Privacy Policy
People In Motion Pte. Ltd. (trading as "The Yard")
Effective from: 2 June 2026
Last updated: 2 June 2026
1. About this policy
This Privacy Policy is issued by People In Motion Pte. Ltd. (UEN 201535741C), trading as "The Yard" ("we", "us", "our"), in accordance with the Personal Data Protection Act 2012 ("PDPA") of Singapore. It explains how we collect, use, disclose, and protect personal data of customers, prospective customers, parents and guardians, and children enrolled in our programmes.
By interacting with The Yard — through our website, our centres, our class management platforms, our payment processors, our WhatsApp Business channel, or our AI-powered customer-service assistant — you acknowledge the practices described in this policy. Where the PDPA requires your express consent (for example, for marketing communications), we will obtain it separately.
2. Who we are
People In Motion Pte. Ltd. operates four gymnastics centres in Singapore under the brand "The Yard" (Dover, Dempsey, Bukit Timah, Jurong), offering recreational and competitive gymnastics programmes for children and adults, plus parties, camps, events, and competitions.
Registered office: Singapore Polytechnic Graduates' Guild, 1010 Dover Road, #01-01, Singapore 139658
3. Personal data we collect
Depending on how you interact with us, we collect some or all of the following:
- Identity data: your name, your child's name, your child's date of birth or age, gender (where relevant for programme placement).
- Contact data: phone number, WhatsApp number, email address, postal address (where required for membership administration).
- Health and safety data: allergies, medical conditions, special needs, and emergency-contact details disclosed for the safety of children in our classes. This is sensitive data and is handled with additional care.
- Waiver data: signed liability waivers, photo and video consent declarations, and acknowledgement of our policies, collected via 123 Contact Form.
- Fitness and skills assessment data: level placements, skill progression notes, and technical feedback recorded by coaches as part of programme delivery.
- Transactional data: classes booked or attended, payment history, event registrations, makeup tokens, withdrawal records.
- Conversational data: messages exchanged with our staff or our AI assistant via WhatsApp, web chat, or email.
- Technical data: IP address, browser type, device type, pages visited when you use our website or web chat.
- Imagery: photographs and videos taken during classes, events, or showcases, only where you or your child has consented to such collection on the relevant waiver.
We apply the principle of data minimisation — we collect only what we genuinely need for the purposes described in this policy. Where the same purpose can be served by anonymised or aggregated data, we use that.
4. How we use personal data
We process personal data for the following purposes:
- To deliver the service you signed up for: scheduling, attendance, billing, makeups, programme transitions, communicating about your child's classes.
- To respond to your enquiries: answering questions, providing pricing, sending booking links via WhatsApp or web.
- To collect and retain liability waivers: required for participation in physical-activity programmes.
- To process payments: for classes, events, and memberships.
- To safeguard children in our care: maintaining medical / allergy records, incident logs, attendance, safeguarding records.
- To comply with legal and tax obligations: retention of transaction records under Singapore tax law and other applicable regulations.
- To improve our service: anonymised analysis of conversation patterns, programme uptake, and AI assistant quality. We do not use identifiable data for this without consent.
- To send marketing or promotional messages: only with your express opt-in consent, and you may withdraw consent at any time. We respect the Singapore Do-Not-Call Registry for any SMS or voice marketing.
5. Class and event management systems
Our primary class-management platform is ClassCard (ClassCard Pte Ltd, Singapore), which holds bookings, schedules, attendance, customer records, and serves as the parent-facing portal where you can view and update your own contact details and your child's enrolment.
During a transitional period until August 2026, two of our centres (Dover and Dempsey) continue to operate on iClassPro (iClassPro Inc., United States) while we complete the migration to ClassCard. We will update this policy once the migration is complete.
We also use:
- Ticket Tailor (Hibox Systems Ltd, United Kingdom) — for single-event ticketing (competitions, workshops, special events). We plan to consolidate this functionality into ClassCard in future.
- 123 Contact Form (123 Form Builder S.R.L., Romania / European Union) — for collecting liability waivers, photo-consent declarations, and emergency-contact information from parents and guardians.
