PRIVACY POLICY
Thrive Fitness understands that your personal data is entrusted to us and appreciates the importance of protecting and respecting your privacy. To this end we comply fully with General Data Protection Regulation (EU) 2016/679, as adopted into law of the United Kingdom in the Data Protection Act 2018 (“UK Data Protection Law”).
This Privacy Policy sets out the basis on which we collect and process personal data about you including our practices regarding the collection, use, storage and disclosure of personal data that we collect from you and/or hold about you, and your rights in relation to that data.
Please read the following carefully to understand how we process your personal data. By providing your personal data to us when enquiring about our services or by using our services, website or other online or digital platform(s) you are accepting or consenting to the practices as described or referred to in this Privacy Policy.
Who is collecting the personal data?
For the purpose of UK Data Protection Law, the data controller is Thrive Fitness, which is operated on a sole trader basis by Michel Glendinning, who can be contact via email at michel@thrivefitness.co.uk or by phone on 07789795847.
When we refer to ‘we’, ‘us’ and ‘our’, we mean Thrive Fitness.
What personal data is being collected?
When we refer to personal data in this policy, we mean information that can or has the potential to identify you as an individual.
The data we collect enables us to deliver our services and helps us to review and continually improve those services.
This personal data may include:
-
information that you give us when you enquire about our services or become a client or apply to work for us as an independent freelance contractor including name, address, contact details (including email address and phone number)
-
the name and contact details (including phone number) of your emergency contact (where you have named someone as your emergency contact and provided us with their personal data, it is your responsibility to ensure that that they are aware of and accept the terms of this Privacy Policy).
-
details of enquiries, quotes and other contact and correspondence we may have had with you
-
information you give us when you make a payment to us, such as financial or credit card information
-
details of services you have received from us
-
training programmes and individual session notes
-
body measurements – e.g. weight, waist, hips, BMI
-
feedback and outcome information that you provide
-
information about complaints and incidents
-
information obtained from customer surveys, promotions and competitions that you have entered or taken part in
Special Category or Sensitive Personal Data
Whilst we do not generally collect sensitive personal data (such as racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background or trade union membership) unless it is volunteered by you, we do specifically collect health data to the extent that it is required to assess your readiness for physical exercise and to ensure that we deliver safe, appropriate and effective personal training sessions and exercise classes. The specific collection of health data occurs if it is volunteered by you at any time, and when we ask you to provide health data at your initial client consultation and when you complete a pre-activity physical readiness questionnaire (PARQ), which is required if you become a client. A new PARQ will need to be completed each time there is a significant change in your health status. Minor temporary changes such as a cold or muscle soreness will be noted in individual session notes. By providing the sensitive information (including health data) to us, you are explicitly consenting to our using it in the manner set out in this Privacy Policy.
Personal Data from Individuals Under the Age of 16
We do not knowingly collect personal information from individuals under 16 years of age without the permission of their parent or guardian. As a parent or legal guardian, please do not to allow your children to submit personal information without your permission.
What is the legal basis for processing the personal data?
The legal basis for processing non-sensitive personal data is that it is necessary:
for the performance of a contract - for any contract you have with us, or because you have asked us to take specific steps before entering into a contract, such as responding to your enquiry, providing pricing information, etc.
for our legitimate interests - to review and improve our services.
The legal basis for processing your sensitive personal data (including health data) is that it is necessary for the performance of any contract you have with us, and we do so based on your explicit consent.
Will the personal data be shared with any third parties?
Personal information about our clients is an important part to our business and we do not sell it to others. We only share client information as described in this Privacy Policy.
We employ other companies and individuals to perform certain functions on our behalf. Examples include freelance personal trainers who are authorised representatives of Thrive Fitness and are contracted to deliver services directly to our clients, IT support and email exchange, website hosting, client management software, third party payment processors, third party delivery companies (including Royal Mail), providing marketing assistance and providing debt collection assistance.
We also share personal information where necessary to protect Thrive Fitness, our clients and others. We release account and other personal information when we believe release is appropriate to comply with the law, regulations, court orders, or other legal obligations or to assist in an investigation; enforce or apply our client or other agreements; or protect the rights, property or safety of Thrive Fitness, our clients or others.
We may also share personal information with third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Furthermore, we require all third parties to respect the security of your personal data and to treat it in accordance with contractual restrictions regarding confidentiality and security, this Privacy Policy and as permitted by the UK Data Protection Law.
What about cookies?
A cookie is a small piece of information sent by a web server to a web browser, which enables the server to collect information from the browser. They are used to improve the user experience of a website and collect statistical data about the user’s browsing actions and patterns. They do not identify you as an individual.
Currently, we do not use cookies on our website.
What about links to other websites?
Our website may contain links to other websites that are outside our control and are not covered by this Privacy Policy. If you access other sites using the links provided, the operators of these sites may collect information from you that will be used by them in accordance with their privacy policy, which may differ from ours.
