Your Data at G.R.I.P. — In a Nutshell
This is the short version. For the full legal detail, read our complete privacy notice.
Who we are
G.R.I.P. Circus Arts CIC — a circus training space in Glasgow. If you’ve got questions about your data, email data@gripcircus.co.uk.
What we collect and why
To run your sessions safely, we collect your name, email, emergency contact, and any health information you share with us. If you’re booking an aerial session, we’ll ask which apparatus you’ve trained on. This helps us prepare the right kit and keep everyone safe.
To take your booking and payment, we need your contact details and payment information. Payments go through Stripe — we never see or store your card details.
To stay in touch, we’ll only send you marketing if you tick the box. You can unsubscribe any time.
To use photos and video, we ask your permission during booking. If you say no, that’s completely fine — no questions asked. You can change your mind either way by emailing us.
To meet our legal obligations, we keep financial records for HMRC, record any accidents or incidents, and maintain safeguarding records as required by law.
Health information gets extra protection
We know this is sensitive. We only ask about health conditions so session leaders can keep you safe. It’s shared with whoever’s leading your session and nobody else (unless there’s an emergency). We delete it 12 months after your last booking.
Under 18s
Some of our beginner classes welcome young people. If you’re booking for someone under 18, the parent or guardian provides their details. We don’t collect information directly from children.
Who sees your data
- BookWhen — our booking platform, where all your booking info lives
- Stripe — processes your card payment
- Emergency services — only if someone needs help during a session
- Regulatory bodies — only if legally required
We don’t sell your data. We don’t share it with advertisers. We don’t do anything creepy with it.
Where it’s stored
BookWhen uses servers in the UK, EU, and US. Payments go through Stripe’s global infrastructure. All transfers outside the UK are covered by legal safeguards (Standard Contractual Clauses, if you want the technical term).
How long we keep it
| What | How long |
|---|---|
| Your booking details | 12 months after your last session |
| Health information | 12 months after your last session |
| Consent records | 24 months after your last activity |
| Payment records | 6 years (HMRC requires this) |
| Accident reports | 3 years minimum (longer if you were under 18) |
| Marketing preferences | Until you unsubscribe |
Your rights
You can ask us to show you what data we hold, correct anything that’s wrong, delete your information, or stop using it. Email data@gripcircus.co.uk and we’ll respond within a month.
If you’re not happy with how we’ve handled things, you can complain to the ICO at ico.org.uk/make-a-complaint.
This is a summary. The full privacy notice is the legally binding version.
Last updated: 20 March 2026