Privacy Policy
This Privacy Policy explains how 1001184549 Ontario Corp., operating as Pilates Hub Newmarket (“Pilates Hub Newmarket,” “we,” “us,” “our”), collects, uses, discloses, safeguards, and retains personal information in connection with our website (the “Site”), our in-studio operations, and the member mobile experience provided through our booking platform (currently Xplor Mariana Tek) (the “App”). It applies to information collected online and offline. Together, the Site, App, and related tools are the “Services.”
By using the Services, creating an account, booking or attending classes, or otherwise providing personal information to us, you agree to the handling of your personal information as described in this Policy. Health information is collected only with your express consent, as described in Section 2. If you do not agree with this Policy, please do not use the Services.
Some processing may occur without consent where the law permits — for example, for fraud prevention, security, or to meet a legal obligation. Marketing communications require separate consent under Canada's Anti-Spam Legislation (CASL), which you can withdraw at any time.
If PIPEDA is replaced or amended by successor federal privacy legislation, references in this Policy to PIPEDA will be read as references to that successor where applicable.
1. Scope and Legal Framework
We handle personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Ontario law. For electronic transactions and signatures, we rely on the Electronic Commerce Act, 2000 (Ontario). Marketing communications comply with CASL. As a voluntary accessibility commitment, we aim to align with WCAG 2.1 Level AA.
This Policy covers our website and app experience, our embedded booking and point-of-sale tools, our marketing channels (email, SMS, and push notifications), and our in-studio operations.
If you use a linked service such as Xplor Mariana Tek or Stripe, that provider's own privacy terms govern how it handles information within its systems. For most studio functions, we decide how and why your personal information is handled. Some platform providers also handle certain information for their own purposes. Please review their privacy notices.
2. What We Collect
We may collect:
Identifiers and contact data: name, email, phone, postal address, and account identifiers.
Demographics: age (to confirm our 18+ policy).
Commercial and transactional data: bookings, attendance, purchases, check-in data, support communications, and payment status. Payment card data is processed by our payment processor; we do not store full card numbers.
Studio security (CCTV): video footage in common areas for safety and loss prevention, with no audio. CCTV footage is retained for approximately 30 days and then overwritten, unless it is needed for an investigation.
Location data (optional): approximate or precise device location, used only at the moment of check-in near the studio (about a 100-metre radius). We do not store continuous location history.
Device and network data: IP address, browser and device information, push token, operating system, cookies, and pixel data, including access times, pages viewed, referring links, and transaction details.
User content: optional profile photo, reviews, and feedback.
Health and fitness notes: information you choose to share with staff or instructors (for example, injuries or pregnancy status) to support safe participation.
Health information is sensitive. We collect it only with your express consent, use it only for safety screening, class modifications, and emergency response, make it accessible only to staff who need it for those purposes, and never use it for marketing. PHIPA (Ontario's health-privacy statute) applies to defined health-care custodians; Pilates Hub Newmarket is not a health information custodian under PHIPA. Your health information is nonetheless protected as sensitive personal information under PIPEDA and this Policy.
De-identified and aggregated information. We may use and share information that does not identify an individual for analytics, research, or service improvement. We do not attempt to re-identify de-identified data except as the law permits (for example, to test our de-identification safeguards).
3. How We Collect Personal Information
3.1 Directly from you — during account creation, bookings, purchases, communications, waiver submissions, promotions or surveys, social media interactions, customer-support requests, or job applications.
3.2 Automatically — through cookies, analytics, and device data when you use the Site or App.
3.3 From service providers — such as payment processors, our booking platform, and analytics vendors.
3.4 Recruitment and employment. If you apply for a job with us, we collect the information you provide during recruitment (for example, résumé, cover letter, and interview notes). We handle recruitment and employee information responsibly and use it only for hiring and employment purposes.
3.5 Bookings on behalf of others. If you provide personal information about another adult (for example, booking a class for them), you confirm you have their permission to do so. We may require that individual to create their own account and accept our Terms, Waiver, and this Policy before attending. See also Section 6.2.
