Terms and conditions

Pilates Time

Privacy policy

In accordance with Articles 13 and 20 of the GDPR (EU Regulation 2016/679), the following information is provided, consistent with the principle of transparency, in order to make the user aware of the characteristics and methods of data processing on www.Pilatestime.fr

A) Identity and contact details

a.1 We hereby inform that the “Data Controller” is: Nour Habita, Nouvel Horizon Conseil France, 9 impasse des jardiniers 75011 Paris (France).

a.2 We provide the following contact details: e-mail address: [email protected]

B) Types of data and purpose of processing

b.1 The data collected are First Name and Surname, E-mail, Country of residence which are

required to purchase subscriptions available on the platform. Additionally, by using the training

platform, it is possible to find out which videos were viewed, the viewing percentage, the

location, the operating system, the opening of e-mails, and the clicks on certain links.

b.2 Personal data (seat or residence) and tax data (tax code/VAT NO.) are also collected in the event that the customer requests an invoice to be issued.

b.3 In order to process payments, data such as credit card number and control code are also

processed through the available payment intermediaries (Stripe or Paypal) and are visible

exclusively to them.

b.4 The data in the user's profile, the content published and the content of the messages

exchanged within the platform are also processed via the Data Controller's social media

networks, in accordance with the platform's rules.

b.5 The computer systems and software procedures used to operate this website acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of internet communication protocols.

While this information is not collected in order to be associated with identified data subjects, by its very nature it could, through processing and association with data held by third parties, enable users to be identified.

This type of data includes the IP addresses or domain names of the computers used by users to connect to the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and IT environment.

This data is used for the sole purpose of collecting anonymous statistical information on the use of the website and to check its correct functioning, and is deleted immediately after processing.

b.6 For the correct functioning of the platform, navigation data are also processed through the logs and cookies on the site.

C) Legal basis of the processing

The legal basis of the processing is as following:

For the processing of data referred to under points b.1, b.3, b.4 and b.5, the legal basis is the performance of a contract to which the data subject is a party or the performance of pre- contractual measures taken at the data subject's request (Art. 6(b) GDPR).

For the processing of data referred to under point b.2, the legal basis is the fulfilment of a legal obligation of the Data Controller (Art. 6(c) GDPR).

For the processing of data referred to under point b.6, the legal basis is the consent given by the data subject for one or more specific purposes (Art. 6(a) GDPR).

D) Data recipients and possible categories of data recipients

The data are processed at the premises of the Data Controller.

In addition to the Data Controller, in some cases, other parties involved in the management of

the site (administrative, sales, marketing personnel, lawyers, system administrators) or external

parties (such as third-party technical service providers, hosting providers, IT companies,

communication agencies) may have access to the data, ad also being appointed, if necessary,

Data Processors by the Data Controller. The updated list of Data Processors can always be

requested to the Data Controller.

E) Data transfers to third countries

The platform for subscription courses is Thinkific, which is owned by a CA company and which is based in Vancouver (CA). You can read the platform's privacy policy here: https://www.thinkific.com/terms-of-service/

Using Instagram, Facebook or LinkedIn also carries the exact same risks.

After the Schrems II ruling in July 2020, the US are no longer considered a safe country for

data transmission due to less strict data protection laws compared to those in Europe.

Therefore, by registering on the aforementioned platform, the user, aware of the risks of a

weaker legal protection, consents in accordance with Article 49 (a) GDPR (Explicit Consent

to Transfer), only for the data uploaded on said platform.

On the other hand, all data processed outside third-party platforms will be processed only at the Data Controller's premises and/or in servers located within the European Union or anyway belonging to companies subject to European law, without any kind of transfer outside the EU or to any international organisations.

F) Data retention period

The personal data referred to under points b.1, b.2, b.3, will be stored for a period of 10 years

or, in any event, for as long as required by mandatory civil or tax regulations in force.

The personal data referred to under point b.4, will be stored for as long as it is necessary to respond to requests and in any event for a maximum of 1 year.

For the data mentioned under points b.5. and b.6, please refer to our Cookie Policy for all details.

G) Data rights

In accordance with the EU Regulation, you have the right to:

• request access to your personal data (i.e. to know whether and what personal data we

hold about you);

• request the correction of inaccurate data or the integration of incomplete data (if any

of your data has changed);

• request the deletion of personal data (in case of the occurrence of one of the

conditions set out in Article 17(1) of the GDPR and in compliance with the exceptions

provided for in paragraph 3 of the same Article);

• request the limitation of the processing of your personal data, if one of the cases

indicated in Article 18(1) of the GDPR occurs

• object to the processing;

• request and obtain your personal data in a structured, machine-readable format,

also in order to communicate such data to a different data controller (right to

portability);

• withdraw your consent at any time, limited to cases where the processing is

based on consent for one or more specific purposes and concerns common personal data

(for example, date and place of birth or place of residence). Processing based on consent

and carried out prior to the withdrawal of consent retains, however, its lawfulness;

• The above-mentioned rights with regard to personal data relating to deceased

individuals may be exercised by any person who has an interest of his own, or is acting

on behalf of the data subject, in his capacity as his representative, or for family reasons

worthy of protection, unless the data subject has expressly forbidden this in a written

declaration submitted to or communicated to the data controller.

• File a complaint to the control authority (Italian Data Protection Authority –

www.garanteprivacy.it).

The Data Controller is required to reply within one month from the date of receipt of the request, which may be extended by up to three months in case the request is particularly complex.

We would like to inform that when the processing of data is based on Article 6(1)(a) EU Regulation 2016/679 the data subject has the right to withdraw consent at any time without affecting the lawfulness of the processing based on the consent before the withdrawal.

As for the modalities of exercising the above-mentioned rights, the interested subject may write to: e-mail: [email protected]

H) Provision of data

The provision of data is compulsory because the transmission of data is a contractual obligation or a necessary requirement for the contract to be finalised.

Withholding of data will not allow the subject to proceed with the completion of the contract.

I) Minors

The Data Controller intends to process only data of individuals over the age of 18, as its services are not meant for minors. Minors, individuals under the age of 18 years, are urged not to enter information or use the services provided.

Anyone who believes that their child under the age of 18 has entered personal information should contact [email protected] to request

the removal of the data and deactivate the account.

Paris, 01/08/2023