Privacy Policy

 

 

Introduction

We are committed to safeguarding the privacy of individuals (“you”, “your”) whose personal data we collect and use. In this Privacy Statement, we explain how we handle your personal data. For example, what personal data we collect and how, what we do with it and who we share it with. It also describes your privacy rights and controls such as your choices regarding use, access and correction of your personal data. Our Privacy Statement is part of, and is subject to, our Cookies Policy and our Website Terms. Therefore, by accessing or using our website, you confirm that you accept the terms of our Privacy Statement. 

About Sophie’s World of Pilates

Our website is owned and operated by Sophie’s World of Pilates Limited (“Sophie’s World of Pilates”, “we”, “us” or “our”) 

You can contact us by telephone on 07764 586990, or by email at the following email address: sophie@sophiesworld.co.uk giving details of the nature of your enquiry.

Our Data Compliance Manager

You can contact our Data Compliance Manager using the following email address: sophie@sophiesworld.co.uk

The tasks of our Data Compliance Manager include (for example) monitoring our compliance with applicable data protection laws and acting as contact for individuals whose data is processed by us.

If you have any questions about anything to do with this Privacy Statement, our data processes and practices or simply to exercise your privacy rights, please contact our Data Compliance Manager using the contact details above.

Your Privacy Rights

We have summarised below your privacy rights. Some of these rights are complex, and not all of the details have been included in our summaries below. For this reason, you should read the applicable data protection laws and guidance from the UK Information Commissioner for a fuller explanation of these rights. You can do so online via this link: https://ico.org.uk 

Your principal rights under the applicable data protection laws are:

the right to access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to object to processing;
the right to data portability;
the right to complain to the UK Information Commissioner; and
the right to withdraw consent.

Right to access: You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply you with a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a fee.

Right to rectification: You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed. You can ask us to make any necessary changes to ensure that your personal data is accurate and kept up to date.

Right to erasure: In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; the processing is for direct marketing purposes; and the personal data has been unlawfully processed. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary for: exercising the right of freedom of expression and information; compliance with a legal obligation; for the establishment, exercise or defence of legal claims. The consequences of erasing your personal data are, for example, that you will be unable to access some content on our Website and will be excluded from marketing communication communications including (for example) newsletters, event information, blogs etc.

Right to restrict processing: In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful, but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another individual or legal person; or for reasons of public interest.

Right to object to processing: You have the right to object to our processing of your personal data on grounds relating to your situation, but only to the extent that the legal basis for the processing is necessary for the performance of a task in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

Right to object to processing (direct marketing): You have the right to object to our processing of your personal data for direct marketing purposes (including, for example, profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose. You may exercise this right at any time by clicking the 'unsubscribe' button in the email footer of any newsletter we may send you, or by contacting our Data Compliance Manager to inform them using the following email address: sophie@sophiesworld.co.uk

Right to object to processing (scientific, historical research or statistics): You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your situation, unless the processing is for the performance of a task carried out for reasons of public interest.

Right to data portability: To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

Right to complain to the UK Information Commissioner: If you consider that our processing of your personal data infringes the applicable data protection laws, you have a legal right to lodge a complaint with the UK Information Commissioner (www.ico.org.uk) which is the UK data protection regulatory body.

Right to withdraw consent: To the extent that the legal basis for our processing of your personal data is consent, you have the right to withdraw that consent at any time, so long as it will not affect the lawfulness of processing before the withdrawal.

Updates to the Sophie’s World of Pilates Privacy Statement

We may update the Sophie’s World of Pilates Privacy Statement from time to time by publishing a new version here and and update the “Effective Date” shown at the top of this Privacy Statement.


If we make changes that materially alter your privacy rights, we will provide additional notice, such as via email. If you disagree with the changes to the Privacy Statement, you should contact our Data Compliance Manager, requesting the erasure of your personal data and, if you receive any newsletter, to unsubscribe from them.


If you continue accessing and/or using our Website, receiving our communications, contacting us, and/or signing up /attending our events or webinars etc, this will constitute acceptance of the revised Privacy Statement.

Personal Data We Collect

We use many different kinds of personal data, as follows. We don’t use all this personal data in the same way. Some of it is useful for marketing, or for providing services to you.


Website data: This is data on how you use our Website and may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your use of our website.

