Skip to main content

Legal

Privacy Policy

Last Updated: March 14, 2026

1. Introduction & Controller Identity

This Privacy Policy explains how Milan Movement Academy (“we”, “us”, “our”) collects, uses, and protects personal data when you visit our website, request information, or communicate with us about movement education, workshops, and instructor development. This policy is written for clarity and is intended for visitors and learners in Canada.

The data controller for processing described in this Privacy Policy is Milan Movement Academy Canada Inc., with a registered business address at 100 King St W, Suite 5700, Toronto, ON M5X 1C7, Canada. You can contact us at [email protected] or by phone at +1 416 849 7286.

This website is an educational portal. It provides general educational guidance and does not provide medical advice, diagnosis, or treatment. Individual outcomes may vary. No guarantees are provided. Participants remain responsible for their own decisions.

2. Personal Data We Collect

We collect personal data to respond to enquiries, coordinate educational programs, maintain website security, and improve our content. The categories below describe what we may collect, depending on how you interact with the site.

  • Identity and contact data: name, email address, phone number, and organization name (if provided).
  • Form content: the message you submit, your interests (for example, programs, schedules, workshop format), and any details you choose to share.
  • Technical data: IP address, browser type and version, device type, operating system, and language settings.
  • Usage data: pages viewed, time on page, referrer, click paths, and basic interaction events that indicate how content is used.
  • Cookies and identifiers: cookies and similar technologies described in Section 4, including consent preferences and identifiers used for analytics or advertising measurement when consent is provided.
  • Conversion events: whether a visitor completed an action such as submitting a contact form (recorded as an event, not as a guarantee of any educational outcome).

We do not intentionally collect special-category data (such as health data, genetic or biometric identifiers, religious or political beliefs), financial account details, or government identification numbers through our website. Please do not include sensitive or clinical information in the message field. If you share information that is outside our scope, we will treat it with care and respond by keeping communication educational and appropriately limited.

3. Why We Process Your Data & Legal Basis

We process personal data for the purposes below. Where applicable, we reference legal bases commonly used under the EU General Data Protection Regulation (GDPR) to describe the type of justification used for processing. If you are located in Canada, we also align our approach with privacy principles found in Canadian privacy law and industry expectations: meaningful purpose, data minimization, and transparent consent.

  • Responding to enquiries and coordinating education (contact forms, scheduling discussions, program information). Legal basis: contract steps and consent (GDPR Art. 6(1)(b) and 6(1)(a)).
  • Operating, securing, and maintaining the website (fraud prevention, debugging, preventing abuse). Legal basis: legitimate interest (GDPR Art. 6(1)(f)).
  • Understanding site usage to improve content (analytics). Legal basis: consent where required (GDPR Art. 6(1)(a)).
  • Marketing and advertising measurement (remarketing, conversion attribution). Legal basis: consent where required (GDPR Art. 6(1)(a)).
  • Legal compliance (requests, disputes, recordkeeping). Legal basis: legal obligation (GDPR Art. 6(1)(c)).

Automated decision-making (GDPR Art. 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects for individuals. Any advertising audiences built through optional marketing tools are used for measurement and relevance, not for decisions about eligibility, access, or services.

4. Cookies & Tracking

We use cookies and similar technologies to ensure the site functions, to understand usage, and—only when you consent—to support advertising measurement. Cookies are small text files stored on your device. Similar technologies may include pixel tags and server-side event forwarding.

Essential cookies (always active)

Essential cookies support core site functions such as session continuity and saving your cookie choices. They do not require consent because the website cannot operate properly without them. Examples include _site_session and cookie_consent. Retention ranges from session-only to up to 12 months.

Analytics cookies (consent required)

If you opt in, analytics cookies help us understand which pages are useful and where content needs improvement. We expect to use Google Analytics 4 (GA4) in an IP-anonymized configuration. Typical cookies include _ga and _ga_XXXXXXXXXX. We use analytics for aggregated learning such as “which resource topics are read” and “which workshop pages are visited,” not for diagnosing or predicting individual outcomes.

We set analytics retention to a typical educational-content window (for example, 14 months) so we can see seasonal patterns and update resources without keeping long-term behavioural data unnecessarily.

Marketing cookies (consent required)

If you opt in, marketing cookies help measure advertising performance and allow us to show relevant reminders about programs and resources. These cookies may include _gcl_au (Google Ads), _fbp and _fbc (Meta). Marketing cookies may be used for remarketing, conversion attribution, and creating audiences such as “people who visited the programs page.”

Pixels and server-side events: in addition to cookies, we may use pixel tags (for example, via Google Tag Manager) or server-side event forwarding for measurement. Where this involves analytics or marketing, activation is still controlled by your cookie preference choices.

For detailed cookie names and retention periods, please review our Cookie Policy.

5. Consent and How to Withdraw It

Where required by law or platform policy, we request your consent before activating analytics and marketing cookies. Consent is recorded in the cookie_consent cookie and is typically stored for up to 12 months, unless you change or clear it sooner.

You can withdraw consent at any time by selecting “Manage cookie preferences” in the footer and updating your choices. You can also clear cookies in your browser settings. Withdrawing consent does not affect the lawfulness of processing that occurred before the withdrawal.

6. Sharing With Advertising & Service Partners

We use service providers to run the website and, if you consent, to measure content and advertising effectiveness. We do not sell personal data. We share data only as needed for the purposes described in this policy, and we expect providers to process data under contractual obligations and security standards.

  • Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): may receive cookie identifiers, usage data, and conversion events when you provide consent. Privacy information: https://policies.google.com/privacy.
  • Meta Platforms, Inc. (Meta Pixel, custom/lookalike audiences, conversion measurement): may receive events such as page views or form completions when you provide consent. Privacy information: https://www.facebook.com/privacy/policy.
  • Cloudflare, Inc. (content delivery network and security): may process IP addresses and security-related telemetry to protect against abuse and improve performance. Privacy information: https://www.cloudflare.com/privacypolicy/.

We do not permit these providers to use site data for their own independent commercial purposes beyond delivering the contracted services. Providers may process data in accordance with their terms where they act as independent controllers (for example, for security, fraud prevention, or aggregated measurement), but we configure tools to prioritize privacy and user choice where possible.

7. International Transfers

Because we use global infrastructure and partners, personal data may be processed outside of Canada, including in the United States and other jurisdictions where our service providers operate. Where transfers occur, we rely on recognized transfer mechanisms and contractual protections. For example, for EU/UK-related standards we may reference the EU–US Data Privacy Framework (where applicable), the UK Extension to that framework, and Standard Contractual Clauses (EU 2021/914) as a fallback mechanism.

Regardless of location, we expect reasonable safeguards such as encryption in transit, access controls, and incident-response procedures consistent with modern web operations.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law. Typical retention periods include:

  • Contact submissions: up to 2 years from the last meaningful interaction, to support follow-up and continuity.
  • Email correspondence: for the duration of the relationship, plus up to 1 year for operational continuity.
  • Server logs and security events: typically up to 90 days, unless needed longer for incident investigation.
  • Analytics data: typically 14 months (when consented).
  • Marketing cookies: per cookie lifetime (often 90 days), when consented.
  • Cookie consent record: up to 3 years for audit and compliance evidence.
  • Legal and tax records: as required by applicable law.

When data is no longer needed, we delete it or de-identify it, unless retention is required for legal or security reasons.

9. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict the use of your personal data. We aim to honour reasonable requests promptly and in a way that protects privacy and prevents unauthorized access.

If you are in a jurisdiction where GDPR-style rights apply, your rights may include: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), objection (Art. 21), and withdrawal of consent (Art. 7(3)). We respond within 30 days, and may extend by up to 60 days for complex requests.

To submit a request, email [email protected] with a clear subject line such as “Privacy Request” or “Data Deletion Request.” We may request additional information to verify identity before completing a request.

Supervisory authority references (for GDPR contexts): EU guidance is available from the European Data Protection Board at https://edpb.europa.eu, and UK guidance is available from the Information Commissioner’s Office at https://ico.org.uk.

10. Children

This site is not directed to individuals under 16. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data without appropriate consent, please contact us and we will take steps to delete the information promptly.

11. Do Not Track Signals

Some browsers offer a “Do Not Track” (DNT) signal. This website does not respond to DNT signals in a standardized way because there is no consistent industry standard for interpretation. Third-party providers may offer their own controls and opt-out mechanisms.

12. Account and Data Deletion Requests

We do not provide user accounts on this website. If you have submitted a form and want your data deleted, email [email protected] with the subject line “Data Deletion Request.” We will complete the request within 30 days after verifying identity, unless we must retain limited information for legal obligations or security purposes.

13. Business Transfers

If we are involved in a merger, acquisition, asset sale, financing, reorganization, or insolvency event, personal data may be transferred to a successor entity as part of that transaction. If such a transfer materially changes how personal data is used, we will post a notice on the website and, where appropriate, provide additional information about choices available to affected individuals.

14. California (CCPA / CPRA)

If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). In the last 12 months, we may have collected the following categories: identifiers (such as name, email, IP address, cookie identifiers), internet or other network activity information (such as pages viewed and interactions), and inferences (such as interests in educational topics) used to improve content or measure advertising effectiveness.

We do not sell personal information as defined by the CCPA. We may share data for cross-context behavioural advertising when marketing cookies are enabled, and California residents can opt out by using the cookie preferences controls available in the site footer.

To submit a request to know, delete, or correct, email [email protected] with the subject “California Privacy Request.” We will verify identity before responding. Authorized agents may submit requests with written proof of authorization.

15. Virginia (VCDPA)

If you are a Virginia resident, you may have rights under the Virginia Consumer Data Protection Act (VCDPA), including access, correction, deletion, portability, and the right to opt out of targeted advertising. You can exercise rights by emailing [email protected] with the subject “Virginia Privacy Request.”

We do not sell personal data and we do not engage in profiling that produces legal or similarly significant effects. If we decline to take action on a request, you may appeal by emailing with the subject “Appeal of Refusal — Privacy Request.” We will respond within 60 days.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request.” We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy to reflect operational changes, legal updates, or improvements in how we describe our practices. If changes are material, we will post a notice on the website at least 14 days before the updated policy takes effect. The “Last Updated” date at the top of this page will change with each revision.

18. Contact

If you have questions about privacy, data use, or cookie choices, please contact: