Web Analytics

Privacy Policy

This document was last edited on 30th November 2025.

1. Introduction
This Privacy Policy explains how we collect, use, and protect your personal data when you visit our website or engage with our services. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and relevant international standards including CalOPPA (California Online Privacy Protection Act), COPPA (Children's Online Privacy Protection Act), and CAN-SPAM (Controlling the Assault of Non-Solicited Pornography And Marketing).

By using our website, you consent to the practices described in this policy.

2. Who We Are
This website is operated by Winghigh Limited, registered in England and Wales (Company No. 2142509). Our registered office and principal place of business is: 27 Ballantyne Road, Rushden, Northamptonshire, NN10 9FJ

Our data protection officer is Robert Agar-Hutton, reachable at admin@winghigh.co.uk.

3. What We Collect
We collect and process the following types of personal data:

• Device Information: IP address, browser type, operating system, referral source, and usage patterns. Collected via cookies, log files, and analytics tools (e.g., Statcounter, Google Analytics).

• Service Data: Information you provide when joining classes or booking sessions, including:
- Name and contact details (email address, phone number, postal address)
- Payment information (processed securely via Stripe)
- Session booking and attendance records
- Relevant health or medical disclosures for class safety
- Zoom meeting registration details for online classes

• Correspondence: Emails, phone calls, and other communications you initiate with us.

• Marketing Preferences: If you opt in to receive newsletters, updates, or session reminders.

We do not knowingly collect personal data from children under 18.

4. Legal Basis for Processing
We process personal data based on:
• Consent: When you opt in to marketing communications or provide optional information
• Contractual necessity: To fulfill our obligations when you book classes or services
• Legal obligation: To comply with legal requirements such as financial record-keeping
• Legitimate interest: To improve our services and communicate important updates

You may withdraw consent at any time by contacting us or using our opt-out system (see Section 8A).

5. How We Use Your Data
We use your personal data to:
• Process bookings and payments for classes and sessions
• Send booking confirmations and session reminders
• Manage Zoom meeting registrations for online classes
• Communicate important updates about your bookings
• Respond to your enquiries and provide customer support
• Send marketing communications (if you have opted in)
• Improve our website and services
• Comply with legal obligations

6. Third-Party Services
We work with trusted third-party service providers to deliver our services:

• Stripe: Payment processing for class bookings. Stripe handles all payment card information securely. We do not store your complete payment card details. View Stripe's privacy policy at: stripe.com/privacy

• Zoom: Video conferencing for online classes. When you register for a Zoom session, your name and email address are shared with Zoom to generate your unique meeting link. View Zoom's privacy policy at: zoom.us/privacy

• Email Service Provider: We use email services to send booking confirmations, reminders, and marketing communications (if opted in).

• Analytics: Statcounter and Google Analytics to collect aggregate usage data. Their privacy policies are available at:
- www.statcounter.com/about/legal/
- www.google.com/policies/privacy/

These providers may process your data outside the UK. We ensure they have appropriate data protection measures in place.

7. Cookies and Tracking
We use cookies to understand site usage and improve performance. Non-essential cookies require your consent. You can manage cookie preferences via your browser or our cookie settings panel.

We use Statcounter and Google Analytics to collect aggregate usage data, which helps us understand how visitors use our website and improve user experience.

We do not allow third-party behavioural tracking.

8. Your Data Protection Rights
Under UK GDPR, you have the following rights regarding your personal data:

a) Right of Access: You can request a copy of the personal data we hold about you.

b) Right to Rectification: You can request that we correct any inaccurate or incomplete data.

c) Right to Erasure ("Right to be Forgotten"): You can request that we delete your personal data in certain circumstances.

d) Right to Restrict Processing: You can request that we limit how we use your data.

e) Right to Object: You can object to our processing of your data based on legitimate interests.

f) Right to Data Portability: You can request a copy of your data in a structured, commonly used format that can be transferred to another service provider.

g) Right to Withdraw Consent: If processing is based on consent, you can withdraw it at any time.

h) Right to Lodge a Complaint: You can complain to the Information Commissioner's Office (ICO) if you believe we have not handled your data properly. Visit ico.org.uk for more information.

