Privacy Policy and GDPR Requirements

What information do we ask for, why and where do we keep it?

At Enlightened Body Pilates we hold your name, address, phone and email details. This is so that we can contact you about your bookings, changes or possible disruption. We need your home address in order to process card payments and knowing your whereabouts will allow us to notify you in case
of road closures. We ask for your date of birth as this may be relevant to your practice and we also keep emergency contact details in case of an incident at the studio. This information is kept on your file (locked in the cabinet in the office) and on our booking system Mind Body Online.

When we start to work with you we ask for your relevant medical history – this is kept in hard copy on your file only.

Who can access your information?

You can ask to see the information we hold for you at any time and access your own account on Mind Body Online where you can make amendments. Only you and the staff here at Enlightened Body Pilates can access this information and it will be used to inform your practice and handle your bookings and payments.

We do not share any of this information with any third party. If you are under the care of another practitioner, be that a doctor or manipulative / physical therapist we will ask that you pass on any relevant information rather than us speaking to them directly unless both parties have your express permission.

Your "right to be forgotten"

You have the right remove consent at any time, please inform our team and your details will be removed from the system and paper files destroyed. Please note that we are obliged to retain notes written by our teachers about your practice for 7 years in order to comply with our insurance requirements, however, only your name will be retained, not your contact information, and the information will be held in paper copy only.

Online data storage

Our online booking system – MINDBODY stores all data in servers and back up servers located in the United States. MINDBODY has a Privacy Shield  certification which complies with GDPR regulations related to transferring data outside of the EU and their security is monitored 24/7, 365 days a year.

Agreement

We will ask you to sign a clear agreement to our use of your data as described above when you start working with us at the studio. Current clients are being asked to update their agreement as the new GDPR comes into effect in May 2018.

Newsletter opt-in

We will ask for a separate consent if you wish to receive our studio newsletters with updates about workshops or new services at the studio for example and you can withdraw consent for this at any time independently of us holding the information we need to serve you as a client.