Privacy Policy

This Privacy Policy explains how 1001184549 Ontario Corp., operating as Pilates Hub Newmarket (“Pilates Hub Newmarket”, “we”, “us”, “our”) collects, uses, discloses, safeguards, and retains personal information in connection with our website (the “Site”), in-studio operations, and the studio member mobile experience provided through our booking/vendor platform (currently Xplor Mariana Tek) embedded in our Site and available via mobile application(s) (the “App”). This Privacy Policy applies to information collected online and offline.

By using our website, embedded booking tools, or mobile app experiences (collectively, the “Services”), creating an account, booking or attending classes, or otherwise providing personal information to us, you consent to this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Site or App. Your continued use of the Site or Services after we post changes will signify your acceptance of the revised Policy.

Certain processing may occur without consent where permitted by law (e.g., for fraud prevention, security, or to meet legal obligations). Marketing communications require separate consent under CASL, and you can withdraw that consent at any time.

1. Scope and Legal Framework

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Ontario laws. For electronic transactions and signatures, we rely on the Electronic Commerce Act, 2000 (Ontario). Marketing communications comply with Canada’s Anti-Spam Legislation (CASL). Accessibility practices are intended to align with the Accessibility for Ontarians with Disabilities Act (AODA) and web content standards (WCAG 2.0 AA).

This Policy explains how we collect, use, disclose, and protect personal information in connection with our:

  • website and app experience;

  • embedded booking and point-of-sale tools;

  • marketing channels (email, SMS, and push notifications); and

  • in-studio operations.

If you are directed to, or use, a linked service such as Xplor Mariana Tek, Stripe, or another third-party processor, their own privacy terms govern their handling of data within their systems. For most studio functions, we act as the controller of your personal information; certain platform providers may also act as independent controllers for their own services. Please review their privacy notices.

2. What We Collect

We may collect:

  • Identifiers & Contact Data: name, email, phone, postal address, account identifiers.

  • Demographics: age (18+ policy).

  • Commercial & Transactional: bookings, attendance, purchases, check-in data, support communications, payment status (payment card data processed by payment processor; we do not store full card numbers).

  • Studio Security: CCTV footage in common areas for safety and loss-prevention (no audio). Retained for a limited period unless required for an investigation.

  • Location Data (optional): Approximate or precise device location used only for check-in (≈ 100 m radius). We do not store continuous location history.

  • Device/Network Data: IP address, browser/device information, push token, operating system, cookies, and pixel data. This may include information about your use of our Site or App, such as browser type, access times, pages viewed, IP address, referring links, and transaction details (for example, product or class purchased and date of purchase).

  • User Content: profile photo (optional), reviews, feedback.

  • Health/Fitness Notes: Information voluntarily shared with staff or instructors (e.g., injuries, pregnancy status) to support safe participation. Pilates Hub is not a health information custodian under the Personal Health Information Protection Act (PHIPA).

De-identified/Aggregated Information. We may use and share de-identified or aggregated information (that does not identify an individual) for analytics, research, or improving services. We maintain de-identified data and do not attempt to re-identify it except as permitted by law (e.g., to test de-identification safeguards).

3. How We Collect

3.1 Directly from you: during account creation, bookings, purchases, communications, or waiver submissions. This may include information provided when you call us, join a membership or loyalty program, participate in promotions, sweepstakes, or surveys, engage with us on social media, request customer support, apply for employment, or otherwise communicate with us.

3.2 Automatically: via cookies, analytics, and device data.

3.3 From service providers: such as payment processors, booking platforms, or analytics vendors.

3.4 From applicants: if you apply for a job with us, we collect the information you provide during recruitment (e.g., résumé/CV, cover letter, interview notes) and use it to evaluate and manage your application in accordance with this Policy.

3.5 Bookings on behalf of others: If you provide personal information about another individual (e.g., booking a class for another adult), you represent that you have their authorization to do so and to share their information with us for the stated purpose. We may require that individual to create their own account and accept our Terms, Waiver, and Privacy Policy before attending.

