This Privacy Policy explains how we collect, use, store and share personal data when you use our website, contact us, or book and attend sessions at Core & Calm Studio.

1. Who we are

1.1 Core and Calm LTD (company number 16147089) is the data controller for the personal data described in this policy.

1.2 Registered office: Suite L Radford Business Centre, Radford Way, Billericay, Essex, United Kingdom, CM12 0BZ.

1.3 Main trading address (studio): 1 Trowbridge Road, London, E9 5LD.

1.4 Contact email: info@corencalm.co.uk. Telephone: +44 (0) 7940 040 389.

2. The personal data we collect

2.1 We may collect the following categories of personal data:

• Identity and contact data (e.g., name, email address, phone number).
• Booking and attendance data (e.g., sessions booked/attended, cancellations, membership/pack details).
• Payment and transaction data (e.g., payment confirmations, invoices/receipts; we do not store full card details).
• Health and wellbeing information you choose or need to provide for safe participation (e.g., injuries, medical conditions, pregnancy) – this is “special category data”.
• Marketing preferences (e.g., whether you want to receive emails).
• Website and device data (e.g., IP address, browser type, pages visited, cookie identifiers).
• Images/video where you have consented to be photographed/filmed for marketing.

3. How we collect your data

3.1 We collect data when you:

• use our website;
• contact us by email, phone or social media;
• complete a registration/health form;
• book a session or purchase a pack;
• attend sessions at the Studio.

3.2 We may also receive limited data from third-party providers we use to run our business (for example, booking, payment, email and website hosting providers).

4. How we use your data and our lawful bases

4.1 We use your personal data for the following purposes and on the following lawful bases under UK GDPR:

• To manage bookings, provide sessions, and take payments – performance of a contract (Article 6(1)(b)).
• To communicate with you about your booking, timetable changes and service messages – performance of a contract and/or legitimate interests (Articles 6(1)(b) and 6(1)(f)).
• To keep accounting and tax records – legal obligation (Article 6(1)(c)).
• To run, secure and improve our website and services – legitimate interests (Article 6(1)(f)).
• To send marketing emails (newsletter, offers) – consent (Article 6(1)(a)) unless we can rely on a “soft opt-in” where applicable; you can opt out at any time.

4.2 Special category (health) data: Where we process health information, we do so to help keep you safe during sessions. The lawful basis is your explicit consent (Article 9(2)(a)) together with Article 6(1)(b) and/or 6(1)(f). You can withdraw consent at any time, but we may be unable to provide sessions safely without certain information.

5. Marketing

5.1 You can opt in or out of marketing at any time by using the unsubscribe link in emails or by contacting us.

5.2 We will never sell your personal data to third parties for marketing.

6. Cookies and similar technologies

6.1 Our website may use cookies and similar technologies to function properly and (where enabled) to understand how the site is used.

6.2 Some cookies are “strictly necessary” for the website to work. Optional cookies (such as analytics or marketing cookies) will only be used where you have given consent via a cookie banner/manager.

6.3 You can also control cookies via your browser settings. Note that blocking certain cookies may affect how the website works.

7. Who we share your data with

7.1 We may share personal data with trusted service providers who help us run our business (acting as processors), such as:

• website hosting and website platform providers;
• booking and scheduling providers;
• payment providers;
• email and communications providers;
• professional advisers (e.g., accountants) where necessary.

7.2 We may also share data where required by law, regulation, or to establish, exercise or defend legal claims.

8. International transfers

8.1 We are based in the United Kingdom and primarily store data in the UK. Some of our service providers may process data outside the UK.

8.2 Where data is transferred outside the UK, we will ensure appropriate safeguards are in place (for example, UK International Data Transfer Agreement or adequacy regulations) as required by data protection law.

9. How long we keep your data

9.1 We keep personal data only for as long as necessary for the purpose it was collected.

9.2 Typical retention periods include:

• Enquiries: up to 12 months after last contact.
• Booking records: up to 24 months after your last session (unless we need longer for legal reasons).
• Financial records (invoices/receipts): typically up to 6 years to meet legal/tax requirements.
• Health information: kept only as long as needed for safe participation and then deleted/securely destroyed.

10. Security

10.1 We use appropriate technical and organisational measures to protect your personal data. Access is limited to those who need it for legitimate business purposes.

10.2 No method of transmission or storage is 100% secure. If you believe your data has been compromised, please contact us.

11. Your rights

11.1 You have rights under data protection law, including the right to access, correct, delete, restrict or object to processing, and (where applicable) data portability.

11.2 Where processing is based on consent, you can withdraw consent at any time.

11.3 To exercise your rights, contact us using the details in section 12.

12. How to contact us

12.1 Email: info@corencalm.co.uk.

12.2 Postal address: Suite L Radford Business Centre, Radford Way, Billericay, Essex, United Kingdom, CM12 0BZ.

13. Complaints

13.1 If you have concerns, please contact us first and we will try to resolve them.

13.2 You can also complain to the Information Commissioner’s Office (ICO). Details are available on the ICO website.

14. Changes to this policy

14.1 We may update this Privacy Policy from time to time. The latest version will always be available on our website.