LōM PRIVACY POLICY

Last updated: 19 April 2026

1. Who we are

LŌM is a movement and wellness studio offering services which may include reformer Pilates, mat Pilates, yoga, private sessions, semi-private sessions, workshops, events, and related studio services.

For purposes of the Protection of Personal Information Act, 4 of 2013 (“POPIA”), LŌM is the responsible party in relation to personal information processed through its website, booking systems, studio administration processes, and client onboarding systems. POPIA applies to public and private bodies and establishes minimum conditions for lawful processing. 

If you have any privacy-related questions, requests, or complaints, you may contact LŌM using the contact details listed on the website.

2. What personal data we collect and why we collect it

Depending on how you interact with us, we may collect:

  • your name and surname;
  • your email address;
  • your phone number and WhatsApp number;
  • your billing and transaction details;
  • your booking, attendance, and package history;
  • your communications with us;
  • your emergency contact details;
  • your website usage data, IP address, browser information, and cookie data;
  • your marketing preferences; and
  • health or exercise-related information you voluntarily provide, including PAR-Q responses, waiver details, injury disclosures, pregnancy disclosures, medical-clearance information, or incident-related information.

We collect and use this information to:

  • respond to enquiries;
  • manage bookings and memberships;
  • process purchases and payments;
  • administer packages, no-shows, freezes, and account status;
  • support studio safety and participation readiness;
  • communicate about bookings, schedule changes, payments, and service delivery;
  • improve our website and studio operations;
  • comply with legal and recordkeeping obligations; and
  • send marketing where permitted by law or where you have consented. POPIA requires processing to be lawful and reasonable and not to infringe privacy. 

3. Comments

If your website allows visitors to leave comments, we may collect the data shown in the comments form, together with the visitor’s IP address and browser user agent string to help with spam detection and website security.

If you use a comment service, anti-spam tool, or website plugin to manage comments, comment-related information may also be processed by that provider in accordance with its own privacy practices.

If comments are not enabled on the website, this section will only apply if comments are activated in future.

4. Media

If you upload images, documents, or other media to the website, we may collect and store the files and related technical information needed to receive, display, process, or manage them.

You should avoid uploading images that contain embedded location data where this is not necessary, especially if the content is public.

If the website does not currently allow public media uploads, this section will apply only where uploads are enabled through forms, applications, or future website features.

5. Cookies

Our website may use cookies and similar technologies to:

  • enable website functionality;
  • remember user preferences;
  • improve site performance;
  • analyse traffic and usage patterns;
  • support booking or login functionality; and
  • support advertising or remarketing tools where used.

Some cookies may be essential for the website to function properly, while others may be used for analytics or marketing.

You can usually control cookies through your browser settings. Disabling cookies may affect website functionality.

6. Embedded content from other websites

Pages on this website may include embedded content, for example videos, maps, social-media feeds, booking widgets, or other third-party content.

Embedded content from other websites may behave in the same way as if you had visited that third-party website directly. Those websites or services may collect data about you, use cookies, embed additional tracking technologies, and monitor your interaction with that content, including tracking your interaction if you have an account with that third party and are logged in.

This is particularly relevant if your site embeds services such as Instagram, Facebook, YouTube, Google Maps, or booking/payment tools.

7. Who we share your data with

We may share personal information where reasonably necessary with:

  • booking and studio management platforms such as Octiv;
  • payment processors and payment gateway providers;
  • website hosts, analytics providers, email providers, and IT support services;
  • professional advisers such as accountants, lawyers, insurers, and auditors;
  • emergency contacts or emergency services where reasonably necessary;
  • debt collectors or recovery agents where lawful recovery action is pursued; and
  • regulators, authorities, or law-enforcement bodies where disclosure is required or authorised by law.

We do not sell your personal information.

Where health or exercise-related information is processed, we limit access to what is reasonably necessary for safety, administration, and lawful studio operations. Health information is a special category under POPIA and requires additional care. 

