Body Principles Limited Privacy Notice
We ask that you read this privacy notice carefully as it covers how Body Principles Limited will collect, use, disclose, transfer and store your data.
This privacy notice is divided into the following sections:
- Who we are
- Our website
- Our collection and use of your personal information
- Transfer of your information out of the european union
- Cookies and similar technologies
- Marketing
- Your rights
- Keeping your personal information secure
- Children
- How to complain
- Changes to this privacy notice
- How to contact us
1. Who we are
We are Body Principles Limited (Company Number 06894507) a company incorporated in England & Wales. Our registered office is 3 Pleasance Road, London SW15 5HR. We operate the website www.bodyprinciples.co.uk
In this privacy notice, we use the terms “we”, “us”, and “our” (and other similar terms) to refer to Body Principles Limited who act as a data controller responsible for your personal and special data.
When we collect your data we are regulated under the General Data Protection Regulation (GDPR) which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
2. Our website
This privacy notice relates to the information we collect from you in person or in correspondence and also relates to your use of our website, www.bodyprinciples.co.uk Throughout our website, we may link to other websites owned and operated by certain trusted third parties. These other third party websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these other third party websites, please consult their privacy policies as appropriate.
3. Our collection and use of your personal information
Personal data means any information about you from which you can be identified. The data we collect includes:
- identification data (including name, date of birth, photo ID);
- contact details (including postal address, email address and telephone number);
- financial information (including bank account details and payment card details); any other personal data we collect in the course of providing services or in the course of operating our business.
In certain circumstances, we may collect certain ‘special category data’, which includes data relating to your health (including disabilities).
We use this personal information to:
- provide our services to you (e.g. create and manage bookings);
- verify your identity;
- provide suitable Pilates programmes/ classes to you;
- customise our website and its content to your particular preferences;
- notify you of any changes to our website or to our services that may affect you;
- allow the billing of services provided and to obtain payment;
- process and respond to complaints; and
- improve our services.
We will collect personal data about you by various means, including:
- in person when meeting with you;
- by telephone;
- by correspondence (including by post and email);
- via our website (e.g. when submitting an enquiry on our contact form);
If you provide us with personal information about another person, for example a member of your family, you must ensure that:
- you have the authority to give us that information; and
- all personal data disclosed is complete, accurate and up to date
Our legal basis for processing your personal information
We rely on the following legal reasons for processing your data:
- Consent: Where you have given us clear consent for us to process your personal information for a specific purpose.
- Contractual necessity: Where it is necessary to perform a contract you have entered into, or in order to take steps at your request prior to entry into a contract. This will include for example our contract with you to provide you with Pilates classes.
- Legal obligation: Where our use of your personal information is necessary for us to comply with the law (not including contractual obligations).
Normally we will only process ‘special category data’ (e.g. data concerning health) when it is necessary in the context of considering health conditions in order to ensure that the Pilates classes or exercises we deliver to you are appropriate for you.
We will only use your personal data for the purpose, or purposes, for which we have obtained it. If we reasonably consider that we need to use it for another reason we will only do so if that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will inform you and explain the legal basis which allows us to do so.
We may process your personal data without your knowledge or consent where it is required by law.
Please contact us if you would like further information on the lawful basis for any specific data processing activity
Who we share your personal information with
We will share your personal data when:
- you specially request it, or it is necessary to provide our services and fulfil our contractual obligations to you.
- we are under a legal or regulatory duty to disclose your information (e.g. money laundering or fraud prevention).
- in the course of providing our services to you we believe it is in your best interests to use the services of a third party, for example a physiotherapist.
Who exactly we share your data with will depend on the nature of the service we are providing but can include:
- third parties whose services we feel you may be interested in relating to your Pilates classes (for example physiotherapy).
- third party providers of payment and marketing services (see ‘Transfer of your information outside of the European Union’ and ‘Marketing’).
