This privacy notice explains what personal data (information) we hold about you, how we collect it and how we may use and share information about our customers who train with us. We are required to notify you of this information under applicable Data Protection laws including the General Data Protection Regulation (GDPR).
Please ensure you read this notice (sometimes referred to as a “Privacy Notice”) and any other similar notice we may provide to you from time to time when we collect or process personal information about you. This privacy notice contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and how to contact us and supervisory authorities in the event you have a complaint.
1. Who we are
Corps Fitness, Corps Fitness Stevenage and Corps Fitness Buntingford is part of the
ALL Heart WMS Limited group of companies.
ALL Heart WMS Limited will be a data controller of any personal data it collects, holds and processes about you and we may share this information with other parts of the ALL Heart WMS Limited group. Where this occurs, they will also become a data controller in respect of that personal data and this Privacy Notice will also apply to the processing they undertake.
The data controller is referred to as “we” or “us” in this notice.
2. the types of personal information we collect and use
In the course of our role as health and fitness provider we collect the following personal information when you provide it to us:
· Full name and personal details including contact information (e.g. correspondence address, email address, home and mobile telephone numbers) and your date of birth;
· Bank account details;
· Family, lifestyle or social circumstances if relevant (e.g. to enable us to provide you with health and fitness advice)
· Names and contact details for your emergency contacts;
Additionally, we may also collect and process ‘Special categories of personal data’ such as:
· Your health
The provision of this information is required from you to enable us to provide you with health and fitness training in accordance with our agreement and to keep you safe. You are under no obligation to provide this information to us but if you choose not to it may affect our ability to fully provide you with services and may lead to the cessation of our agreement (if, for example, we are unable to process payment of our services).
We will inform you at the point of collecting information from you, whether you are required to provide the information to us or whether the data is optional.
3. How we use your personal information
We will typically collect and use this information as necessary, to deliver health and fitness training, as agreed. We have a legitimate interest in processing personal data during the period of the agreement and for keeping records of the process. This is the lawful basis under which we are collecting and using the information.
We need to process your personal information to manage and perform the terms of the agreement. We also need to use your personal information to contact you in relation to payment of our services and we process your bank account details to set up a direct debit facility.
We may process special categories of data, such as information about your health and fitness levels. This information is necessary to enable us to keep you safe whilst you exercise and to provide you with adjustments to exercises where necessary, to avoid the risk of harm.
We seek to ensure that our information collection and processing is always proportionate. We will notify you of any material changes to information we collect or to the purposes for which we collect and process it.
Subject to applicable laws, we will monitor emails and other communications in relation to our dealings with you. We will do this for self-regulatory practices and to see a record of what’s been said or written.
4. Who we share your personal information with
Subject to applicable data protection law we may share your personal information with the following:
· ALL Heart WMS Limited group companies;
· In an emergency or to otherwise protect your vital interests;
· Service providers to help us process your direct debit payments (e.g. Go Cardless)
· Anyone else where you have provided your consent or as required by law
This data sharing enables us to perform our agreement as health and fitness provider. The level of information we share will be proportionate, for example we would not share information on your health with a service provider who is administering direct debit payments.
Some of those third party recipients may be based outside the European Economic Area — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’ below.
We will not share your personal information with any other third party.
5. WHERE YOUR personal INFORMATION MAY BE HELD
Information may be held at our head offices and those of our service providers as described above.
We take security of your personal data very seriously and have measures in place to seek to ensure that there is appropriate security for information we hold.
Where information is shared with a third party we will ensure appropriate safeguards are in place for the safe transfer of information.
6. How long your personal information will be kept
We will hold personal data for the period that you have an active agreement with us. We will continue to retain relevant data for a period of 6 years in accordance with legal requirements. At the end of that period your data will be securely deleted or destroyed.
Bank account details will be deleted following the termination of the agreement and within 30 days of your final payment for our services.
7. Transfer of your information out of the EEA
We may transfer your personal information to service providers which are located outside the European Economic Area (EEA).
Different countries have different data protection and security laws and some of these do not offer the same data protection laws as the United Kingdom and EEA. Whilst the European Commission has not given a formal decision that such countries provide an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal information will be subject to suitable safeguards.
When we appoint service providers to help us provide services to you we take care to ensure that they have appropriate security measures in place. We will otherwise not transfer your personal data outside of the EEA.
If you would like further information please contact us (see ‘How to contact us’ below).
8. Your rights
Under the General Data Protection Regulation you have a number of important rights as follows:
· The right to be informed about our collection and processing of your personal data;
· The right to request access to the personal information we hold about you;
· The right to have your personal information corrected if it’s inaccurate;
· The right to have your personal information erased (known as ‘the right to be forgotten’);
· The right to restrict processing of your personal information;
· The right to object to processing of your personal information for a particular purpose;
· The right to move, copy or transfer your personal information (known as ‘data portability’);
· Rights in relation to decisions being taken by automated means
For further information on each of those rights, including the circumstances in which they apply, can be obtained from the Information Commissioner’s Office: www.ico.org.uk
9. Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
10. HOW TO CONTACT US
If you would like further information in relation to this Privacy Notice and how we handle your personal information please email us at email@example.com .
11. How to complain
We hope that we can resolve any query or concern you raise about our use of your information. If, however you are unhappy with the outcome of your requests to exercise your rights or are concerned about how we have handled your personal data then please let us know.
The General Data Protection Regulation also gives you the right to make a complaint to the supervisory body; the Information Commissioner’s Office.
12. Changes to this privacy notice
This privacy notice was published May 2018. We may change this privacy notice from time to time and when we do we will inform you.
13. Do you need extra help?
If you require any further information about how we collect and hold your personal information or you wish to make a request to exercise any of your rights under applicable Data Protection Laws please contact us. (Further information can be found in the ‘How to contact us’ section above).