Privacy Policy
This privacy policy explains how Wild Fox Pilates Limited ("Wild Fox", "we", "us", "our") collects, uses and protects your personal information when you visit our website, book a class, become a member, or otherwise interact with us.
We are committed to keeping your information safe and only using it for purposes you would reasonably expect from a Pilates studio.
1. Who we are
Wild Fox Pilates Limited is the data controller responsible for your personal data.
- Registered office: 71–75 Shelton Street, Covent Garden, London WC2H 9JQ
- Studio address: 5–7 Canford Lane, Westbury-on-Trym, Bristol BS9 3DB
- Contact: hello@wildfoxpilates.co.uk
- Company number: 16976197
- ICO registration: C1928687
If you have any questions about this policy or how we use your data, please email us at the address above.
2. What information we collect
We collect different types of information depending on how you interact with us.
When you browse the website, we collect technical information automatically through cookies and similar technologies, including your IP address, browser type, device information, pages visited, and referring website. We use this to understand how the site is performing and how visitors find us.
When you sign up, book a class or buy a membership, we collect your name, email address, phone number, postal address, date of birth, emergency contact details, and payment information. Payment card details are handled directly by our payment processor (Stripe) and are not stored by us.
When you fill in our health intake form (PAR-Q), we collect health-related information you choose to share, including injuries, medical conditions, pregnancy, medications and any GP or physiotherapist details. This is special category data under UK GDPR and is treated with extra care (see section 4).
When you contact us by email, phone, social media or in person, we keep a record of that correspondence and any information you share with us.
When you attend classes, we keep a record of bookings, attendance, class history and any feedback or notes our instructors record to help us teach you safely.
Marketing data: if you sign up to our newsletter or follow us on social media, we may collect your engagement with our emails and ads (opens, clicks, page views) so we can improve our communications.
3. How we use your information and our legal basis
Under UK GDPR we must have a lawful basis for using your personal data. We rely on the following bases.
Performance of a contract — to set up your account, take payment, provide classes, manage your membership, send booking confirmations and respond to your queries.
Legitimate interests — to run and improve our studio, including basic website analytics, fraud prevention, keeping our records accurate, and contacting existing members about service changes. We have considered your rights and only use this basis where we believe you would reasonably expect us to.
Consent — for marketing emails and SMS, non-essential cookies (analytics and advertising), and the use of your contact details to improve ad targeting through Google and Meta (see section 6). You can withdraw consent at any time without affecting your membership.
Legal obligation — to keep accounting records (HMRC requires we keep financial records for at least six years) and to comply with health and safety law.
Vital interests — in a medical emergency at the studio, we may share your emergency contact and relevant health information with paramedics or medical staff.
4. Health information (special category data)
Pilates is a physical activity, and we ask for health information at intake so we can teach you safely and adapt exercises to your body. Examples include injuries, surgeries, pregnancy, chronic conditions and medications.
Under UK GDPR Article 9, this is special category data and we treat it differently:
- We rely on your explicit consent, which we ask for separately at intake
- Only Wild Fox directors and instructors who teach you have access to this information
- We never share your health information with third parties for marketing
- You can update, correct or withdraw it at any time by contacting us
- If you withdraw consent, we may not be able to safely teach you certain specialist classes (for example pre-natal or post-natal sessions)
We keep health information for as long as you are an active member, plus three years after your last class. After that we delete or anonymise it.
5. Who we share your information with
We share your data only where necessary, and only with carefully selected third parties who have signed data processing agreements with us.
Mariana Tek (Xplor) — our class booking and membership management platform. They store your account, bookings and payment history. Mariana Tek is operated from the United States; your data is transferred internationally under appropriate safeguards (UK International Data Transfer Agreement / Standard Contractual Clauses).
Stripe — our payment processor. Stripe handles all card transactions and PCI-DSS compliance. Stripe is based in Ireland and the United States; international transfers are covered by Standard Contractual Clauses.
