Privacy Policy
Privacy policy in accordance with GDPR for Katie Kollar Pilates.
Last updated: 1 March 2026
1. Data Controller
The data controller responsible for your personal data is:
Katie Kollar / Bodybar OG Bäckergasse 4 4600 Wels, Austria Email: hello@katiekollarpilates.at Phone: +43 664 4263492
If you have any questions about how we handle your data, please contact us at the email address above.
2. Types of Data We Collect
We collect and process the following categories of personal data:
• Contact information: name, email address, phone number • Booking data: class reservations, attendance history, membership status • Payment data: transaction records processed through Stripe (we do not store full card numbers) • Health information: any relevant health or injury details you voluntarily provide for safe instruction • Communication data: messages sent via our contact or training inquiry forms • Technical data: IP address, browser type, device information, pages visited • Cookie and analytics data: usage patterns collected via Google Analytics 4 (only with your consent)
3. Purposes of Data Processing
We process your personal data for the following purposes:
• To manage your bookings and class attendance • To process payments securely via Stripe • To communicate with you regarding your account, classes, and enquiries • To provide safe and appropriate Pilates instruction based on any health information you share • To send you service-related notifications (e.g. schedule changes, cancellations) • To improve our website and services through anonymised analytics • To comply with legal and regulatory obligations under Austrian and EU law
4. Legal Bases for Processing
We process your data under the following legal bases as defined in the GDPR:
• Contract performance (Art. 6(1)(b) GDPR): processing necessary to fulfil your booking, membership, or service agreement • Consent (Art. 6(1)(a) GDPR): for analytics cookies, marketing communications, and processing of health data you voluntarily provide • Legitimate interest (Art. 6(1)(f) GDPR): for website security, fraud prevention, and service improvements • Legal obligation (Art. 6(1)(c) GDPR): for tax records, invoicing, and regulatory compliance
5. Cookies & Analytics
Our website uses cookies to ensure functionality and, with your consent, to analyse usage patterns.
Essential cookies: These are strictly necessary for the website to function and cannot be disabled. They include session cookies and security tokens.
Analytics cookies (Google Analytics 4): We use GA4 to understand how visitors interact with our site. GA4 cookies are only set after you explicitly consent via our cookie banner. GA4 collects anonymised data including pages visited, session duration, and general geographic region. Google may process this data on servers outside the EU; however, IP anonymisation is enabled, and we have a Data Processing Agreement with Google. You can withdraw your consent at any time by adjusting your cookie preferences via the cookie settings link in the footer.
We do not use any advertising or social-media tracking cookies.
6. Data Sharing & Third Parties
We share personal data only where necessary and with appropriate safeguards:
• Stripe (payment processing): Stripe processes your payment data in accordance with PCI-DSS standards. Stripe's privacy policy applies to payment data they handle. • Google Analytics 4: anonymised usage data (consent-based only) • Email service provider: for sending booking confirmations and service notifications • Hosting provider (Vercel): our website is hosted on Vercel's infrastructure
We do not sell, rent, or trade your personal data to any third party for marketing purposes.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes described above:
• Booking and attendance records: retained for the duration of your active membership plus 7 years for tax and accounting obligations under Austrian law (Bundesabgabenordnung) • Contact form enquiries: retained for 12 months after the last communication • Payment records: retained for 7 years as required by Austrian tax law • Analytics data: automatically deleted after 14 months by Google Analytics 4 • Health information: retained only while you are an active client and deleted upon request or 12 months after your last visit
After the applicable retention period, data is securely deleted or anonymised.
8. Your Rights Under the GDPR
As a data subject, you have the following rights under the GDPR:
• Right of access (Art. 15): You may request a copy of the personal data we hold about you. • Right to rectification (Art. 16): You may request correction of inaccurate or incomplete data. • Right to erasure (Art. 17): You may request deletion of your data where there is no compelling reason for continued processing. • Right to restriction (Art. 18): You may request that we limit how we use your data. • Right to data portability (Art. 20): You may request your data in a structured, commonly used, machine-readable format. • Right to object (Art. 21): You may object to processing based on legitimate interests at any time. • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at hello@katiekollarpilates.at. We will respond within 30 days as required by law.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted connections (HTTPS/TLS), secure payment processing via Stripe, access controls, and regular review of our data-handling practices.
10. Austrian Data Protection Authority
If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the Austrian Data Protection Authority:
Österreichische Datenschutzbehörde Barichgasse 40–42 1030 Wien, Austria Phone: +43 1 52 152-0 Email: dsb@dsb.gv.at Website: www.dsb.gv.at
11. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. The updated version will be posted on this page with a revised date. We encourage you to review this policy periodically.