Privacy Policy

Effective Date: 28 October 2025
Business Name: Aurabrae Wellness
Data Controller: Jennifer Lynn
Contact: jenn@aurabrae.com

This Privacy Policy explains how I collect, use, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Your privacy and trust are important to me.

1. What Personal Data I Collect

When you sign up for my online Pilates classes, contact me, or engage with my services, I may collect:

  • Identity Data: Name

  • Contact Data: Email address

  • Financial Data: Payment details (processed securely via third-party providers like Stripe, & Kit formerly ConvertKit)

  • Technical Data: IP address, device type, browser, usage data

  • Marketing Preferences: Your preferences for receiving updates, offers, and content

2. Lawful Basis for Processing Your Data

Under GDPR, I must have a legal reason to use your data. These are the bases I rely on:

  • Contractual obligation – to provide the services you’ve signed up for

  • Consent – for sending you marketing or class emails (you can withdraw this at any time)

  • Legal obligation – where needed for accounting or tax purposes

  • Legitimate interest – to improve and grow my business, in a way that doesn’t override your rights

3. How I Use Your Data

I use your data to:

  • Set up and manage your Pilates membership

  • Process payments and send receipts

  • Send class updates, newsletters, and occasional promotions (only if you opt in)

  • Respond to your questions or support requests

  • Improve my services and website performance

4. Data Sharing

Your data will never be sold. I only share it with trusted third-party providers (like ConvertKit, Stripe, PayPal, or my website host) where necessary to run my business. All third-party providers are GDPR-compliant.

5. Data Retention

I keep your data for as long as needed to provide your service, comply with legal obligations (e.g., tax laws), or until you ask me to delete it.

6. Your Rights Under GDPR

You have the right to:

  • Access the personal data I hold about you

  • Correct inaccurate or outdated data

  • Request erasure of your data (right to be forgotten)

  • Object to processing under certain conditions

  • Restrict processing in certain cases

  • Data portability – to receive your data in a readable format

  • Withdraw consent at any time (for things like marketing emails)

To exercise any of these rights, please contact me at [your email address].

7. Security

I use secure systems and trusted providers to keep your data safe. However, no method is 100% secure, so I cannot guarantee absolute security. I always aim to follow best practices.

8. Cookies

My website may use cookies to improve functionality and track usage. You can manage or disable cookies in your browser settings.

9. Changes to This Policy

I may update this policy from time to time. Any significant changes will be communicated by email or updated on this page.

10. Contact

If you have any questions or concerns about your data or this policy, you can contact me:

Email: jenn@aurabrae.com
Data Controller: Jennifer Lynn
Address: Cardross, Scotland

If you believe your data has been handled unlawfully, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk