Privacy Policy

Rova Pilates (“we”, “us”, “our”) is committed to safeguarding the privacy of our website visitors and studio clients. This Privacy Policy sets out how we will treat your personal information, what data we collect, and your rights under the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).

By providing personal data to us via our website, booking system, or in-studio, you are consenting to our processing of your data in accordance with this policy.

1. Data Controller

For the purposes of the Data Protection Act 2018, the data controller is Treasure Ledge LTD.

2. Information We Collect

We collect, store, and use the following kinds of personal data to provide our services safely and effectively:

2.1 Personal and Contact Information

• Name, email address, phone number.
• Home address (for billing and verification purposes).
• Source: Provided by you when registering, booking a class, or subscribing to emails.

2.2 Health & Medical Information

• Details of injuries, medical conditions, pregnancy, or physical limitations relevant to safe participation in Pilates.
• Emergency contact details.
• Purpose: Ensuring your safety, adapting instruction, and meeting legal duty-of-care obligations. This sensitive data is strictly confidential and never used for marketing.

2.3 Transaction & Usage Data

• Information relating to any transactions carried out between you and us (class packs, memberships, retail).
• Records of correspondence (emails, messages) if you contact us regarding an issue or enquiry.
• Website usage data (IP address, browser type, pages viewed) collected via analytics tools to improve our digital experience.

2.4 Payment Information

• We do not store credit card details on our local servers. All financial transactions are handled through our secure payment services provider(s) (e.g., Stripe, GoCardless). We share information with them only to the extent necessary to process payments and prevent fraud.

3. How We Use Your Information

We process personal data for the following purposes:

• Administration: To manage your account, verify your identity, and enable your use of the services.
• Service Delivery: To fulfil contractual obligations (booking classes) and communicate schedule changes.
• Safety: To provide safe instruction tailored to your health needs.
• Communications: To send you invoices, general commercial communications, and email notifications you have requested.
• Marketing: To send you our newsletter and other marketing communications relating to our business (only where you have specifically agreed to this). You can opt out at any time.
• Improvement: To train our staff and improve our studio offerings.

4. Legal Basis for Processing

We rely on the following lawful bases for processing your data:

1. Contract: To fulfil class bookings and memberships.
2. Consent: For marketing communications and processing health data.
3. Legitimate Interests: For fraud prevention, network security, and improving our services.
4. Legal Obligation: To maintain tax, accounting, and safety records.

5. Disclosing Your Information

We treat your data with strict confidentiality. We will not provide your personal information to third parties for direct marketing without your express consent. However, we may share your data in the following specific circumstances:

5.1 Service Providers We may disclose information to our employees, insurers, and third-party software providers (such as our booking system and email platforms) insofar as reasonably necessary for the purposes set out in this policy.

5.2 Legal & Safety Requirements We may disclose information to the extent required by law, in connection with any legal proceedings, or in order to establish, exercise, or defend our legal rights (including providing information to others for the purposes of fraud prevention).

5.3 Sale of Business In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer. If Rova Pilates is acquired by a third party, personal data held by it about its customers will be one of the transferred assets.

6. Security of Your Data

We take reasonable technical and organisational precautions to prevent the loss, misuse, or alteration of your personal data.

• We store personal information on secure, password-and-firewall-protected servers.
• All electronic transactions are encrypted using SSL technology.
• Your Responsibility: You are responsible for keeping your password and user details confidential. We will never ask you for your password (except when you log in to the website).

Note: While we strive to protect your data, transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

7. Retention of Data

We retain your information only for as long as necessary:

• Active Accounts: While your account is active.
• Financial Records: Up to 6 years (to comply with HMRC requirements).
• Marketing: Until you unsubscribe.
• Health Data: As long as necessary to ensure safety and for insurance limitation periods. When no longer required, your data is securely deleted or anonymised.

8. Your Rights

Under UK GDPR, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your information ("Right to be forgotten"), subject to our legal record-keeping obligations.
• Restriction: Ask us to suspend the processing of your data.
• Object: Object to the processing of your data for direct marketing.

To exercise these rights, please email info@rovapilates.co.uk. We will respond within one month of your request.

9. Third-Party Websites

Our website contains links to other websites. We are not responsible for the privacy policies or practices of third-party websites. You should review their policies before submitting any personal data.

10. Cookies

Our website uses cookies to distinguish you from other users, helping us provide a good experience and improve our site. You can block cookies by activating the setting on your browser, though this may limit your access to certain parts of our site.

11. Policy Amendments

We may update this privacy policy from time to time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes.

12. Contact

If you have any questions about this Privacy Policy or our treatment of your personal data, please contact:

Rova Pilates, Unit 508, Metropolitan Wharf 70 Wapping Way, London, E1W 3SS. Email: info@rovapilates.co.uk

‍

‍