Privacy Policy for Moving Spirit Pilates

Effective Date: August 1, 2025

1. Introduction

BC's Personal Information Protection Act (PIPA) sets out rules for how organizations collect, use and disclose personal information. Moving Spirit Pilates (“we”, “us”, or “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy describes how we collect, use, store, and share your information. It applies to all clients and visitors of our website and services.

2. What Information We Collect

Personal information is "information about an identifiable individual" as defined under PIPA. We may collect the following types of personal information:

  • Name

  • Contact details (email address, phone number, mailing address)

  • Birthdate

  • Payment information (processed securely by our third-party provider)

  • Emergency contact details

  • Any other information you choose to provide

We also collect important personal information regarding your health history, including: 

  • Medical conditions 

  • Physical limitations

  • Injury history

  • Other information that may be relevant for safe class participation

3. How Information is Collected

We obtain your consent for collecting, using and disclosing your personal information through:

  • Express written consent (e.g., signing registration forms, waiver agreements)

  • Express verbal consent (e.g., providing information during phone registration)

  • Implied consent (e.g., providing your email for class confirmations when booking online)

You may withdraw consent at any time by contacting our Privacy Officer, though this may affect our ability to provide certain services.

4. Purpose of Data Collection

We use your information for purposes including:

  • Scheduling and managing classes or appointments

  • Processing payments

  • Communicating with you about services, schedule changes, or updates

  • Complying with legal and regulatory requirements

  • Fitness program development and progression

  • Health and Safety

  • Service improvements

5. Sharing of Information

We do not share your personal information with third parties except:

  • As required for booking and payment processing through Mindbody Online (link to Mindbody Privacy Policy)

  • When you have given explicit consent (for example, to discuss your progress with a healthcare provider)

  • Where required or authorized by law

6. Data Security

We implement reasonable technical and administrative safeguards to protect your information. Processing and storage of most client data is handled securely by Mindbody Online, which maintains its own privacy and security standards.

7. Data Retention

We retain your information for a minimum of one year, as required by law, particularly for health/fitness information used in service delivery decisions such as membership agreements, refunds, and class enrollments. Information managed via Mindbody Online adheres to their retention policy. Under BC's Personal Information Protection Act, organizations may store personal information outside Canada. We've chosen Mindbody as our service provider despite international storage because of their robust security measures and our contractual protections.

8. Data Storage Practices

We use Mindbody Online as our primary business management and scheduling platform. Your personal data may be processed and stored on servers located outside of Canada, including in the United States and the United Kingdom. These countries may have data protection laws that differ from British Columbia's privacy legislation.

Under BC's Personal Information Protection Act, organizations may store personal information outside Canada. By using our services, you acknowledge and accept that your information may be transferred to and stored in these international locations, where it may be accessed by law enforcement or regulatory authorities subject to applicable laws in those jurisdictions. Mindbody implements industry-standard security measures to safeguard your data, including:

  • Encryption of data in transit and at rest

  • Multi-factor authentication for system access

  • Regular security monitoring and incident response procedures

  • Compliance with industry standards including PCI-DSS and SOC certifications

While Mindbody takes reasonable steps to protect your information, no system is completely immune to risks such as unauthorized access, data breaches, or exposure due to vulnerabilities. Using any cloud-based service carries inherent risks associated with international data transfers and storage.

Contractual Accountability

We have implemented contractual safeguards with Mindbody Online to ensure PIPA compliance, including:

  • PIPA Compliance Requirement: Mindbody is contractually bound to comply with PIPA as if they were a BC organization

  • Purpose Limitation: Mindbody may only collect, use, and retain your information for the specific purposes we have identified

  • Security Safeguards: Mindbody must implement reasonable physical, administrative and technical safeguards to protect your personal information

  • Breach Notification: Mindbody must immediately notify our Privacy Officer of any unauthorized access, loss, or misuse of your personal information

  • Data Access Rights: We maintain contractual rights to access your information and Mindbody cannot deny such access due to payment disputes

  • Data Return/Destruction: Upon contract termination, Mindbody must return or securely destroy your personal information as directed

While we cannot eliminate all risks associated with third-party data processing, these contractual safeguards ensure Mindbody remains accountable for protecting your personal information to BC privacy standards. For questions about how your data is handled by Mindbody, please refer to Mindbody's privacy policy.

9. Your Rights

You have the right to:

  • Access, update, or correct your personal information

  • Withdraw consent for sharing information at any time (please note: this may affect the services we provide)

  • Request deletion of your information, subject to legal requirements

Access requests must be made in writing, individuals may need to prove their identity, and we may charge a minimal fee with advance written estimate. To exercise these rights, please contact us via the information in Section 13. 

10. Children’s Data

We do not knowingly collect personal information from individuals under the age of thirteen (13) years old. If you believe a minor’s data has been collected, please contact us immediately. If an individual under 13 years old is enrolled in one of our programs by their parent or legal guardian, that child’s digital profile and personal information will be maintained under the digital profile of the parent or legal guardian. 

11. Changes to this Policy

This Privacy Policy will be reviewed annually and updated as necessary from time to time. Changes will be posted on our website and are effective upon posting. We will notify clients of material changes to this policy. We encourage you to review the policy periodically. 

12. Contact Information

For questions, concerns, or to exercise your privacy rights, please contact us. Susannah Steers has been designated as the Privacy Officer responsible for ensuring compliance with privacy legislation.

  • Name/Title: Susannah Steers, Owner & Privacy Officer / Moving Spirit Pilates Ltd.

  • Email: sue@movingspirit.ca

  • Mailing Address: #205-38 Fell Avenue, North Vancouver, BC, V7P 3S2

  • Phone: 778-340-0072