When you book, attend a class, register for an event, or sign a waiver, your personal data is stored on the relevant platform under that platform's privacy policy and security standards:
- ClassCard — https://www.classcardapp.com/privacy
- iClassPro (transitional, until August 2026) — https://www.iclasspro.com/privacy-policy
- Ticket Tailor — https://www.tickettailor.com/privacy
- 123 Contact Form — https://www.123formbuilder.com/privacy.html
iClassPro, Ticket Tailor, and 123 Contact Form process data outside Singapore. We rely on each provider's published contractual protections and certifications to ensure a comparable standard of protection to the PDPA. ClassCard processes data within Singapore.
6. Payments
The Yard uses three payment service providers, each PCI-DSS compliant:
- Stripe (Stripe, Inc., United States) — for card payments. Privacy policy: https://stripe.com/privacy
- HitPay (HitPay Payment Solutions Pte Ltd, Singapore) — for card and local payment methods. Privacy policy: https://www.hit-pay.com/privacy.html
- PayNow — Singapore's interbank fund-transfer service, operated by the Association of Banks in Singapore (ABS). PayNow transfers are processed directly through your bank under your bank's privacy terms. The Yard receives only the funds and a payer reference.
Card details are encrypted in transit and are not stored on The Yard's systems — they are tokenised and held only by Stripe or HitPay as the case may be. Where payment processing involves data transfer outside Singapore (Stripe processes payments via US infrastructure), the processor is contractually bound by its own terms to maintain a comparable standard of protection to the PDPA.
7. WhatsApp Business channel
The Yard uses WhatsApp Business (operated by WhatsApp LLC, a Meta Platforms company) to communicate with customers and prospective customers. When you contact us through WhatsApp:
- Your WhatsApp phone number and the messages, media, and attachments you send become part of our conversation history.
- Messages pass through and are processed by Meta's infrastructure under Meta's privacy policy (https://www.whatsapp.com/legal/privacy-policy).
- We use WhatsApp messages to respond to enquiries, schedule trial classes, assist with bookings, send class or event reminders, and handle service issues.
- We do not use WhatsApp content for marketing without your separate express consent.
Conversation history is retained per the schedule in Section 11. You may request earlier deletion by contacting our DPO.
8. AI-powered customer-service assistant ("Grace")
The Yard operates an automated customer-service and sales assistant ("Grace") on our WhatsApp Business channel and certain web channels.
- The assistant reads and replies to your messages automatically, drawing on our published knowledge base, class schedules, and pricing information.
- Grace uses Google's Gemini large language model (operated by Google LLC, United States) to generate responses. Your message content is transmitted to Google's API for the sole purpose of generating a reply and is not retained by Google for model training under the terms of our enterprise API agreement. See Google's privacy notice for further detail: https://cloud.google.com/privacy
- The assistant escalates to a human team member when the situation requires it — including medical concerns, complaints, refunds, withdrawals, safeguarding issues, and high-value or group enquiries. In these cases, your name and contact details are recorded so our team can follow up.
The assistant does not make material decisions about you (for example, accepting or rejecting enrolment, pricing exceptions, or refund decisions) without human review. You may at any time request to speak to a human team member.
If you prefer not to interact with our AI assistant, you may contact us through the centre WhatsApp links, by email at enquiries@theyard.com.sg, or by visiting a centre in person.
9. Children's data
Because our programmes are primarily for children, we routinely process personal data about children — including their name, age, gender, programme enrolment, medical or dietary notes shared by parents, attendance, progress notes, fitness and skills assessment records, and, where authorised, photographs and videos.
Children's data is collected from and managed via the parent or legal guardian, who provides consent on the child's behalf in line with the PDPA. We do not seek consent or personal data directly from children. Where a child uses our WhatsApp channel themselves, we treat that interaction as initiated by their parent or guardian.
Children's data is treated with additional care: it is not used for marketing, is shared only with staff and class-management systems necessary to deliver classes safely, and is retained only as long as the child is enrolled (plus the safeguarding window set out in Section 11).
Older children. Once a child reaches an age at which they can meaningfully understand and exercise their own data rights (typically around 13, though the PDPA does not fix an age), we will respond to access or correction requests they make on their own behalf, with parental notification where appropriate.
