Privacy Policy

Eleanor Crossland at Shoreline Pilates (“We/Us”) is a sole trader, operating through ShorelinePilates.co.uk and providing online, on demand Pilates classes, live Pilates sessions conducted online, private one to one Pilates sessions in person and online and in person Pilates group classes (together “services”). 

We are committed to providing quality services to you and in the course of providing you with our services we will collect and process information that is commonly known as “Personal Data”.

This Privacy Policy does the following:

1. describes how we collect, use, share, retain and safeguard Personal Data,

2. Policy sets out your individual rights; we explain these later in the Policy but in summary these rights include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data,

3. outlines our ongoing obligations to you in respect of how we manage your Personal Data, and 

4. explains what kind of information we collect in connection with our services, the purposes for which we use the information and how we may share this information. 

This Policy applies when you may share personal data in contact with us via our website, online forms, email, social media accounts, the telephone, when writing to us directly or where we provide you with paper based forms for completion or we complete a form in conjunction with you. 

To provide a high standard to our client’s personal data and privacy, we adopted and aim to comply with the General Data Protection Regulation (EU) and the Data Protection Act 2018 (UK), and any other applicable privacy legislation (collectively the “Data Acts”). 

The Data Acts govern the way that we collect, use, disclose, store, secure and dispose of your Personal Data. A copy of the Data Acts may be seen at; https://gdpr-info.eu and https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted

A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.

A data ‘processor’ means the individual or organisation which processes personal data on behalf of the controller.

We are the controllerof any personal data gathered by your use of our website and services. Where we use third parties to process your data.  We have a contract with these third parties for the provision of these services. 

Eleanor Crossland at Shoreline Pilates, UK is identified as the named territory where the processing of personal data takes place. 

You can learn more about your privacy rights at the UK Information Commissioner Office at https://www.gov.uk/data-protection

Personal Data is information relating to an identified or identifiable natural person. Examples include an individual’s name, age, address, date of birth, gender and contact details.

Sensitive Personal Datamay contain information which is known as special categories of personal data. This may be information relating to and not limited to, an individual’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, or data relating to sexual orientation. 

We are legally required to comply with specific data processing requirements for Personal and Sensitive Data.

As a provider of Pilates services, we will collect and process the following categories of data:

(a) Personal Data: 

● Your name, 

● Contact details including address, email, telephone and emergency contact details

● Date of birth

● Gender

● Contact details for your local GP

(b) Sensitive Personal Data: 

● Current health and details of historic injuries or illnesses (physical and psychological),

● Photographs, audio and visual,

● Aspects of your health that may affect your participation or our provision of services to you.

If you object to the collection, sharing and use of your personal data we may be unable to provide you with our services.

If you are under 18 years of age you will need your parent or guardian to agree to this Privacy Policy and terms for you. They are responsible to ensure that you fully understand what you are sharing with us and why. 

We will collect your Personal Data through our contact form, via our website, in communications with in person and via telephone and texts, through social media, via your Pilates registration form, from cookies and third parties. We may collect information about your visits to us to help us personalise your experience with us. By providing this information to us you are consenting our use in the manner set out in this Policy.  

Our primary purpose for collecting and processing this Personal Data about you is to provide and administer our services to you, our clients and marketing. If you object to the collection, sharing and use of your personal data we may be unable to provide you with our services.

When we collect Personal Data we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it. Please ask if you do not understand.

Where reasonable and practicable to do so, we will collect your Personal Data only from you. However, in some circumstances we may be provided with information by third parties. We may use third party suppliers for management of specific services e.g. payment processing, and they may store some of your Personal Data to provide such service to you. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party or that you can access your account to check this information directly yourself.

We use third party software to securely store your data to perform specific functions to support our services (“third party suppliers”). Third party suppliers have access to personal information needed to perform their functions but may not use it for other purposes. Their privacy policy is linked below as to how they handle data as part of the service we use. With all of the third-party suppliers you can ask us to review your stored data to ensure that it is accurate and best serves you. 

We do not sell or pass your personal information on to third parties.

We use the following third-party providers for our service to you. Their privacy policy is linked within as to how they handle data as part of the service we use. With all of the below suppliers you can ask us to review your stored data to ensure that it is accurate and best serves you.

Microsoft OneDrive: https://privacy.microsoft.com/en-gb/privacy

We take and keep notes on your individual registration forms, on paper and online, that contain Personal Data and may include Sensitive Data during your appointments. We store this on a secure, password-protected database, stored on OneDrive in cloud storage to ensure that it is safe and secure. All electronic files are encrypted, and password protected for security. Storage of these notes and files is a legal requirement by our insurer, Body Control Pilates Association.  

Online storage of files is provided by Microsoft OneDrive. They provide a high level of security, about which you can find our more here: https://support.microsoft.com/en-us/office/how-onedrive-safeguards-your-data-in-the-cloud-23c6ea94-3608-48d7-8bf0-80e142edd1e. We do not keep further records in these services.

If you pay using an online transaction such as credit card, we use Square, bank transfer via TSB and PayPal. These third-party payment facilitators are PCI DSS v 3.2.1 compliant to ensure your financial data is secure and we can never access your full payment details. 

We may promote our services to you using the information you provide to us, including email or text. If you wish to receive promotional offers, please opt in by clicking on the appropriate link in the email after submitting your contact details.

MAILING LIST: If you opt in to receive our emails, WhatsApp and SMS communications, you will receive regular update and information emails from us. You can unsubscribe from this at any time from within one of these emails or by contacting us at Eleanor @shorelinepilates.co.uk. Our email supplier, GoDaddy, may store information that you have submitted. 

SOCIAL MEDIA: If you follow us on any social media platforms, your privacy settings in your social media account control what you share with others. Please be aware that our settings are set to ‘Public’ where you leave reviews, comments and we will tag you where appropriate as part of our marketing. Please check this if you are concerned about your privacy on any social media platform. Please let us know if you do not wish to be tagged in any of our posts.

PHOTOS/ VIDEOS OF CLASSES: Where appropriate, during our classes and other services we may take photographs, which may be used on social media and marketing of our services. Please contact us at any time should you wish to change or amend any posts on social media by us or be removed from recordings.  

Our website is hosted by GoDaddy. GoDaddy uses cookies to provide the website and ensure necessary function of our services. To learn more about the cookies on our website, please read our Cookie Policy here: https://www.godaddy.com/en-uk/legal/agreements/cookie-policy.

Cookies include collection of your unique online electronic identifier; this is commonly known as an IP address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics.

If you contact us via our website, you may provide us with personal data when completing online health or contact forms. This form is hosted by GoDaddy.

Our services may include links to third party websites. When you click on this link you have left our website and services. We do not have control over what cookies or beacons or other technology these sites may use to track activity into their website, and do not have control over what data they may collect or their privacy policy. Use of their websites and clicking on those links is at your sole risk. We are not responsible for the protection and privacy of any information that you provide whilst visiting such sites and these sites are not governed by this Privacy Policy. We suggest that you read their privacy statement before using the website. We do not provide any personally identifiable customer information to these sites.

We may release personal data where we believe that it is appropriate in a number of circumstances, including the following:

a) Third parties where you consent to the use or disclosure;

b) Where required or authorised by law;

c) To enforce or apply our agreements with you;

d) To protect the rights, property or safety of us, our clients or others; and

e) With your consent following specific notice or request from us. 

This includes fraud protection, but not selling, sharing or otherwise disclosing personally identifiable information from clients for commercial purposes in a way that is contrary to this Privacy Policy.

Your Personal Data is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure. We do this using password protection. Paper copies are destroyed after entry into the secure database, which is stored on cloud-based server Microsoft OneDrive and is password-protected.

If you have received services from us, we will store your data for seven years from your last session with us (“Duration Period”), as required by our insurers (Body Control Pilates Association) for any potential claims.

When your Personal Data is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Data. However, most of the Personal Data or will be stored in client files which will be kept by us for the Duration Period. 

You have legal rights about your personal data. You grant use of your data under the contract and terms herein through your active conduct and use of our services. At any time you have the right to know what personal data relates to you that is held by us, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. You can also request the deletion of their personal data, but this may be denied on the exception for the establishment, exercise or defence of legal claims. Please see the Information Commissioners Office in UK’s guidance on this exception: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure

You may request the following at any time about your data held by us with regards to the services that we provide:

a) The right to be informed about the personal data being processed

b) The right to rectification of your personal data

c) The right to erasure of your personal data

d) The right to restrict processing of your personal data

e) The right to data portability (to receive an electronic copy of your personal data)

f) The right to object to the processing of your personal data

g) The right to access your personal data

You may request a copy of all data that we store about you at no cost, at Eleanor @ shorelinepilates.co.uk. In order to protect your Personal Data, we may require identification from you before releasing the requested information. Repeated, unfounded or excessive requests may be challenged by us. 

There are some limited circumstances that may limit the information that we can provide to you in a request, for example, public interest, law enforcement, legal and or health related matters. 

Please also bear in mind that we rely on third parties for some of your information in the flow of data. It may take us the full calendar month permitted to provide a full response to your request.  

If you require further information on your Individual Rights or you wish to exercise your Individual Rights, please contact Eleanor @ shorelinepilates.co.uk.

It is an important to us that your Personal Data is up to date. We will take reasonable steps to make sure that your Personal Data is accurate, complete and up to date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

Our services are not available internationally. We do not transfer your data outside the European Economic Area to fulfil our services to you. If we do, we will notify of the circumstances. 

Please contact us at Eleanor @ shorelinepilates.co.uk for further information on the measures undertaken to safeguard your data.

We reserve the right to update and amend this Privacy Policy at any time, effective upon posting an updated version on the Website. 

We will publish such updates on our website and may email notifications to you. Continued use of the Website after any such changes shall constitute your consent to such changes. 

To ensure data privacy and protection has appropriate focus within our organisation we have a Data Privacy Officer who is owner of Shoreline Pilates.The Data Privacy Officer is Eleanor Crossland, who may be contacted at: Eleanor @shorelinepilates.co.uk.

If you have any queries or complaints about our Privacy Policy, please contact us first at:

Eleanor Crossland

Shoreline Pilates

Tetney, Lincolnshire

Eleanor @shorelinepilates.co.uk

+44 7729 972876

If you are dissatisfied with how our Data Privacy Representative handles your matter you have the right to complain to the local data protection supervisory authority, the Information Commissioner. They may be contacted via its website which is https://ico.org.uk 

Version: 1 – April 2022