Privacy Policy

Core Pilates Oban is committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Core Pilates Oban is operated by Jennifer Dairon and provides Pilates, rehabilitation services, clinical programmes, workshops and retreats.

For the purposes of data protection law, CORE Pilates Oban is the Data Controller.

Contact: jenny@corepilatesoban.com

2. What Data We Collect

We may collect and process the following information:

Identity Data

  • Name

  • Date of birth

Contact Data

  • Email address

  • Telephone number

  • Emergency contact details

Health Information (Special Category Data)

  • Medical history

  • Injury history

  • Pregnancy status

  • Medications

  • Clinical notes and assessment findings

Booking & Payment Data

  • Appointment history

  • Transaction records (processed securely via third-party providers)

3. Why We Collect Your Data

We collect and process personal data for:

  • Delivering classes, programmes and clinical services

  • Assessing suitability for exercise

  • Maintaining clinical records

  • Managing bookings and payments

  • Communicating about services

  • Legal and insurance purposes

Health data is processed under Article 9(2)(h) UK GDPR (provision of health or social care).

4. Lawful Basis for Processing

We process your data under the following lawful bases:

  • Contractual necessity (to deliver services you book)

  • Legitimate interests (business administration and safety)

  • Legal obligation (record keeping and insurance)

  • Explicit consent (for processing health information)

5. How Your Data Is Stored

Your data may be stored securely using:

  • Squarespace (website hosting)

  • Acuity Scheduling (appointment management)

  • Secure digital storage for clinical notes

We take reasonable steps to protect your data from loss, misuse or unauthorised access.

6. Data Retention

Clinical records are retained in line with professional and insurance requirements.

General enquiry data is retained only as long as necessary for business purposes.

7. Sharing of Data

We do not sell or share your personal data.

Data may be shared only where:

  • Required by law

  • Required for insurance purposes

  • Necessary for service providers (e.g. payment processors)

All third parties are required to handle data securely.

8. Your Rights

Under UK GDPR, you have the right to:

  • Request access to your personal data

  • Request correction of inaccurate data

  • Request erasure (where legally permissible)

  • Withdraw consent at any time

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

9. Cookies

This website may use cookies for functionality and analytics. You may control cookie settings via your browser.

10. Contact

If you have any questions regarding this Privacy Policy or your data, please contact:

jenny@corepilatesoban.com