Runway Pilates Limited
In addition to this policy we will provide you with “just in time” notices at the moment of data collection. If you have any queries about this Policy please contact us at Runway Pilates Ltd, 16 Goose Green, Altrincham, Cheshire, WA14 1DW or you can send an email to firstname.lastname@example.org. A copy of this policy is available in our studios and on our website https://www.runwaypilates.com, when it is updated we will inform our clients.
Runway Pilates collects and processes personal data about our clients in order to provide the services that they use and to protect their security. We also process personal data so that we can operate our business, meet our contractual and legal obligations, keep our systems and studios safe and to carry out other tasks that are in our legitimate interests.
Runway Pilates Limited is the ‘data controller’ for the purposes of data protection law. This means that we determine both the purposes for which and the manner in which our client’s personal data is processed. In some cases, your data will be outsourced to a third-party processor this may be done because we have a legal reason to do so or because you have given your consent for us to do so. Where we outsource data to a third-party processor, they are subject to the same data protection standards as ourselves. A list of our third-party processors is available from the studio, they include MINDBODY, Frederick, Xero, Constant Contact and our accountants. We may also collect, match or acquire information about you from other organisations such as Google and Facebook.
WHEN DO WE COLLECT INFORMATION?
We collect your personal information when you:
- Ask us for more information about a product or service.
- Book or attend a pilates class or session.
- Complete an Online Application.
- Contact our team by telephone or email.
- Contact us with a question or complaint.
- If you have an accident in our studio or if you witness an incident/accident
- Register as a Runway Pilates client
- Take part in a competition, prize draw or survey
- Use the Runway Pilates app
- When we take photos of you – we do this so that our instructors can recognise you or as part of an event or in a class (Your permission will always be asked beforehand)
Whenever we collect information from you, we make it clear whether providing it is mandatory or optional. If it is mandatory, we will explain the possible consequences of not complying.
WHAT INFORMATION WE COLLECT
We collect information in order to create an account for you. This information allows you to be identified as a client of Runway Pilates and includes:
- Name, date of birth, gender, e-mail address, postal address, telephone number, health declaration and (where appropriate) generic medical information about injuries/mobility
- Credit or debit card information, information about your bank account number and sort code or other banking information. Note that we do not store your bank or credit card details on our servers. Where you have signed up to MINDBODY they hold this information for us.
- Your usage records and preferred classes
- Your preferences for particular products or services or interests when you tell us what they are
- Your contact with us, such as a note or recording of a call you make to our contact centre, an email or other records of any contact you have with us
- Your membership/class pack information – such as dates of payment owed and received, the services you use and any other information related to your account
HOW WE USE THIS INFORMATION
We use your personal information to provide you with the services, products or information that you have requested, for administration purposes, to improve our website experience, and marketing. We may need to share your information with our service providers, associated organisations and agents for these purposes. We may use your information to:
- Allow you to monitor your studio usage in our members area
- Bill you for using our services
- Carry out research and statistical analysis and monitor how customers use our services
- Confirm your attendance to a class or session
- Contact you with offers or promotions based on the services you use or those we think will be of interest to you (unless you have chosen not to receive marketing messages)
- Keep you informed about our services especially matters that relate to your membership
- Prevent and detect fraud or other crimes
- Process your membership application
- Provide relevant services to you
- Respond to your questions or concerns
- Share photos on social media (permission will be asked before a picture is taken)
- Share studio event photos and client recognition photos with our staff (permission will be asked before pictures are taken)
- Share studio event photos on displays in our studios (permission will be asked before a picture is taken)
- Understand how you use our services so that we can develop relevant products
DATA STORAGE, RETENTION AND SECURITY
We store your information on MINDBODY and in the cloud for as long as you are an active Client of Runway Pilates. Thereafter, we retain your client details in our dormant account files so that you can reactivate your account at a later date. If you no longer wish us to keep your inactive account in this way please ask us to delete your account and we will do so. Following cancellation of your membership we only store sufficient information to meet legal requirements including financial audit, anti-fraud and money laundering regulations. We will store this information for no more than 6 years from the last activity on the account. An ‘activity’ can be classified as taking a class in a studio, a payment made or a comment added to your membership file. We may contact you about Runway Pilates services that may be of interest to you during the first 6 years of inactivity unless you opt out of receiving this type of marketing communication.
We follow industry standards to protect the information submitted to us, both during transmission and once we receive it. We use ISO certified cloud services and applications and have appropriate administrative, technical and physical safeguards in place, including the use of technology to encrypt data during transmission through public internet and use of ISO certified cloud services and applications.
We ensure the organisations that provide us with services related to your membership have appropriate security measures in place and only process your information in the way we have authorised them to. These organisations are not entitled to use your personal information for their own purposes.
We will not transfer personal information outside the European Economic Area (EEA).
Users should be aware that MINDBODY stores all data in servers and backup servers located in the United States. MINDBODY has Privacy Shield certification which complies with GDPR regulations related to transferring data outside of the EU.
We respect your privacy rights and provide you with the opportunity to update the Personal Data you have provided to us. You have the following rights in relation to your data privacy: the right of access; the right of rectification; the right of erasure (the “right to be forgotten”); the right to restriction of processing; the right to be notified; the right to data portability; the right of objection; and the right to not be subject to automated profiling.
If you wish to access or amend any Personal Data we hold about you, or to request that we delete any information about you that we have obtained from an Integrated Service, you may contact us via the email@example.com email address or come into a studio. At your request, we will have any reference to you deleted or blocked in our database.
