Privacy Policy PilateScene Ltd (trading as PILATESCENE) Last updated: June 2026 1. Who We Are PilateScene Ltd (trading as PILATESCENE) is a Pilates studio business based in Galway, Ireland. We operate two studio locations — Clarinbridge and Briarhill — and provide Pilates classes, teacher training programmes, workshops, and events. Data Controller: PilateScene Ltd Galway, Ireland Email: info@suziedodd.com Website: https://suziedodd.com If you have any questions about this policy or how we handle your personal data, please get in touch at info@suziedodd.com. 2. What This Policy Covers This Privacy Policy explains: - What personal information we collect about you - Why we collect it and how we use it - How long we keep it - Who we may share it with - Your rights under data protection law - How we use cookies and advertising tools, including Google Ads This policy applies to information collected through our website (https://suziedodd.com), our class booking system, and any direct communications with us. 3. Legal Framework We are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Data Protection Act 2018 (Ireland). We only collect and use your personal data where we have a lawful basis to do so. 4. What Data We Collect Information You Give Us When you book a class, contact us, or register for an event, we may collect: - Your name and contact details (email address, phone number) - Emergency contact information - Payment information (processed securely through our payment provider — we do not store card details) - Health or medical information you share with us when booking (see Section 6) - Your enquiries, messages, and any other information you choose to provide Booking and Class Data When you book classes through our booking system (TeamUp), we collect: - Class attendance history - Booking preferences and scheduling information - Membership or package details Website and Technical Data When you visit our website, we automatically collect: - Your IP address (anonymised where possible) - Browser type and version - Pages you visit and time spent on them - How you found us (referring website) - Device type This data is collected through cookies (see Section 8). 5. How We Use Your Data We use your data only for the following purposes: - Providing and managing your class bookings — contract - Sending booking confirmations and class reminders — contract - Processing payments — contract - Responding to your enquiries — legitimate interest - Sending newsletters and promotional emails — consent (you can withdraw at any time) - Improving our website and services — legitimate interest - Running Google Ads and remarketing campaigns — consent (via cookie preferences) - Measuring advertising performance — legitimate interest / consent - Complying with legal obligations — legal obligation We will never sell your personal data to third parties. 6. Health and Special Category Data The nature of our work means that clients sometimes share health or medical information with us — for example, details about back pain, osteoporosis, pregnancy, pelvic floor concerns, or other physical conditions. This is classed as special category data under GDPR. We collect and use this information only with your explicit consent, and only for the purpose of: - Ensuring your safety and wellbeing in class - Adapting our teaching to suit your individual needs - Referring you to appropriate professional support where necessary This information is kept strictly confidential, is accessible only to your instructor(s) on a need-to-know basis, is never shared with third parties except where required by law or in a genuine emergency, and is stored securely and deleted when no longer needed. You have the right to withdraw your consent for us to hold health information at any time by contacting us at info@suziedodd.com. 7. Who We Share Your Data With We do not sell or trade your personal data. We may share it with the following trusted third parties, only to the extent necessary: - TeamUp — class booking and scheduling management - Payment processors — secure payment processing - Google LLC — website analytics, advertising, and remarketing (see Section 9) - Email service providers — sending booking confirmations and newsletters - Legal or regulatory authorities — where required by law All third-party providers are required to handle your data securely and in accordance with applicable data protection law. 8. Cookies Our website uses cookies — small text files stored on your device — to help us understand how you use the site and to deliver relevant advertising. Essential cookies are required for the website to function (such as security and navigation) and last for up to one year. Analytics cookies help us understand how visitors use the site through Google Analytics and last for up to two years. Advertising cookies are used to measure ad performance and show relevant ads through Google Ads and last for up to two years. Functional cookies remember your preferences to improve your experience and last for up to one year. Managing Your Cookie Preferences You can control cookies through your browser settings, or use the following opt-out links: - Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout - Google Ads personalisation opt-out: https://adssettings.google.com - General advertising opt-out: https://www.youronlinechoices.com 9. Google Ads, Analytics, and Remarketing We use Google Ads and Google Analytics to understand how our website performs and to reach people who may be interested in our classes and events. Google Analytics We use Google Analytics to collect anonymised data about how visitors use our website — such as pages visited, time on site, and where visitors came from. We have enabled IP anonymisation, which means your IP address is shortened before it is stored. Google Ads We run paid advertising campaigns through Google Ads. These ads may appear in Google Search results or on websites across the Google Display Network. Remarketing We use Google Ads Remarketing, which allows us to show ads to people who have previously visited our website. A cookie is placed on your device when you visit our site, and you may then see our ads when browsing elsewhere. You can opt out of Google remarketing at any time by visiting https://adssettings.google.com or https://optout.networkadvertising.org/ Google's Privacy Policy is available at https://policies.google.com/privacy 10. Data Retention We keep your data only for as long as necessary: - Client booking and attendance records — 7 years (tax and legal compliance) - Health and medical information — duration of your time with us, plus 2 years - Payment records — 7 years (legal requirement) - Marketing email preferences — until you unsubscribe or withdraw consent - Website analytics data — up to 26 months - Enquiry and correspondence records — 2 years from last contact When data is no longer needed, it is securely deleted or anonymised. 11. Your Rights Under GDPR You have the following rights regarding your personal data: Right of access — You can ask us what personal data we hold about you. Right to rectification — You can ask us to correct inaccurate or incomplete data. Right to erasure — You can ask us to delete your data in certain circumstances. Right to restrict processing — You can ask us to limit how we use your data. Right to data portability — You can ask for a copy of your data in a portable format. Right to object — You can object to us processing your data for marketing purposes. Right to withdraw consent — Where we rely on consent, you can withdraw it at any time. To exercise any of these rights, contact us at info@suziedodd.com. We will respond within one calendar month. Making a Complaint If you are unhappy with how we handle your data, you have the right to complain to the Irish data protection supervisory authority: Data Protection Commission (DPC) Website: https://www.dataprotection.ie Phone: +353 57 868 4800 12. Children's Data Our classes are intended for adults aged 16 and over. We do not knowingly collect personal data from children under 16 without verified parental consent. If you believe we have inadvertently collected data from a child, please contact us immediately at info@suziedodd.com. 13. Third-Party Links Our website may contain links to other websites. We are not responsible for the privacy practices of those websites and encourage you to read their privacy policies separately. 14. Changes to This Policy We may update this Privacy Policy from time to time. The most current version will always be available at https://suziedodd.com. If we make significant changes, we will notify you directly where possible. 15. Contact Us PilateScene Ltd (trading as PILATESCENE) Email: info@suziedodd.com Website: https://suziedodd.com Location: Galway, Ireland We're always happy to chat — just drop us an email.