Privacy Policy

The Movement Academy — themovementacademy.co.ukEffective date: 01 February 2026

This Privacy Policy explains how we (defined below) collect and use personal data in connection with our website and the in-person London course (the “Course”). It is written in UK English and aligned to UK Data Protection Legislation (UK GDPR, Data Protection Act 2018 and PECR). A Romanian translation can mirror this structure for review by your Romanian counsel.

1) Who we are (Controller)

• Controller: S.C. Verona Training S.R.L., trading as “The Movement Academy”
• Registered office (RO): 25 Argentina Street, Bucharest, RO.
• Company number (RO): J2020013721406
• Contact for privacy matters: contact@themovementacademy.co.uk
• Website: https://themovementacademy.co.uk

[If appointed] UK GDPR Representative: [Name / Firm], [postal address], [email].We process payments and maintain accounting records in Romania.

Definitions used. “UK Data Protection Legislation” means all applicable UK data protection and privacy law, including the UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended). “EU GDPR” refers to Regulation (EU) 2016/679.

2) What data we collect

We only collect what we need for booking, running and safeguarding the Course, operating the website, and handling enquiries.

• Identity & Contact: name, email, phone, billing address, country.
• Professional: role/discipline (e.g., physiotherapist/osteopath/MSK), organisation (if applicable).
• Booking & Transaction: ticket details, order ID, price, currency, VAT/tax data; payment status and method (we do not store full card numbers).
• Communications: messages sent to us (email/support forms), preferences, and opt-in status.
• Technical & Usage: IP address, device/browser data, pages viewed, UTM/referrer, time on page, consent choices (via the cookie banner).
• Media (limited): photographs or short video captured at the Course for teaching/promo (see #8 below).
• Special category data: we do not intentionally collect; if you share accessibility/health info so we can make reasonable adjustments, we process it only for that purpose.

3) How we collect data

• Directly from you: during checkout, via email/support, or at registration.
• Automatically: through necessary cookies and, if you consent, analytics/advertising cookies (see #10).
• From third parties: payment providers (transaction status), website platform, and—where lawful—social/ads platforms about campaign performance (aggregated).

4) Why we use your data (purposes & legal bases)

We use your data only where we have a lawful basis:

1. Process bookings, take payment, issue confirmations & invoices; administer attendance - Contract (UK GDPR Art. 6(1)(b)); Legal obligation for tax/VAT

2. Pre-event and operational communications; responding to enquiries - Contract and Legitimate interests (deliver a paid course; keep attendees informed)

3. Fraud prevention, security, and service integrity (including Cloudflare protections) - Legitimate interests

4. Accounting and tax records (including VAT, where applicable) - Legal obligation

5. Analytics to improve the site and measure campaigns (non-essential cookies) - Consent (you can withdraw any time)

6. Advertising/retargeting (Meta/Google—non-essential cookies) - Consent

7. Event photos/video for teaching and promotion with an opt-out mechanism - Legitimate interests (professional event documentation), with effective opt-out

8. Legal claims, compliance and governance - Legitimate interests

We do not carry out automated decision-making producing legal or similarly significant effects on you.

5) Who receives your data (processors & recipients)

We share personal data only with trusted providers acting under contract as processors, or where required by law:

• Website/checkout: Webflow, Kajabi, Cloudflare
• Payments: Stripe Payments (card processing; we do not store full card numbers)
• Analytics/ads (subject to consent): Google (GA4), PostHog, Meta (Facebook/Instagram)
• Email & productivity: Google Workspace, Mailchimp
• Other service providers: IT/security, error logging, backup, document storage ([list if applicable]).
• Disclosures required by law: regulators, tax authorities, courts or law enforcement where legally mandated.

We do not sell personal data.

6) International transfers

Some providers are located outside the UK/EEA (e.g., the United States). Where we transfer data internationally, we rely on appropriate safeguards, such as:

• UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU Standard Contractual Clauses, and/or
• Other recognised safeguards permitted by UK Data Protection Legislation.Details are available on request.

7) How long we keep data (retention)

We keep data only as long as needed for the purpose collected or as required by law:

• Booking, contract and operational records: until 60 days after the Course ends (unless a dispute is reasonably anticipated).
• Invoices & accounting (including VAT evidence): 6 years.
• Support communications: 12 months from closure.
• Marketing (email lists): until you unsubscribe or [24 months] from last engagement, whichever is sooner.
• Cookies/analytics identifiers: per your consent and cookie settings (see $10).
• Media assets: [up to 3 years] unless you have opted out (see 48).

If you ask us to delete your data, we may retain what we must for legal obligations or to establish/exercise/defend legal claims.

8) Event photography/filming (media)

We may capture limited professional photographs/video at the Course to document training and promote future courses. We keep this proportionate and unobtrusive.

• Lawful basis: Legitimate interests (documenting and promoting a professional event).
• Your choice: If you object to being identifiable, notify us in writing before the Course or at on-site registration, and we will take reasonable steps to avoid capturing you or to suitably obscure you in published materials.
• We do not use attendee images in a way that is misleading or detrimental.

9) Your rights

Subject to legal limits, you have the right to: access, rectify, erase, restrict, object (including to processing based on legitimate interests), and portability of your data. Where processing relies on consent, you can withdraw it at any time (this does not affect prior processing).To exercise rights, email contact@themovementacademy.co.uk . We may need to verify your identity.

You may complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk or to your local supervisory authority. As our company is established in Romania, you may also contact the Romanian data protection authority (ANSPDCP): https://www.dataprotection.ro/.

10) Cookies, analytics and advertising

• We use a cookie consent banner. Non-essential cookies (analytics/ads) are off by default and load only if you consent.
• Necessary cookies enable security, load-balancing and checkout; these cannot be switched off.
• Analytics (if you consent): GA4 and PostHog to understand site performance and errors.
• Advertising (if you consent): Meta Pixel/Conversions API and similar tools to measure campaigns and, if enabled, to show or measure ads.
• You can change your choices anytime via “Cookie Settings” on our site or your browser controls.

11) Marketing

• We send service emails necessary for your booking (lawful basis: contract/legitimate interests).
• We send marketing emails only if you have opted in or where otherwise permitted by law. You can unsubscribe anytime via the link in those emails or by contacting us.

12) Security

We use appropriate technical and organisational measures to protect personal data, including TLS encryption in transit, access controls, least-privilege administration and vendor due diligence. No system is perfectly secure; we maintain procedures for incident response and, if required, will notify you and regulators of any personal-data breach in line with law.

13) Third-party links

Our website may link to third-party sites we do not control. Their privacy notices govern their processing.

14) Changes to this Policy

We may update this Policy from time to time (for legal or operational reasons). The latest version will always appear at this URL with the effective date above. Material changes will be highlighted on the site.

15) Contact

Questions or requests about this Policy or your data: contact@themovementacademy.co.uk Postal correspondence (controller): Verona Training SRL, 25 Argenting Street, Bucharest, RO.

[If appointed] UK GDPR Representative: [Name / Firm, UK address, email]

‍