Privacy Policy – Pilates by Jill Ceder

    This Privacy Policy explains how Pilates by Jill Ceder ("we," "us," or "our") collects, uses, stores, and protects your personal data when you visit jillceder.com or use our subscription services. We are committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR) and applicable US privacy laws.
  

1. Who We Are

Data Controller: Pilates by Jill Ceder
Website: jillceder.com
Data Protection Officer (DPO): [email protected]
Contact: [email protected]

We are registered as a data controller under GDPR.

2. Data We Collect

We collect the following categories of personal data:

2.1 Data You Provide Directly

Name and phone number — when you submit a callback request form
Email address — when you create an account or subscribe
Payment information — processed securely by our payment provider (we do not store full card details)
Preferred contact time — when you request a call
Communications — emails, messages, or support requests you send us

2.2 Data Collected Automatically

IP address and device information — for security and fraud prevention
Browser type and operating system
Pages visited and time on site — via analytics cookies (only if you consent)
Referral source — how you found our site

3. Legal Basis for Processing (GDPR Article 6)

Processing Activity	Legal Basis
Processing your subscription and providing access to classes	Art. 6(1)(b) — Performance of a contract
Sending you a callback after form submission	Art. 6(1)(b) — Performance of a contract / pre-contractual steps
Sending transactional emails (receipts, login details)	Art. 6(1)(b) — Performance of a contract
Analytics and site improvement	Art. 6(1)(a) — Your consent (via cookie banner)
Marketing communications	Art. 6(1)(a) — Your consent
Legal compliance and fraud prevention	Art. 6(1)(c) — Legal obligation

4. How We Use Your Data

To process your subscription and provide access to the platform
To contact you via phone following a callback request
To send account-related emails (welcome, receipts, password reset)
To respond to support inquiries
To improve the website and user experience (analytics, only with consent)
To show relevant advertising (marketing pixels, only with consent)
To comply with legal obligations

5. Data Retention

Data Type	Retention Period
Account and subscription data	Duration of subscription + 3 years after cancellation
Payment records	7 years (legal/tax requirement)
Callback form submissions	12 months from submission date
Email communications	3 years
Analytics data	26 months (Google Analytics default)
Cookie consent records	13 months from consent date

6. Who We Share Your Data With

We do not sell your personal data. We may share it with the following trusted third-party service providers who process data on our behalf:

Payment processors (e.g. Stripe) — to handle subscription billing securely
Email service providers — to send transactional emails
Analytics providers (e.g. Google Analytics) — only with your cookie consent
Advertising platforms (e.g. Meta, TikTok) — only with your cookie consent
Hosting and infrastructure providers — to operate the website

All third-party processors are contractually required to handle your data securely and only for the purposes we specify. Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses).

7. Your Rights Under GDPR

If you are located in the EU, EEA, or UK, you have the following rights:

Right to Access — request a copy of your personal data
Right to Rectification — request correction of inaccurate data
Right to Erasure — request deletion of your data ("right to be forgotten")
Right to Restriction — request we limit processing in certain circumstances
Right to Data Portability — receive your data in a machine-readable format
Right to Object — object to processing based on legitimate interest or for marketing
Right to Withdraw Consent — withdraw consent at any time without affecting prior processing

To exercise any right, contact us at [email protected]. We will respond within 30 days as required by GDPR Article 12. In complex cases we may extend this by a further two months and will notify you.

You also have the right to lodge a complaint with your local data protection supervisory authority.

8. Cookies

We use cookies as described in our Cookie Policy. You can manage your preferences at any time via the Cookie Preferences link in the footer.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or disclosure. Payment data is processed via PCI-DSS compliant providers. We use SSL/TLS encryption for all data in transit.

10. Children's Privacy

Our services are intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via a notice on the website. The "last updated" date at the top of this page reflects the most recent revision.

12. Contact Us

For any privacy-related questions or to exercise your rights:
Email: [email protected]
General contact: [email protected]
Website: jillceder.com