Privacy policy.

Chloe Elizabeth Wellbeing Ltd, trading as Studio Emba ("We"), is committed to protecting and respecting your privacy. This policy sets out how we collect, use, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. DATA CONTROLLER & REGISTRATION

For the purpose of data protection legislation, the data controller is: Chloe Elizabeth Wellbeing Ltd (Studio Emba) Horley, Surrey, England. ICO Registration Number:

2. PERSONAL DATA WE COLLECT

We may collect and process the following data about you:

  • Contact Details: Name, address, mobile/telephone numbers, and email address.

  • Financial Data: Payment card details (processed via secure encryption where we cannot view the full card number) and transaction history.

  • Health & Fitness Data (Special Category Data): Information relating to your physical health, injuries, or preferences disclosed on your registration form or during consultations. We process this sensitive data only with your explicit consent to ensure your safety.

  • Technical Data: IP addresses, operating systems, and browser types collected during site visits.

  • Profile Data: Your birthday, relationship information (e.g., if paying for a spouse), and referral sources.

  • Communications: Records of correspondence if you contact us.

3. LEGAL BASIS FOR PROCESSING

We process your data under the following legal bases:

  • Contractual Necessity: To fulfill your bookings and purchases.

  • Explicit Consent: Specifically for processing your health data and certain marketing communications.

  • Legitimate Interests: For studio administration, fraud prevention, and improving our services.

  • Legal Obligation: To comply with tax, insurance, or health and safety laws.

4. IP ADDRESSES AND COOKIES

We use cookies to distinguish you from other users and improve our site. This includes:

  • Estimating audience size and usage patterns.

  • Storing preferences to customize your experience.

  • Speeding up searches and recognizing you upon return. You may refuse cookies via your browser settings; however, this may limit your access to certain parts of our Site.

5. MARKETING & COMMUNICATIONS

  • Opt-in: When creating an account, you will be given the choice to opt-in to marketing emails regarding discounts and special offers.

  • Soft Opt-in: If you are an existing customer, we may send you offers based on your previous purchases unless you have opted out.

  • Operational Emails: Please note that you will always receive "Operational" emails regardless of marketing preferences. These include: Appointment Confirmations, Schedule Updates, Password Resets, Gift Card Deliveries, and Purchase Receipts.

  • Control: You can update preferences at any time via your online account or by clicking "unsubscribe" in any email.

6. DISCLOSURE OF YOUR INFORMATION

We may disclose your personal information to:

  • Service Providers: Third-party software (e.g., booking systems like Momence/Mindbody) that process data on our behalf.

  • Group Members: Any subsidiaries or holding companies as defined in the UK Companies Act 2006.

  • Business Transfers: Prospective buyers or sellers if we sell or buy any business assets.

  • Legal Requirements: If we are under a duty to disclose data to comply with legal obligations, protect the safety of our clients, or for insurance purposes.

7. INTERNATIONAL DATA TRANSFERS

Some of our service providers are located outside the UK (e.g., in the USA). Where data is transferred internationally, we ensure it is protected by appropriate safeguards, such as the UK-US Data Bridge or standard contractual clauses (SCCs) approved by the UK government.

8. DATA RETENTION

We store your personal data only for as long as necessary for the purposes for which it was collected.

  • Active Accounts: Data is kept while your account is active.

  • Insurance & Tax: We generally retain transaction and health records for 6 years after your last interaction with us to comply with UK legal and insurance requirements.

  • Health Data: If you withdraw consent for health data processing, we may be unable to continue providing Services to you for safety reasons.

9. YOUR RIGHTS

Under the UK GDPR, you have the following rights:

  • Access: Request a copy of the data we hold about you (usually provided free of charge).

  • Correction: Ask us to rectify inaccurate information.

  • Erasure: Request that we delete your data (subject to our legal retention obligations).

  • Restriction: Object to or restrict the processing of your data.

  • Data Portability: Request a transfer of your data to another provider.

  • Complaints: You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you are unhappy with how we handle your data.

To exercise these rights, please contact hello@studioemba.co.uk. We may require proof of identity to process your request.

10. MINORS

In accordance with our Terms and Conditions, accounts for individuals aged 14–15 must be created and managed by a parent or legal guardian. We process the data of minors based on the explicit consent provided by the parent/guardian at the time of registration.

11. THIRD-PARTY LINKS

Our site may contain links to external websites. We do not accept responsibility for the privacy policies of third-party sites. Please check these policies before submitting any personal data.

12. CHANGES TO THIS POLICY

Any future changes to our privacy policy will be posted on this page and, where significant, notified to you by email.