Effective Date: 25 August 2024

At S3 Studios, we are committed to protecting the privacy and personal data of our clients. This Privacy Policy outlines how we collect, use, and safeguard your personal information in accordance with the General Data Protection Regulation (GDPR) and Portuguese data protection laws.

1. Data Controller
S3 Studios
Avenida Luísa Todi, no. 277, R/C – E8
Setúbal 2900-463
Portugal

hello@s3studios.pt
+351 910 371 724‬

2. Information We Collect
We collect and process the following types of personal data:

Personal Identification Information: Name, address, email address, phone number, date of birth.
Health Information: Relevant health conditions or medical information that you voluntarily provide to ensure your safety during classes.
Payment Information: Billing details such as credit card information, which is processed securely through third-party payment providers.
Usage Data: Information about your use of our services, such as class attendance, preferences, and interaction with our website or app.
Communication Data: Records of your communications with us, including emails, messages, and feedback.

3. How We Use Your Data
We use your personal data for the following purposes:

Service Provision: To manage your membership, class bookings, and participation in studio activities.
Health and Safety: To ensure classes and services are tailored to your health needs and to provide appropriate care.
Payment Processing: To securely process payments for services and products.
Marketing Communications: To send you updates, promotions, and information about our services, with your consent.
Legal Compliance: To comply with legal obligations, including accounting and tax requirements.
4. Legal Basis for Processing
We process your personal data based on the following legal grounds:

Contractual Necessity: Processing is necessary for the performance of a contract to which you are a party, such as managing your membership or class bookings.
Legitimate Interests: Processing is necessary for our legitimate interests, such as improving our services, provided your rights and interests do not override these.
Consent: Where applicable, we will obtain your explicit consent to process your data, especially for health information and marketing communications.
Legal Obligation: Processing is necessary to comply with legal obligations, such as tax and accounting requirements.
5. Data Sharing and Transfers
We do not sell or share your personal data with third parties, except:

Service Providers: We may share your data with trusted service providers who assist us in delivering our services, such as payment processors and IT service providers. These providers are bound by confidentiality agreements and are compliant with GDPR.
Legal Requirements: We may disclose your data to comply with legal obligations, such as court orders or government regulations.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new owners.
6. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. Once your data is no longer needed, it will be securely deleted or anonymized.

7. Your Rights
Under the GDPR, you have the following rights regarding your personal data:

Right to Access: You have the right to request access to the personal data we hold about you.
Right to Rectification: You have the right to request correction of any inaccurate or incomplete data.
Right to Erasure: You can request the deletion of your personal data under certain conditions, such as when the data is no longer necessary for the purposes it was collected.
Right to Restrict Processing: You have the right to request the restriction of processing under certain circumstances.
Right to Data Portability: You can request that we provide your personal data in a structured, commonly used, and machine-readable format.
Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes or based on our legitimate interests.
Right to Withdraw Consent: If processing is based on your consent, you have the right to withdraw it at any time.
To exercise any of these rights, please contact us at [Your Contact Email]. We will respond to your request within one month, as required by law.

8. Data Security
We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. This includes encryption, secure servers, and access controls.

9. International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure that appropriate safeguards, such as Standard Contractual Clauses (SCCs) or equivalent mechanisms, are in place to protect your data.

10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. We will notify you of any significant changes by posting the updated policy on our website and, where appropriate, communicating it directly to you.

11. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

hello@s3studios.pt
‭+351 910 371 724‬

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados - CNPD).