowed

If you have opted in, we may send you studio news, updates, offers, and announcements.

You can opt out of marketing at any time.

5. Our Legal Basis for Processing

Under UK GDPR, we must have a lawful basis for processing your data.

5.1 Contract

We process your data where necessary to provide booked services, manage your membership, and process your attendance and bookings.

5.2 Legitimate Interests

We may process your data where necessary for legitimate business interests, including running and improving the studio, responding to customer enquiries, keeping records, and protecting our staff, clients, and systems.

We only do this where those interests are not overridden by your rights.

5.3 Legal Obligation

We may process your data where necessary to comply with legal requirements.

5.4 Consent

We rely on your consent in some cases, especially for marketing communications, certain uses of health information, and photographs or promotional images.

5.5 Special Category Health Data

Because health data is sensitive, we process it only where permitted under law, including where:

• You have given explicit consent
• It is necessary for health and safety in connection with physical activity
• It is necessary for establishing, exercising, or defending legal claims

6. How We Use Health Information

Because Skyline Pilates involves physical movement, health information is essential to safe instruction.

We may use health data to:

• Identify contraindications to exercise
• Highlight conditions that require modification
• Determine whether you may need medical clearance
• Help instructors adapt exercises safely
• Maintain suitable records for health, safety, and insurance purposes

Only those who need access to this information for legitimate operational or safety reasons should be able to view it. This may include authorised instructors, relevant staff, and authorised admin personnel.

We do not use your health data for unrelated purposes.

7. What Happens If You Do Not Provide Requested Data

If you do not provide certain information, we may not be able to:

• Complete your booking
• Safely allow you to participate
• Provide suitable modifications
• Contact you regarding your class
• Comply with health and safety responsibilities

If required health information is withheld, Skyline Pilates may refuse participation where safety cannot be properly assessed.

8. Payments

Payments may be processed through secure third-party payment providers.

Skyline Pilates may record:

• That payment was made
• Amount paid
• What package or service was purchased
• Payment status

We do not store full debit or credit card details unless expressly handled through a secure provider with appropriate safeguards.

Any payment data processed by third-party providers is subject to their own privacy and security policies.

9. Marketing Communications

If you choose to receive marketing communications, we may send:

• Studio updates
• Offers
• Launch announcements
• Changes to services
• Occasional promotional content

You may opt out at any time by clicking unsubscribe in an email or contacting us directly.

Opting out of marketing does not affect service-related communications such as booking confirmations, payment receipts, policy changes, and operational notices.

10. Sharing Your Data

We do not sell your personal data.

We may share your data only where necessary and appropriate, including with:

10.1 Service providers

• Booking systems
• Website forms
• Hosting
• Email systems
• Payment processing
• Cloud storage
• Admin software

10.2 Instructors and authorised staff

Where necessary to manage bookings, review health flags, deliver safe instruction, and respond to incidents.

10.3 Professional advisers

• Legal advisers
• Insurers
• Accountants
• IT support

10.4 Authorities or regulators

Where required by law or where necessary to protect rights, investigate fraud, respond to legal claims, or comply with a lawful request.

Whenever possible, we limit sharing to only what is necessary.

11. International Transfers

Some third-party providers may store or process data outside the UK.

Where personal data is transferred outside the UK, we will take reasonable steps to ensure appropriate safeguards are in place, such as:

• Adequacy regulations
• Standard contractual clauses
• Other lawful transfer mechanisms

12. How We Keep Your Data Secure

We take appropriate steps to protect your data from unauthorised access, accidental loss, misuse, disclosure, alteration, and destruction.

Security measures may include:

• Password protection
• Restricted access
• Secure software providers
• Encrypted services where appropriate
• Role-based access to sensitive information
• Device and account security controls

However, no system can ever be guaranteed to be 100% secure, so you should also take care when submitting information online.

13. How Long We Keep Your Data

We only keep your personal data for as long as necessary for the purposes for which it was collected, including legal, insurance, operational, and safety reasons.

Retention periods may vary depending on the type of data. Examples:

• Booking and account records may be retained for up to 6 years
• Health and incident-related records may be retained for as long as reasonably required for safety, legal, or insurance purposes
• Marketing records may be retained until you unsubscribe or request removal
• Enquiry data may be deleted if no ongoing relationship exists

When data is no longer needed, it will be securely deleted or anonymised where appropriate.

14. Your Rights

Under UK GDPR, you may have the right to:

14.1 Access

Request a copy of the personal data we hold about you.

14.2 Rectification

Ask us to correct inaccurate or incomplete data.

14.3 Erasure

Ask us to delete your personal data in certain circumstances.

14.4 Restriction

Ask us to limit how your data is used in certain situations.

14.5 Objection

Object to certain processing, especially where based on legitimate interests or direct marketing.

14.6 Data Portability

Request transfer of certain personal data to you or another provider where applicable.

14.7 Withdraw Consent

Where we rely on consent, you may withdraw it at any time. This will not affect lawful processing already carried out before withdrawal.

To exercise any of your rights, contact us at: info@skylinepilates.co.uk

We may need to verify your identity before responding.

15. Cookies and Website Tracking

Our website may use cookies or similar technologies to:

• Improve website functionality
• Remember preferences
• Analyse traffic
• Understand how users interact with the site

You can control or disable cookies through your browser settings.

Please note that disabling cookies may affect how parts of the website function.

16. Third-Party Links

Our website or communications may include links to third-party websites or tools.

If you follow a link to another site, that site will have its own privacy policy. Skyline Pilates is not responsible for the privacy practices of third-party websites or platforms.

17. Children's Data

Group classes are intended for clients aged 16 and over.

If personal data relating to an under-18 is collected in connection with a private session or other permitted service, we may require:

• Parental or guardian consent
• Additional safeguarding measures

We do not knowingly collect unnecessary data about children.

18. Incidents, Safety, and Legal Claims

If an incident occurs in the studio or in connection with our services, we may retain and use relevant personal data, including health information, where necessary to:

• Investigate the matter
• Keep appropriate internal records
• Respond to insurers
• Defend or pursue legal claims
• Meet health and safety obligations

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

The most current version will always apply and should be made available on our website or on request.

Where appropriate, we may notify clients of significant changes.

20. How to Contact Us

If you have questions about this Privacy Policy or how your data is handled, contact:

21. Complaints

If you are unhappy with how we handle your personal data, please contact us first so we can try to resolve the issue.

You also have the right to complain to the Information Commissioner's Office (ICO) in the UK.