Privacy Policy

Prior physio & Pilates

Last updated: 18.01.2026
Prior physio & Pilates (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal data responsibly and transparently. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Prior physio & Pilates is a Pilates studio based in the United Kingdom and is operated by a HCPC-registered Chartered Physiotherapist and member of the Chartered Society of Physiotherapy (CSP).

For the purposes of data protection law, Prior physio & Pilates is the data controller of your personal data.

In addition to data protection legislation, we adhere to:

  • HCPC Standards of Conduct, Performance and Ethics
  • CSP professional and ethical guidance
  • Professional duties of confidentiality applicable to regulated healthcare professionals

Contact email: contact@priorpilates.com

2. Information We Collect

We collect only the information necessary to provide safe, effective, and appropriate services.

Personal Information

  • Name
  • Email address
  • Telephone number
  • Booking and attendance records

 

Special Category (Sensitive) Health Data

  • Health and medical information relevant to Pilates instruction
  • Injury history, physical limitations, and clinical notes
  • Session records and progress notes
  • Correspondence or reports provided by you from other healthcare professionals (e.g. GP or consultant letters)

All health information is treated as confidential clinical information.

Payment Information

Payments are processed securely via Stripe. We do not store or have access to your full card details.

3. How We Collect Your Information

We collect information when you:

  • Book sessions or classes via Acuity Scheduling
  • Complete health, consent, or intake forms
  • Communicate with us by email, phone, or in person
  • Attend sessions at the studio

Online Booking (Acuity Scheduling)

When you book a session using our online booking system (Acuity Scheduling), your personal information and any health details you provide are collected solely to manage your booking and to ensure safe, appropriate instruction. This information is processed securely and in accordance with this Privacy Policy.

4. How We Use Your Information

We use your information to:

  • Manage bookings and attendance
  • Deliver safe, tailored Pilates instruction
  • Maintain accurate clinical and session records
  • Communicate with you about your sessions
  • Process payments
  • Meet professional, legal, regulatory, and insurance obligations

We do not use your data for unrelated purposes.

4.A Newsletter and Email communications.

Newsletter and Email Communications

Clients may choose to opt in to receive our newsletter or other studio updates. When you do so, we collect and store your email address for this purpose only. Email communications are managed using Mailchimp, a third-party email marketing platform that is GDPR-compliant. We will only send marketing emails where you have given your consent, and you may withdraw your consent and unsubscribe at any time by using the unsubscribe link included in our emails.

We do not share your email address with any other organisations for marketing purposes.

5. Legal Basis for Processing

Under UK GDPR, the lawful bases for processing your data are:

  • Contract – to provide sessions you have booked
  • Legal obligation – including accounting, insurance, and professional regulatory requirements
  • Consent – for the processing of special category (health) data
  • Provision of health care – where processing is necessary for the safe delivery of physiotherapy-informed instruction by a registered health professional

You may withdraw consent for the processing of health data at any time. Please note that this may limit our ability to provide services safely.

6. How We Store and Protect Your Data

We take appropriate technical and organisational measures to keep your data secure.

  • Digital clinical records are stored securely using WriteUpp, a professional clinical record-keeping system
  • Booking data is stored via Acuity Scheduling
  • Payments are handled securely by Stripe
  • Paper records are stored in a locked filing cabinet at the studio when not in use
  • Access to client information is restricted to authorised personnel only

All records are maintained in line with professional physiotherapy record-keeping standards, including confidentiality, accuracy, and security.

7. Sharing Your Information

We do not sell, rent, or share your personal or health information with third parties.

Your data is shared only with trusted service providers who support the operation of the studio:

  • Acuity Scheduling – booking and scheduling
  • Stripe – payment processing
  • WriteUp – secure clinical record keeping

All third-party providers are GDPR-compliant and process data only on our instructions.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Request correction of inaccurate or incomplete data
  • Request deletion of your data (where appropriate)
  • Restrict or object to processing
  • Withdraw consent at any time
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights, please contact us using the details above.

9. Data Retention

We retain personal and health information only for as long as necessary to:
  • Provide our services
  • Meet legal, insurance, and accounting requirements
  • Comply with professional and regulatory guidance applicable to registered physiotherapists
Clinical and session records are normally retained for a minimum of seven years after your last session, in line with professional indemnity insurance and regulatory requirements. Where services are provided to children, records are retained for seven years after the child reaches the age of 18. Records are then securely destroyed unless there is a legal or professional reason to retain them for longer.

10. Website Data and Cookies

Our website may use essential cookies and basic analytics to ensure it functions correctly and to understand general usage. These do not identify you personally. Further details are available on request.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The most current version will always be available on our website. It is recommended that you come back and check for updates periodically.

Plain-Language Summary

In simple terms:

  • We only collect information we genuinely need to look after you safely
  • Your health information is treated as confidential clinical data
  • We do not sell or share your information with anyone
  • Your records are stored securely, both digitally and on paper
  • Payments are handled securely by Stripe — we don’t store your card details
  • You can ask to see, update, or delete your information at any time

If you ever have questions about your data, just ask — we’re happy to explain.