Google (Google Analytics, Google Ads, Google Tag Manager) — we use Google's tools to understand website performance and run advertising. With your consent, we also share hashed versions of your email address and phone number with Google ("Enhanced Conversions") so they can match conversions to ads more accurately. Hashing means your details are converted into a one-way code before transmission. Google is based in the United States; transfers are covered by Standard Contractual Clauses and the UK Extension to the EU–US Data Privacy Framework.
Meta (Facebook and Instagram) — we use the Meta Pixel and similar tools to measure ad performance and reach people on Facebook and Instagram. With your consent, this includes hashed user data ("Conversions API") for better ad matching. Meta is based in the United States and Ireland; transfers are covered by the same safeguards as above.
Kit (formerly ConvertKit) — our email marketing platform. When you opt in to our newsletter, Kit stores your email address, name and engagement data (which emails you open and click) so we can send you relevant updates. Kit is based in the United States; transfers are covered by Standard Contractual Clauses and the UK Extension to the EU–US Data Privacy Framework.
Professional advisers — accountants, solicitors and insurers, where they need access to provide their services. They are bound by their own confidentiality obligations.
Government bodies — HMRC, Companies House and law enforcement, where we are legally required to share information.
We never sell your personal data.
6. Cookies, analytics and advertising
Our website uses cookies and similar technologies. Some are essential (for example to keep you logged in or remember items in a basket). Others are optional and only set if you give consent through our cookie banner.
The optional cookies we use include:
- Google Analytics to understand how visitors use the site
- Google Ads conversion tracking with Enhanced Conversions
- Meta Pixel for Facebook and Instagram advertising
You can change your cookie preferences at any time using the "Cookie settings" link in the website footer, or by clearing cookies in your browser.
For more detail, see our separate Cookie Policy.
7. How long we keep your information
We keep your data only as long as we need it.
- Active membership records: for as long as you are a member
- Inactive accounts: three years after your last class, then deleted or anonymised
- Health information: as set out in section 4
- Financial records (invoices, payments): six years from the end of the relevant tax year, as required by HMRC
- Marketing data: until you unsubscribe, plus a short suppression record so we don't accidentally email you again
- Website analytics: typically up to 14 months in Google Analytics
- Correspondence: up to two years, unless related to an ongoing matter
8. Keeping your information secure
We take security seriously. We use reputable third-party platforms (Mariana Tek, Stripe, Google) that hold recognised security certifications, restrict staff access to personal data on a need-to-know basis, and use strong passwords and two-factor authentication on our accounts.
If you set up an account, you are responsible for keeping your password confidential.
If we ever suffer a data breach that is likely to affect your rights, we will notify the ICO within 72 hours and contact you directly where required by law.
9. Your rights
Under UK GDPR you have the following rights in relation to your personal data:
- Access — you can ask for a copy of the information we hold about you
- Rectification — you can ask us to correct anything inaccurate or incomplete
- Erasure — you can ask us to delete your data ("right to be forgotten"), subject to some legal exceptions
- Restriction — you can ask us to limit how we use your data
- Portability — you can ask for your data in a machine-readable format
- Objection — you can object to us using your data on the basis of legitimate interests
- Withdraw consent — where we rely on consent, you can withdraw it at any time
- Complain — you can complain to the Information Commissioner's Office at any time (see section 11)
To exercise any of these rights, please email us at the contact address above. We will respond within one calendar month.
10. Marketing communications
We will only send you marketing emails or SMS if you have opted in. Every marketing email contains an unsubscribe link, and you can also reply STOP to any marketing SMS or email us to opt out.
Unsubscribing from marketing does not affect transactional messages such as booking confirmations, class reminders, payment receipts or important service announcements.
11. Complaints
If you are unhappy with how we have used your data, please contact us first so we have a chance to put things right.
You also have the right to complain to the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
- Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
12. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top tells you when it last changed. If the changes are significant, we will let you know by email or a prominent notice on the website.
13. Contact us
For any privacy-related questions, requests or concerns:
Wild Fox Pilates Limited
5–7 Canford Lane, Westbury-on-Trym, Bristol BS9 3DB
Email: hello@wildfoxpilates.co.uk