Winchester Pilates Studio takes the protection of your personal data seriously.  The UK Data Protection Act requires us to tell you the legal basis upon which we process your data.

The law allows us to process your data if it is necessary for us to do in order us to fulfil our contract with you to provide our services to you.  We only collect the minimum personal data that we need to do this and we will only do so as described in this Privacy Policy.


We need your name, email address and contact number (for emergencies) and basic health information.  Data is provided by you electronically via our website and enrolment form. This is then entered onto our client database and contacts list in order that Winchester Pilates Studio, which includes those teachers working directly with us, can continue to keep in touch with you about scheduling appointments, attendance in class, cancellations and future events and related services.

In order to use our services you will also need to provide financial information (Bank details) to Stripe, the payment service used by our booking system.  No one at Winchester Pilates Studio has any visibility of these details.

Ongoing note taking takes place during your appointments with us so that we can review progress and plan future sessions in accordance with those goals you have identified on your enrolment form. These notes are kept as hard copies in a lockable filing cabinet (see below)

All electronic Data is held in both Winchester Pilates Studio’s electronic devices as well as those of our teachers and this information is password protected.

All hard copies of this Data is held within Winchester Pilates Studio in a locked filing cabinet and our building is fitted with an intruder alarm.

On your enrolment form you have provided the name, telephone number and email address for your emergency contact. We assume that by giving us this information you have sought permission from that person and have their permission for us to hold their details and be contacted by us. They will only be contacted in the event of an emergency.


We collect your personal data to give you access to our classes and to ensure that you get the most from our teaching and to send you selected information in periodic Newsletters about our services.

Basic health data – eg details of past or current injuries – are gathered by your teacher using paper based forms.  These are stored securely in a locked cabinet.  If you provide us with health information via email we store a print out and delete the email.  We keep this data for up to 4 years as required by our insurance and good fitness industry practice and then shred or burn it.

We do not share your health data with anyone else.

Your contact information – We will keep this data for the period you are a client of the studio plus up to 4 years.


Like many small and large businesses, we use Mail Chimp to send out emails and newsletters to keep you updated on what is happening at Winchester Pilates Studio.  We try to keep communications to a minimum to avoid clogging up your inbox.  To do this Mail Chimp holds a record of your name and email address.  They store data in the US.  Their data policy includes terms required by the UK Information Commissioner’s Office (“the ICO”) to ensure that transfers of personal data from the UK to the US have adequate protection.

We use Team Up to timetable classes.  Their service allows you to manage your attendance at our classes.  Team Up are a market leading provider to the fitness industry across the US, UK and Europe.

They also store data in the US.  Their data policy also includes the relevant clauses required by the ICO to allow safe transfers of data from the UK to the US.

As part of the service provided by Team Up, you will be asked to provide bank details to collect payments.  Team Up use Stripe which is a market leading payment service.  Customers of Stripe in the UK deal with its UK subsidiary, Stripe Payments UK Limited, which has to comply with English law and is regulated by the Financial Conduct Authority.  Their data policy is here.  For any transfers of personal data from the UK, Stripe includes the protections required by the ICO in its terms and conditions.  Any financial details you provide are only seen by Stripe, not Winchester Pilates Studio or Team Up.

Your Rights

You have a variety of rights about the way in which we process your data.  These are as follows:

You may request a copy of the data that we hold about you.

You may ask us to cease sending you information (but this may mean that you are not aware of all the latest news about Winchester Pilates Studio).

You may change or stop the way in which we communicate with you or process data about you and if

If you are not satisfied with the way we have processed your data, then you can complain to the Office of the Information Commissioner.

You may request details of personal information, which we hold about you. A small fee will be payable. If you would like a copy of the information held on you please write to Winchester Pilates Studio, 4B Middle Brook Street, Winchester, SO23 8AQ.

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the above address. We will promptly correct any information found to be incorrect.


Our website and links to other websites and apps

Our website does not use Cookies and any information you share with us through your enrolment form is encrypted by our chosen service provider who operates the website.

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information that you provide whilst visiting such sites and such sites are not governed by this Privacy Policy. You should therefore exercise caution and look at the privacy statement applicable to the website in question.

In addition to the website, we do also use Facebook and Instagram as a tool for communicating information relating to our products and services and you should be aware that we cannot be responsible for the protection and privacy of any information that you provide whilst visiting such apps and such apps are not governed by this Privacy Policy. You should therefore exercise caution and look at the privacy statement applicable to the website in question.


If you have any questions about the Privacy Policy, about the way we process your data, or if you wish to change the way we use your data, including how we communicate with you, then please contact Sam Parsons on


Date 11 December 2022