Bendy Bodies Yoga & Mindfulness← Back to Home

Privacy Policy

Last updated: May 2026

This privacy notice tells you what to expect us to do with your personal information and applies to all Bendy Bodies classes, services and events.

On this page

Contact details

  • Business owner: Candice Luwes trading as Bendy Bodies
  • Website: www.bendybodies.co.uk
  • Contact: Candice Luwes
  • Telephone: +44 778 691 6950
  • Email: info@bendybodies.co.uk

Candice Luwes trading as Bendy Bodies is the data controller for the purposes of UK data protection law.

What information we collect, use, and why

We collect or use the following information to provide services and goods, including delivery:

  • Names and contact details
  • Addresses
  • Date of birth
  • Purchase or account history
  • Payment and transaction details. Card payments are processed securely by Stripe and we do not store full card details.
  • Health information (including dietary requirements, allergies and health conditions)
  • Health and safety information
  • Account information
  • Website user information (such as IP address and browser information)
  • Photographs or video recordings
  • Information relating to compliments or complaints

We also collect or use the following special category information to provide services and goods, including delivery:

  • Health information

We collect or use the following information for the operation of customer accounts and guarantees:

  • Names and contact details
  • Addresses
  • Payment details (processed securely by Stripe – we do not store full card details)
  • Purchase history
  • Account information, including registration details
  • Marketing preferences

We collect or use the following information for service updates or marketing purposes:

  • Names and contact details
  • Marketing preferences
  • Recorded images, such as photos or videos
  • Purchase or viewing history
  • Website and app user journey information
  • Records of consent, where appropriate

We collect or use the following information to comply with legal requirements:

  • Name
  • Contact information
  • Financial transaction information
  • Health and safety information
  • Safeguarding information

We also collect or use the following special category information to comply with legal requirements:

  • Health information

We collect or use the following personal information for dealing with queries, complaints or claims:

  • Names and contact details
  • Address
  • Account information
  • Purchase or service history
  • Witness statements and contact details
  • Customer or client accounts and records
  • Financial transaction information
  • Information relating to health and safety
  • Correspondence

We also collect the following special category information for dealing with queries, complaints or claims:

  • Health information

Lawful bases and data protection rights

Under UK data protection law, we must have a lawful basis for collecting and using your personal information. Which lawful basis we rely on may affect your data protection rights.

Your data protection rights

  • Your right of access – You have the right to ask us for copies of your personal information.
  • Your right to rectification – You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.
  • Your right to erasure – You have the right to ask us to delete your personal information.
  • Your right to restriction of processing – You have the right to ask us to limit how we can use your personal information.
  • Your right to object to processing – You have the right to object to the processing of your personal data.
  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you.
  • Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time.

If you make a request, we must respond without undue delay and in any event within one month. To make a data protection rights request, please contact us using the details above.

Our lawful bases for collection and use

Our lawful bases for collecting or using personal information to provide services and goods are: Contract; Legitimate interests.

Contract: We have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

Legitimate interests: We process limited personal information in order to operate and deliver yoga classes safely and effectively.

This includes managing bookings, maintaining attendance records, communicating important updates, adapting instruction where appropriate, coordinating classes across venues, and ensuring a safe environment for participants.

Only information that is relevant and necessary is collected. Data is stored securely, access is restricted, and individuals may request access, correction, or deletion of their information in accordance with UK GDPR.

Where we collect health information, this is processed on the basis of your explicit consent under Article 9(2)(a) UK GDPR, together with our legitimate interests in ensuring safe participation in physical activity.

Our lawful bases for collecting or using personal information for the operation of customer accounts and guarantees are: Contract; Legitimate interests.

Contract: We have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

Legitimate interests: We process personal information to operate the online booking system and manage customer accounts effectively.

This includes maintaining accurate booking records, processing payments, managing class credits or transfers, communicating important account-related updates, and ensuring secure access to booking information.

Our lawful bases for collecting or using personal information for service updates or marketing purposes are: Consent.

Consent: We have permission from you after we gave you all the relevant information. You have the right to withdraw your consent at any time.

