top of page
WhatsApp Image 2025-01-29 at 12_edited.jpg

Privacy Policy

Last updated: 1 August 2025


At The CTRL, your privacy matters; almost as much as your core strength. This policy explains what personal data we collect, why we collect it, and how we protect it. No jargon. No nonsense.
Just straight-up facts.


We are committed to respecting your privacy, complying with the UK GDPR and Data Protection Act 2018, and being transparent about what we do with your data.


WHO WE ARE
We are The CTRL, a Pilates studio based in Southgate, London. Website: www.ctrlcollective.co.uk


WHAT PERSONAL DATA WE COLLECT

We may collect the following information from you directly, automatically, or via third-party platforms:


Identity & contact data

  • Name, phone number, email, date of birth

  • Emergency contact details (optional)

Health & medical data

  • Self-disclosed injuries, medical conditions, or pregnancy status relevant to safe participation in classes

Note: You are responsible for updating us if anything changes.


Usage & behaviour data

  • Class bookings, attendance, cancellations, and no-shows

  • Packages and membership history

  • Interactions with communications (e.g. email open rates, link clicks)

Payment & financial data

  • Purchase records, refunds, and stored billing tokens

  • Payment details are handled via Stripe and not stored by us

Technical data

  • IP address, browser type, device info

  • Site usage analytics and cookies

Marketing data

  • Preferences and opt-in status

  • Campaign interactions

CCTV footage

  • Video (and limited audio) recordings from the studio and reception area (see Section ‘CCTV Monitoring’)

HOW WE COLLECT YOUR DATA
We collect your data when you:

  • Register via our website or Gym flow system

  • Attend classes, events, or workshops

  • Submit a health form or waiver

  • Contact us via email, DM, or web form

  • Use our website or socials (cookies, pixels, analytics tools)

  • Are captured on CCTV while on our premises

WHY WE COLLECT YOUR DATA
We only collect and use your data where legally permitted. That includes:

  • Contract: to fulfil class bookings, memberships, payments

  • Consent: for health declarations and email marketing

  • Legitimate interest: for operational improvement, analytics, and internal

  • communication

  • Legal obligation: for tax, safety, insurance, or data protection compliance

HOW WE USE YOUR DATA

  • To manage class schedules, bookings, and client accounts

  • To ensure your health and safety during sessions

  • To process payments and resolve billing issues

  • To send confirmations, reminders, and schedule changes

  • To provide relevant studio updates and promotions (if opted in)

  • To analyse service usage and improve our offering

  • To maintain studio safety and respond to incidents (via CCTV)

We do not use your data for automated decision-making or profiling that significantly affects your rights.


MARKETING PREFERENCES
You’ll only receive promotional emails if you’ve explicitly opted in. You can manage your preferences by:

Operational messages (like class confirmations or changes) may still be sent even if you opt out
of marketing.


COOKIES
Our website uses cookies to:

  • Enable account login and bookings

  • Understand how visitors use the site (via Google Analytics)

  • Improve performance and user experience


You can manage or disable cookies via your browser settings. For more details, please see our Cookie Policy.


HOW WE PROTECT YOUR DATA
We use appropriate technical and organisational security measures including:

  • Encrypted platforms (Gym flow, Stripe, Mailchimp)

  • Secure access controls and staff training

  • Regular system reviews and password protections

Your data is only accessible to authorised staff and service providers.


CCTV MONITORING
We use CCTV at our premises for:

  • Studio monitoring: to support safety, incident reporting, and insurance claims

  • Reception area monitoring: for security and theft prevention

Cameras may capture both video and incidental audio. Footage is retained for up to 30 days, unless required for investigation or legal reasons. Access is restricted to senior personnel and our security provider. Signs are clearly displayed on site.


WHO WE SHARE YOUR DATA WITH
We never sell your data. We only share it with trusted partners who support our operations:


Vendor Purpose
Gym 
Stripe 
Mailchimp 
Google Analytics 

 

Purpose

Booking + client account system

Payment processing

Email marketing

Website performance insights


All vendors are GDPR-compliant and bound by strict data processing agreements.


HOW LONG WE RETAIN YOUR DATA
We will retain your information for as long as we have reasonable business needs and in line with legal and regulatory requirements or guidance.


YOUR RIGHTS
Under UK GDPR, you have the right to:

  • Access your data (Subject Access Request)

  • Correct inaccurate or incomplete data

  • Delete data ("right to be forgotten")

  • Restrict or object to processing

  • Withdraw consent at any time

  • Data portability (where applicable)

To exercise any right, email us at hello@ctrlcollective.co.uk.
If you have any complaints on how we use your data, please email us, or alternatively, you can contact the Information Commissioner’s Office via ico.org.uk/concerns.


CHANGES TO THIS POLICY
We may update this policy from time to time. Material changes will be communicated via email or website notice. Check back periodically for the latest version.

bottom of page