Privacy Policy

Haus of Contrology Ltd customer privacy notice.

This privacy notice tells you what to expect us to do with your personal information.

• Contact details
• What information we collect, use, and why
• Lawful bases and data protection rights
• Where we get personal information from
• How long we keep information
• How to complain

Contact details

Post

East Point Oxford Ltd, Sandford Gate, Sandy Lane West, Littlemore, OXFORD, Oxfordshire, OX4 6LB, GB

Email

admin@hausofcontrology.com

What information we collect, use, and why

We collect or use the following information to provide and improve products and services for clients:

• Names and contact details
• Addresses
• Gender
• Date of birth
• Payment details (including card or bank information for transfers and direct debits)
• Transaction data (including details about payments to and from you and details of products and services you have purchased)
• Usage data (including information about how you interact with and use our website, products and services)
• Health information (such as medical records or health conditions)
• Information relating to compliments or complaints
• Video recordings
• Website user information

We also collect or use the following special category information to provide and improve products and services for clients. This information is subject to additional protection due to its sensitive nature:

• Health information

We collect or use the following personal information for the operation of client or customer accounts:

• Names and contact details
• Addresses
• Purchase or service history
• Account information, including registration details
• Information used for security purposes
• Marketing preferences
• Technical data, including information about browser and operating systems

We also collect or use the following special category information for the operation of client or customer accounts. This information is subject to additional protection due to its sensitive nature:

• Health information

We collect or use the following personal information for the prevention, detection, investigation or prosecution of crimes:

• Names and contact information
• Client accounts and records

We also collect or use the following special category information for the prevention, detection, investigation or prosecution of crimes. This information is subject to additional protection due to its sensitive nature:

• Health information

We collect or use the following personal information for information updates or marketing purposes:

• Names and contact details
• Addresses
• Profile information
• Marketing preferences
• Purchase or account history
• Website and app user journey information
• IP addresses

We collect or use the following personal information for research or archiving purposes:

• Names and contact details
• Addresses
• Purchase or client account history
• Website and app user journey information
• IP addresses

We collect or use the following personal information to comply with legal requirements:

• Name
• Contact information
• Identification documents
• Client account information
• Any other personal information required to comply with legal obligations

We also collect or use the following special category information to comply with legal requirements. This information is subject to additional protection due to its sensitive nature:

• Health information

We collect or use the following personal information to protect client welfare:

• Names and contact information
• Client account information
• Health and wellbeing information
• Emergency contact details

We also collect or use the following special category information to protect client welfare. This information is subject to additional protection due to its sensitive nature:

• Health information

We collect or use the following personal information for dealing with queries, complaints or claims:

• Names and contact details
• Address
• Payment details
• Account information
• Purchase or service history
• Customer or client accounts and records
• Financial transaction information
• Information relating to health and safety (including incident investigation details and reports and accident book records)
• Correspondence

We also collect or use the following special category information for dealing with queries, complaints or claims. This information is subject to additional protection due to its sensitive nature:

• Health information

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

• Your right of access – You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. You can read more about this right here.
• Your right to rectification – You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. You can read more about this right here.
• Your right to erasure – You have the right to ask us to delete your personal information. You can read more about this right here.
• Your right to restriction of processing – You have the right to ask us to limit how we can use your personal information. You can read more about this right here.
• Your right to object to processing – You have the right to object to the processing of your personal data. You can read more about this right here.
• Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. You can read more about this right here.
• Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. You can read more about this right here.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide and improve products and services for clients are:

• Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

• • Our Legitimate Interests for Collecting and Using Personal Information We collect and use personal information on the basis of our legitimate interests to provide and continually improve our services in a way that is expected and beneficial to our clients. Our legitimate interests include: Our legitimate interests include: Delivering high-quality, tailored Pilates services – Understanding our clients’ health, fitness goals, and preferences allows us to provide safe, effective, and personalised instruction. Improving our services – We analyse usage and feedback to improve class offerings, scheduling, and facilities, which benefits both existing and future clients. Ensuring health and safety – Knowing any relevant medical conditions or injuries helps our instructors adapt exercises to ensure the well-being of all participants. Communicating efficiently – We use contact details to send service updates, appointment reminders, and relevant wellness information, helping clients stay engaged and informed. Protecting our business – We retain certain data for administrative purposes, such as managing bookings, processing payments, and preventing misuse of services. We carefully assess the balance between our interests and our clients’ rights. The personal information we collect is limited to what is necessary, and we take steps to protect it through secure systems and responsible data handling practices. Clients have the right to object to processing based on legitimate interests, and we provide easy ways to exercise this right. We believe these uses benefit our clients and help us run an efficient, safe, and responsive service, while minimising any potential risk or impact on their privacy.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

• Vital interests – collecting or using the information is needed when someone’s physical or mental health or wellbeing is at urgent or serious risk. This includes an urgent need for life sustaining food, water, clothing or shelter. All of your data protection rights may apply, except the right to object and the right to portability.
• Public task – we have to collect or use your information to carry out a task laid down in law, which the law intends to be performed by an organisation such as ours. All of your data protection rights may apply, except the right to erasure and the right to portability.

Our lawful bases for collecting or using personal information for the operation of client or customer accounts are:

• Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

• • Our Legitimate Interests for Managing Client Accounts We collect and use personal information on the basis of our legitimate interests to operate and manage client accounts effectively, ensuring a smooth and professional experience for each person using our services. Our legitimate interests include: Maintaining accurate booking and attendance records – This helps us manage class capacity, ensure fair access to our services, and monitor usage for both client convenience and business planning. Providing account access and customer support – Clients can view and manage their own bookings, preferences, and contact information, and we can respond quickly to account-related queries or issues. Facilitating payments and invoicing – We process personal and transaction details to issue receipts, manage subscriptions or packages, and resolve payment issues if they arise. Tracking service usage and account history – This allows us to understand a client’s service preferences, enabling better-tailored offerings and communication. Ensuring account security – By maintaining accurate account data and secure access procedures, we help protect our clients’ information from misuse or unauthorised access. We believe these practices are essential for providing a reliable, responsive, and secure service, and that they align with what clients would reasonably expect when creating an account with a professional wellness provider. We limit the data we collect to what is necessary for these purposes and implement strong safeguards to protect clients\’ privacy. Clients always have the right to object to the use of their data under legitimate interests, and we are transparent in how their data is used and protected.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

• Vital interests – collecting or using the information is needed when someone’s physical or mental health or wellbeing is at urgent or serious risk. This includes an urgent need for life sustaining food, water, clothing or shelter. All of your data protection rights may apply, except the right to object and the right to portability.
• Public task – we have to collect or use your information to carry out a task laid down in law, which the law intends to be performed by an organisation such as ours. All of your data protection rights may apply, except the right to erasure and the right to portability.

Our lawful bases for collecting or using personal information for the prevention, detection, investigation or prosecution of crimes are:

• Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

• • Our Legitimate Interests for Crime Prevention and Investigation We collect and use certain personal information based on our legitimate interest in helping to prevent, detect, investigate, or report criminal activity, such as fraud, theft, or abuse of our services or premises. Our legitimate interests include: Protecting clients, staff, and property – For example, we may use CCTV in common areas or keep access logs to help deter and investigate incidents of theft or vandalism. Preventing fraud or misuse of accounts or payment systems – Monitoring transactions and account activities helps us detect suspicious behaviour and protect both our business and our clients. Complying with legal obligations and supporting law enforcement – In rare cases, we may need to retain or share personal data when required to assist with lawful investigations. We recognise the importance of respecting individual privacy and only collect and retain data necessary for these purposes. We ensure that any use of this information is proportionate, justified, and handled securely. These measures are designed to enhance the safety of everyone who uses our services and reduce the risk of harm or loss. We do not unfairly prioritise our needs above those of our clients and always strive to act transparently and responsibly. Clients also have rights under data protection law and may contact us to understand how their data is used or to raise concerns.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

• Vital interests – collecting or using the information is needed when someone’s physical or mental health or wellbeing is at urgent or serious risk. This includes an urgent need for life sustaining food, water, clothing or shelter. All of your data protection rights may apply, except the right to object and the right to portability.
• Public task – we have to collect or use your information to carry out a task laid down in law, which the law intends to be performed by an organisation such as ours. All of your data protection rights may apply, except the right to erasure and the right to portability.