4.Transfer of your information out of the european union
We currently use a third party payment software platform provided by MindBody Online to manage bookings and take payment. In order to be able to use this function, you will need to register with the Body Principles MindBody Online system. Mindbody Online stores all data in servers and backup servers located in the United States.
The United States do not have the same data protection laws as the United Kingdom and European Union. Whilst the European Commission has not given a formal decision that the United States provide an adequate level of data protection similar to those which apply in the United Kingdom and European Union, any transfer of your personal information will be subject to a Privacy Shield certification which MindBody holds, this complies with GDPR regulations relating to transferring data outside of the European Union. Click here for a detailed explanation of how the Privacy Shield requirements align with GDPR guidelines. You can also consult MindBody's Terms of Service page here.
If you would like further information please contact us (see ‘How to contact us’ below). We will not otherwise transfer your personal data outside of the European Union or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
5. Cookies and similar technologies
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information, visit www.aboutcookies.org or www.allaboutcookies.org
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
The cookies used on our website do not collect uniquely identifying information, but assist in the website experience to the user. Google’s Remarketing feature uses cookies to serve relevant messages based on someone’s past visits to our website. Information about how you can opt out of Google’s use of cookies can be found by visiting the Network Advertising Initiative Opt Out Page.
6. Marketing
We would like to send you information about our classes, retreats, workshops and special offers, which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by email.
We use Mailchimp, a third party provider to send email marketing communications.
Please click on the following links to consult Mailchimp’s Privacy Policy and Terms and Conditions.
If you have previously agreed to being contacted in this way, you can unsubscribe at any time by:
- contacting us by email to fran@bodyprinciples.co.uk; or
- clicking here to unsubscribe
For more information on your rights in relation to marketing (see 'Your rights’).
7. Your rights
You have the right to obtain confirmation from us as to whether we are processing your personal data and, if we are, to request a copy of the personal data we hold about you. This is known as a ‘subject access request’.
You also have the right to ask that we update any information we hold about you that may be incorrect. It is important that the information we hold about you is accurate and up to date. If any of your personal information changes please let me know.
In certain circumstances, you have the right to request that we restrict the way in which we process your data, or that we erase all personal information that we hold about you.
You have the right to object to certain types of processing.
We will try our best to comply with any request to restrict, object or erase your data, however processing of some data may still be required for legitimate business purposes or to comply with legal obligations. Please note that if you want us to restrict or stop processing your data this may prevent us from providing our services to you.
You have the right to request that we send a copy of your data, that you have provided to us, to another organisation for your own purposes (e.g. if you wish to change service provider). This data must be provided in a structured and usable format. This right only applies to personal data processed by way of consent or pursuant to our contract with you. If you wish us to transfer your personal data please let us know.
You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee should your request be clearly unfounded, repetitive or excessive. In order to prevent unauthorised access to information we may ask for proof of identity. We will do our best to respond to your request within one month, however, if that is not possible due to the number or complexity of requests we will notify you and keep you updated.
For further information on your rights, please visit ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/individuals-rights/
If you wish to contact us in relation to any of your rights then please contact us by email fran@bodyprinciples.co.uk or in writing to us at Body Principles Limited, 3 Pleasance Road, London, SW15 5HR.
8. Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
9. Children
We provide Pilates classes to children and this privacy notice applies equally to any personal data (including special category data) that is collected in relation to children who attend our classes. Children must be represented by their parents, guardians, or other representative and where consent is necessary to the processing of personal or special category data in relation to children we will obtain such consent from someone with parental responsibility for the child.
10. How to complain
We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/
11. Changes to this privacy notice
This privacy notice was published on 22 July 2019 and last updated on 17 November 2021.
We may change this privacy notice from time to time, when we do we will inform you via our website www.bodyprinciples.co.uk
12. How to contact us
Please contact Francesca Fröhlich, if you have any questions about this privacy notice or the information we hold about you by email to fran@bodyprinciples.co.uk or, in writing write to Body Principles Limited, 3 Pleasance Road, London, SW15 5HR.
If you would like this privacy notice in another format (for example: audio, large, print, braille) please contact us.