Privacy Policy

Last updated: October 2025

Magnolia Fitness (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. This policy explains what data we collect, how we use it, and your rights under UK data protection law (UK GDPR and the Data Protection Act 2018).

If you have any questions, you can contact us at:
Elena Wurlitzer
Email: studio@magnolia.fitness

1. Who We Are

Magnolia Fitness provides private reformer Pilates and related fitness sessions in the UK. We operate in-person from our home studio and may offer online forms for enquiries or bookings.

Data Controller: Magnolia Fitness (Elena Wurlitzer)
Email: studio@magnolia.fitness

2. The Data We Collect

We may collect the following information:

Contact Details

  • Name

  • Email address

  • Phone number

Health & Safety Information (Special Category Data)

  • Injuries or medical conditions relevant to exercise

We only collect this to ensure sessions are safe and appropriate for you.

Payment Information

  • Payments are processed securely via Stripe

  • We do not store your full card details on our servers

Website & Analytics Data

  • Pages visited and actions taken on our website

  • Device/browser type, approximate location, session recordings (via Microsoft Clarity)

  • Collected via cookies and similar technologies

Lead Form / Enquiry Data

  • Information you submit through our lead or contact forms (via Fillout)

We do not create user accounts on our site.

3. Why We Collect Your Data (Legal Bases)

PurposeLegal BasisResponding to enquiriesLegitimate interestProviding Pilates sessionsContractHealth/safety assessmentsExplicit consentProcessing paymentsContractAnalytics & site improvementLegitimate interestAdvertising performance trackingLegitimate interestFuture marketing emails (if used)Consent

4. How We Use Your Data

We use your information to:

  • Communicate with you

  • Deliver our services

  • Keep you safe during sessions

  • Process payments

  • Improve our website and advertising

  • (Optional in future) Send offers or newsletters only if you opt in

5. Special Category (Health) Data

Health information is considered “special category data” under GDPR.
We only collect this with your explicit consent and use it solely for your safety.
It is never shared with advertisers or used for marketing.

6. Payments

We use Stripe to process payments.
Stripe may collect and store payment details in line with their own Privacy Policy.
We do not store your card details ourselves.

7. Third Parties We Use

We only share data with trusted service providers when necessary:

ServicePurposeStripePayment processingFilloutLead / contact form submissionsGoogle AnalyticsWebsite usage trackingGoogle AdsAdvertising performanceMicrosoft ClaritySession recordings & interaction tracking

These providers act as data processors and must protect your data.

We do not sell your data.

8. Cookies & Tracking

Our website uses cookies and similar tools for:

  • Analytics

  • Improving user experience

  • Advertising performance

You can change your cookie settings in your browser at any time.

9. How Long We Keep Your Data

  • Enquiry data: up to 2 years

  • Client records & health forms: up to 7 years (insurance requirement)

  • Payment data: kept by Stripe per legal obligations

  • Analytics data: retained according to each provider’s policy

We only keep data as long as necessary, then delete or anonymise it.

10. Your Rights

You have the right to:
✅ Access your data
✅ Correct inaccuracies
✅ Request deletion (“right to be forgotten”)
✅ Restrict or object to processing
✅ Withdraw consent (e.g. health or marketing data)
✅ Data portability (in certain cases)

To exercise these rights, contact studio@magnolia.fitness

If you're unhappy with our response, you can contact the ICO (Information Commissioner’s Office) at www.ico.org.uk.

11. Security

We take reasonable steps to protect your data, including:

  • Secure systems and passwords

  • Payment processing via Stripe (PCI-compliant)

  • Limited access to health information

However, no system is 100% secure. If we ever experience a data breach, we will inform you and the ICO when required.

12. Marketing (Future Use)

We currently do not send newsletters or promotional emails.
If we choose to in the future, we will:

  • Ask for your consent

  • Make it easy to unsubscribe at any time

13. Changes to This Policy

We may update this policy from time to time. The latest version will always be available on our website with the updated date at the top.

14. Contact Us

If you have any questions, concerns, or requests about your data, please get in touch:

Magnolia Fitness (Data Controller)
Contact: Elena Wurlitzer
Email: studio@magnolia.fitness