10. Third parties we share data with
We share personal data only with the following categories of third parties, and only as needed:
| Third party | Purpose | Location of processing |
|---|---|---|
| WhatsApp / Meta Platforms | Messaging infrastructure for WhatsApp Business communications | Global |
| Google LLC (Gemini API) | Generating AI assistant responses | United States |
| ClassCard Pte Ltd | Bookings, schedules, attendance (all centres post-migration; currently Jurong + Bukit Timah) | Singapore |
| iClassPro Inc. | Bookings, schedules, attendance at Dover and Dempsey (transitional, until August 2026) | United States |
| Ticket Tailor (Hibox Systems Ltd) | Single-event ticketing | United Kingdom |
| 123 Contact Form (123 Form Builder S.R.L.) | Liability waivers, photo consent, emergency-contact collection | Romania (EU) |
| Stripe, Inc. | Card payment processing | United States |
| HitPay Payment Solutions Pte Ltd | Card and local payment processing | Singapore |
| PayNow (via your bank) | Direct bank-to-bank fund transfers | Singapore |
| Cloudways / DigitalOcean | Hosting our customer-service and AI assistant systems | Singapore region |
| Google Workspace | Internal email, document storage, calendar | Singapore region |
| Allianz | Liability and accident insurance — relevant data shared only when handling a claim | Global insurer; claim handling local |
| Legal / regulatory authorities | Where required by law | n/a |
We do not sell personal data, and we do not share it with advertising networks.
International data transfers. Several third parties listed above process personal data outside Singapore. Where we transfer personal data outside Singapore, we take reasonable steps to ensure the recipient is bound to provide a standard of protection comparable to that required under the PDPA — typically through the third party's standard contractual terms, their public privacy commitments, or applicable certification programmes (e.g. ISO 27001, SOC 2, PCI-DSS).
11. How long we keep your data
| Data category | Retention | Reason |
|---|---|---|
| AI assistant conversation history (WhatsApp / web chat) | 24 months from last contact | Service-quality review, dispute handling |
| Booking and attendance records | 7 years after last enrolment | IRAS tax record requirements |
| Payment records | 7 years | Singapore tax law (Income Tax Act, GST Act) |
| Liability waivers — children | Until the child reaches 25 years of age, or 7 years after the child's last enrolment, whichever is later | Tort claim limitation periods for minors |
| Liability waivers — adults | 7 years after last enrolment | General contractual / tort limitation periods |
| Medical / safeguarding notes | While the child is enrolled, plus 7 years after final enrolment | Safeguarding good practice |
| Incident reports (injuries, complaints) | 10 years after the incident | Personal injury claim limitation periods |
| Marketing consent records | 5 years after consent is withdrawn or expires | Demonstrating lawful basis if challenged |
| Web analytics (anonymised) | 26 months | Trends review |
| CCTV footage | 30 days | Standard practice; PDPC guidance |
After these periods we delete or anonymise the data, unless we have a continuing legal obligation to retain it.
12. Your rights under the PDPA
You have the right to:
- Access the personal data we hold about you and how it is being used.
- Correction of inaccurate personal data.
- Withdrawal of consent for any processing that depends on your consent (including marketing). Withdrawal will not affect lawful processing already carried out.
To exercise any of these rights, contact our Data Protection Officer at dpo@theyard.com.sg. We aim to respond within 30 days.
Self-service for basic updates. For straightforward updates to your contact details or your child's enrolment, the fastest route is usually to log into the ClassCard parent portal directly. For full data access requests, deletion, withdrawal of consent, or data we hold outside ClassCard (e.g. AI assistant conversation history, waivers, payment records), contact the DPO.
Identity verification. Before fulfilling an access, correction, or deletion request, we will verify your identity using details we already hold about you. We may ask for additional confirmation if the request relates to sensitive data or if we have reasonable doubt about the requester's identity. We will not release another individual's data to you, even where you provide their name.
Complaints. If you believe we have not handled your data lawfully, you may:
- Raise it with us first at dpo@theyard.com.sg. We aim to respond within 30 days.
- Lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore at https://www.pdpc.gov.sg
- Seek civil remedies under the PDPA through the Singapore courts.
13. Photography and video
The Yard takes photographs and video at classes, events, showcases, and competitions for the following purposes:
- Programme records (coach review, assessment, parent-portal updates) — internal use only.
- Promotional and marketing use (social media, website, brochures) — only where consent has been given on the waiver.
You may withdraw photo / video consent at any time by contacting our DPO. Withdrawal applies prospectively — images already published in marketing materials may not always be retrievable, but we will cease further use.
14. Marketing and the Do-Not-Call Registry
We send marketing communications (newsletters, promotions, programme updates) only to customers who have given express opt-in consent. You may withdraw consent at any time via the unsubscribe link in any email, by replying STOP to a marketing SMS, or by emailing dpo@theyard.com.sg.
