Privacy Policy

The National Pilates Certification Program, Inc., a not-for-profit corporation in the State of Florida that recognizes its responsibility to safeguard the personal data of certificants, workshop providers, and those who opt to receive NPCP emails. Under this Privacy Policy, “Personal Data” means any information relating to an identified or identifiable natural person. An identified or identifiable natural person is one who is or can be identified, directly or indirectly, by reference to information such as a name, identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Information that pertains to a company is not Personal Data, but the name and address of a company officer or employee is that person’s Personal Data.

This Privacy Notice describes how and why the NPCP collects, uses, and stores Personal Data, and what rights you have in relation to the NPCP’s “processing” of your Personal Data. “Processing” means any operation, whether automated, that is performed on Personal Data or data sets, e.g., collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. The NPCP is both a “processor” and “controller” of Personal Data, meaning that the NPCP not only collects and uses Personal Data, but also it determines the purposes and means of “processing” it.

Who is Responsible for your Personal Data?

The NPCP is the data controller and data processor for any data that you submit through Our Websites. Except as expressly provided in this Privacy Policy, the NPCP does not share your Personal Data with any third party.

The Personal Data We May Collect from You and How We Use It

The NPCP collects information: (1) automatically when you use Our Websites, (2) directly from you, or (3) from third parties that handle transactions or applications related to the NPCP. Apart from information collected automatically when you access Our Websites, the type of Personal Information we collect about you depends on the nature of your interaction with the NPCP. Personal Data may be provided by you electronically on a web form, via email, fax, or otherwise.

I. Information That We Collect Automatically

When you visit Our Websites, we use (or may use in the future) various tools to collect information:

Personal Data Collected Google Analytics: We use Google Analytics, which typically collects the time of your visit, the pages visited, and time spent on each page of the webpages; referring site details; type of web browser; type of operating system; type of Flash version, JavaScript support, screen resolution and screen color processing ability; network location; and your IP address. We may also use Google Analytics to register document downloads, clicks on website links, errors when filling out forms, and scroll depth. The NPCP does not assign user IDs to analyze multiple sessions across multiple devices. You can stop Google Analytics from collecting this data (only some of which is Personal Data) by disabling cookies or JavaScript in your browser, or by using Google’s Opt-out browser add-on, among other tools.

Facebook Pixels: We may use Facebook Pixels in order to track users who have visited Our Websites through Facebook advertising. When users visit Our Websites as the result of clicking on a Facebook advertisement, Facebook Pixels allow us to track what actions users take on Our Websites, what links they click on, whether they put something in a shopping cart, where they go if they abandon it, whether they change devices or resume viewing later a different device, and other website usage information. This information, together with your Facebook ID, is sent back to Facebook where it is analyzed.

Specific Purposes

The information that we obtain through Google Analytics measures traffic and usage trends, which provide us with information that can help us improve Our Websites, outreach, and advertising. Facebook Pixels allow us to gauge the effectiveness of our advertisements and to create “lookalike” audiences for our advertisements, thereby broadening our outreach. Abandoned Cart Reports allow us to analyze why a purchase transaction might not have been accepted.


We set user and event data collected by Google Analytics for automatic deletion after 26 months. The information collected by using Facebook Pixels tracks “conversions” in response to a Facebook advertisement. A “conversion” is an action by a customer such as a purchase or adding something to a shopping cart. Conversion data is automatically deleted after 28 days.

II. Information that Users Provide to Us

Personal Data

Applicants for Certification are requested to provide their full name and address, telephone numbers, email address, and name of the school where the applicant trained. This Personal Data will be provided by the applicant to the NPCP’s test administration company, and that company will share that Personal Data with us.

Specific Purposes
The NPCP uses Personal Data from applicants and certificants to administer the Program, which may include activities such as addressing issues regarding verification of training, granting continuing education credits, administering exams, enforcing the Scope of Practice and Code of Ethics, publishing the names of certificants on the NPCP website, and gathering and analyzing statistics regarding certification.

The NPCP maintains an online certificant registry on its website. It is the policy of the program to provide only information necessary to demonstrate a certificant’s active status.

The only individuals that have access to certificant data are the Executive Director, Certification Manager, and the Certification Coordinators charged with the maintenance of the database and the monthly data transfers from PSI. The following is considered confidential information:

  • Application status
  • Certification exam score
  • Phone number(s), email and residential address(s).

The following is NOT considered confidential information and is held in the public domain:

  • Certification status
  • Certification number
  • Country and City

Confidentiality, Security and Retention

All sensitive exam data is kept in a secure password protected directory on a media server and a backup server. All certification data is retained indefinitely in the iMIS database.

The NPCP and its test administration company have in place electronic and technical safeguards, managerial processes, and organization measures to prevent unauthorized access or disclosure, maintain data integrity, and ensure the appropriate use of Personal Data.

“Do Not Track” Signals (under California Online Privacy Protection Act (CalOPPA) Our Websites do not support Do Not Track ("DNT") signals, so Our Websites do not behave differently when a DNT request is received. DNT is a preference you can set in your web browser to inform websites that you do not want to be tracked. However, there is currently no industry-standard way to handle these requests.

Your Data Protection Rights Under General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. The NPCP aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. In certain circumstances, you have the following data protection rights, which may be exercised by contacting us as provided at the end of this Privacy Policy. Please note, however, that the exercise by you of any of these rights may affect your right to receive the benefits of being a certificant or continuing education provider.

  1. The right to access, update or to delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact the NPCP as provided below to assist you.
  2. The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
  3. The right to object. You have the right to object to our processing of your Personal Data.
  4. The right of restriction. You have the right to request that we restrict the processing of your Personal Data.
  5. The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
  6. The right to withdraw consent. You also have the right to withdraw your consent at any time where the NPCP relied on your consent to process your Personal Data.

Please note that the NPCP may ask you to verify your identity before responding to such requests.

You may have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

Minors’ Privacy

Our Websites do not address anyone under the age of 18 ("Minors"). Except as provided above with respect to research and Case Reports, we do not knowingly collect Personal Data from Minors. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from any minor without verification of parental consent, we will take steps to remove that it from our servers.

Privacy Policy Updates and Acceptance:

NPCP collects and processes Personal Data. It does not bind the NPCP, you, or any other person contractually. The NPCP reserves the right to amend this Privacy Policy at any time at its sole discretion.

Contact Us

If you have any questions about this Privacy Policy or rights in your Personal Data, please contact us:

  By email: [email protected]