Privacy Policy

The National Pilates Certification Program, Inc., a not-for-profit corporation in the State of Florida that recognizes its responsibility to safeguard the personal data of certificants, workshop providers, and those who opt to receive NPCP emails. Under this Privacy Policy, “Personal Data” means any information relating to an identified or identifiable natural person.

An identified or identifiable natural person is one who is or can be identified, directly or indirectly, by reference to information such as a name, identification number, location data, an online identifier, or to one or more factors specific to the physical, cultural, or social identity of that natural person. Information that pertains to a company is not Personal Data, but the name and address of a company officer or employee is that person’s Personal Data.

This Privacy Policy describes how and why the NPCP collects, uses, and stores Personal Data, and what rights you have in relation to the NPCP’s “processing” of your Personal Data. “Processing” means any operation, whether automated, that is performed on Personal Data or data sets, e.g., collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. The NPCP is both a “processor” and “controller” of Personal Data, meaning that the NPCP not only collects and uses Personal Data, but also determines the purposes and means of “processing” it.

Who is Responsible for Your Personal Data?

The NPCP is the data controller and data processor for any data that you submit through our website, directly from you, or through a third party that handles transactions or applications. Except as expressly provided in this Privacy Policy, the NPCP does not share your Personal Data with any third party.

The Personal Data We May Collect from You and How We Use It

The NPCP collects information:

  • automatically when you use our websites
  • directly from you or through third parties that handle applications related to the NPCP

  • Apart from information collected automatically when you access our websites, the type of Personal Information we collect about you depends on the nature of your interaction with the NPCP. Personal Data may be provided by you electronically on a web form, or data transfer related to an application for certification.


    I. Information That We Collect Automatically

    When you visit our websites, we use (or may use in the future) various tools to collect information:

    Google Analytics: typically collects the time of your visit, the pages visited, and time spent on each page of the webpages; referring site details; type of web browser; type of operating system; type of Flash version, JavaScript support, screen resolution and screen color processing ability; network location; and your IP address. We may also use Google Analytics to register document downloads, clicks on website links, errors when filling out forms, and scroll depth. The NPCP does not assign user IDs to analyze multiple sessions across multiple devices. You can stop Google Analytics from collecting this data (only some of which is Personal Data) by disabling cookies or JavaScript in your browser, or by using Google’s Opt-out browser add-on, among other tools.

    Facebook Pixels: We may use Facebook Pixels to track users who have visited our websites through Facebook advertising. When users visit Our Websites as the result of clicking on a Facebook advertisement, Facebook Pixels allow us to track what actions users take on Our Websites, what links they click on, whether they put something in a shopping cart, where they go if they abandon it, whether they change devices or resume viewing later a different device, and other website usage information. This information, together with your Facebook ID, is sent back to Facebook where it is analyzed.

    Specific Purposes

    The information that we obtain through Google Analytics measures traffic and usage trends, which provide us with information that can help us improve our websites, outreach, and advertising. Facebook Pixels allow us to gauge the effectiveness of our advertisements and to create “lookalike” audiences for our advertisements, thereby broadening our outreach. Abandoned Cart Reports allow us to analyze why a purchase transaction might not have been accepted.

    II. Information That Users Provide To Us Or Through Online Applications

    Users include applicants for certification, renewal, and continuing education approvals. Users are requested to provide their full name, address, telephone numbers, email address, and in the case of certification applicants, the name of the school where they trained.

    Specific Purposes
    The NPCP uses Personal Data from applicants and certificants to administer the Program, which may include activities such as addressing issues regarding verification of training, granting continuing education credits, administering exams, enforcing the Scope of Practice and Code of Ethics, publishing the names of certificants on the NPCP website, and gathering and analyzing statistics regarding certification.

    The NPCP and its test administration company have in place electronic and technical safeguards, managerial processes, and organization measures to prevent unauthorized access or disclosure, maintain data integrity, and ensure the appropriate use of Personal Data.

    The NPCP maintains an online certificant registry on its website. It is the policy of the program to provide only information necessary to demonstrate a certificant’s active status.

    The only individuals that have access to certificant data are the Executive Director, and the Certification Coordinator charged with the maintenance of the database and the monthly data transfers from PSI. The following is considered confidential information:

    • Application status
    • Certification exam score
    • Phone number(s), email and residential address(s).

    The following is NOT considered confidential information and is held in the public domain:

    • Certification status
    • Certification number
    • Country and City

    California Residents

    “Do Not Track” Signals Under the California Online Privacy Protection Act (CalOPPA)
    Our website does not support Do Not Track ("DNT") signals, so our website does not behave differently when a DNT request is received. DNT is a preference you can set in your web browser to inform websites that you do not want to be tracked. However, there is currently no industry-standard way to handle these requests.

    European Residents

    Your Data Protection Rights Under General Data Protection Regulation (GDPR)

    If you are a resident of the European Economic Area (EEA), you have certain data protection rights. The NPCP aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. In certain circumstances, you have the following data protection rights, which may be exercised by contacting us as provided at the end of this Privacy Policy. Please note, however, that the exercise by you of any of these rights may affect your right to receive the benefits of being a certificant or continuing education provider.

  • The right to access, update or to delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact the NPCP as provided below to assist you.
  • The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
  • The right to object. You have the right to object to our processing of your Personal Data.
  • The right of restriction. You have the right to request that we restrict the processing of your Personal Data.
  • The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, and commonly used format.
  • The right to withdraw consent. You also have the right to withdraw your consent at any time where the NPCP relied on your consent to process your Personal Data.

  • Please note that the NPCP may ask you to verify your identity before responding to such requests.

    You may have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

    Minors’ Privacy

    Our website does not address anyone under the age of 18 ("Minors"). We do not knowingly collect Personal Data from Minors. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from any minor without verification of parental consent, we will take steps to remove that data from our database.

    Privacy Policy Updates and Acceptance:

    NPCP collects and processes Personal Data. It does not bind the NPCP, you, or any other person contractually. The NPCP reserves the right to amend this Privacy Policy at any time at its sole discretion.


  • User and event data collected by Google Analytics are set for automatic deletion after 26 months.
  • Conversion data collected by Facebook Pixels is automatically deleted after 28 days.
  • Personal Data that users provide to us or via email are deleted daily. Deleted emails are set to remain available for retrieval and reference for 5 years after which they are permanently deleted.
  • We do not destroy or amend Personal Data. Personal Data is kept indefinitely in the IMIS database unless a change request is received from a certificant, following the parameters set by this Confidentiality Policy.

  • Contact Us

    If you have any questions about this Privacy Policy or your rights, please contact us:

    By email: [email protected]