Privacy Policy

Fibi Moves by Phoebe Barrow

Last updated: 26 June 2026

1. Who we are

Fibi Moves is a sole trader business operated by Miss Phoebe Bridget Barrow, providing Pilates classes and personal training in Surrey and Hampshire.

As the person who decides how and why your personal data is used, Phoebe Barrow is the data controller for this business under UK data protection law.

Contact details:

Name: Miss Phoebe Bridget Barrow (trading as Fibi Moves)

Email: hello@fibimoves.co.uk

Phone: +44 7554 212 173

2. The law that applies

This policy is written in line with:

  • The UK General Data Protection Regulation (UK GDPR)

  • The Data Protection Act 2018

  • The Data (Use and Access) Act 2025

3. What information we collect and why

Website enquiry form:

When you submit an enquiry via our website, we collect your full name, phone number, email address, home address, and which services you are interested in.

We use this to respond to your enquiry and, if you proceed, to set up your place in our classes or personal training sessions.

Lawful basis: Performance of a contract (or steps taken at your request prior to entering a contract) — UK GDPR Article 6(1)(b). Where we follow up with you after receiving an enquiry, we rely on our legitimate interests in responding to people who have contacted us — Article 6(1)(f).

Client registration and health information:

Before you attend any class or personal training session, we ask you to complete a Client Registration Form. This includes your name, date of birth, address, phone number, email, GP practice details, emergency contact details, and answers to health screening questions (equivalent to a standard PAR-Q).

Your health information is special category data under UK data protection law and receives the highest level of protection.

We collect and use it to:

  • Ensure we can deliver safe and appropriate instruction

  • Fulfil our duty of care and health and safety obligations

  • Contact someone on your behalf in an emergency

Lawful basis: Performance of a contract — Article 6(1)(b). Legal obligation (health and safety) — Article 6(1)(c). Vital interests in an emergency — Article 6(1)(d).

Condition for processing your health data: Your explicit consent — Article 9(2)(a), given when you sign the Client Registration Form. In a life-threatening emergency, we may also rely on vital interests — Article 9(2)(c).

You may withdraw your consent to us holding your health data at any time by contacting us. Please be aware that if you do, we may not be able to safely provide our services to you.

Payment:

We accept payment by payment link or direct bank transfer. We do not see or store your card or full bank account details. We record the fact of payment for our business accounts.

Lawful basis: Performance of a contract — Article 6(1)(b). Legal obligation for financial record-keeping — Article 6(1)(c).

Communication about classes:

We may contact you by email or phone to let you know about class schedules, changes, cancellations, or other information relevant to your sessions. We may also occasionally contact you to invite you to leave a review of your experience on Google.

Lawful basis: Legitimate interests — Article 6(1)(f). We have a legitimate interest in keeping clients informed about services they have signed up for or enquired about.

Google's privacy policy can be found at policies.google.com/privacy.

WhatsApp Community (optional):

We run an optional WhatsApp Community for clients. Joining is entirely your choice. Once you are a member, other participants will be able to see your profile name and picture in line with your own WhatsApp privacy settings. We use the community to share announcements and class-related polls.

Lawful basis: Consent — Article 6(1)(a). You can leave the community at any time.

WhatsApp is operated by Meta Platforms, Inc. and is governed by its own privacy policy, which you can read at whatsapp.com/legal/privacy-policy. We are not responsible for how WhatsApp processes your data as a platform.

Photography:

We do not photograph or film you during classes without your prior, express consent. If we arrange a marketing shoot, we will ask you to sign a separate photography consent form before any images are taken or used.

Testimonials:

If you agree to provide a testimonial for use on our website, we will collect and publish your words alongside your first name, age, town and county. We will only ever do this with your explicit prior consent, given by email. You can withdraw your consent and have your testimonial removed at any time by contacting us at pb.movement@icloud.com.

Lawful basis: Consent — Article 6(1)(a).

4. How we store and protect your information

We take reasonable steps to keep your data secure. Your information is stored using the following systems:

  • Email: A business email account accessed via a dedicated alias address

  • Client records: A password-protected spreadsheet stored on a secure cloud service

  • Signed registration forms: Stored as scanned PDFs or photographs on a secure cloud service

Some cloud-based services we use may store data outside the UK. Where this occurs, it is carried out under appropriate data protection safeguards in line with UK GDPR requirements.

We do not share your personal information with any third party for marketing, advertising, or commercial purposes.

5. Class venues

Our classes take place at third-party venues. Those venues may operate CCTV or collect data for their own security or administrative purposes. Any such collection is governed by the venue's own privacy policy, for which we are not responsible. We enter into appropriate agreements with venues to use their facilities.

6. How long we keep your information

Type of information

How long we keep it

Enquiry form data (if you do not become a client)

Up to 6 months from last contact, then deleted

Client contact details and records

For the duration of your membership, then 7 years

Health and medical records

For the duration of your membership, then 7 years

Financial records we hold (e.g. invoices)

At least 7 years (required by HMRC); may be retained longer where there is a legitimate reason to do so

Payment transaction records held by our bank

Retained by our bank under their own legal obligations as a regulated financial institution — outside our control

Photography consent forms

For as long as images are in use, then 7 years

Testimonial content and consent records

Published for as long as consent stands. Consent records kept for 2 years after withdrawal.

After the relevant period, data we control will be securely deleted or destroyed. Where data is held by a third party such as our bank or cloud service provider, retention is governed by that party's own legal obligations and privacy policy.

7. Your rights

Under UK data protection law, you have the right to:

  • Access — request a copy of the personal information we hold about you

  • Correction — ask us to correct inaccurate or incomplete information

  • Erasure — ask us to delete your data in certain circumstances

  • Restriction — ask us to limit how we use your data in certain circumstances

  • Object — object to processing based on our legitimate interests

  • Portability — receive your data in a portable format in certain circumstances

  • Withdraw consent — where we rely on consent, you can withdraw it at any time without affecting anything we did before you withdrew it

To exercise any of these rights, please contact us at hello@fibimoves.co.uk. We will respond within one calendar month.

8. Cookies and website analytics

Our website is built using Framer. Framer's built-in analytics do not use cookies and do not collect any information that can identify you personally. No cookie consent banner is required or used on this website.

We do not use Google Analytics, advertising tools, or any third-party tracking scripts.

For more information about how Framer handles data, see Framer's privacy statement at framer.com/legal/privacy-statement and their GDPR guide at framer.com/help/articles/gdpr-and-cookies.

Our website contains links to Google Maps, which show the locations of our classes. Google Maps has its own privacy policy. We are not responsible for how Google processes data through those links.

9. Links to other websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to read their privacy policies independently.

10. How to raise a concern or complaint

If you have any concern about how we handle your personal information, please contact us first, we would like the chance to put things right.

Email: hello@fibimoves.co.uk

Phone: +44 7554 212 173

We aim to respond to all concerns promptly and fairly.

You also have the right to complain to the UK's data protection regulator, the Information Commissioner's Office (ICO):

Helpline: 0303 123 1113

Website: ico.org.uk

11. Changes to this policy

We may update this policy from time to time. The date at the top of this document shows when it was last reviewed. We recommend checking back periodically.