You may rectify, update, correct, or delete your Account and or Account information and preferences at any time by accessing your Account settings page on the website, visiting a studio or contacting us at firstname.lastname@example.org. Please note that while any changes you make will be reflected in active user databases instantly or within 30 days, information may be retained in backup systems for archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations. We will only do this where we have a legitimate reason to do so.
You may decline to share certain Personal Data with us, in which case we may not be able to provide to you some of the features and functionality of the Service.
You may object to our processing your Personal Data for direct marketing and profiling purposes where you believe you have legitimate grounds. However, we may still be required to process it because of an applicable law.
Where you ask us to remove data (right of erasure), we will respond to your request within 30 days. We will delete, amend or block access to any Personal Data that we store once we have verified that the request has come from you, unless we have a legal reason to retain such Personal Data. We reserve the right to retain a copy of such data for archiving purposes, or to defend our rights in litigation.
You have the right to be notified of any rectification, erasure or restrictions in relation to your personal data.
You have a right to receive the data we hold on you electronically in a format that allows it to be easily transferred to another data controller.
THIRD PARTY TRACKING
We use tools such as Google Analytics for collecting personal data about our website visitor’s online activities over time and across different web sites for marketing purposes. This is so we can ensure our website gives you the best possible experience. For more information and how to opt out from this please visit our cookies policy.
You may opt out from the collection of navigation information about your visit to the Site by Google Analytics by using the Google Analytics Opt-out feature.
On the MINDBODY App you can opt out from the collection of navigation information by using the opt out feature.
DO NOT TRACK (DNT)
The Runway Pilates website does not respond to DNT signals.
MARKETING AND COMMUNICATIONS
Runway Pilates will only send you information that relates to your membership and things you have indicated that you are interested in. We will not share your data with any 3rd parties for marketing purposes. We have clear “opt in” buttons so that you can agree how you want to receive marketing and other messages from us. These are clearly indicated on our data gathering forms and website. Every marketing email we send has an opt out at the bottom of it. You can also choose to opt out of all marketing emails or update your marketing preferences at any time by emailing email@example.com.
If you cancel your membership with Runway Pilates, we may send you information that we think will be of interest to you for the first 12 months. If you are no longer a member and do not wish to receive marketing information from us please contact firstname.lastname@example.org.
Please be aware that if you opt-out of receiving commercial emails from us or otherwise modify the nature or frequency of promotional communications you receive from us; it may take up to 10 business days for us to process your request.
Even after you opt-out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding our services.
We will not share any Personal Data with third-parties for their direct marketing purposes. If our practices change, we will do so in accordance with applicable laws and will notify you in advance.
The Services we provide may contain features or links to websites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Service. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Service. We encourage you to learn about third parties’ privacy and security policies before providing them with information.
INTEREST BASED ADVERTISING
Interest based advertising is the collection of data from different sources and across different platforms in order to predict an individual’s preferences or interest and to deliver to that individual, or his/her computer, smart phone or tablet, advertising based on his/her assumed preference or interest inferred from the collection of data pertaining to that individual or others who may have a similar profile or similar interests.
We work with a variety of third parties to attempt to understand the profiles of the individuals who are most likely to be interested in our Services so that we can send them promotional emails, or serve our advertisements to them on the websites and mobile apps of other entities.
Protecting the privacy of minors is especially important. Our service is not directed to minors under the age of 18, therefore we do not routinely collect Personal Data from persons under the age of 18. Should a parent engage us to support a person under 18 years of age this will be done on case by case basis and the young person will create a separate account for safety reasons. Please note that if a minor creates an account on the Mindbody App we do not have control over this. If you are a parent or guardian and discover that your child under 18 years of age has obtained an Account on the Service, then you may alert us at [email@example.com] and request that we delete that child’s Personal Data from our systems.
DISCLOSURE TO OUTSIDE PARTIES
We may share information about you with:
- Service providers, agents and associated organisations to allow us to service your membership and communicate with you; for example, financial institutions to process payments, and freelance instructors/service providers when you sign up to classes or activities.
- Law enforcement agencies, regulatory organisations, courts or other public authorities where we have a legal obligation to do so
We will release information if it’s reasonable for the purpose of protecting us against fraud, defending our rights or property, or to protect the interests of our customers.
If we are reorganised or sold to another organisation, we may transfer any personal information we hold about you to that organisation. We will inform you if we do.
USE OF PERSONAL DATA FOR AUTOMATIC DECISION MAKING
We do not intend to use your personal data for automatic decision making.
All members of our team are aware of the need to take appropriate measures to ensure that the information we collect and maintain is kept secure, accurate and up to date and retained only for so long as is necessary for the purposes for which it was collected.
SUBJECT ACCESS REQUEST
You have a right to make a ‘subject access request’ to gain access to personal information that we hold about you. If you make such a request, and we hold information about you, we will:
- Give you a description of the information we have.
- Tell you why we are holding and processing it, and how long we will keep it for.
- Explain where we got it from, if not from you.
- Tell you who it has been, or will be, shared with.
- Let you know whether any automated decision-making is being applied to the data, and any consequences of this.
- Give you a copy of the information in an intelligible form.
You have the right to have this information transmitted electronically to another organisation.
We take any complaints about our collection and use of personal information very seriously. If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance.
To make a complaint, please contact Catherine Hebb.
Alternatively, you can make a complaint to the Information Commissioner’s Office:
- Report a concern online at https://ico.org.uk/concerns/
- Call 0303 123 1113
- Or write to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF