Data Protection Policy
Pilates Studio Kildare is fully committed to protecting your personal data.
This Data Protection Policy governs the manner in which Pilates Studio Kildare collects, uses, maintains and discloses information collected from users (each, a "User"). This policy applies to all products and services offered by Pilates Studio Kildare.
Pilates Studio Kildare collect, process and disclose Data provided by you in order to carry out the services requested by you and any contact in relation to those services only.
Your Data will not be used for any purposes other than those explicitly stated in this policy or requested by you in your dealings with us.
This Data Protection Policy describes how we collect personal data; what we do with it; how we keep it; for how long we keep it; when you book classes, workshops, training courses or private sessions online, directly with us or otherwise interact with us.
It also explains what you can do to access, rectify or ask us to delete any personal data we hold.
For data protection purposes, Pilates Studio Kildare is the controller and, unless otherwise noted, is also the processor of data.
This Policy does not apply to the information processed by third parties on behalf of Pilates Studio Kildare, however we have reviewed their Privacy Policies and are happy they meet General Data Protection Regulations 2018 (GDPR) standards.
We may update this policy from time-to-time by posting a new version on our website and update the printed documentation in the studio.
The last time this policy was updated was 23 May 2018.
If we make changes we will notify you by revising the date on our published document or for more substantial changes, by contacting you via email and/or in person to seek consent.
Protecting your personal data is important to us. You can email us for any questions you may have. You can find all the ways of getting in touch with us at the end of this Policy.
1. The identity of the controller
You are hereby informed that the Data you provide is collected, used, protected and processed by Pilates Studio Kildare Ltd. its staff members, and trusted business associates.
2. Collection of Data
Your data is collected through our website when you browse our site, contact us via website forms, book on-line via our booking system, pay on-line via our payment processor, email us, phone us and/or through personal contact.
Data we collect falls into the following categories:
- Identification information
- Contact information
- Medical information
- Browsing information
- Booking history
- Transaction history
2.1. Information you provide to us
We process data you provide directly to us, in particular when you complete a client intake forms, registration form, subscription forms or book online.
For example, we collect data when you create a booking, participate in a class, private session or promotion, register for an event or a course, or otherwise communicate with us.
The data may include the following as well as any other type of information that we specifically request you to provide to us through our booking or client intake forms, such as:
- Phone no
- Medical history
- Browsing data
- Transaction history
2.2. Data we collect automatically when you use our online services
When you access or use our online services, we automatically collect the following information about you, in particular, that we use Google Analytics to collect information about use of our online services.
- Log Information: We log information about your use of the services, including the type of browser you use, access times, pages viewed, your IP address and the page you visited before navigating to our services.
- Device Information: We collect information about the computer or mobile device you use to access our services, including the hardware model, operating system and version, unique device identifiers and mobile network information.
- Location Information: We may, with your consent, collect information about the location of your device each time you access or use one of our mobile applications. If you initially consent to our collection of location information, you can subsequently stop the collection of such data through your device operating system settings. You may also stop our collection of location information by following the standard uninstall process to remove our mobile applications from your device.
2.3. Information we collect automatically through Cookies and other tracking technology
3. How we use the Data
We may use information about you for the following purposes:
- Provide, maintain and improve our services
- Provide and deliver the service you request, process transactions and send you related information including confirmations, invoices and receipts
- Respond to your comments, questions, requests and provide customer service
- Monitor and analyse trends, usage and activities in connection with our services
- Personalize and improve the services we provide
- Send an email campaign with news and updates if you have given separate consent to do so by subscribing to our Mailing list.
According to the GDPR, each data process is performed on one of the following legal bases:
- Your consent
- The performance of the service requested by you
4. How we share your data
We do not sell, trade, or rent personal identification information to others.
We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted associates and advertisers for the purposes outlined above.
We may use third party service providers to help us operate our business and the Site or administer activities on our behalf, such as sending out newsletters or surveys. We may share your information with these third parties for those limited purposes provided that you have given us your permission.
- We share your data with service providers such as website provider, online booking system, payment processing and email marketing platform, to help us provide our service including bookings, transactions, booking confirmations, payments confirmations; as well as, but not limited to, provide you with information and details about our services and products.
- In response to a request for information if we are required by, or believe disclosure is required by, any applicable law, regulation or legal process, including in connection with lawful requests by law enforcement, national security, or other public authorities.
5. The period of data retention
We are required to retain all records for a period of 7 years after the last appointment, class or session; in the case of minors, for 7 years after their 18th birthday. We use this time frame for all of our data.
After 7 years have elapsed without use, files are destroyed and all records are deleted and destroyed.
We hold transaction data on our online systems to provide best customer service, and resolve any disputes.
We are committed to taking appropriate measures designed to keep your data protected. We take reasonable technical, administrative and organisational precautions to prevent the loss, theft, misuse or alteration of your personal data. In addition, we limit access to your personal data to authorised employees; agents; contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Pilates Studio Kildare will never sell trade, rent, exchange or otherwise share your personal information with any other person, company or organization.
7. Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
You have the right to:
- Request access to your personal data (commonly known as a data subject access request). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information, which overrides your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
1. If you want us to establish the data's accuracy;
2. Where our use of the data is unlawful but you do not want us to erase it;
3. Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
4. You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us at: firstname.lastname@example.org
8. In the event of a Breach
Every precaution will be taken to avoid a breach of your data, but if such a breach should occur, it will be documented, assessed as to its severity and appropriate action taken. The Data Protection Commissioner will be informed, An Garda Síochana and financial institutions will be contacted for assistance and you will be contacted to help you take steps to mitigate the risks to yourself, if it is deemed a severe enough breach as to put you, your identity, your financial means etc. at risk.
9. Responding to requests
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response.
We will respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Pilates Studio Kildare
Unit # 3 Claregate St.