AssetVault Dance

Privacy Policy

This privacy notice explains how AssetVault Dance Studio (“we”, “us”) collects and uses your personal data in the United Kingdom in line with UK GDPR and the Data Protection Act 2018.

1. Who we are

AssetVault Dance Studio is the controller of your personal data for the purposes described in this notice. We provide dance classes, events, and related services in the UK.

Trading name: AssetVault Dance Studio
Registered office: 84 Millwright Lane, London, United Kingdom
Company number: 13749562 (England & Wales)
Data Protection Lead: Privacy Office

Back to contents

2. Data we collect

We collect and process the following categories of personal data, depending on your interactions with us:

Identity and contact details (name, postcode, phone number, email)
Account information (preferences, membership status, booking history)
Payment data (transaction references). Card details are handled by our payment processor; we do not store full card numbers
Communications (enquiries, feedback, correspondence)
Usage and device data (pages viewed, events interacted with, approximate location, log data)
Cookies and similar tracking technologies (see Cookies section)
Special category data only where strictly necessary and with your explicit consent (e.g., health notes for class safety)

Back to contents

3. How we use your data

Provide classes, manage bookings, memberships and events
Process payments and issue invoices/receipts
Respond to enquiries and provide customer support
Improve our website, classes and customer experience
Send service messages (e.g., class changes or safety updates)
Send marketing where permitted (you may opt out at any time)
Maintain records for tax, accounting and regulatory requirements

Back to contents

4. Lawful bases

We rely on the following lawful bases under Article 6 UK GDPR:

Contract: to provide classes, manage bookings and process payments
Legitimate interests: to improve services, ensure security, and run our business
Consent: for certain cookies, analytics and marketing communications
Legal obligation: tax/accounting retention and compliance

Back to contents

5. Cookies

Cookies are small text files placed on your device. We use:

Strictly necessary cookies: required for core site functions and security
Analytics cookies: help us understand how our site is used
Preference cookies: remember your choices (e.g., theme, consent)
Marketing cookies: only if enabled, to measure campaign effectiveness

You can manage consent at any time via the Privacy Controls. Disabling non‑essential cookies may affect some features.

Back to contents

6. Analytics

We may use privacy‑respecting analytics to collect aggregated usage statistics. Where cookies are involved, we request your consent. IP addresses are either truncated or pseudonymised where feasible.

Purpose: understand engagement, fix issues and improve content
Data: page URLs, events, device/browser type, approximate location
Retention: aggregated reports retained for up to 25 months

Back to contents

7. Marketing

We send marketing only with your consent or where permitted by PECR soft opt‑in. You can opt out at any time. If you opt out, we keep a minimal suppression record to respect your choice.

Back to contents

9. International transfers

Where data is transferred outside the UK, we use approved mechanisms such as UK Addendum to EU SCCs, IDTA, or adequacy regulations. Copies of relevant safeguards can be requested.

Back to contents

10. Retention

We retain personal data only for as long as needed to fulfil the purposes described, including legal and accounting requirements. Typical periods:

Customer account and booking records: up to 6 years after last interaction
Email enquiries: up to 24 months
Marketing preferences: until you opt out, then kept on a suppression list

Next scheduled data retention sweep in:

Back to contents

11. Security

Access controls and least‑privilege practices
Encryption in transit and at rest where appropriate
Vulnerability management and supplier due diligence
Incident response procedures and breach notification obligations

Back to contents

12. Your rights (UK GDPR)

You have the right to access, rectify, erase, restrict or object to processing, data portability, and to withdraw consent at any time. You also have rights related to automated decision‑making where applicable.

Access your data and receive a copy
Correct inaccurate or incomplete data
Request deletion or restriction of processing
Object to processing based on legitimate interests or direct marketing
Data portability for information provided by you

To exercise these rights, submit a request via the Privacy Controls or contact us using the details below. We will respond within one month in most cases.

Back to contents

13. Children’s privacy

Our classes may be suitable for children with parental involvement. For under‑13s we obtain consent from a parent or guardian where required. We do not use children’s data for marketing.

Back to contents

14. Complaints

If you are unhappy with how we use your data, please contact us first so we can try to resolve it. You also have the right to complain to the UK Information Commissioner’s Office (ICO).

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
ico.org.uk

Back to contents

15. Changes to this notice

We may update this privacy notice to reflect changes in law or our practices. Material changes will be highlighted on this page and, where appropriate, communicated to you directly.

Back to contents

16. Contact us

Email: [email protected]
Phone: +44 20 3821 7645
Postal: Privacy Office, AssetVault Dance Studio, 84 Millwright Lane, London, United Kingdom

For faster handling, include: your name, contact details, and a brief description of your request.