 

Service data: This may include billing data, your name and contact details such as your email address contained in/relating to services we provide (if you enquired to appoint us or you decided to appoint us).

 

Correspondence data: This may include personal data contained in or relating to any communication that you send to us or that we use to communicate with you.

 

Marketing data: This may include personal data you provide to us if you sign up to receive any newsletters or choose whether you wish to receive promotional communications (e.g. offers, invitations to promotional activities such as events, webinars etc.) from us by email, post, telephone or social media.

Cookies & similar technology data: This includes personal data that we obtain about you through cookies and similar technologies. For more information, see our Cookies Policy.

 

Profile data: This may include your name and contact details and some of the other personal data set out in this table e.g. third-party data, registration data.

 

Registration data: This may include information you provide to register for events, webinars, surveys, etc. and may include your name and contact details e.g. an email address.

 

Applicant data: This may include your name, contact details, or any other additional personal information or CV.

 

Third-Party data: This may include your name and contact details we obtain from third parties such as third-party service providers, lead generation companies, social media etc.

 

Other data: This is personal data other than the ones set out in the table above.

How We Use Your Personal Data

Here are a list of the ways that we may use your data and specific legal reasons we rely on in doing so:

 

Website (Processing Purpose): To analyse your use of our website as well as to develop, operate, improve, protect, personalise, customise and optimise our website.

 

Legal Basis: The legal reasons for this are our legitimate interest in the proper administration and operation of our business and/or to comply with legal obligations.

Services (Processing Purpose): To provide you with information you requested about our services when you are considering whether to appoint us or not (e.g. a quote) and if you decide to appoint us, to provide our services.

 

Legal Basis: The legal reason for this is to perform our contract with you and/or take steps, at your request, to enter into such a contract.

Communications (Processing Purpose):
To communicate with you (e.g. by email, by post, by phone etc.) or to process any communications you send to us.

Legal Basis: The legal reasons for this is to perform our contract with you and/or our legitimate interest of the proper administration and operation of our business.

Operations (Processing Purpose): To perform general administrative and operational activities e.g. invoicing, debt recovery etc.

Legal Basis: The legal reason for this is our legitimate interest in the proper administration/operation of our business.

Marketing & Advertising


(Processing Purpose): To send you newsletters and promotional communications (e.g. offers, invitations to promotional activities such as events, webinars etc.) from us by email, post, telephone, SMS and/or social media, that may be of interest to you based on your preferences as well as to advertise our business and services to you through a variety of different channels.

Legal Basis: The legal reasons for this is our legitimate interest in conducting marketing (including, for example, advertising) and any soft 'opt-in' to undertake direct marketing to promote our business and services. To the extent that we are required to obtain consent for electronic marketing and we are not relying on your 'opt-in', our legal reason for this is consent.

 

Profiling (Processing Purpose): To create a profile of you by combining data you provided to us by you or we received from other sources such as social media, the internet and lead generation companies in order to update, expand and analyse our data records, lead generation, and create more tailored marketing (including, for example, advertising) and/or to personalise the services we provide to you.

Legal Basis: The legal reasons for this is our legitimate interest in the proper administration and/or operation of our business, and/or conducting marketing (including, for example, advertising) to promote our business and services. To the extent necessary for providing services to you, the performance of the contract between you and us.

 

Security, Risk & Crime (Processing Purpose): To protect our website and business, prevent fraud, spam, abuse, security incidents, harmful and/or illegal activity, conduct security investigations and risk assessments, and/or to verify or authenticate information.

Legal Basis: The legal reasons for this is our legitimate interest in protecting our website and business, to comply with a legal obligation, to perform our contract with you, and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others.

Research and Analysis (Processing Purpose): To carry out research (e.g. market research), business and statistical analysis (e.g. develop statistical models, analyse the performance of our marketing (including, for example, advertising) campaigns etc.

Legal Basis: The legal reason for this is our legitimate interest in the proper administration, monitoring and/or operation of our business and services.

 

Business improvement (Processing Purpose): To develop or improve our services and business.

 

Legal Basis: The legal reason for this processing is our legitimate interest in the proper administration and operation of our business and services as well as to monitor our business and services.

Data Retention (Processing Purpose): To retain, store, archive and/or destroy the data.