4. How We Use Personal Information
Service delivery. To provide, administer, and improve our classes, memberships, waitlists, check-ins, and payment processing; to operate the Site and App; and to manage accounts and troubleshoot issues.
Communications. To send transactional messages (such as receipts, confirmations, and reminders); and, where you have consented, to send promotional messages by email, SMS, or push notification. Consent to marketing is not a condition of purchasing classes or memberships.
Security and fraud prevention. To keep accounts and the studio secure, to verify identity where appropriate, and to detect and investigate possible account sharing, unauthorized access, or resale of credits. Where we detect possible account sharing or fraud, we act in accordance with the enforcement process set out in our Terms of Service.
Legal and administrative. To respond to your requests and complaints, and to comply with legal, tax, and audit requirements.
Other purposes. To fulfil any other purpose we identify at the time of collection or that is reasonably related to it, with your consent where required.
5. Marketing and Your Choices (CASL)
5.1 Email. You may unsubscribe at any time using the link in our emails.
5.2 SMS. Reminders and promotions are sent only to numbers that have opted in. Reply STOP to opt out or HELP for assistance. Message and data rates may apply, and message frequency may vary. Delivery depends on carrier networks, which are not liable for delayed or undelivered messages.
5.3 Push notifications. The App will ask permission before sending push notifications. You can disable them in your device settings. We may send transactional and occasional promotional notifications.
6. Location, Geo-Check-In, and Individual Accounts
6.1 Location and geo-check-in. If you enable location services, we process your device's approximate or precise location near the studio to support optional geo check-in (about 100 metres). We do not collect or store continuous location history. If location services are disabled, you can check in manually at the studio iPad.
6.2 Individual accounts. Our Services are designed for individual use by the account holder. Each attendee should maintain their own account so that consents, safety notes, health information, and communications are correctly associated with the right person. Keeping accounts individual is also important for safety and for the account-integrity rules in our Terms of Service.
7. Disclosures to Service Providers and Others
We collect, use, and disclose personal information with your consent (express or implied) and as otherwise permitted or required by law — for example, to meet a legal obligation, ensure security, prevent fraud, or provide a Service you have requested. We may disclose limited identifiers to identity-verification and fraud-prevention vendors to help protect accounts. We may process personal information without consent where the law permits (for example, fraud prevention or investigations). We do not sell or rent personal information. See Section 10 for service-provider and cross-border details.
8. Cookies, Analytics, and Advertising
Our website uses Google Analytics 4 and the Meta Pixel. These tools place cookies or similar technologies to measure site usage and, where enabled, support interest-based advertising.
When you visit our Site, we display a cookie notice telling you that we use cookies. Strictly necessary cookies, which the Site needs to function, are always active. Analytics and advertising cookies may be set when you continue to use the Site. You can control or refuse cookies at any time through your browser settings — most browsers let you block or delete cookies and limit tracking, and some browsers support privacy signals such as Global Privacy Control. You can also opt out of interest-based advertising through the settings offered by the relevant advertising platform.
We do not use analytics or advertising pixels to track health information or anything you enter into intake or waiver forms.
Cookies and similar technologies may collect information such as IP address, browser type, pages viewed, time spent, and links clicked. Some advertising partners may combine this with other data to provide analytics or customized advertising.
Links to third-party sites. The Site or App may link to third-party properties governed by their own terms and privacy policies. We are not responsible for, and do not endorse, those properties.
9. App Store Disclosures
Our member mobile experience is provided through our booking platform (currently Xplor Mariana Tek). The platform's App Store and Google Play privacy labels describe the data handling within its apps. You can manage in-app permissions (location, notifications, photos) in your device settings. For purchases made through Apple or Google, billing and refunds are administered by Apple or Google under their terms.
10. Sharing and Cross-Border Transfers
We share personal information only as reasonably necessary with: service providers under contract (such as our booking and membership platform, payment processor, email/SMS messaging, analytics, hosting, and customer-support vendors); authorities or third parties where required or permitted by law; and counterparties in a merger, sale, or reorganization, subject to confidentiality and legal safeguards.
