Privacy Policy


I’m Anna Winstanley and I trade as Base Pilates & Physiotherapy. Part of my professional commitment to you is to ensure the trust and confidence of my clients and visitors to my website. My passion is to help you to get the best out of your body. I’m not really interested in selling or trading email lists with any other companies or traders. This Privacy Policy outlines when and why I collect your personal data, how I use it, the limited conditions under which I may disclose it to others and how I keep it secure.

How, When and Why I collect your information.

When you request to join a class, or a waiting list for a class, I add your name to an email group. Please see below for how I manage mailing lists. When you start a new class, I ask clients to complete a registration form, which asks for Name, contact details, GP contact details, Emergency (next of kin) contact details. This ensures that I am able to contact you, and it also fulfils my professional standards according to Chartered Society of Physiotherapy’s Quality Assurance Standards for Physiotherapy service delivery. I also gather information about your lifestyle, your goals and your medical background. This data constitutes Special category data under GDPR Article 9 (2). This enables me to screen your suitability for the class, and to highlight any particular problems you have, that will require me to make suitable adaptations to the exercises given in class. It’s to help keep you moving safely! Information about your lifestyle and work, also helps me to foster a holistic view of you as a whole person, so that I can be sensitive to any external stresses on your body or mind.

How I store it and keep it secure.

Your records are kept safe in an A4 binder that stays with me during the class. At my home the file is stored in a locked filing cabinet. When you leave the class, your records are transferred to an archive section of the same filing cabinet, and remain there for the legal duration that I am bound to keep them. The Chartered Society of Physiotherapy advises that this duration should be eight years from the date of last treatment for adult records, and for children eight years after their 18 birthday or until 25 years of age.

I may also hold your name and telephone number on my mobile phone, so that I am able to contact you quickly and easily to arrange, change or cancel classes or appointments.

Visitors to the Website

When you visit I use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. I do not make, and do not allow Google to make, any attempt to find out the identities of those visiting my website.

Mailing Lists

Since May 2019 I use Mailchimp to manage my mailing lists and electronic communication. It makes it easier for me to connect with existing and potential new clients as well as generate more user friendly emails. All clients already attending classes on the 1stMay were manually added to the Mailchimp list. Subsequent clients may ether self-subscribe, or be added manually. All emails that are send via Mailchimp have the option for client to unsubscribe themselves from further communications. Mailchimp’s Privacy policy can be viewed here:

My business is still relatively small so I collate my email lists manually and send emails directly from a Google for business account (G Suite). Google has made amendments to its privacy and security protections in order to be GDPR compliant, and I have updated my account to accept their Data Processing Amendment. Google regularly updates users with any changes, and these are reviewed and updated as appropriate. You can find out more information about Google and GDPR here:

I usually send out group emails to let clients know about the class times and any changes to that schedule. When I send group emails, I enter the recipients under ‘bcc’ so that nobody else can see your email address. If you’d like to swap email addresses with another client you’ve befriended in class – I’ll leave that up to you! Sometimes I send group emails that are not bcc, and this would occur within a group of friends or colleagues who have commissioned me to teach a class at their workplace or other pre-arranged venue.

If you contact me to find out about classes, I will add your email to the waiting list email group with your consent. If you later tell me you no longer need to be on the waiting list, I’ll remove your details from my database.

Social Media

Like many small businesses, I use Facebook and Twitter to help share information about my services, and connect with potential and existing clients. It’s fun! You should know that if you choose to interact with me via social media, you are agreeing to the terms and conditions of those platforms.

Third Parties

I don’t routinely share personal information with any third parties. If you were to become unwell during a class, I may then share your information with any attending emergency services, or with your GP if that is more appropriate. If necessary I would also inform the emergency contact person that you have given me on your registration form. Similarly, if I had any concerns about you that you might harm yourself or others, I would be legally obliged to share that information with relevant health and social care providers.

Right to Access your Personal Data

Under the General Data Processing Regulations, 2018 people have the right to access information that we have stored about them.

If you want to view, amend or delete your personal data as is your right, please contact me at Legal exemptions may apply.

Changes to Privacy Notice

This policy was created on the 19th June 2019 and will be reviewed annually, or at any time that my data controlling methods or practices change before that date.