top of page

Privacy Policy

Storm & Bloom Ltd

​​

At Storm&Bloom Ltd,  we are committed to safeguarding your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

​

1. Who We Are

Storm&Bloom Ltd is the data controller responsible for your personal information.
Email: info@stormandbloom.co.uk

​

2. What Information We Collect

We may collect and process the following information:

  • Identity & Contact Details: Name, phone number, email address, address.

  • Booking & Payment Information: Class bookings, attendance records, and payment details. (We do not store your payment card information; this is handled securely by third-party processors.)

  • Health Information: Relevant medical details (e.g. injuries, pregnancy) voluntarily provided to ensure safe participation.

  • Marketing Preferences: Your choices for receiving promotional communications.

  • Technical Information: IP address, browser type, device information, usage data (via cookies).

​

3. How We Use Your Information

We use your data to:

  • Manage class bookings, payments, and studio operations.

  • Communicate with you about class updates, cancellations, and service changes.

  • Deliver marketing communications (only with your consent).

  • Ensure your health and safety in sessions.

  • Meet our legal and regulatory obligations.

​

4. Legal Basis for Processing

We process your personal data under one or more of the following legal bases:

  • Consent: For optional services like email marketing.

  • Contract: To fulfil our agreement with you (e.g. booking classes).

  • Legal obligation: For health and safety, tax, and other legal requirements.

  • Legitimate interests: For improving services and managing operations, provided your rights do not override these interests.

​

5. Marketing Communications

If you’ve opted in, we may send occasional emails about new classes, offers, or events. You can opt out at any time by clicking “unsubscribe” in any message or contacting us directly.

​

6. Sharing Your Data

We do not sell or rent your personal data. We may share it with trusted third parties who help us deliver our services, including:

  • Booking and scheduling platforms

  • Payment processors

  • Email and communication platforms

These providers are under contractual obligation to keep your information secure and only process it as instructed.

​

7. International Data Transfers

Some of our service providers may store or process data outside the UK. When this occurs, we ensure your data is protected through appropriate safeguards, including:

  • UK adequacy regulations

  • Standard Contractual Clauses (SCCs)

​

8. Data Retention

We retain your personal information only as long as necessary to fulfil the purposes we collected it for, including satisfying legal, accounting, or reporting obligations.

​

9. Your Rights Under UK GDPR

You have the right to:

  • Access your personal data.

  • Rectify inaccurate or incomplete data.

  • Erase your data (in certain circumstances).

  • Restrict or object to processing.

  • Port your data to another provider.

  • Withdraw consent at any time (where processing is based on consent).

​

Effective Date: 2025

​

bottom of page