To exercise any of these rights, please contact us at robert@winghigh.co.uk or use our automated opt-out system described below.

8A. Our GDPR Opt-Out System
We provide a secure, automated system for you to manage your privacy preferences and exercise your data protection rights. All emails you receive from us include opt-out options appropriate to that email type.

The system offers five levels of opt-out, allowing you to choose the level of control that suits your needs:

Level 1: Stop Individual Reminders
• Stops reminder emails for a specific session or booking
• All other communications continue as normal
• You remain enrolled in your booked sessions

Level 2: Stop All Reminder Emails
• Stops all automated reminder emails for all your bookings
• You will still receive booking confirmations and important updates
• Does not affect your class enrollments

Level 3: Stop All Non-Essential Emails
• Stops all marketing and promotional emails
• Stops all reminder emails
• You will only receive essential booking confirmations and critical updates
• Does not affect your class enrollments

Level 4: Stop All Emails
• Stops ALL email communications from us, including:
- Reminder emails
- Marketing emails
- Booking confirmations
- Updates and announcements
• Your bookings remain active, but you will receive no email notifications
• You are responsible for remembering your session times

Level 5: Complete Data Deletion (GDPR Article 17)
• Complete removal of all your personal data from our systems
• Includes cancellation of all future bookings (past bookings retained for legal/financial record-keeping)
• Removal from all mailing lists
• Deletion of Zoom meeting registrations
• This action cannot be undone
• You will receive a 48-hour grace period to cancel the deletion if you change your mind

How the Opt-Out System Works:
1. Click the opt-out link in any email you receive from us, or contact us directly at admin@winghigh.co.uk
2. Choose your preferred opt-out level (1-5)
3. For Level 5 (complete deletion), you will receive an email to verify your request
4. You must click the verification link to confirm you own the email address
5. For Level 5, there is a 48-hour grace period during which you can cancel the deletion
6. You will receive confirmation once your request has been processed
7. All opt-out actions are logged in our audit trail for compliance purposes

Data Export Before Deletion:
If you request Level 5 (complete data deletion), you will have the opportunity to download a copy of all your personal data before it is deleted. This complies with your right to data portability under GDPR Article 20. 

The download link will be available for 48 hours (during the grace period). After this time, your data will be permanently deleted.

Security Features:
• All opt-out requests use secure, time-limited tokens for authentication
• Email verification prevents unauthorized deletion requests
• Complete audit trail of all opt-out actions
• Secure data handling throughout the process

Re-activation:
• If you change your mind during the 48-hour grace period, you can cancel the deletion request using the link provided in your confirmation email
• If your data has already been deleted and you wish to book classes again, you will need to create a new account with fresh information

9. Data Retention
We retain personal data only as long as necessary for the purposes stated in this policy.

Retention Periods:
• Active customer data: Retained while you have active bookings or until you opt out
• Booking and payment records: Retained for at least five years after your last class attendance for legal and financial record-keeping requirements
• Marketing preferences: Retained until you opt out or request deletion
• Audit logs: Retained for compliance purposes (typically 2-3 years)
• Backup data: Deleted within 30 days of your data being removed from active systems

We may retain data longer if required by law or for legal claims.

If you request complete data deletion (Level 5 opt-out), we will delete your personal data from active systems immediately after the 48-hour grace period. However, we are legally required to retain certain financial and booking records for up to seven years for tax and accounting purposes. These retained records are securely archived and not used for any other purpose.

10. International Transfers
Data may be transferred outside the UK to trusted providers (such as Zoom and Stripe) in countries with adequate data protection laws or under standard contractual clauses. We ensure that all international transfers comply with UK GDPR requirements and that your data remains protected to UK standards.

By submitting data, you acknowledge that it may be accessible globally via the internet, though we take all reasonable steps to protect it.

11. Data Security
We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it:

• SSL/TLS encryption: All data transmitted between your browser and our servers is encrypted
• Secure servers: Data is stored on secure servers with restricted access
• Access controls: Only authorized personnel can access personal data, and they are required to keep it confidential
• Secure authentication: Token-based authentication for sensitive operations like data deletion
• Regular security updates: We keep our systems updated with the latest security patches
• Secure backup procedures: Regular encrypted backups with secure deletion protocols

Payment Security:
We do not store or process payment card information directly. All payment transactions are handled by Stripe, a PCI DSS compliant payment processor. Your payment card details go directly to Stripe and never pass through our servers.

Despite our security measures, no data transmission over the internet can be guaranteed to be 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

12. Children's Privacy
Our website and services are not directed at individuals under 18. We do not knowingly collect data from minors without parental consent. If you believe we have inadvertently collected data from a child under 18, please contact us immediately at admin@winghigh.co.uk, and we will delete it promptly.

13. Third-Party Disclosure
We do not sell, trade, or rent your personal data to third parties for marketing purposes.

We may share your data with:
• Trusted service providers: Who assist in operating our website or services (e.g., Stripe, Zoom, email providers), provided they agree to keep data confidential and use it only for the specified purpose
• Legal authorities: If required by law or to protect our rights, safety, or property
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new owner (you would be notified)

All third parties we work with are required to handle your data in compliance with UK GDPR.

14. Do Not Track
We do not alter our data collection practices in response to "Do Not Track" signals from browsers. We do not allow third-party behavioural tracking.

15. CalOPPA Compliance
We comply with the California Online Privacy Protection Act (CalOPPA):
• Users can visit our site anonymously
• Our Privacy Policy link includes the word "Privacy" and is easily accessible
• Users will be notified of any changes to this policy on this page
• You may request to review, update, or delete your personal information by contacting us or using our opt-out system

16. CAN-SPAM Compliance
We comply with the CAN-SPAM Act for all email communications:
• We only send emails to individuals who have explicitly contacted us or opted in
• All emails include our physical address and contact information
• All emails include a clear opt-out mechanism
• You may unsubscribe at any time by:
- Using the opt-out link included in any email we send you
- Replying to any email with "unsubscribe"
- Contacting us directly at admin@winghigh.co.uk
• We process opt-out requests promptly (within 48 hours)

17. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Significant changes will be posted on this page with an updated "last edited" date at the top of the document.

We recommend checking this page occasionally to stay informed about how we protect your personal data.

Your continued use of our website and services after changes are posted constitutes your acceptance of the updated policy.

18. Automated Decision-Making and Profiling
We do not use automated decision-making or profiling in any way that produces legal effects or similarly significantly affects you.

19. Contact Us and Questions
For questions, concerns, or to exercise your data protection rights, please contact us:

Winghigh Limited
27 Ballantyne Road
Rushden
Northamptonshire
NN10 9FJ, ENGLAND.

Email: admin@winghigh.co.uk
Data Protection Officer: Robert Agar-Hutton

To opt out of communications: Use the opt-out link in any email we send you, or contact us at the email address above.

Information Commissioner's Office (ICO):
If you have concerns about how we handle your data, you can contact the UK's supervisory authority:
Website: ico.org.uk
Telephone: 0303 123 1113

---

Last updated:  30th November 2025.



Newsletter Home page

If you have any questions about any aspect of Tai Chi you can contact us by phone, however, we block calls from unlisted numbers, so if your phone does not identify itself then please contact us via email. Of course, if you include your phone number, we will call you.

PHONE 07771 333 369 Email info@ahtca.co.uk


Address:
Agar-Hutton Tai Chi Academy
27 Ballantyne Road, Rushden
Northamptonshire, NN10 9FJ
ENGLAND

Phone: 07771 333 369
(International: +44 7771 333 369)

E-mail: info@ahtca.co.uk

Other Pages:

Multi Session Booking
Terms and Conditions
Privacy Policy
MAIN PAGE

© Winghigh Limited - 2025 - All Rights Reserved

Last website update 9th December 2025

Thanks are due to Pixabay dot com and their artists and photographers for many of the illustrations and images on this site.