Privacy Policy
This policy explains what personal data Tones Pilates may collect, why it is used, and which rights you have under Danish and EU data protection law.
1. Who is responsible for your data
Tones Pilates is responsible for the personal data processed through this website and related services, except where a third-party provider acts as an independent controller for its own service.
Tones Pilates is operated by Tone Raft. CVR: 45721221. Registered office: Bergthorasgade 7, 2tv, 2300 København S.
For privacy questions or requests, contact hello@tonespilates.com.
2. What data we collect
We collect only the personal data needed to run the website, communicate with you, provide classes and memberships, and meet legal obligations.
- Contact data, such as your name, email address, and messages you send to us.
- Account and membership data, such as login status, membership type, purchase history, and access status, where provided through Arketa.
- Booking and class data, such as private session requests, attendance information, and notes needed to provide a service.
- Payment and billing data processed by Arketa, Stripe, or other payment partners. Tones Pilates does not intentionally store full card details.
- Newsletter data, such as email address, subscription preferences, and engagement with emails.
- Technical data, such as IP address, device information, browser type, pages visited, and basic security logs.
- Health or body-related information only if you choose to provide it, for example in connection with private sessions, pregnancy/postpartum support, injuries, limitations, or movement goals.
3. Why we use your data and legal bases
We process personal data under the GDPR only when we have a lawful basis to do so.
- Contract: to provide memberships, account access, bookings, customer support, and requested services.
- Legal obligation: to keep records required for accounting, tax, consumer law, and compliance purposes.
- Legitimate interests: to operate and secure the website, respond to enquiries, improve services, prevent misuse, and manage business administration.
- Consent: to send newsletters or marketing where consent is required, to use non-essential cookies where applicable, and to process health-related information where explicit consent is required.
4. Health information
Pilates and movement services may involve information about injuries, pregnancy, postpartum status, medical history, physical limitations, or other health-related details if you choose to share them.
We use this information only to understand your needs, tailor guidance, support safety, or provide the requested service. Health-related information is treated with additional care and is not used for unrelated marketing.
Please do not send sensitive health information unless it is relevant to the service you are requesting.
5. Arketa, payments, and third-party services
The online studio, checkout, account login, video access, and subscription management may be provided through Arketa. Payment processing may be handled by Arketa, Stripe, or another payment provider.
These providers process personal data to provide their services, process payments, prevent fraud, manage subscriptions, and comply with their own legal obligations. Their own privacy notices may also apply.
We may also use email, website hosting, analytics, form, security, and business administration providers. We choose providers that are expected to protect personal data appropriately.
6. Cookies and similar technologies
The website may use essential cookies or similar technologies to make the site work, keep it secure, remember choices, or enable embedded services such as Arketa.
Non-essential analytics or marketing cookies should only be used where a valid consent mechanism is in place. You can manage cookies through your browser settings and, where available, through the site's cookie consent tools.
7. Sharing and international transfers
We share personal data only where needed to provide the website, memberships, payments, bookings, communication, legal compliance, or professional support.
Some providers may process data outside Denmark or the European Economic Area. Where this happens, we rely on appropriate safeguards required under the GDPR, such as adequacy decisions, Standard Contractual Clauses, or other lawful transfer mechanisms.
8. How long we keep data
We keep personal data only for as long as needed for the purposes described in this policy, unless a longer period is required or permitted by law.
- Account and membership data is generally kept while your account or membership is active and for a reasonable period afterwards.
- Accounting and transaction records are kept for the period required by Danish bookkeeping, tax, and accounting rules.
- Newsletter data is kept until you unsubscribe or withdraw consent, unless we need to keep a minimal record to respect your choice.
- Enquiry and support messages are kept for as long as needed to respond and manage the relationship.
- Health-related information is kept only as long as needed for the relevant service, safety, documentation, or legal claim purposes.
9. Your rights
Subject to the conditions in the GDPR, you may have the right to request access, correction, deletion, restriction, portability, objection to processing, and withdrawal of consent.
You also have the right to object to direct marketing at any time. If processing is based on consent, withdrawing consent does not affect processing that happened before withdrawal.
We aim to respond to privacy requests within one month, unless the request is complex or the GDPR allows more time.
10. Complaints
If you have concerns, please contact us first at hello@tonespilates.com.
You also have the right to lodge a complaint with the Danish Data Protection Agency, Datatilsynet, or with another competent EU data protection authority.
11. Updates
We may update this Privacy Policy when the website, services, providers, or legal requirements change. The latest version will be available on this page.