For SMS and voice marketing, The Yard complies with the Singapore Do-Not-Call (DNC) Registry under the PDPA. We do not send marketing SMS or make marketing calls to numbers listed in the DNC registry unless we have clear and unambiguous consent from the individual.
15. CCTV
The Yard operates CCTV at all four of our centres (Dover, Dempsey, Bukit Timah, Jurong) for the safety and security of children, customers, staff, and visitors, and for the review of any incidents.
CCTV notices are displayed at the entrance of each centre. Footage is retained for 30 days unless retained longer for incident review or because we are required to retain it by law (e.g. police request). Access to footage is restricted to authorised staff and, where lawfully required, to police, insurers, or other authorities.
If you would like to make a request relating to CCTV footage of you or your child, contact our DPO at dpo@theyard.com.sg. Note that footage may contain images of other individuals; we will not release third-party images to you.
16. Cookies and analytics
Our website (theyard.sg) and our AI assistant web interface use:
- Essential cookies for session management and login — these cannot be disabled while using authenticated features.
- Analytics cookies (Google Analytics) — these help us understand how visitors use our site. Anonymised IP addresses are used where supported.
You may decline non-essential cookies via your browser settings or our cookie banner. Refer to Google's privacy policy at https://policies.google.com/privacy for details on how analytics data is handled.
17. Automated decision-making
The Yard does not make material decisions about you using fully automated processes. Our AI customer-service assistant generates conversational replies — but decisions with real-world consequences (accepting or rejecting enrolment, refund amounts, pricing exceptions, withdrawals, safeguarding actions) are reviewed by a human team member before they take effect.
If at any point you would prefer to deal only with a human, you may say so and we will route your enquiry accordingly.
18. Anonymised and aggregated data
We may use anonymised or aggregated data — data that cannot be linked back to you as an individual — for service improvement, programme planning, customer analytics, and reporting. Because this data is no longer "personal data" under the PDPA, it is not subject to the rights set out in Section 12. We do not attempt to re-identify anonymised data.
19. Insurance
The Yard carries liability and accident insurance with Allianz. In the event of an incident requiring insurance involvement (for example, a class-related injury claim), we share relevant personal data with our insurer and any appointed adjusters on a need-to-know basis, for the legitimate purpose of handling the claim.
20. Security
We protect personal data using industry-standard measures, including:
- HTTPS / TLS encryption in transit for all our websites and APIs.
- Encrypted storage of access tokens, API keys, and credentials.
- Webhook signature verification for messages received from WhatsApp / Meta.
- Role-based access — staff access is limited to what is needed for their role.
- PCI-DSS-compliant payment processing (card details never stored on The Yard's systems).
- Regular review of third-party data-processor security.
No internet-based service can guarantee absolute security, but we take reasonable steps to protect your personal data and to notify you in the event of any breach affecting your personal data, in line with the PDPA breach-notification obligations.
21. Safeguarding
Concerns about a child's welfare or safety in our care should be raised with our Safeguarding Lead, Dr Katherine Trigg. The Yard maintains a separate Safeguarding Policy that governs how we handle and act on such concerns.
22. Related policies
This Privacy Policy should be read alongside our other published policies:
- Liability Waiver: https://www.theyard.sg/liability-waiver/
- Terms and Conditions (membership): contact the team for the current version
- Safeguarding Policy: contact dpo@theyard.com.sg for a copy
23. Languages
This Privacy Policy is published in English. If you would prefer a summary in Mandarin, Bahasa Melayu, Tamil, or another language, please contact dpo@theyard.com.sg and we will assist.
24. Changes to this Privacy Policy
We may update this policy from time to time — for example, when we add new services, change processors, or complete our planned migration of class management to ClassCard. The "Last updated" date at the top reflects the most recent revision.
Material changes will be notified to active customers via WhatsApp, email, or a prominent notice on our website. The current version is always available at https://www.theyard.sg/privacy-policy/.
25. Contact
For any privacy or data-protection question, contact:
People In Motion Pte. Ltd. (UEN 201535741C), trading as "The Yard"
Registered office: Singapore Polytechnic Graduates' Guild, 1010 Dover Road, #01-01, Singapore 139658
Data Protection Officer (DPO): dpo@theyard.com.sg