Privacy & Security

Privacy Policy

Supported Mums is committed to protecting and respecting your privacy

Supported Mums understands that your personal data is entrusted to us and appreciates the importance of protecting and respecting your privacy. To this end we comply fully with the data protection law in force in the UK (“Data Protection Laws”) and with all applicable clinical confidentiality guidelines including those published by the Health and Care Professions Council (HCPC).

This Privacy Policy sets out the basis on which we collect and process personal data about you including our practices regarding the collection, use, storage and disclosure of personal data that we collect from you and/or hold about you, and your rights in relation to that data.  This includes data collected through your use of our sites  www.physiopilatesacademy.co.uk and www.supportedmums.com

Please read the following carefully to understand how we process your personal data. By providing your personal data to us or by using our services, website or other online or digital platform(s) you are accepting or consenting to the practices as described or referred to in this Privacy Policy.

For the purpose of Data Protection Laws, the data controller is PhysioPilates Ltd, with registered address at: 36 London Road, Cambridge CB22 5DD a Company Limited by Guarantee Registered in England Number: 7840327.   When we refer to ‘we’, ‘us’ and ‘our’, we mean PhysioPilates Ltd.

If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.

It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at info@physiopilatesacademy.co.uk or contact@supportedmums.com

What personal data may we collect from you?

When we refer to personal data in this policy, we mean information that can or has the potential to identify you as an individual.

Accordingly, we may hold and use personal data about you as a customer, a patient or in any other capacity, for example, when you visit one of our websites, complete a form, access our services or speak to us.  Depending on what services you receive from us this may include sensitive personal data such as information relating to your health.

Personal data we collect from you may include the following:

  • information that you give us when you enquire or become a customer or patient of us or apply for a job with us
  • identity data, including name, username, marital status, title, date of birth and gender
  • contact data, including your address, email address and phone number(s)
  • the name and contact details (including phone number) of the person that you suggest we should contact in case of an emergency
  • details of referrals, quotes and other contact and correspondence we may have had with you
  • details of services and/or treatment you have received from us or which have been received from a third party and referred on to us
  • information obtained from customer surveys, promotions and competitions that you have entered or taken part in
  • recordings of calls we receive or make
  • notes and reports about your health and any treatment and care you have received and/or need, including about clinic and hospital visits and medicines administered
  • patient/pupil feedback and treatment outcome information you provide
  • information about complaints and incidents
  • information you give us when you make a payment to us, such as financial or credit card information
  • other information received from other sources, including from your use of third party websites which assist us in providing services, (for example Mindbody, Mailchimp), analytics providers and other websites that we operate (www.supportedmums.com and www.physiopilatesacademy.co.uk)

Where you have named someone as your emergency contact and provided us with personal data about that individual, it is your responsibility to ensure that that individual is aware of and accepts the terms of this Privacy Policy.

Where you use any of our websites, we may automatically collect personal data about you including:

  • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform,
  • information about your visit (usage data), including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.
  • marketing and communications data includes your preferences in receiving marketing communications from us and your communication preferences.

Special categories or ‘Sensitive Data”

The data that we request from you may include sensitive personal data about your mental or physical health.  By providing us with sensitive personal data, you give us your explicit consent to process this sensitive personal data for the purposes set out in this Privacy Policy.

When do we collect personal data about you?

We may collect personal data about you if you:

  • visit one of our websites
  • contact us, for example by email, telephone or social media
  • enquire about any of our services or treatments
  • register to be a customer or patient with us or book to receive any of our services or treatments
  • fill in a form or survey for us
  • carry out a transaction on our website
  • participate in a competition or promotion or other marketing activity
  • make online payments
  • participate in interactive features on any of our websites (eg blog comments).

What personal data we may receive from third parties and other sources?

  • We have independent third parties acting on our behalf who may collect personal data from you to allow us to carry out the services we offer for example Mindbody
  • Our PhysioPilates teachers will intermittently discuss your personal health with you which is subsequently shared with PhysioPilates Academy for the continuity of your care and to update the health alert on your profile to ensure that your care is consistent whichever class you attend.

How do we use your personal data?

Your personal data will be kept confidential and secure and will, unless you agree otherwise, only be used for the purpose(s) for which it was collected and in accordance with this Privacy Policy, applicable Data Protection Laws, clinical records retention periods and clinical confidentiality guidelines.

Sensitive personal data related to your health will only be disclosed to those teachers involved with providing your Pilates classes or individual sessions.

We may use your personal data to:

  • enable us to carry out our obligations to you arising from any contract entered into between you and us including relating to the provision by us of services or treatments to you and related matter such as, billing, accounting and audit, credit or other payment card verification.
  • provide you with information, products or services that you request from us
  • provide you with information about products or services we offer that we feel may interest you. We will only contact you by electronic means (e-mail or SMS) with information about products and services similar to those which you previously purchased or enquired about from us
  • allow you to participate in interactive features of our services, when you choose to do so
  • notify you about changes to our products or services
  • respond to requests where we have a legal or regulatory obligation to do so
  • check the accuracy of information about you and the quality of your treatment or care
  • support your teacher in providing services to you
  • assess the quality and/or type of care you have received (including giving you the opportunity to complete customer satisfaction surveys) and any concerns or complaints you may raise, so that these can be properly investigated
  • to ensure that content from any of our websites is presented in the most effective manner for you and for your computer.