Our lawful bases for collecting or using personal information for information updates or marketing purposes are:

• Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

• • Our Legitimate Interests for Information Updates and Marketing We use personal information to send updates and marketing communications based on our legitimate interest in keeping our clients informed, engaged, and aware of relevant offerings that may enhance their experience with us. Our legitimate interests include: Keeping clients informed about classes, schedule changes, and new services – This helps clients make the most of our offerings and stay up to date with any changes that could affect their bookings. Promoting relevant offers, events, and wellness content – We aim to share information that supports our clients’ health and fitness goals, such as special events, workshops, or promotional packages that they may find genuinely beneficial. Maintaining client engagement and satisfaction – Thoughtful, non-intrusive marketing helps us build long-term relationships and create a sense of community around our services. We carefully balance our business interest with our clients’ rights and expectations. We only send marketing messages that are relevant, and we always provide a clear and easy way to opt out at any time. We do not share personal data with third parties for their own marketing purposes. We believe that this approach adds value for our clients without unduly impacting their privacy, and we are committed to handling all personal information in a respectful and transparent manner.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

• Vital interests – collecting or using the information is needed when someone’s physical or mental health or wellbeing is at urgent or serious risk. This includes an urgent need for life sustaining food, water, clothing or shelter. All of your data protection rights may apply, except the right to object and the right to portability.
• Public task – we have to collect or use your information to carry out a task laid down in law, which the law intends to be performed by an organisation such as ours. All of your data protection rights may apply, except the right to erasure and the right to portability.

Our lawful bases for collecting or using personal information for research or archiving purposes:

• Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

• • Our Legitimate Interests for Research and Archiving We collect and use certain personal information on the basis of our legitimate interests to conduct research and maintain records for archiving purposes. This helps us improve our services, understand client needs, and ensure compliance with legal or business requirements. Our legitimate interests include: Improving our services – By analysing anonymised or aggregated client data, we can identify trends and opportunities to enhance class offerings, scheduling, and customer experience. Maintaining accurate business records – We keep personal information securely archived for a reasonable period to meet regulatory, legal, and financial obligations, such as accounting and health and safety compliance. Supporting future service development – Research based on past data helps us innovate and tailor our Pilates services to better meet client preferences and wellness goals. We carefully assess and minimise any impact on individuals’ privacy by limiting the amount of data retained and applying appropriate security measures. We do not use this data in a way that unfairly disadvantages or harms our clients. Clients can contact us at any time to inquire about how their data is stored or to raise any concerns about its use.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

• Vital interests – collecting or using the information is needed when someone’s physical or mental health or wellbeing is at urgent or serious risk. This includes an urgent need for life sustaining food, water, clothing or shelter. All of your data protection rights may apply, except the right to object and the right to portability.
• Public task – we have to collect or use your information to carry out a task laid down in law, which the law intends to be performed by an organisation such as ours. All of your data protection rights may apply, except the right to erasure and the right to portability.

Our lawful bases for collecting or using personal information to comply with legal requirements:

• Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

• • Our Legitimate Interests for Compliance with Legal Requirements We collect and use personal information based on our legitimate interest in complying with applicable laws and regulations. This ensures that we operate responsibly and protect the rights of our clients, staff, and the wider community. Our legitimate interests include: Meeting health and safety obligations – Collecting relevant personal data helps us ensure a safe environment for all clients and employees, such as managing medical information or emergency contacts. Financial and tax compliance – We retain necessary information to fulfill our obligations related to accounting, tax reporting, and audits. Employment and contractual compliance – When applicable, we process personal data to comply with employment laws and contractual agreements. Responding to lawful requests – We may need to share or disclose personal data when required by law enforcement or regulatory bodies. We recognise the importance of balancing these legal obligations with respect for individual privacy. We only process the minimum amount of data necessary to meet legal requirements and safeguard clients’ rights. Our approach ensures that our compliance efforts do not unfairly impact our clients’ privacy or interests. Clients are welcome to contact us with any questions about how their information is used in relation to legal compliance.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

