Date: February 18 2026
Next Review Date: February 18 2027
Author: Sandie Ennis
Who are we?
In this document, “we”, “our”, or “us” refer to Sandie Ennis trading as Pilates in Dulwich, who is the Data Controller responsible for the personal data described in this policy.
We provide Pilates instruction, movement education and exercise classes in the UK.
Introduction
This policy explains when and why we collect personal information, how it is used and the circumstances in which it may be shared.
This policy applies to our services and website.
It is designed to comply with UK data protection law, including the UK General Data Protection Regulation and the Data Protection Act 2018.
How we collect information
We may collect information when you:
- Contact us about our services
- Book a class or session
- Complete website contact or feedback forms
- Attend classes or sessions
What information do we collect and why
We collect personal information in order to:
- Respond to enquiries
- Manage bookings and deliver classes
- Communicate with clients about services
- Maintain basic session records
- Improve our services and website
Legal basis for processing data
Under the UK General Data Protection Regulation, we rely on the following lawful bases:
Article 6(1)(b) – Contract. Processing is necessary to provide the services requested by you.
Article 6(1)(f) – Legitimate Interests. Processing may be necessary for the management and administration of the business, provided these interests do not override your rights.
Third parties
We do not sell or rent personal information.
We may share limited information with service providers who help operate the business, for example:
- Cliniko: Practice management system
- Stripe: Payment processing
- Google Analytics: Website usage analysis
- Website hosting providers:Website infrastructure and security
These providers process personal data on our behalf and must comply with data protection law.
Where data is transferred outside the UK, safeguards such as UK International Data Transfer Agreements (IDTAs) or adequacy regulations are used.
Privacy and confidentiality
Your personal information is accessed only where necessary to deliver services or manage bookings.
Clients may choose to share information about injuries, health conditions or physical limitations relevant to participation in classes. Any such information is recorded only where necessary to support safe instruction and is handled confidentially.
Your information will not normally be shared without your consent unless there is a relevant legal requirement to do so.
Your data protection rights
Under UK data protection law, you have the right to:
- Request access to your personal data
- Request correction of inaccurate information
- Request deletion of your data where appropriate
- Restrict or object to certain types of processing
- Request your data in a portable format where applicable
- Requests can be made using the contact details below.
Access to your information
You may request a copy of the personal information we hold about you.
If information is inaccurate, you may request that it be corrected.
Instructor notes or session records form part of your training record and will not normally be altered unless factually incorrect.
Where records include information about other individuals, some details may be redacted to protect their privacy.
Retention of records
Personal information is kept only as long as necessary to provide services and meet legal or administrative obligations.
When records are no longer required, they are securely deleted.
Cookies
Our website may use cookies to improve functionality and understand how the site is used.
Google Analytics may be used to help analyse website traffic.
Use of the site by children
Our services are not marketed to children.
Anyone under 16 should use the website with the consent of a parent or guardian.
Security
We take reasonable steps to protect personal information from loss, misuse or unauthorised access.
These include data minimisation, password protection, secure systems and appropriate data protection awareness.
However, no system can guarantee absolute security.
Data breaches
If a personal data breach occurs, we follow established procedures and notify affected individuals where appropriate.
Complaints
If you have concerns about how your personal information has been handled, you may contact us directly.
If you are not satisfied with our response, you have the right to complain to the Information Commissioner’s Office: Website: https://ico.org.uk
Changes to this policy
We may update this policy from time to time. Updates will be posted on our website.
Data Controller and contact
Sandie Ennis trading as Pilates in Dulwich is the Data Controller responsible for your personal data.
For questions about this policy or to exercise your data protection rights, please contact: Email: sandie@pilatesindulwich.co.uk