Privacy Policy - Heartbeat High Pilates

Last updated: 8 October 2025

LIVPHOEVA PTY LTD (trading as Heartbeat High Pilates) of Level 3/5 Barrack Street, Perth WA 6000 and its related entities and brands (collectively, “Heartbeat High”, “HBH”, “we”, “us”, “our”) respect your privacy and are committed to protecting your personal information. This policy explains what we collect, why we collect it, how we use and disclose it, and the choices you have. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where relevant, we also outline additional rights for people in the EEA and UK under the GDPR.

This policy covers our websites, the HBH app, in-studio experiences, the Mindbody booking system, and our social and marketing channels.

1. Personal information we collect

We collect personal information that you provide directly, information we create during your use of our services, and information from third parties we work with.

Information you provide:

Contact details such as name, email, phone number, postal address
Account data such as login, bookings, membership type, attendance, waitlists
Payment information processed by our payment providers. We do not store full card numbers
Health and safety information that you choose to share such as injuries, pregnancy status, post-natal status, and relevant medical notes so we can keep you safe in class
Communications with us such as emails, forms, survey responses, support requests, and competition entries
Marketing preferences and consents

Information collected automatically:

Device and usage data such as IP address, device identifiers, browser type, pages viewed, session timestamps, and referral sources
Cookies and similar technologies for analytics and advertising. See Cookies and tracking below

Information from third parties:

Mindbody booking and attendance records
Payment processors and fraud prevention partners
Marketing and analytics partners such as Google, Meta, and TikTok
Social media platforms when you connect or interact with our pages
Event or corporate wellness partners where you have agreed to share details

2. Why we collect and use your information

We use your information to:

Provide, operate, and improve our classes, memberships, and services
Manage bookings, waitlists, class check-ins, cancellations, and studio access
Process payments, credits, refunds, and account queries
Keep you safe in class by understanding relevant health considerations and tailoring options
Send transactional messages such as booking confirmations, reminders, and policy updates
Run optional programs such as challenges and leaderboards, including displaying first name and initial. You can opt out on request
Provide customer support
Run analytics, measure performance, and improve our timetable and services
Market our services where permitted, including via email, SMS, and digital advertising
Comply with law, respond to lawful requests, and protect our rights and the safety of clients and staff

We only collect sensitive information such as health details with your consent, or as otherwise permitted by law, and we take extra care with it.

3. Cookies and tracking

We use cookies and similar technologies to run the site, keep you logged in, remember preferences, measure performance, and deliver relevant ads. Partners may include Google Analytics, Meta Pixel, and TikTok Pixel. You can control cookies through your browser and device settings. You can also manage ad personalisation in your platform accounts. Disabling some cookies may reduce site functionality.

4. When we disclose information

We share personal information with:

Service providers and partners who help us operate, such as Mindbody, payment processors, IT and hosting providers, email and SMS platforms, analytics and advertising partners, and customer support tools
Instructors and studio staff so they can deliver your class safely
Event or corporate partners when you join a partner program and consent to sharing
Professional advisors such as auditors, accountants, insurers, and lawyers
Authorities when required by law or to protect rights, property, or safety
Business transfers if we undertake a merger, sale, or reorganisation

We require service providers to protect your information and use it only for the work they do for us.

5. Cross-border disclosure

Some of our service providers store or process data outside Australia including in the United States, the European Union, and the United Kingdom. We take reasonable steps to ensure overseas recipients handle personal information in a way that is consistent with the APPs.

6. Data retention

We keep personal information only as long as needed for the purposes in this policy.

Account, booking, and payment records are generally kept for up to 7 years to meet legal and tax obligations
Health screening notes are retained while you are an active client and for a reasonable period thereafter
Marketing information is kept until you opt out or until it is no longer needed
When information is no longer required, we will take reasonable steps to de-identify or securely destroy it.

7. Security

We use administrative, technical, and physical safeguards to protect personal information. No method of storage or transmission is completely secure. If a data breach occurs that is likely to result in serious harm, we will follow the Notifiable Data Breaches scheme.

8. Your choices and rights

Access and correction. You can request access to the personal information we hold about you and ask us to correct it if it is inaccurate, out of date, incomplete, or misleading
Marketing choices. You can unsubscribe from marketing emails at any time using the link in the message. For SMS, reply STOP. You will still receive essential service communications such as booking confirmations and policy updates
Cookies and advertising. Manage cookie settings in your browser and ad preferences in your platform accounts
Health data. You can withdraw consent for us to use health information, though this may affect our ability to support you safely in class

Additional rights for EEA and UK residents

If you are in the EEA or UK, the GDPR may give you additional rights including the right to object or restrict processing, data portability, and the right to lodge a complaint with your local supervisory authority. Our legal basis for processing typically includes consent, performance of a contract, compliance with legal obligations, and our legitimate interests in operating and improving the studio and services.

9. Children

Our services are intended for people aged 16 and over. Clients aged 15 may attend with a parent or guardian. We do not knowingly collect personal information from children under 16 without appropriate consent.

10. Studio CCTV

Some studio locations may use CCTV for safety and security. Footage is stored securely, used only for legitimate purposes, and deleted when no longer required unless it needs to be retained for investigations.

11. Third-party links

Our website and app may contain links to other sites. Their privacy practices are not covered by this policy. Review the privacy policy of any site you visit.

12. How to contact us or make a complaint

Email: hello@heartbeathigh.com.au
Post: Privacy Officer, Heartbeat High, Level 3/5 Barrack Street, PERTH WA 6000

If you make a privacy complaint, we will respond in writing within a reasonable period. If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner. Visit the OAIC website for contact details and guidance.

13. Changes to this policy

We may update this policy from time to time. The updated version will be posted on our website with a new “Last updated” date. Significant changes will be notified through the site, app, or by email where appropriate.