This Privacy Policy explains how Fig Pilates (referred to as "we," "us," or "the studio") collects, uses, and protects your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Fig Pilates Privacy Policy

1. The Data We Collect

To provide you with Pilates services, we collect the following types of information:

  • Identity & Contact Data: Name, date of birth, email address, phone number, and home address.

  • Health Data: Information regarding your physical health, injuries, medical history, and pregnancy status (this is "Special Category Data" collected for your safety).

  • Financial Data: Payment card details (processed securely via our third-party payment provider; we do not store full card details on our own servers).

  • Technical Data: IP address, browser type, and usage data when you visit www.figpilates.co.uk.

2. How We Collect Your Data

We collect data through:

  • Direct Interaction: When you create an account, book a class, or fill out a health questionnaire.

  • Referral Program: When a friend provides your details via our referral link (note: we only process this data once you choose to register).

  • Automated Technologies: Cookies and similar technologies on our website.

3. How We Use Your Data

We will only use your data when the law allows us to. Most commonly, we use it to:

  • Perform our contract with you: Managing your bookings, processing payments, and providing Pilates instruction.

  • Ensure your safety: Tailoring exercises to your physical needs based on your health questionnaire (Legal basis: Explicit Consent).

  • Marketing: Sending you studio updates or promotional offers (Legal basis: Consent/Legitimate Interest). You can opt out at any time.

  • Referral Program: To track and apply rewards to your account and your referrer’s account.

4. Data Sharing and Third Parties

We do not sell your data. We only share data with trusted third parties who help us run our business:

  • Booking Systems: Our class management software (e.g., TeamUp, Mindbody, or similar).

  • Payment Processors: To securely handle transactions (e.g., Stripe).

  • Email Services: To send you booking confirmations and newsletters.

  • Legal Obligations: If required by law or to protect the safety of our staff and clients.

5. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. Access to your health data is restricted to instructors and management who need it to ensure your safety in class.

6. Data Retention

We keep your personal data only as long as necessary to fulfil the purposes we collected it for, including any legal, accounting, or reporting requirements. Typically, if an account is inactive for [e.g., 3 years], we will securely delete your data.

7. Your Legal Rights

Under the UK GDPR, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.

  • Correction: Request that we fix any inaccurate information.

  • Erasure: Request that we delete your data (the "right to be forgotten").

  • Withdraw Consent: Where we rely on consent (like marketing or health data), you can withdraw it at any time.

  • Portability: Request a transfer of your data to another provider.

8. Cookies

Our website uses cookies to improve your browsing experience. You can set your browser to refuse all or some cookies, but this may prevent the booking system from functioning correctly.

9. Contact Details and Complaints

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at:

Email: hello@figpilates.co.uk

You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk).