STRONG PILATES CANADA
PRIVACY POLICIES

Last Updated: 19^th of May 2025.

1. Introduction

Master STRONG Pilates Corp. and its related entities (“we”, “our”, “us”, and “Strong”) recognizes the importance of protecting the privacy and the rights of individuals in relation to their personal information. This document is our privacy policy, and it tells you how we collect, use, and disclose your personal information.

STRONG operates a franchise network of independently owned and operated businesses, all of which operate under the STRONG Pilates Canada brand (each, a “STRONG Franchisee”). STRONG Franchisee is an independent third-party entity that operates under a franchise grant from STRONG Master Corp. A list of STRONG Franchisee locations may be found here.

This privacy policy applies only to the collection, use, or disclosure of personal information by STRONG or STRONG Franchisee, including through our website: strongpilates.ca and our mobile application (collectively, the “Platform”). For instance, when we handle your personal information when you sign-up for and attend classes at our studio or interact with us using our social media.

We respect your rights to privacy under the Personal Information Protection and Electronic Documents Act (Canada) and applicable Canadian provincial privacy legislation (collectively, “Privacy Laws”). We comply with all Privacy Laws in respect of the collection, use, and disclosure of your personal information.

By accessing or using our Platform or services, you signify your acceptance of this privacy policy and consent to our collection, use, and disclosure of your personal information as described in this privacy policy. You may withdraw your consent to our collection, use, or disclosure of your personal information at any time by contacting us using the contact information provided in this privacy policy. If you choose to withdraw your consent, we may not be able to provide you with certain services, communications, and opportunities as described in this privacy policy.

2. What is your personal information?

When used in this privacy policy, the term “personal information” means any information about an identifiable individual, including information that can be used to identify you. This may include your name, address, telephone number, email address, profession, occupation, or payment information. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.

3. What personal information do we collect?

If you are a customer or potential customer, we may collect the following types of personal information about you:

• name;
• mailing or street address;
• age or birth date;
• email address;
• telephone number;
• username, password, and any personal information that we obtain when you use our Platform or social media, including details of your preferences in receiving marketing information and your communication preferences;
• the last four digits of your credit card via our mobile application and online booking provider, and/or other payment method details via Stripe, our third-party payment processor;
• information you choose to provide to us during telephone calls, in-person visits, or in emails to our representatives from time to time, including in a job application;
• personal information relating to injuries, illnesses, whether you are pregnant, and any other relevant health information;
• details of the services you have acquired from us or which you have inquired about, together with any additional information necessary to deliver those services and to respond to your inquiries;
• images, videos and audio/visual recordings of classes you attend;
• details of your attendance rates and information about how you use our services; and
• technical information related to your internet protocol (IP) address used to connect to our Platform, information about your visit to our Platform, and location information that we may collect through our Platform.

We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys or aggregated information about how users use our Platform.

If you are a STRONG Franchisee or you intend to apply to become a STRONG Franchisee, we may collect additional information, including:

• qualifications and work experience;
• information relating to your business, including business name, business identification number, director, and/or shareholder information; and
• bank details to enable agreed direct debits. 

4. How do we collect your personal information?

Directly from you: We collect your personal information directly from you unless it is unreasonable or impracticable to do so. We only collect information by lawful means. As part of using our services or interacting with us, we may collect and process some details about you. When we do so, we will collect, use or share your personal information with your consent for the purposes identified or as otherwise permitted or required by law. In compliance with our privacy obligations, we may obtain your permission based on implied consent (including through this privacy policy) or through other means (such as express consent). However, in some situations, the law allows us to collect, use or disclose personal information without your consent.

When collecting personal information from you, we may collect in ways including:

• when you visit our studio;
• when you become a customer of ours
• when you sign up for and participate in one of our classes [or private sessions];
• during conversations between you and our studio employees or representatives;
• through communications with our studio, including via the phone, on social media or when you email us;
• when you ask to be placed on one of our mailing lists;
• when you apply for a job with us;
• when you make an inquiry about our services or becoming a STRONG Franchisee;
• through your access and use of social media or our Platform, including information collected directly using cookies and similar technologies (including third-party cookies, such as Google Analytics); or
• when you become a customer or a debtor of ours. 

From third parties: We may collect your personal information from our business partners who have your consent to share your personal information with us. For example, when you share information with STRONG via its Platform.

5. For what purposes do we collect, use, and disclose your personal information?

We collect personal information about you so that we can perform our business activities and provide the best possible quality of customer service. We collect, use, and disclose your personal information for the following purposes:

• to provide and personalize our services to you (either as a customer of STRONG or a STRONG Franchisee);
• to identify and authenticate you;
• to send communications requested by you;
• to answer inquiries, provide information or advice about existing and new services, and effectively respond to your customer service requests;
• to assess the performance of our Platform, and to improve the operation of those;
• to process transactions via Stripe, our third-party payment processor;
• to conduct business processing functions, including providing personal information to third parties such as Stripe for payment processing, and Hapana for mobile application and online booking system functionality;
• for administrative (including managing our day-to-day operations), marketing, advertising (including direct marketing, such as SMS text messages, direct messages, emails, and newsletters), planning, product or service development, quality control, and research purposes;
• to provide your updated personal information to our related entities, STRONG Franchisees, contractors, or service providers;
• to promote our services on social media;
• to notify you of changes to our services, offerings, promotions or events;
• to update our records and keep your contact details up to date;
• to improve and develop our services, offerings, events, and customer interactions and relationships;
• to assess your suitability to any of our job postings;
• to process and respond to any complaint made by you; and
• to comply with any law, rule, regulation, lawful and binding determination, decision, or direction of a regulator, or in co-operation with any governmental authority.

We may also share your personal information with third parties to support the delivery of our services to you and for any other purpose for which you have consented.

6. What happens if we can’t collect your personal information?

If you do not provide us with the personal information described above, some or all of the following may happen:

• we may not be able to provide our services to you, permit participation in events, programs, and activities we manage or deliver, either to the same standard or at all;
• we may not be able to provide you with information about services that you may want or personalize your experience with us; or
• we may be unable to tailor the content of our Platform to your preferences and your experience of our Platform may not be as enjoyable or useful.

You can withdraw your consent to the collection, use or disclosure of your information at any time. However, in some cases withdrawing consent will mean that we can no longer provide you with certain services or perform certain tasks where the information is required to do so.

You may withdraw your consent to the collection, use or disclosure of your or your child’s personal information at any time by contacting the Privacy Officer (see ‘Contacting Us’ below) and, subject to any legal constraints, we will comply with your request.

7. How we share your personal information

We may disclose your personal information to:

• Our related entities, STRONG Franchisees, affiliates, contractors, or service providers for the purposes of operating our studio and our Platform, including our online booking system, fulfilling requests by you, and to otherwise provide services to you (including, without limitation, web hosting providers, IT systems administrators, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors, business advisors, and consultants);
• relevant government, federal, and provincial authorities for the purpose of investigating an incident, including a workplace health and safety matter or security incident;
• a responsible person (e.g., parent, guardian, spouse) if you are injured, incapable, or cannot communicate, unless you have requested otherwise;
• advertisers and advertising networks that require the information to select and serve relevant advertisements to you and others;
• a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our users is among the assets transferred; and
• any organization for any authorized purpose with your express consent.

We may combine or share any information that we collect from you with information collected by any of our related entities or STRONG Franchisees for the purposes set out in this privacy policy.

We may also disclose your personal information:

• To comply with any court order, law, or legal process, including to respond to any government or regulatory request, in accordance with applicable law.
• To enforce or apply our terms of use and other agreements, including for billing and collection purposes.
• If we believe disclosure is necessary or appropriate to protect our rights, property, or the safety of our users or others.

We may transfer personal information that we collect or that you provide as described in this policy to contractors, service providers, and other third parties we use to support our business (such as analytics and search engine providers that assist us with Platform improvement and optimization) and who are contractually obligated to keep personal information confidential, use it only for the purposes for which we disclose it to them, and to process the personal information with the same standards set out in this policy.

We may process, store, and transfer your personal information in and to a foreign country, with different privacy laws that may or may not be as comprehensive as Canadian law. In these circumstances, the governments, courts, law enforcement, or regulatory agencies of that country may be able to obtain access to your personal information through the laws of the foreign country. Whenever we engage a service provider, we require that its privacy and security standards adhere to this policy and applicable Canadian privacy legislation. You are welcome to contact us (see ‘Contacting Information’ below) to obtain further information about our policies regarding service providers outside of Canada.

8. Cookies and Automated Data Collection Technologies

When you access our Platform, we may send a “cookie” (which is a small summary file containing a unique ID number) on our Platform and in other areas related to our business, such as online advertising, to collect information and provide you with the services or products that you have requested, which is saved to your computer or mobile device. This enables us to recognize your device and greet you each time you visit our Platform without bothering you with a request to register. It also enables us to keep track of services you view so that, if you consent, we can send you news about those services. We also use cookies to measure traffic patterns, to determine which areas of our Platform have been visited and to measure transaction patterns in the aggregate. We use this to research our users’ habits so that we can improve our online services. Our cookies do not collect personal information. If you do not wish to receive cookies, you can set your browser so that your device does not accept them. We may log IP addresses (that is, the electronic addresses of computers connected to the internet) to analyze trends, administer the Platform, track users’ movements, and gather broad demographic information.

The information we collect automatically is statistical information and may include personal information. We may maintain the information or associate it with personal information that you provide to us, or that is received from third parties. We may use cookies to:

• Recognize you when you return to our Platform;
• Understand and save user’s preferences for future visits;
• Estimate our audience size and usage patterns;
• Speed up your searches;
• Keep track of advertisements; and
• Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.

If you disable cookies, some features of our Platform may be disabled and some of our services may not function properly. However, you can still place orders even if you disable cookies.

The technologies we use for this automatic data collection may include:

• Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Platform. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Platform.
• Flash Cookies. Certain features of our Platform may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Platform. Flash cookies are not managed by the same browser settings that are used for browser cookies.
• Web Beacons. Pages of our Platform and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit Exposoft, for example, to count users who have visited those pages or opened an email and for other related statistics (for example, recording the popularity of certain content and verifying system and server integrity).

Third Party Use of Cookies and Other Tracking Technologies

Some content or applications on our Platform, including advertisements, are served by third-parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Platform. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioural) advertising or other targeted content.

We do not control these third parties’ tracking technologies or how they are used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.

9. Links

We do not include or offer third party products or services on our Platform. We may provide links to third-party websites and platforms outside of our Platform. These linked sites are not under our control, and we do not accept liability or responsibility for the conduct of companies not operated by us. Before disclosing your personal information on any other website, mobile application, or platform, we recommend that you read the privacy policy and the terms and conditions of using that website, mobile application, or platform. Third-party websites are responsible for informing you about their own privacy practices.

10. Direct marketing communications

We do not provide your personal information to other organizations for the purposes of direct marketing. 

We may send you direct marketing communications and information about our services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, online messaging, fax, and email, in accordance with applicable marketing laws, such as Canada’s Anti-Spam Legislation (CASL). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see ‘Contacting Us’ below) or by using opt-out facilities provided in the marketing communications. If you choose to opt-out of receiving marketing communications from us, we will then ensure your name is removed from our mailing list.

11. Do we collect, use, disclose, or store your personal information outside of Canada?

We may disclose personal information to our related entities or STRONG Franchisees, third-party suppliers, and service providers located overseas for some of the purposes listed above. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the Privacy Laws relating to your personal information.

We may disclose your personal information to entities located outside of Canada, as follows:

• our mobile application support team in Australia; and
• our data hosting and other IT service providers, located in the United States and hosted on Amazon Web Services.

You may access written information about Strong’s policies and practices with respect to service providers outside Canada by contacting us (see the details below). Our team can answer any questions you may have about the collection, use, disclosure, or storage of personal information by service providers outside Canada for or on behalf of Strong.

Except as otherwise permitted or required by applicable law or regulation, we will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Under some circumstances we may anonymize your personal information so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.

12. Security and data quality

We may hold your information in either electronic or hard copy form. We take reasonable steps to ensure your personal information is protected from misuse and loss and from unauthorized access, modification, or disclosure. 

We strive to ensure the security, integrity, and privacy of personal information that you submit to us through our Platform. Unfortunately, no data transmission over the Internet can be guaranteed to be totally secure. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk. We endeavour to take all reasonable steps to protect the personal information you may transmit to us or from our online products and services. Once we do receive your transmission, we will also make our best efforts to ensure its security on our systems.

In addition, our employees and the contractors who provide services related to our information systems are obliged to respect the confidentiality of any personal information held by us.

Personal information is destroyed or de-identified when no longer needed or when we are no longer required by law to retain it (whichever is the latter).

CCTV recordings captured for security purposes can be accessed only by authorized staff. Recordings of a specific incident may be released to the relevant law enforcement body only under the terms of this privacy policy or subject to the execution of a search warrant or other legal process.

13. How can you access and correct your personal information?

You may request access to any personal information we hold about you at any time by contacting us (see ‘Contacting us’ below). Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). Before providing access to any information, we will first verify your identity, and you consent to our collection and use of your personal information for verification purposes.

There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.

If you believe that personal information we hold about you is incorrect, incomplete, or inaccurate, then you may request us to amend it. We will consider whether the information requires amendment. If we do not agree that there are grounds for amendment then we will add a note to the personal information stating that you disagree with it, together with your requested amendment.

If we correct your personal information, we will, so far as is reasonably practicable, inform every other person to whom we have disclosed that information of the correction.

14. What is the process for complaining about a breach of privacy?

If you believe that your privacy has been breached, please contact us using the contact information below and provide details of the incident so that we can investigate. We will treat your complaint confidentially, investigate your complaint and aim to ensure that we contact you and your complaint is resolved within a reasonable time (and in any event within the time required by the relevant Privacy Laws, if applicable). 

15. Contacting us

We welcome your questions, comments, complaints and requests regarding this privacy policy and our privacy practices. If you have any questions about this privacy policy, any concerns, or a complaint regarding the treatment of your privacy or a possible breach of your privacy, please contact us using the details set out below. We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in timely and appropriate manner.

Please contact us at:

Privacy Officer: Chris Sonntag, [email protected].

Mailing Address: 140 Yonge Street, Suite 200, Toronto, ON M5C 1X6.

Procedures are in place to receive and respond to complaints or inquiries about our handling of personal information, or our compliance with this policy, and with applicable privacy laws. To discuss our compliance with this policy please contact our Privacy Officer using the contact information listed above.

16. Changes to our privacy policy

We may change this privacy policy from time to time. We will notify you of any changes to this privacy policy when such notice is required by Privacy Laws. Any updated versions of this privacy policy will be posted on our Platform and will be effective from the date of posting. You are responsible for checking if any amendments have been made to this privacy policy. Your continued access to and use of our Platform or services following a change to this privacy policy will constitute your consent to collection, use, and disclosure of your personal information as described in the amended privacy policy.