4. How We Use Personal Information

We use personal information to:

  • provide, administer, and improve our classes, memberships, waitlists and payment processing;

  • operate the Site/App, manage accounts, check-ins, fraud prevention, and troubleshooting;

  • respond to requests, complaints.

  • send transactional communications (e.g., receipts, confirmations, reminders);

  • send promotional communications where you have consented (email, SMS, or push);

  • personalize and improve services;

  • comply with legal, tax, and audit requirements; and

  • fulfill any other purpose disclosed at the time of collection or reasonably related thereto, with your consent where required.

  • security, fraud prevention, and misuse monitoring, including detecting account sharing, unauthorized access, or resale of credits, and verifying identity where appropriate.

  • identity verification, where lawful and appropriate, which may include matching basic identifiers (e.g., name, email, phone) to prevent impersonation.

5. CASL Marketing and Your Choices

5.1 Email: You may unsubscribe at any time using the link provided in our emails.

5.2 SMS: Reminders and promotions sent only to opted-in numbers. Reply STOP to opt-out or HELP for assistance. Message and data rates may apply. Message frequency may vary. Delivery depends on carrier networks, which are not liable for delayed or undelivered messages.

5.3 Push Notifications: The app will request permission before sending push notifications. You may disable them in your device settings. We may send transactional and occasional promotional notifications.

6. Location and Geo-Check-In

**If you enable location services**, we process your device’s approximate or precise location near our studio to support optional geo check-in (~100 metres). We do not collect or store continuous location history. If disabled, you may check in manually at the studio iPad.

Individual Accounts. Our Services are designed for individual use by the account holder. Each attendee should maintain their own account so that consents, safety notes, and communications are correctly associated with the right person.

7. Disclosures to Service Providers and Others

We collect, use, and disclose personal information with your consent (express or implied) and as otherwise permitted or required by law—for example, to comply with legal obligations, ensure security, prevent fraud, or provide the Services you request. We may disclose limited identifiers to identity verification and fraud-prevention vendors to help protect accounts and prevent unauthorized access or account sharing, in accordance with applicable law and this Policy. We may process personal information without consent where permitted by law (e.g., fraud prevention, investigations, or where obtaining consent would be inappropriate). We do not sell or rent personal information.

8. Advertising & Analytics (Cookies / Pixels, and Similar Technologies)

Our website uses Google Analytics 4 (GA4) and the Meta Pixel. These tools may place cookies or similar technologies to measure site usage and, if enabled, support interest-based advertising.

We employ a cookie-consent banner that:

  • always allows strictly necessary cookies;

  • requests opt-in consent for analytics and marketing cookies; and

  • honours Global Privacy Control, where supported and detected.

We and our advertising partners may use cookies, web beacons, and similar technologies to collect information such as IP address, browser type, pages viewed, time spent on pages, and links clicked. This helps us analyze and track data, understand the popularity of certain content, and deliver advertising or content targeted to your interests on our Site or on other websites. Some of these third parties may combine information collected through our Services with other data to provide analytics or customized advertising.

Links to Third-Party Sites. The Site or App may include links to websites, applications, or services operated by third parties. Those properties are governed by their own terms and privacy policies. We are not responsible for, and do not endorse, the content, security, or privacy practices of third-party properties you access at your discretion.

9. App Store Disclosures (Summary)

Our member mobile experience is provided through our booking/vendor platform (currently Xplor Mariana Tek). The platform’s App Store/Google Play privacy labels describe the SDKs and data handling within their apps. Manage in-app permissions (e.g., location, notifications, photos) in your device settings. For purchases made via Apple or Google, billing and refunds are administered by Apple/Google under their terms.

10. Sharing and Transfers

We share personal information only as reasonably necessary with:

  • Service providers / processors under contract (e.g., booking and membership platform providers, payment processors, email/SMS messaging, analytics, hosting, and customer support vendors);

  • Authorities or third parties as required or permitted by law (e.g., court orders, safety, or compliance); and

  • Business transaction counterparties in the event of a merger, sale, or reorganization, subject to confidentiality and legal safeguards.

