Privacy Policy

Last Updated: April 06, 2025

1. Who We Are

387.studio is a Pilates reformer studio located in Barcelona, Spain. For the purposes of data protection, we are the "data controller" responsible for your personal information. You can contact us at:

• Address: [Insert Studio Address, Barcelona, Spain]
• Email: info@387.studio
• Phone: [Insert Contact Phone Number]

2. Information We Collect

We may collect the following types of personal information:

• Personal Details: Name, email address, phone number, and billing information when you book a class or purchase services.
• Health Information: Information you voluntarily provide (e.g., injuries, pregnancy, or fitness goals) to tailor your Pilates experience. This is considered "sensitive data" under GDPR, and we will only collect it with your explicit consent.
• Website Usage Data: IP address, browser type, and pages visited, collected via cookies or analytics tools (see our Cookies Policy).
• Communication Data: Information you provide when contacting us via email, phone, or social media.
• CCTV Footage: Our studio may use CCTV for security purposes, capturing video and audio of visitors.

3. How We Collect Your Information

We collect data:

• Directly from you when you book classes online, sign up for our newsletter, or fill out forms in-studio.
• Automatically through our website via cookies and analytics tools (e.g., Google Analytics).
• Via third-party platforms we use for bookings or payments (e.g., [Insert Booking Platform Name]), which have their own privacy policies.

4. How We Use Your Information

We use your data to:

• Provide and personalize Pilates classes and services.
• Process bookings and payments.
• Send you updates, promotions, or newsletters (with your consent).
• Ensure studio security via CCTV.
• Improve our website and services through analytics.
• Comply with legal obligations (e.g., tax or health regulations).

Our legal bases under GDPR include:

• Consent: For marketing emails or sensitive health data.
• Contract: To fulfill bookings and services you request.
• Legitimate Interest: For security, analytics, and improving our offerings.
• Legal Obligation: When required by law.

5. Sharing Your Information

We do not sell your data. We may share it with:

• Service Providers: Booking platforms, payment processors, or IT support, all GDPR-compliant.
• Legal Authorities: If required by law or to protect our rights.
• Business Transfers: In case of a sale or merger of 387.studio (with safeguards for your privacy).

6. Your Rights Under GDPR

You have the right to:

• Access, correct, or delete your personal data.
• Restrict or object to processing (e.g., for marketing).
• Data portability (receive your data in a usable format).
• Withdraw consent at any time (where applicable).

To exercise these rights, contact us at info@387.studio. You may also lodge a complaint with Spain’s data protection authority, Agencia Española de Protección de Datos (AEPD).

7. Data Retention

We keep your data only as long as necessary:

• Booking and payment data: 6
• Health data: For the duration of your relationship with us, unless you request deletion.
• Website analytics: Up to 2 years.

8. Security

We use secure servers, encryption, and restricted access to protect your data. However, no system is 100% secure, and we cannot guarantee absolute protection.

9. International Transfers

If we transfer data outside the EU (e.g., to a US-based booking platform), we ensure GDPR-compliant safeguards, such as Standard Contractual Clauses.

10. Changes to This Policy

We may update this policy. Check this page for the latest version. Significant changes will be notified via email or our website.

11. Contact Us

Questions? Reach us at info@387.studio or [Insert Phone Number].