Privacy Policy

Last updated: 23 March 2026

Introduction

Welcome to Lotus Pilates. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, and safeguard your data when you use our services at lotuspilates.co.uk.

Data Controller: Lotus Pilates is the data controller responsible for your personal information. For any questions about this policy or your data, please contact us at info@lotuspilates.co.uk.

Types of Data We Collect

We collect the following categories of personal data:

Identity & Contact Data

  • Full name
  • Email address

Special Category Data (Health Information)

We collect health-related information through our Physical Activity Readiness Questionnaire (PAR-Q). This includes:

  • Medical history
  • Physical condition and any relevant health concerns
  • Information necessary to ensure your safety during Pilates classes

This is classified as "special category data" under UK GDPR and is collected with your explicit consent via digital signature before you can book your first class.

Transaction Data

  • Class booking history
  • Attendance records
  • Booking preferences and schedule information

Lawful Basis for Processing

Under UK GDPR, we process your personal data based on the following lawful bases:

Performance of a Contract

We process your identity, contact, and transaction data (name, email, booking history) for the performance of a contract to provide you with Pilates class bookings and related services. This includes managing your account, processing bookings, and communicating about your classes.

Explicit Consent (Health Data)

Health data (PAR-Q information) is processed strictly under your explicit consent. Before booking your first class, you must complete and digitally sign the PAR-Q health questionnaire. By providing your digital signature, you are giving explicit consent for us to process your health information for the purpose of ensuring your safety during physical activities and tailoring instruction to your needs.

You have the right to withdraw this consent at any time by contacting us. However, please note that we may need to retain certain health information for safety and legal reasons while you remain an active member.

Third-Party Data Processors

We use trusted third-party service providers to securely process and store your data. These processors are bound by strict data protection agreements and only process your data as instructed by us:

  • Supabase: We use Supabase for secure database hosting and user authentication. Your data is stored in EU-compliant data centres with industry-standard encryption.
  • Resend: We use Resend for transactional email communications, including booking confirmations, schedule changes, and important service updates. Resend processes email data in compliance with UK GDPR requirements.

We do not sell, rent, or share your personal data with any other third parties for marketing purposes.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy:

  • Account Data: We retain your account information while you have an active account with us.
  • Health Data (PAR-Q): Health forms are kept for as long as you are an active member for safety reasons. This ensures we can provide appropriate instruction and respond to any health-related concerns during classes.
  • Transaction Data: Booking and attendance records are retained for as long as necessary to manage your account and comply with legal obligations.

You can request deletion of your account and associated data at any time by contacting us at info@lotuspilates.co.uk. We will process your request in accordance with UK GDPR requirements, though some data may need to be retained for legal or safety reasons.

Your Rights Under UK GDPR

As a data subject under UK GDPR, you have the following rights:

  • Right to Access: You have the right to request copies of your personal data that we hold.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
  • Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal data in certain circumstances.
  • Right to Restrict Processing: You have the right to request that we limit how we use your personal data in certain circumstances.
  • Right to Data Portability: You have the right to request that we transfer your personal data to another service provider in a structured, commonly used format.
  • Right to Object: You have the right to object to our processing of your personal data in certain circumstances.
  • Right to Withdraw Consent: Where processing is based on consent (such as health data), you have the right to withdraw your consent at any time.

To exercise any of these rights, please contact us at info@lotuspilates.co.uk. We will respond to your request within one month.

If you are not satisfied with how we handle your data protection rights, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection supervisory authority.

Data Security

We take the security of your personal information seriously. We use industry-standard security measures, including encryption and secure data storage, to protect your data from unauthorized access, disclosure, alteration, or destruction. Your health information is stored securely and is only accessible to authorized personnel who need it to ensure your safety during classes.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at info@lotuspilates.co.uk.