ILO STUDIOS
EN

Privacy Policy

Last updated: 28 April 2026

Who we are

ILO Clubs SL ("ILO STUDIOS", "we", "us", "our") is the data controller of the personal data collected through our website ilo-studios.com, our booking platform, and our physical studio at Carrer de Bailén 56, 08009 Barcelona, Spain.

  • Legal entity: ILO Clubs SL
  • Spanish Tax ID (CIF): B21792684
  • Registered address: Carrer de Bailén 56, 08009 Barcelona, Spain
  • Contact: hello@ilo-studios.com

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights under the General Data Protection Regulation (GDPR) and Spanish data protection law (LOPDGDD).

What data we collect

We collect different categories of personal data depending on how you interact with us:

  • Identity data: full name, date of birth (to verify minimum age requirement of 18), gender (optional, when you choose to provide it)
  • Contact data: email address, phone number, postal address (when relevant)
  • Booking data: classes reserved, attendance history, package and membership purchases, payment confirmation status (we never see or store your card numbers. Momence and Stripe handle that)
  • Health and safety data: any medical information you voluntarily disclose to us (e.g. pregnancy, cardiovascular conditions) so we can advise on safe participation
  • Technical data: IP address, browser type, device information, pages visited, referring URL
  • Marketing preferences: your consent to receive newsletters and promotional emails

How we use your data

We process your personal data for the following purposes:

  • To deliver our services: confirming bookings, managing classes, processing payments through Momence and Stripe, sending booking confirmations and reminders
  • To ensure your safety: discussing contraindications with you when relevant, adjusting practices when you disclose health conditions
  • To communicate with you: replying to enquiries, sending operational updates (changes to schedules, facility closures), legal notices
  • To improve our services: analysing aggregated, anonymised usage of our website to make it better
  • To send marketing communications: only if you have explicitly opted in. You can unsubscribe at any time using the link in every email
  • To comply with legal obligations: tax records, accounting, health and safety regulations, responding to court orders or regulatory requests

Legal basis for processing

We rely on the following legal bases under Article 6 GDPR:

  • Contract performance: when you book a class or buy a package, we need your data to deliver the service
  • Legitimate interest: to send operational updates and improve our services, where this does not override your privacy rights
  • Consent: for marketing communications, optional analytics cookies, and processing of any health information you choose to share
  • Legal obligation: for tax, accounting, and regulatory compliance

You can withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

Who we share your data with

We share your data only with parties strictly necessary to deliver our service:

  • Momence (booking platform): your identity, contact, and booking data are processed by Momence Inc. to manage reservations, packages, and memberships. Momence acts as our data processor under a Data Processing Agreement.
  • Stripe (payment processor): your payment data is processed by Stripe Payments Europe Ltd to handle transactions. We do not see or store your card details.
  • Vercel (hosting provider): our website is hosted by Vercel Inc. on EU servers. Vercel processes technical access logs.
  • Email service provider: for sending booking confirmations and (with your consent) marketing newsletters.
  • Legal and accounting advisors: bound by professional confidentiality, only when strictly necessary.
  • Authorities: tax authorities, courts, and regulators when required by law.

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

International data transfers

Your data is primarily processed within the European Economic Area (EEA). Some of our processors (e.g. Momence) may transfer data to countries outside the EEA. When this happens, we ensure transfers are protected by:

  • European Commission adequacy decisions, or
  • Standard Contractual Clauses approved by the European Commission, or
  • Other safeguards permitted under GDPR

You can request more information about specific transfers by emailing hello@ilo-studios.com.

How long we keep your data

We retain your personal data for as long as you are an active customer and for five (5) years after your last interaction with us, to comply with Spanish commercial and tax law (Article 30, Spanish Commercial Code).

For specific data categories:

  • Booking and payment records: 5 years (tax law)
  • Contact and identity data: 5 years from last interaction
  • Marketing consent records: until you withdraw consent + 3 years
  • Anonymised analytics: indefinitely (no longer personal data)

After these periods, your data is securely deleted or fully anonymised.

Your rights

Under GDPR, you have the following rights:

  • Right of access: request a copy of the data we hold about you
  • Right to rectification: correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten"): request deletion of your data, subject to legal retention obligations
  • Right to restriction: limit how we process your data
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interest or for direct marketing
  • Right to withdraw consent: at any time, without affecting prior lawful processing
  • Right to lodge a complaint: with the Spanish Data Protection Authority (Agencia Española de Protección de Datos, www.aepd.es)

To exercise any of these rights, email hello@ilo-studios.com. We will respond within one month.

Cookies and tracking

We use essential cookies necessary for the website to function (session management, language preference, security). We also use Google Analytics, Google Ads, and Meta Pixel to measure how visitors use our site and to improve our services and marketing campaigns. You can disable these technologies through your browser settings (most browsers allow you to block all or selected cookies). Disabling cookies may affect your experience on our website but will not prevent you from using our core services. We do not use third-party advertising cookies beyond those mentioned above.

Data security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption in transit (HTTPS/TLS)
  • Access controls limiting who in our team can see your data
  • Vetted, GDPR-compliant data processors
  • Regular review of security practices

In the event of a data breach affecting your rights, we will notify you and the Spanish Data Protection Authority within 72 hours as required by GDPR.

Minors

Our services are intended exclusively for adults aged 18 and over. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will delete it immediately.

Changes to this policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. The "Last updated" date at the top reflects when the latest changes took effect. Significant changes will be communicated through our website or by email if we have your contact details.

Contact

For privacy-related questions or to exercise your rights:

  • Email: hello@ilo-studios.com
  • Address: ILO Clubs SL, Carrer de Bailén 56, 08009 Barcelona, Spain

If you are not satisfied with our response, you have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD) at www.aepd.es.

Questions? Contact us at hello@ilo-studios.com