Cross-border transfers. Your information may be stored or accessed from outside Canada (including the United States) by our contracted service providers — for example, cloud hosting and transactional email or SMS services. When a service provider processes personal information outside Canada, we use contractual and other measures intended to provide a comparable level of protection while the information is being processed. While outside Canada, personal information may be subject to lawful access by courts, law enforcement, or national security authorities in the applicable jurisdiction.
11. Security
We use administrative, technical, and physical safeguards appropriate to the sensitivity of the information, including encryption in transit, role-based access control, and multi-factor authentication for administrative systems. No system is completely secure, and some residual risk is inherent to internet communications.
Your role. Do not share your login credentials with anyone. Access to an account is limited to the account holder, and we may require ID verification for security. If you believe your account has been accessed without your permission, contact us as soon as possible at hello@pilateshub.ca or 905-901-0321.
12. Retention
We keep personal information only as long as reasonably necessary for the purpose it was collected or as required by law:
Waivers, consents, and incident records: retained until the applicable limitation periods have expired. Because Ontario's Limitations Act, 2002 includes an ultimate limitation period of 15 years, we retain these records for at least 15 years after the last visit or the relevant incident.
Transaction and tax records: 7 years after the relevant fiscal year.
Membership and class history: 7 years after the last activity.
Marketing logs: 3 years after the last commercial electronic message or until you unsubscribe, whichever is later.
We may keep minimal records beyond these periods to comply with legal duties or enforce our Terms. De-identified data may be kept longer.
13. Your Rights and Requests
You may request access to, correction of, or deletion of your personal information, subject to legal and operational retention obligations. You may also withdraw your consent to our processing of your personal information, subject to legal or contractual restrictions and reasonable notice; we will explain any implications (for example, that we may no longer be able to provide certain Services).
A deletion request results in deletion of your personal information except for records we are required to keep — for example, tax records, signed waivers, and incident records. For app accounts, the in-app “Delete Account” function submits a verified deletion request, which we process within 30 days.
To exercise your rights, contact hello@pilateshub.ca. We respond to access and correction requests within 30 days, or as otherwise permitted by law, and we may take reasonable steps to verify your identity first. For your privacy and security, we will not disclose personal information about another individual without verifiable authorization or unless the law permits.
If you are not satisfied with our response, you may complain to the Office of the Privacy Commissioner of Canada (OPC). You may also contact the Information and Privacy Commissioner of Ontario (IPC).
14. Data Breach Handling
We investigate suspected breaches of our security safeguards without delay and assess whether the incident creates a real risk of significant harm. Where it does, we will notify the OPC and affected individuals as soon as feasible, along with any other organization or institution that may be able to reduce the risk of harm, in accordance with PIPEDA. We keep records of all breaches of security safeguards as the law requires.
15. Children
Our Services are intended for adults (18+). We do not knowingly collect personal information from anyone under 18. If we learn that we have, we will delete it and close the account.
16. Changes to this Policy
We may update this Policy from time to time. For material changes — and in particular any change that involves a new or expanded use of personal information — we will provide advance notice through the Site or Services and, where required, seek your fresh consent before the change takes effect. Minor or administrative updates take effect when posted. The “Last Updated” date shows the current effective date. We encourage you to review this Policy periodically.
17. Contact, Privacy Officer, and Complaints
Our Privacy Officer (currently Marharyta Herasimava, Owner) is accountable for our compliance with this Policy and with PIPEDA, and can be reached using the details below.
Pilates Hub Newmarket (1001184549 Ontario Corp.)
203 Main Street South, Unit 1, Newmarket, ON, L3Y 3Y9
Email: hello@pilateshub.ca · Phone: 905-901-0321
Business / HST Number: 70905 2229 RT0001
If you have a privacy question or complaint, please contact our Privacy Officer first so we can try to resolve it. If you are not satisfied, you may contact the Office of the Privacy Commissioner of Canada (OPC) or the Information and Privacy Commissioner of Ontario (IPC).
By using our Services, you consent to this Privacy Policy and to the collection, use, and disclosure of your personal information as described herein.
Last Updated: May 22, 2026