Personvernerklæring

Nordlys Pilates Studio

Privacy Policy

1. Introduction and Company Information

This Privacy Policy explains how Nordlys Pilates Studio collects, uses, stores, shares, and protects personal data when you visit our studio, use our services, contact us, book classes, or otherwise interact with us.

Data Controller: Nordlys Pilates Studio
Address: Pilestredet 75, 0354 Oslo, Norway
Email: [email protected]
Phone: +47 21 56 84 39

We process personal data in accordance with applicable privacy and data protection laws, including the General Data Protection Regulation (GDPR) and relevant Norwegian data protection legislation.

2. Data Collection and Processing

We may collect and process the following categories of personal data:

  • Identification and contact information: name, email address, phone number, postal address.
  • Booking and attendance data: class registrations, appointment history, cancellations, attendance records.
  • Payment information: payment status, transaction references, billing details. We do not store full payment card details if payment is processed by a third-party payment provider.
  • Health-related information: information you voluntarily provide that may be relevant to safe participation in Pilates classes, such as injuries, mobility limitations, or other health considerations.
  • Communication data: messages, inquiries, feedback, and correspondence with us.
  • Technical data: IP address, device and browser information, and usage data collected through our website or booking systems, where applicable.

We generally collect personal data directly from you, but we may also receive data from booking platforms, payment providers, or other service providers acting on our behalf.

3. Purpose of Data Processing

We process personal data for the following purposes:

  • To manage class bookings, memberships, and customer accounts.
  • To provide Pilates instruction and related services safely and appropriately.
  • To communicate with you about bookings, schedule changes, cancellations, and customer support.
  • To process payments, invoices, refunds, and accounting records.
  • To assess whether any health-related considerations require adjustments to training or participation.
  • To comply with legal obligations, including accounting, tax, and record-keeping requirements.
  • To improve our services, operations, and customer experience.
  • To send marketing communications, where permitted by law and/or with your consent.

4. Legal Basis for Processing

We process personal data only where we have a valid legal basis, including:

  • Contract: when processing is necessary to provide services you have requested, such as bookings, memberships, and payments.
  • Legal obligation: when processing is required to comply with applicable laws, including accounting and tax obligations.
  • Legitimate interests: when processing is necessary for our legitimate business interests, such as service administration, customer communication, security, and improvement of our services, provided these interests are not overridden by your rights and freedoms.
  • Consent: when you have given clear consent, for example for certain marketing communications or for processing health-related information where required.

Where we process special category data, such as health-related information, we do so only when permitted by law and, where necessary, based on your explicit consent or another applicable legal ground.

5. Data Sharing and Third Parties

We may share personal data with trusted third parties that help us operate our business and deliver our services. These may include:

  • Booking and scheduling system providers.
  • Payment processors and financial service providers.
  • Accounting, auditing, and tax service providers.
  • IT, hosting, cloud storage, and maintenance providers.
  • Professional advisers, such as lawyers or consultants, where necessary.
  • Public authorities, where required by law or lawful request.

We require our service providers to handle personal data securely and only in accordance with our instructions and applicable law. We do not sell personal data.

6. Data Transfer to Third Countries

In some cases, personal data may be transferred to or accessed from countries outside the European Economic Area (EEA). This may occur if we use service providers with infrastructure or support operations located outside the EEA.

When such transfers occur, we ensure appropriate safeguards are in place, such as:

  • European Commission adequacy decisions, where applicable.
  • Standard contractual clauses approved by the European Commission.
  • Additional technical and organizational safeguards where necessary.

You may contact us for more information about international transfers and the safeguards used.

7. Storage Duration

We retain personal data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law.

  • Booking and customer records: retained for the duration of the customer relationship and for a reasonable period thereafter.
  • Accounting and tax records: retained for the period required by applicable law.
  • Communication records: retained as long as needed to handle your inquiry and for follow-up purposes.
  • Health-related information: retained only as long as necessary for safety and service delivery, or until you withdraw consent where consent is the legal basis.
  • Marketing data: retained until you unsubscribe, object, or withdraw consent, as applicable.

When personal data is no longer needed, we delete, anonymize, or securely archive it in accordance with applicable requirements.

8. User Rights

Subject to applicable law, you have the following rights regarding your personal data:

  • Access: you may request confirmation of whether we process your personal data and obtain a copy of that data.
  • Rectification: you may request correction of inaccurate or incomplete data.
  • Erasure: you may request deletion of your personal data in certain circumstances.
  • Restriction: you may request that we limit the processing of your personal data in certain situations.
  • Data portability: you may request a copy of data you have provided to us in a structured, commonly used, machine-readable format, where applicable.
  • Objection: you may object to processing based on legitimate interests and to direct marketing at any time.

To exercise your rights, please contact us using the details provided below. We may need to verify your identity before responding.

9. Withdrawal of Consent

Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

If you withdraw consent, we will stop the relevant processing unless we have another lawful basis to continue. You may withdraw consent by contacting us at [email protected].

10. Right to Complain

If you believe that our processing of your personal data violates applicable law, you have the right to lodge a complaint with the competent supervisory authority.

In Norway, this is the Norwegian Data Protection Authority (Datatilsynet). We encourage you to contact us first so that we can try to resolve your concern directly.

11. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures may include:

  • Access controls and role-based permissions.
  • Secure storage and encryption where appropriate.
  • Regular updates and maintenance of systems.
  • Staff awareness and confidentiality obligations.
  • Procedures for handling security incidents and data breaches.

While we take reasonable steps to protect your data, no method of transmission or storage is completely secure.

12. Contact Information

If you have questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us:

Nordlys Pilates Studio
Pilestredet 75, 0354 Oslo, Norway
Email: [email protected]
Phone: +47 21 56 84 39

13. Changes to Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. The updated version will be published on our website or otherwise made available to you.

We encourage you to review this Privacy Policy periodically to stay informed about how we process personal data.

4/1/2026 Hjem