Internet based data transfer
The internet is a global environment, using it to collect and process personal data necessarily involves the transmission of data on an international basis. This means for instance that data you pass to us may be processed outside the European Economic Area, although the data will always be held securely and in line with the requirements of UK Data Protection Law. By communicating electronically with us, you acknowledge and agree to our processing of personal data in this way.
How will the information be used?
Your personal data will, unless you agree otherwise, only be used for the purpose(s) for which it was collected and in accordance with this Privacy Policy and applicable UK Data Protection Law.
We will only use your sensitive personal data for the purposes for which you have given us your explicit consent to do so. For example, we use health data to assess your readiness for physical exercise and to ensure that we deliver safe, appropriate and effective personal training sessions and exercise classes.
We may use your personal data to:
-
enable us to carry out our obligations to you arising from any contract between you and us including the provision by us of services to you and related matter such as billing, accounting and audit, credit or other payment card verification and anti-fraud screening
-
provide you with information, products or services that you request from us
-
provide you with information about products or services we offer that we feel may interest you, provided that they are similar to those which you previously purchased or enquired about from us
-
allow you to participate in interactive features of our services, when you choose to do so
-
notify you about changes to our products or services
-
respond to requests where we have a legal or regulatory obligation to do so
-
check the accuracy of information about you and the quality of the service you have received, as part of any internal audit or part of any claims or litigation process
-
support your doctor, nurse or other healthcare professional
-
assess the quality and/or type of service you have received (including giving you the opportunity to complete customer satisfaction surveys) and any concerns or complaints you may raise, so that these can be properly investigated
-
to conduct and analyse market research
How secure will the personal data be?
We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally data. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you.
Transmitting information via the internet, e-mail, SMS, social media and phone is generally not completely secure, and we can’t guarantee the security of your data. Any data you transmit to us in these ways is at your own risk, and by communicating with us in these ways, you acknowledge and agree to us using them to communicate with you also.
Currently we do not collect personal information via our own website. We use e-mail, SMS and messaging services for the general day-to-day management of client accounts – for activities such as booking sessions, sending out invoices, distributing training programmes and advice, etc. We generally do not share personal information these ways and if we do, we keep it to a minimum and separate it out or use partial names or pseudonyms. Where we need to transmit sensitive information or complete personal data sets such as full contact details, we do so using encryption or offline methods such as delivering in person or via secure post. For example, the transmission of data to our client management system is encrypted and we use end-to-end encrypted messaging services such as WhatsApp.
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access or unlawful processing of personal data and to prevent personal data being lost, destroyed or damaged. This incudes for example adhering to the Cyber Essentials guidelines promoted by the UK government. For more information please go to https://cyberessentials.ncsc.gov.uk
How long will the personal data be stored for?
Any personal data you provide will be held for as long as is necessary having regard to the purpose for which it was collected and in accordance with all applicable UK laws.
For example, if you are client we will store your personal data for as long as you remain so, as the processing of your personal data is necessary to deliver our services to you in accordance with the contract we have with you. Once you are no longer a client we are obliged for legal and tax purposes to retain client personal information for a period of at least six years from the date you cease being a client.
What rights do you, the data subject have?
Currently we only send out marketing information about our services, to those who have made a direct request for such information. However, having made such a request, you have the right to ask us to stop processing your personal information for marketing purposes by sending an email to michel@thrivefitness.co.uk
Currently UK Data Protection Law gives you the right to access personal information held about you. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable admin fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. If you would like to access your personal information, please email michel@thrivefitness.co.uk
You have the right to have the personal data we hold about you corrected if it is factually inaccurate. It is important to understand that this right does not extend to matters of opinion, such as progress tracking. If any of your personal data has changed, especially contact information such as: email address, postal address and phone number please get in touch with your designated personal trainer or email michel@thrivefitness.co.uk
You have the right to request your data to be erased, also known as ‘the right to be forgotten’. If you would like us to erase your information you would first need to request access to it as detailed above, please email michel@thrivefitness.co.uk.
Your right to request data to be erased does not apply if processing is necessary for one of the following reasons:
-
to continue to deliver our services to you, under the contractual obligations we have with you;
-
to exercise the right of freedom of expression and information;
-
to comply with a legal obligation – such as those detailed above;
-
for the performance of a task carried out in the public interest or in the exercise of official authority;
-
for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or
-
for the establishment, exercise or defence of legal claims.
Notices and revisions
If you have any concern about privacy at Thrive fitness, please e-mail michel@thrivefitness.co.uk with a thorough description and we will try to resolve the issue for you.
If you are not satisfied with how we handle your request, you can contact the Information Commissioner’s Office on 0303 123 1113 or visit their website https://ico.org.uk
Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.
Contact
If you have any questions in relation to our privacy policy, please email michel@thrivefitness.co.uk.