Adminstering our services

Mindbody

We use a third party provider, Mindbody Inc., to organise your class or individual appointment schedule and take your payment.  https://www.mindbodyonline.com/privacy-policy

WordPress

We use a third party service, WordPress.com, to publish our blog

, and some of our conference microsites. These sites are hosted at WordPress.com, which is run by Automattic Inc. We use a standard WordPress service to collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. WordPress requires visitors that want to post a comment to enter a name and email address. For more information about how WordPress processes data, please see Automattic’s privacy notice

Marketing communications

E-newsletter

We use a third party provider, Mailchimp, to deliver our  e-newsletters. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter. For more information, please see Mailchimps privacy notice.

You will receive marketing communications from us if you have:

  1. requested information from us or purchased goods or services from us; or
  2. if you provided us with your details when you entered a competition
  3. or registered for a promotion or free resources; and
  4. in each case, you have not opted out of receiving that marketing.

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you by emailing us at info@physiopilatesacademy.co.uk or contact@supportedmums.com at any time.

Where you opt out of receiving our marketing communications, this will not apply to personal data provided to us as a result of a product/service purchase product/service experience or other transactions.

The security of your personal data

We protect all personal data we hold about you by ensuring that we have appropriate organisational and technical security measures in place to prevent unauthorised access or unlawful processing of personal data and to prevent personal data being lost, destroyed or damaged.

Any personal data you provide will be held for as long as is necessary having regard to the purpose for which it was collected and in accordance with all applicable UK laws.

Our third parties services providers are based outside the European Economic Area (“EEA”), so their processing of your data will involve a transfer of data outside the EEA. It may also be processed by staff operating outside the EEA for one of our suppliers (Mindbody). Where we transfer your personal data outside the EEA, we will ensure that there are adequate protections in place for your rights, in accordance with Data Protection Laws and part of the EU-US Privacy Shield. By submitting your personal data, and in providing any personal data to us, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Policy.

All information you provide to us is stored securely. Any payment transactions on our website will be processed securely by third party payment processors. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our website, you are responsible for keeping that password confidential. We ask you not to share a password with anyone.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

The transmission of information via the internet cannot be guaranteed as completely secure.  Once we have received your information, we will use strict procedures and security features for prevention of unauthorised access. 

At your request, we may occasionally transfer personal information to you via email, or you may choose to transfer information to us via email.  Email is not a secure method of information transmission; if you choose to send or receive such information via email, you do so at your own risk.

Disclosure of your personal data

In the usual course of our business we may disclose your personal data (to the extent necessary) to certain third party organisations that we use to support the delivery of our services. This may include the following:

  • third party business partners for the performance of any contract we enter into with you
  • organisations providing IT systems support and hosting in relation to the IT systems on which your information is stored,
  • third party marketing companies for the purpose of sending marketing emails, subject to obtaining appropriate consent.

Where a third party data processor is used, we ensure that they operate under contractual restrictions with regard to confidentiality and security, in addition to their obligations under Data Protection Laws.

We may also disclose your personal data to third parties in the event that we sell or buy any business or assets or where we are required by law to do so.

Health information collected during provision of treatment or services

Sensitive personal data (including information relating to your health) will only be disclosed to third parties in accordance with this Privacy Policy. That includes third parties involved with your treatment or care, or in accordance with UK laws and guidelines of appropriate professional bodies.

In an emergency and if you are incapacitated, we may also process your personal data (including sensitive personal data) or make personal data available to third parties on the basis of protecting your ‘vital interest’ (i.e. your life or your health).

Data Retention 

 We’ll hold on to your information for as long as is necessary for the purpose for which it was collected or as is required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

 Some examples of customer data retention periods:

Your registration form with sensitive health data:  By law we have to keep health data for 8 years.

Inactive accounts: If you’ve not attended classes for more than three years, your registration will be flagged as inactive, we’ll close your Mindbody account and remove you from our PhysioPilates system and delete or anonymise the personal data associated with it. If you are still actively receiving marketing material (eg our newsletter) we will not delete this.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Your Legal Rights  

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Right to withdraw consent.

You can see more about these rights at:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

If you wish to exercise any of the rights set out above, please email us at info@physiopilatesacademy.co.uk

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Third party links  

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit. Occasionally links will be affiliate links but we do not share any of your data with other companies whether we are affiliated or not.

Cookies

A cookie is a text file containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device.

Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improving your user experience.

for more information please see our Security & Cookies Policy

 

Updated May 2018