1. Data Controller MPGSTUDIO S.L. (Corazón Studio) is the Data Controller responsible for the processing of your personal data in accordance with the General Data Protection Regulation (GDPR – EU 2016/679) and the Spanish Organic Law 3/2018 (LOPDGDD).

2. Data Collected and Purpose of Processing We collect personal information such as your name, email address, phone number, and basic health information (e.g., injuries or pregnancy) strictly for the following purposes:

  • Managing studio bookings, attendance, and memberships.
  • Ensuring your physical safety and adapting the practice to your needs.
  • Processing payments and billing.
  • Sending administrative communications regarding schedule changes or studio policies.
  • Sending marketing communications and newsletters (only if explicit consent has been provided).

3. Legal Basis for Processing The legal bases for processing your data are:

  • Execution of a contract: Necessary for providing the requested fitness services, class packs, and memberships.
  • Explicit consent: For processing basic health data to ensure safe practice, and for sending commercial communications.
  • Legitimate interest: For internal administrative purposes and improving our services.

4. Third-Party Data Processors (Mindbody) To provide seamless booking and payment services, Corazón Studio partners with Mindbody, Inc. When you register an account, book a class, or make a purchase, your transactional and personal data are processed through Mindbody’s secure servers. Mindbody acts as a Data Processor and adheres to strict, industry-standard security and privacy protocols. Financial details (such as full credit card numbers) are encrypted and managed directly by Mindbody and their payment gateways; Corazón Studio does not store this financial data on its own servers.

5. Data Retention Personal data will be retained for as long as a commercial relationship is maintained, and subsequently for the legally required periods to address potential liabilities arising from the processing.

6. User Rights Under the GDPR, you have the right to:

  • Access your personal data.
  • Request rectification of inaccurate data.
  • Request erasure (Right to be Forgotten) when data is no longer necessary.
  • Request limitation of processing.
  • Object to the processing of your data.
  • Request data portability.

To exercise these rights, please send a written request to hello@corazon-studio.com, attaching a copy of your ID or passport.