• Vital interests – collecting or using the information is needed when someone’s physical or mental health or wellbeing is at urgent or serious risk. This includes an urgent need for life sustaining food, water, clothing or shelter. All of your data protection rights may apply, except the right to object and the right to portability.
• Public task – we have to collect or use your information to carry out a task laid down in law, which the law intends to be performed by an organisation such as ours. All of your data protection rights may apply, except the right to erasure and the right to portability.

Our lawful bases for collecting or using personal information to protect client welfare are:

• Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

• • Our Legitimate Interests for Protecting Client Welfare We collect and use personal information based on our legitimate interest in protecting the health, safety, and overall welfare of our clients while they participate in our Pilates sessions. Our legitimate interests include: Ensuring safe and effective instruction — By understanding relevant health information, such as injuries or medical conditions, our instructors can tailor exercises to individual needs and prevent harm. Monitoring wellbeing during sessions — Collecting feedback and health updates helps us identify any concerns early and respond appropriately to protect clients. Responding to emergencies — Having access to essential personal and medical information enables us to act quickly in case of accidents or health incidents. Providing a supportive environment — We use personal data to ensure our studio environment promotes client wellbeing and respects individual needs. We carefully balance these interests with respect for our clients’ privacy, only collecting necessary information and protecting it with strict confidentiality and security measures. Our priority is to safeguard clients while respecting their rights and dignity. Clients have the right to contact us with any questions or concerns about how their information is used for their welfare.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

• Vital interests – collecting or using the information is needed when someone’s physical or mental health or wellbeing is at urgent or serious risk. This includes an urgent need for life sustaining food, water, clothing or shelter. All of your data protection rights may apply, except the right to object and the right to portability.
• Public task – we have to collect or use your information to carry out a task laid down in law, which the law intends to be performed by an organisation such as ours. All of your data protection rights may apply, except the right to erasure and the right to portability.

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:

• Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

• • Our Legitimate Interests for Handling Queries, Complaints, and Claims We collect and use personal information based on our legitimate interest in effectively managing client queries, complaints, and claims. This allows us to resolve issues promptly and maintain a high standard of service. Our legitimate interests include: Responding to client concerns – Collecting relevant personal information helps us understand and address questions or issues raised by clients in a clear and timely manner. Improving our services – Handling complaints and claims provides valuable feedback that enables us to enhance our classes, facilities, and customer experience. Ensuring fairness and accountability – Keeping records of complaints and resolutions supports transparency and helps us uphold our commitments to clients. Protecting both clients and our business – Properly managing disputes or claims helps prevent misunderstandings and potential legal issues. We balance these interests carefully by only collecting information necessary for the specific issue, protecting data confidentiality, and respecting clients’ privacy rights throughout the process. Clients have the right to understand how their data is used in this context and to contact us with any concerns.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

• Vital interests – collecting or using the information is needed when someone’s physical or mental health or wellbeing is at urgent or serious risk. This includes an urgent need for life sustaining food, water, clothing or shelter. All of your data protection rights may apply, except the right to object and the right to portability.
• Public task – we have to collect or use your information to carry out a task laid down in law, which the law intends to be performed by an organisation such as ours. All of your data protection rights may apply, except the right to erasure and the right to portability.

Where we get personal information from

• Directly from you

How long we keep information

Data Retention Summary

We only keep your personal information for as long as necessary to provide our Pilates services, comply with legal obligations, and manage our relationship with you. For most client data, this means we keep it for up to 6 years after our last contact.

We securely delete or anonymise data when it’s no longer needed. You can always contact us to find out what information we hold about you or to request changes.

If you have any questions about our data retention practices, please get in touch at admin@hausofcontrology.com.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Last updated 23.05.2025