8. How long we retain your data

We retain personal information only for as long as reasonably necessary for the purpose for which it was collected, or for longer where required or permitted by law.

Retention periods may depend on:

  • whether you are an active or former client;
  • booking, payment, and accounting requirements;
  • studio safety and incident record needs;
  • contractual obligations;
  • dispute resolution or debt recovery needs; and
  • legal or regulatory recordkeeping requirements.

When personal information is no longer required, we will take reasonable steps to destroy, delete, de-identify, or securely dispose of it.

9. What rights you have over your data

Subject to POPIA and other applicable laws, you may have the right to:

  • request confirmation of whether we hold personal information about you;
  • request access to your personal information;
  • request correction or updating of inaccurate or incomplete information;
  • request deletion of information where appropriate;
  • object, on reasonable grounds, to certain processing;
  • object to direct marketing;
  • withdraw consent where processing is based on consent, subject to lawful limitations; and
  • lodge a complaint with the Information Regulator.

The Information Regulator provides a complaints process for POPIA-related complaints, and also publishes contact details for complaints and enquiries. 

10. Where your data is sent

Some of our service providers, software platforms, cloud systems, website tools, or payment systems may store or process personal information outside South Africa.

Where your personal information is transferred outside South Africa, we will take reasonable steps to ensure that the transfer is lawful and that the information remains appropriately protected. POPIA contains rules for transborder information flows. 

Your data may also be processed by:

  • spam-detection services;
  • cloud hosting providers;
  • analytics providers;
  • embedded content providers;
  • booking platforms; and
  • payment gateways.

11. Direct marketing

If you opt in, LŌM may send you marketing or promotional communications by email, WhatsApp, or similar electronic means.

The Information Regulator’s guidance notes that POPIA distinguishes between general direct marketing and direct marketing by means of unsolicited electronic communications, which is specifically regulated. Existing customers may in some cases receive marketing about the responsible party’s own similar products or services, subject to the requirements of POPIA and an opportunity to opt out. Non-customers generally require consent where unsolicited electronic direct marketing is involved. 

You may opt out of non-essential marketing communications at any time.

Operational and transactional communications about bookings, payments, safety, schedule changes, and service delivery may still be sent where necessary.

12. Health information and studio safety

Where you voluntarily provide health or exercise-related information, including information in a PAR-Q, waiver, injury disclosure, pregnancy disclosure, medical note, or emergency form, we may process that information for:

  • exercise-readiness screening;
  • class safety;
  • emergency response;
  • studio risk management; and
  • lawful administration.

Because health information is special personal information under POPIA, we take additional care to limit access and protect confidentiality. 

13. Security of your data

We take reasonable technical and organisational measures to protect personal information against loss, misuse, unauthorised access, disclosure, alteration, or destruction.

These measures may include:

  • access controls;
  • password protection;
  • platform-level security;
  • restricted internal access;
  • process controls; and
  • secure disposal practices.

No website, cloud platform, or internet transmission is completely secure, but we aim to apply reasonable safeguards appropriate to the information involved.

14. Third-party services

Our website may use or link to third-party services, including booking systems, payment tools, analytics services, social-media platforms, maps, email tools, or embedded content providers.

These third parties may process personal information under their own privacy policies and terms. We recommend that you review those policies where relevant.

15. Children’s data

LŌM’s services are generally intended for persons aged 13 and older, in line with the studio’s participation rules.

Where personal information relating to a minor is processed, this will be done only where lawful and appropriate in the circumstances.

16. Information Officer and complaints

POPIA requires public and private bodies to register their Information Officers with the Information Regulator through its eServices portal. 

If you have any privacy concerns, please contact LŌM first using the website contact details.

If you believe your personal information has been processed unlawfully, you may also lodge a complaint with the Information Regulator. The Information Regulator publishes complaint channels and relevant complaint email addresses. 

17. Changes to this privacy policy

We may update this Privacy Policy from time to time.

The latest version published on the website will apply from the date of publication. You should check this page periodically to remain informed of any updates.

Scroll to Top