Cross-border transfers: Your information may be stored or accessed from outside Canada (including the United States) by our contracted service providers. For example, cloud hosting and transactional email/SMS services may process data in the U.S., where local authorities may lawfully access data. We apply contractual and technical safeguards appropriate to the sensitivity of the data. While outside Canada, personal information may be subject to the lawful access of courts, law enforcement, or national security authorities in the applicable foreign jurisdiction.

11. Security

We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the information, including encryption in transit, role-based access control, and multi-factor authentication for administrative systems. No system is completely secure; residual risks remain inherent to internet-based communications.

Your role. Do not share your login credentials with anyone. Access to an account is limited to the account holder; we may require ID verification for security. If you believe your account has been compromised, contact us immediately at info@pilateshub.ca.

12. Retention

We retain personal information only as long as reasonably necessary for its intended purpose or as required by law.

  • Waivers/Consents & Incident Records: 7 years after last visit.

  • Transaction/Tax Records: 7 years after fiscal year.

  • Membership & Class History: 7 years after last activity.

  • Marketing Logs: 3 years after the last commercial electronic message or until unsubscribed (whichever is later).

Minimal records may be retained thereafter to comply with legal duties or enforce our Terms. De-identified data may be kept longer.

13. Your Rights and Requests

You may request access to, correction of, or deletion of your personal information, subject to legal and operational retention obligations. You may also withdraw your consent to our processing of your personal information, subject to legal or contractual restrictions and reasonable notice. We will explain any implications of such withdrawal (e.g., our inability to provide certain Services). For privacy and security, we will not disclose personal information about another individual in response to your request unless we receive verifiable authorization or are otherwise permitted or required by law.

  • For app accounts, the in-app “Delete Account” function submits a verified deletion request; we process such requests within 30 days, retaining only records required by law (e.g., tax, waiver).

  • To exercise your rights, contact info@pilateshub.ca. We respond to access and correction requests within 30 days or as otherwise required by law, subject to permitted extensions. We may take reasonable steps to verify your identity before responding.

14. Data Breach Handling

We investigate suspected breaches of security safeguards without delay and assess whether the incident creates a ‘real risk of significant harm’. Where a breach creates a real risk of significant harm, we will notify the Office of the Privacy Commissioner of Canada and affected individuals as soon as feasible, and any other organization or government institution that may be able to reduce the risk of harm, in accordance with PIPEDA. We maintain records of all breaches of security safeguards as required by law.

15. Children

Our Services are intended for adults (18 +). We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a person under 18, we will delete it and close the account.

16. Changes

We may update this Policy periodically. The “Last Updated” date at the bottom reflects the effective date. Material changes will be communicated through our website or Services and, where appropriate, additional notice.

We encourage you to review this Privacy Policy periodically whenever you interact with us to stay informed about our information practices and the ways you can help protect your privacy.

17. Questions or Complaints / Regulator Contact

For questions or privacy complaints, contact:

Email: info@pilateshub.ca

Mail: 1001184549 Ontario Corp., O/a Pilates Hub Newmarket, 203 Main St. S., Unit 1, Newmarket ON L3Y 3Y9

You may also contact the Office of the Privacy Commissioner of Canada (OPC) or the Information and Privacy Commissioner of Ontario (IPC) if you believe your privacy rights have been violated.

By using our Services, you consent to this Privacy Policy and to the collection, use, and disclosure of your personal information as described herein.

Contact & Privacy Officer

1001184549 Ontario Corp., O/a Pilates Hub Newmarket

Registered/Notice Address (and Studio Address): 203 Main St. S., Unit 1, Newmarket, ON, L3Y 3Y9

Email: info@pilateshub.ca • Tel: 647-929-7186

Business/HST Number: 70905 2229 RT0001

Last Updated: October 17, 2025