Privacy Policy for Moving Spirit Pilates

Effective Date: December 16, 2025

1. Introduction

BC's Personal Information Protection Act (PIPA) sets out rules for how organizations collect, use and disclose personal information. Moving Spirit Pilates ("we", "us", or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy describes how we collect, use, store, and share your information. It applies to all clients and visitors of our website and services.

2. What Information We Collect

Personal information is "information about an identifiable individual" as defined under PIPA. We may collect the following types of personal information:

• Name

• Contact details (email address, phone number, mailing address)

• Birthdate

• Payment information (processed securely by our third-party payment processor)

• Emergency contact details

• Any other information you choose to provide

We also collect important personal information regarding your health history, including:

• Medical conditions

• Physical limitations

• Injury history

• Other information that may be relevant for safe class participation

3. How Information is Collected

We obtain your consent for collecting, using and disclosing your personal information through:

• Express written consent (e.g., signing registration forms, waiver agreements)
• Express verbal consent (e.g., providing information during phone registration)
• Implied consent (e.g., providing your email for class confirmations when booking online)

You may withdraw consent at any time by contacting our Privacy Officer, though this may affect our ability to provide certain services.

4. Purpose of Data Collection

We use your information for purposes including:

• Scheduling and managing classes or appointments
• Processing payments
• Communicating with you about services, schedule changes, or updates
• Complying with legal and regulatory requirements
• Fitness program development and progression
• Health and Safety
• Service improvements

5. Sharing of Information

We do not share your personal information with third parties except:

• As required for booking and class management through WellnessLiving (link to WellnessLiving Privacy Policy)
• As required for payment processing through Nuvei (link to Nuvei Privacy Notice)
• When you have given explicit consent (for example, to discuss your progress with a healthcare provider)
• Where required or authorized by law

6. Data Security

We implement reasonable technical and administrative safeguards to protect your information. Processing and storage of client data is handled securely by WellnessLiving, and payment processing is handled by Nuvei, both of which maintain their own privacy and security standards.

7. Data Retention

We retain your information for a minimum of one year, as required by law, particularly for health/fitness information used in service delivery decisions such as membership agreements, refunds, and class enrollments. Information managed via WellnessLiving adheres to their retention policy.

8. Data Storage Practices

We use WellnessLiving as our primary business management and scheduling platform, and Nuvei as our payment processor.

WellnessLiving Data Storage: WellnessLiving is a Canadian software company headquartered in Richmond Hill, Ontario. Your personal data may be processed and stored on servers located in Canada and potentially other jurisdictions where WellnessLiving or its approved service providers operate. WellnessLiving is compliant with HIPAA, GDPR, and CCPA standards.

Nuvei Payment Processing: Nuvei is a Canadian payment processor headquartered in Montreal, Quebec. Payment information is processed securely through Nuvei's PCI DSS Level 1 certified infrastructure. Your payment data may be processed and stored on servers located in Canada and potentially other jurisdictions where Nuvei operates.

Under BC's Personal Information Protection Act, organizations may store personal information outside Canada. By using our services, you acknowledge and accept that your information may be transferred to and stored in locations where our service providers operate, where it may be accessed by law enforcement or regulatory authorities subject to applicable laws in those jurisdictions.

Both WellnessLiving and Nuvei implement industry-standard security measures to safeguard your data, including:

• Encryption of data in transit and at rest
• Multi-factor authentication for system access
• Regular security monitoring and incident response procedures
• Compliance with industry standards including PCI-DSS, HIPAA, GDPR, and CCPA
• SOC certifications for data security

While our service providers take reasonable steps to protect your information, no system is completely immune to risks such as unauthorized access, data breaches, or exposure due to vulnerabilities. Using any cloud-based service carries inherent risks associated with data transfers and storage.

Contractual Accountability

We have implemented contractual safeguards with WellnessLiving and Nuvei to ensure PIPA compliance, including:

PIPA Compliance Requirement: Our service providers are contractually bound to comply with PIPA as if they were BC organizations

Purpose Limitation: Our service providers may only collect, use, and retain your information for the specific purposes we have identified

Security Safeguards: Our service providers must implement reasonable physical, administrative and technical safeguards to protect your personal information

Breach Notification: Our service providers must immediately notify our Privacy Officer of any unauthorized access, loss, or misuse of your personal information

Data Access Rights: We maintain contractual rights to access your information and our service providers cannot deny such access due to payment disputes

Data Return/Destruction: Upon contract termination, our service providers must return or securely destroy your personal information as directed

While we cannot eliminate all risks associated with third-party data processing, these contractual safeguards ensure our service providers remain accountable for protecting your personal information to BC privacy standards.

For questions about how your data is handled, please refer to: 

9. Your Rights

You have the right to:

• Access, update, or correct your personal information
• Withdraw consent for sharing information at any time (please note: this may affect the services we provide)
• Request deletion of your information, subject to legal requirements

Access requests must be made in writing, individuals may need to prove their identity, and we may charge a minimal fee with advance written estimate. We will respond to access requests within 30 business days. To exercise these rights, please contact us via the information in Section 12.

10. Children’s Data

We do not knowingly collect personal information from individuals under the age of thirteen (13) years old. If you believe a minor's data has been collected, please contact us immediately. If an individual under 13 years old is enrolled in one of our programs by their parent or legal guardian, that child's digital profile and personal information will be maintained under the digital profile of the parent or legal guardian.

11. Changes to this Policy

This Privacy Policy will be reviewed annually and updated as necessary from time to time. Changes will be posted on our website and are effective upon posting. We will notify clients of material changes to this policy. We encourage you to review the policy periodically.

12. Contact Information

For questions, concerns, or to exercise your privacy rights, please contact us. Susannah Steers has been designated as the Privacy Officer responsible for ensuring compliance with privacy legislation.

• Name/Title: Susannah Steers, Owner & Privacy Officer / Moving Spirit Pilates Ltd.
• Email: sue@movingspirit.ca
• Mailing Address: #205-38 Fell Avenue, North Vancouver, BC, V7P 3S2
• Phone: 778-340-0072