Privacy Policy
Last updated: January 2025
GDPR Notice: This privacy policy complies with the European General Data Protection Regulation (GDPR). If you are located in the European Union, you have additional rights under GDPR which are detailed below.
1. Data Controller Information
Data Controller: EvokeMVMT PTY LTD
Contact: privacy@evokemvmt.com
Location: Australia
EU Representative: Not currently appointed (will be designated if required)
2. Legal Basis for Processing (GDPR Art. 6)
We process personal data based on the following legal grounds:
- Contract Performance (Art. 6(1)(b)): Account management, subscription services, payment processing
- Legitimate Interest (Art. 6(1)(f)): Service improvement, fraud prevention, security measures
- Consent (Art. 6(1)(a)): Marketing communications, optional analytics, non-essential cookies
- Legal Obligation (Art. 6(1)(c)): Tax records, anti-money laundering compliance
3. Personal Data We Collect
Account Information: Name, email address, encrypted password, subscription preferences, account creation date, email verification status.
Usage Data: Video watch history, progress tracking, favorites list, session duration, last login date, device information, IP address.
Payment Information: Billing information processed by Stripe (we do not store payment card details). Subscription status, billing history, pricing information.
Analytics Data (with consent): Page views, geographic location (country/region), browser type, referral source, user engagement patterns.
Communications: Support requests, feedback, and any other communications with us.
4. How We Use Your Personal Data
We use your personal data for:
Service Delivery (Contract Performance)
- Creating and managing your account
- Providing access to Pilates videos and content
- Processing subscription payments
- Tracking your progress and preferences
- Customer support and communication
Legitimate Business Interests
- Platform security and fraud prevention
- Service improvement and optimization
- Technical troubleshooting and maintenance
- Business analytics and performance monitoring
With Your Consent
- Google Analytics for website usage analysis
- Optional marketing communications
- Non-essential cookies for personalization
5. Data Sharing and Processors
We do not sell or rent your personal data. We share data only with trusted processors under strict agreements:
| Processor | Purpose | Location | Safeguards |
|---|---|---|---|
| Stripe Inc. | Payment processing | USA | Standard Contractual Clauses |
| Vimeo Inc. | Video hosting & delivery | USA | Standard Contractual Clauses |
| Google LLC | Analytics (with consent) | USA | Google Analytics DPA |
| Vercel Inc. | Website hosting & CDN | USA | Standard Contractual Clauses |
6. Data Retention Periods
- Account Data: Retained while account is active + 30 days after deletion request
- Subscription Records: 7 years (financial compliance requirements)
- Usage Analytics: 26 months (Google Analytics default, configurable)
- Support Communications: 3 years for quality assurance
- Security Logs: 90 days for fraud prevention
7. Your GDPR Rights
Under GDPR, you have the following rights:
Right of Access (Art. 15)
Request a copy of all personal data we hold about you
Right to Rectification (Art. 16)
Correct inaccurate or incomplete personal data
Right to Erasure (Art. 17)
Request deletion of your personal data ("right to be forgotten")
Right to Restrict Processing (Art. 18)
Limit how we process your personal data
Right to Data Portability (Art. 20)
Receive your data in a structured, machine-readable format
Right to Object (Art. 21)
Object to processing based on legitimate interests
Right to Withdraw Consent (Art. 7)
Withdraw consent for processing at any time
Exercise Your Rights: Visit your Privacy Settings page or contact us at privacy@evokemvmt.com
8. Cookies and Tracking Technologies
We use cookies and similar technologies as detailed in our cookie consent banner. You can manage your cookie preferences at any time through your browser settings or our Privacy Settings page.
Cookie Categories:
- Necessary: Essential for site functionality (always active)
- Analytics: Google Analytics (requires consent)
- Preferences: Remember your settings (optional)
- Marketing: Currently not used
9. Data Security Measures
We implement comprehensive security measures including end-to-end encryption, secure hosting infrastructure, regular security audits, access controls, and incident response procedures. All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
10. International Data Transfers
Your data may be processed outside the EU/Australia by our service providers. We ensure adequate protection through Standard Contractual Clauses (SCCs) approved by the European Commission and compliance with local data protection requirements.
11. Data Breach Notification
In case of a data breach affecting your personal data, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay if the breach is likely to result in high risk to your rights and freedoms.
12. Supervisory Authority
If you have concerns about our processing of your personal data, you have the right to lodge a complaint with your local data protection authority. For EU residents, you can find your local data protection authority here.
13. Policy Updates
We may update this policy periodically. Significant changes will be communicated via email and through our platform with at least 30 days notice. Continued use after changes indicates acceptance.
14. Contact Information
General Privacy Inquiries: privacy@evokemvmt.com
Data Protection Officer: To be appointed if required under GDPR
Response Time: We aim to respond to all privacy requests within 30 days
For urgent privacy matters or data breach reports, please mark your email as "URGENT - PRIVACY" in the subject line.