Our lawful bases for collecting or using personal information for legal requirements are: Legal obligation.

Legal obligation: We have to collect or use your information so we can comply with the law.

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are: Legal obligation; Legitimate interests.

Legal obligation: We have to collect or use your information so we can comply with the law.

Legitimate interests: We process personal information in order to respond to queries, investigate complaints, and manage potential claims appropriately and fairly.

  • Communicate effectively with individuals raising concerns
  • Review booking and attendance records
  • Investigate incidents or accidents
  • Comply with insurance requirements
  • Resolve disputes in a transparent and timely manner

Where we get personal information from

  • Directly from you
  • Insurance companies
  • Schools, colleges, universities or other education organisations
  • Suppliers and service providers

Children’s data

Where classes are provided to children, personal information is provided by a parent or legal guardian. We do not knowingly collect personal data directly from children without parental consent. Parents or guardians may request access, correction or deletion of their child’s information at any time.

How long we keep information

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, including legal, insurance, safeguarding and accounting requirements.

  • Adult participant records: retained for up to 10 years from the date of last attendance, in line with insurance and legal limitation periods.
  • Children’s participant records: retained until the child reaches the age of 21, in line with safeguarding and legal limitation periods.
  • Financial records/transactions: retained for a minimum of 6 years in accordance with HMRC requirements.
  • Incident and accident reports: retained in line with the above retention periods, depending on whether the participant is an adult or child.
  • Marketing consent records: retained until consent is withdrawn.
  • General enquiries: retained for up to 12 months unless further action is required.

At the end of the applicable retention period, personal information is securely deleted or anonymised.

Who we share information with

Data processors

  • IONOS Cloud Ltd – We use IONOS to host our website.
  • Bookwhen Ltd – We use Bookwhen to manage class bookings and attendance.
  • Stripe Payments Europe Ltd – We use Stripe to process payments.
  • Microsoft Outlook (Microsoft 365) – We use Microsoft Outlook for email communications.
  • Starling Bank – We use Starling Bank for business banking.

Others we share personal information with

  • Insurance companies
  • Organisations we need to share information with for safeguarding reasons
  • Venue partners where reasonably necessary for the safe operation of classes or events
  • Professional or legal advisors
  • Relevant regulatory authorities
  • Professional consultants
  • Organisations we’re legally obliged to share personal information with
  • Emergency services

Sharing information outside the UK

Some service providers operate internationally. Where personal data is transferred outside the UK, this is done using recognised safeguards such as Standard Contractual Clauses, the UK International Data Transfer Addendum, or adequacy regulations.

Data security

We implement appropriate technical and organisational measures to protect personal information from unauthorised access, alteration, disclosure, loss or misuse. This includes secure cloud-based systems, restricted access controls and encrypted payment processing.

Cookies

When you visit our website we may send you a cookie. A cookie is a small text file that may be placed on your device to assist website function and improve user experience. Our website currently uses essential cookies only.

Essential cookies are used for:

  • Website functionality
  • Booking processes via Bookwhen
  • Secure payment processing via Stripe
  • Basic security and performance

These cookies do not:

  • Track you across other websites
  • Collect unnecessary personal information
  • Deliver advertising

As these cookies are essential for the website to function, they do not require consent.

When you make a booking or payment, BookWhen and Stripe may place their own cookies on your device. These are used to:

  • Maintain session security
  • Prevent fraud
  • Process payment securely
  • Ensure the booking system functions correctly.

These providers have their own privacy and cookie policies which you can review on their respective websites.

Bendy Bodies currently uses limited website analytics and performance monitoring tools to help improve website functionality and user experience. We do not currently use advertising, remarketing or behavioural tracking tools.

If this changes in the future, this Privacy Policy will be updated and a cookie consent mechanism will be implemented where required.

You can control or delete cookies through your browser settings. Blocking essential cookies may affect website functionality, including booking classes.

Lodging a complaint

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this notice. If you remain unhappy, you can also complain to the ICO.

  • Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • Helpline: 0303 123 1113
  • Website: ico.org.uk/make-a-complaint
← Back to Home
WhatsAppBook