Policy key definitions:
“I”, “our”, “us”, or “we” refer to the business, Potential Personal Training.
“you”, “the user” refer to the person(s) using this website.
GDPR means General Data Protection Act.
PECR means Privacy & Electronic Communications Regulation.
ICO means Information Commissioner’s Office.
Cookies mean small files stored on a users computer or device.
PROCESSING OF YOUR PERSONAL DATA
We promise to follow the following data protection principles:
Personal information must be fairly and lawfully processed
Personal information must be processed for limited purposes
Personal information must be adequate, relevant and not excessive
Personal information must be accurate and up to date
Personal information must not be kept for longer than is necessary
Personal information must be processed in line with the data subjects’ rights
Personal information must be secure
Personal information must not be transferred to other countries without adequate protection
YOUR INDIVIDUAL RIGHTS
Under the GDPR your rights are as follows:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.
You also have the right to complain to the ICO (www.ico.org.uk) if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.
DATA WE GATHER
Information you have provided us with
When a visitor requests information from this website using our enquiry form, we collect their name, email address, optionally their phone number and non-personally identifiable information about the request which includes the IP address of the computer making the request and the time and date of the request.
When a visitor enters a job application on this website, we collect their name, email address, their phone number, optionally their address, application details and non-personally identifiable information about the request which includes the IP address of the computer making the request and the time and date of the request.
When a visitor books a free consultation or subscribes to receive a free ebook, magazine or report, we collect data that may include their name, email address, phone number, address and non-personally identifiable information about the request which includes the IP address of the computer making the request and the time and date of the subscription.
Visitors are able to register as members on the website. When they do so we collect their name, phone number, email address and non-personally identifiable information about the request which includes the IP address of the computer making the request and the time and date of the request. We also register new members to our services on their behalf. We track when member logs in and the IP address of the computer making the request. Members are allowed to access their account and add their address if they wish.
Information automatically collected about you
When a visitor accesses this website, we automatically collect certain non-personally identifiable information about the request. This information is stored by cookies and other session tools. This information includes the IP address of the computer making the request and the time and date of the request, the type of web browser being used, and, sometimes, the page from which the visitor is coming. The information does not contain the visitor’s name or email address.
HOW WE USE YOUR PERSONAL DATA
We use your Personal Data in order to:
answer any queries and questions that you may have.
provide our services to you. This includes for example registering your account; providing you with other products and services that you have requested; providing you with promotional items at your request and communicating with you in relation to those products and services; communicating and interacting with you and notifying you of changes to any services.
Enhance your customer experience.
Fulfil an obligation under law or contract.
We use the following lawful bases in order to process your personal data:
You explicitly give your consent to a specific kind of processing of your personal information.
With your consent we process your personal data:
To answer any specific queries or questions
To send out newsletters with information on our services, products and promotions
For other purposes we have asked your consent for
You can at any time request that your personal information is deleted.
We will continue to process your information until you withdraw consent or it is determined your consent no longer exists.
Your personal data under the consent lawful basis is not shared with any third parties.
On the basis of contractual necessity, we process your personal data for the following purposes:
Manage your membership account with us
Process your orders or bookings
Send you information about your account, orders and bookings
Respond to your requests, including refunds and complaints
Process payments and prevent fraud – through a 3rd party payment gateways (see below for Data shared with other parties),
We keep your information while you are our customer and afterwards for a variety of reasons. We will only keep it for as long as we need to. If you have an account you have direct access in order to manage your data.
The processing of the personal data is a legitimate, expected behaviour of a business.
On the basis of legitimate interest we process your personal data for the following purposes:
To improve our service, membership and store offerings
To administer and analyse our client base (purchasing behaviour and history) in order to improve the quality, variety, and availability of products / services offered/provided
To conduct questionnaires concerning client satisfaction
As long as you have not informed us otherwise, we consider offering you products/services that are similar or same to your purchasing history/browsing behaviour to be our legitimate interest.
The processing of the personal data is required for legal reasons (e.g., accounting and tax purposes).
On the basis of legal obligation we process your personal data on the basis in order to fulfil obligation rising from law and/or use your Personal Data for options provided by law.
We reserve the right to anonymise personal data gathered and to use any such data. We will use data outside the scope of this Policy only when it is anonymised.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 7 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.
We might process your personal Data for additional purposes that are not mentioned here, but are compatible with the original purpose for which the data was gathered. To do this, we will ensure that:
The link between purposes, context and nature of Personal Data is suitable for further processing
The further processing would not harm your interests and
There would be appropriate safeguard for processing
We will inform you of any further processing and purposes.
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
We do not intend to collect or knowingly collect information from children. We do not target children with our services.
COOKIES WE USE
DATA SECURITY AND PROTECTION
We do our best to keep your personal data safe. We use safe protocols for communication and transferring data (such as HTTPS). We use anonymising and pseudonymising where suitable. We monitor our systems for possible vulnerabilities and attacks.
Even though we try our best we can not guarantee the security of information. However, we promise to notify suitable authorities of data breaches. We will also notify you if there is a threat to your rights or interests. We will do everything we reasonably can to prevent security breaches and to assist authorities should any breaches occur.
If you have an account with us, note that you have to keep your username and password secret.
LINKS TO OTHER WEBSITES
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
TRANSPARENT PRIVACY EXPLANATIONS
We have provided some further explanations about user privacy and the way we use this website to help promote a transparent and honest user privacy methodology.
Social Media Platforms
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
Email marketing messages & subscription
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the “Processing of your personal data” above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.
Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See the footer of any marketing messages for instructions on how to unsubscribe or manage your preferences.
Our EMS provider is ActiveCampaign. We hold the following information about you within our EMS system:
Subscription time & date
EveryBody Fit, Rear of Derby House, Lytham Road, Fulwood, Preston, PR2 8JE,
send an email to: email@example.com or call us on: 01772 379125.