 

Legal Basis: The legal reasons for this processing is the performance of a contract between you and us, our legitimate interest in the proper administration and operation of our business, to comply with a legal obligation, and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others.

 

Audits (Processing Purpose): To carry out audits.

Legal Basis: The legal reason for this processing is our legitimate interest in the proper administration and operation of our business as well as to monitor and improve our business and services.

Sharing with Service Providers (Processing Purpose): To disclose your personal data such as your name and contact details to third party service providers we use.

Legal Basis: The legal reasons for this is our legitimate interest in administering, operate and/or managing our business, and/or performance of a contract between you and us.

Sharing with Consent (Processing Purpose): To share your data (including personal information) where you have provided consent, for the purpose(s) described at the time we ask you for your consent.

Legal Basis: The legal reason for this is consent.

 

Sharing Aggregated Data (Processing Purpose): To share aggregated information (information about our individuals that we combine together so that it no longer identifies or references an individual) and non-personally identifiable information in order to conduct industry and market analysis, demographic profiling, marketing (including, for example, advertising).

Legal Basis: The legal reason is our legitimate interests in the proper administration and operation of our business.

Sharing in a Sale/Investment (Processing Purpose): If there is a sale or an asset transfer to a third party, and/or an investment in Sophie’s World of Pilates, part of that sale, asset transfer and/or investment may include your personal data. Purchasers, investors and/or their advisers may have access to your personal data as part of the corporate due diligence they perform as part of the sale or asset transfer, and/or the investment.

 

Legal Basis: The legal reason is our legitimate interest in the proper administration and operation of our business.

Sharing an Internal re-organisation & Insolvency (Processing Purpose): To pass on to a successor in interest as part of a corporate re-organisation or in the unlikely event of an insolvency event such as a liquidation, insolvency, bankruptcy or administration.

Legal Basis: The legal reason is our legitimate interest in the proper administration and operation of our business.

Sharing with Insurers & Professional Advisers (Processing Purpose): To disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and/or managing legal disputes.

 

Legal Basis: The legal reason for this is our legitimate interest in the proper administration and operation of our business, to comply with a legal obligation and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others.

Sharing any Legal Disclosures (Processing Purpose): To disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others.

Legal Basis: The legal reasons for this is to comply with a legal obligation, and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others.

International Transfer of Personal Data

We may transfer your personal data to countries outside the European Economic Area (EEA.) This may happen if the business software we use is hosted outside the EEA e.g. the USA. If that is the case, we rely on the adequate safeguards the software providers will have put in place to keep this personal data safe and secure.  In this case, any personal data would be part of the EU/USA 'Privacy Shield' (www.privacyshield.gov) for data transfers to the USA.

 

For data sharing with any other non-EEA countries, we would use what are called ‘Standard Contractual Clauses’ put in place by the EU, or when the EU has decided that a particular non-EEA country provides the same/equivalent level of data protection as in the EU.


You acknowledge and agree that if you submit personal data for publication through our websites or social media accounts, this data may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

Security of Personal Data

We maintain administrative, technical and physical safeguards designed to protect your personal data. While no system or process is fool-proof (e.g. hacking), we believe the measures implemented reduce our vulnerability to security problems to a level appropriate to the type of personal data involved and the current state of technology.

Retaining and Deleting Personal Data

We have data retention policies and procedures in place, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.


Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. We will retain and delete your personal data as follows:

Sign-up for newsletters will be retained for 24 months following the month of sign-up, at the end of which period it will be deleted from our systems.


Sign-up for webinars will be retained for 24 months following month of sign-up, at the end of which period it will be deleted from our systems.


Any customer data identified via their  legitimate interest will be retained for 24 months following month of addition to CRM, at the end of which period it will be deleted from our systems.

In some cases, it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:

Engagement statistics for social media data; the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements e.g. whether (and for how long) we are required by law to retain your personal data.

However, we may retain your personal data where necessary for (a) the performance of a contract we have with you, (b) the compliance with a legal obligation to which we are subject, and / or (c) for the establishment, exercise or defence of legal claims; and / or in order to protect your vital interests or the vital interests of another individual.

Third Party Websites

Our Website may contain links to third party websites. Please note that if you follow any such links, we do not accept any liability and/or responsibility, because these websites will have their own terms & conditions or privacy policies.