Who are we?
Name: Mary Huckle
Trading As: Breakthrough Fitness
Email address for official notice: [email protected]
Postal address: 76 Alberta Road, Enfield EN1 1JB
Website address is: https://www.breakthroughfitness.co.uk
Words with specific meanings
In this Policy, there are words and phrases that have a specific meaning or that we are using in a special way. They are:
“personal data” – any information about an identifiable living human being.
“process”- as we “process” your personal data when we do anything with it, which might include: collecting, recording, organising, storing, adapting, altering, retrieving, using, combining, disclosing, or deleting it.
“special category data” – personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life or sexual orientation, health, genetic or biometric data.
What information do we collect about you?
We collect information about you when you register with us on our booking system, send us an email or make contact via our website. We also collect information when you voluntarily complete customer surveys, provide feedback and participate in competitions. Website usage information is collected using cookies.
Information we collect may include:
- Postal Address
- Telephone Number
- Email address
- Date of Birth
- Technical data including IP address, web browser and email system.
- Marketing preferences
- Attendance history
How do we use your personal data?
Most of the information we process comes from you. We process it so we can reply to you, and when you contact us again we know what you asked before, what you were sent, and what you told us.
If you sign up to a newsletter list, you will be sent what you asked for. We normally operate ‘double opt-in’ lists and you will need to reconfirm your subscription before anything is sent. You can unsubscribe at any time by clicking the unsubscribe button on any email.
You are not automatically subscribed to any other lists, but may be invited to join an appropriate one.
If we email you individually using our own email system, or respond to an email sent to us at any of our business email addresses, a copy of that email will also be stored.
If you make an enquiry via our website, we will keep details of that enquiry and response for our data retention period.
Special Category Data: Health
For us to process special category data, we need to comply with a special condition under Article 9(2) of the GDPR which is that you have given explicit consent to the processing of those personal data.
We require this health data so that we may teach and train you safely.
To obtain your explicit consent, you will be asked to complete a section on our consultation form or booking form via our booking system or handed to you in person.
Financial and credit card details
We do not receive or store your credit card details. Credit card payments are handled by an external secure processor in accordance with their data security policies (see below).
We receive limited information from our processor for us to tie up your payment with your invoice.
If you pay us by BACS or direct transfer, we know only what the bank tells us, which is usually the name of the person who paid us and how much and the reference number.
We do not routinely keep credit scores nor use credit reference agencies.
Data sharing – 3rd parties
We do not sell or exchange your personal data with organisations who may want to sell you something or use your data for research or other purposes.
We use software platforms we use to run our business.
We use Google Analytics to collect and store information around each user’s session who visits our website. This information is all anonymous and it is not possible to personally identify people or repeat visitors from Google Analytics. You can read more about their Terms and Conditions here.
We use Cognito Forms to collect and store information around each user who fills in one of our Physical Activity Readiness Questionnaires. This saves the information they actively give us into the Cognito system. This also allows us to use the information to personalise our services.
You can read more about their Terms and Conditions here.
We may outsource work our own business, which may include to Virtual Assistants, Web Designers, IT support, Sales and Marketing, Accounting and more. They have limited access to your data, where the service they provide to us means they need it.
For example, if our Virtual Assistant is producing a newsletter, they may need access to our email lists to ensure it goes to the correct people. For example, if we invoice you, our Accountant needs to process the information in the invoice.
Your information/advice is held in the strictest confidence.
Where is your data located?
We use various online websites to carry out our services (see above). This means that some of your data may be held in the EU and some may be held on servers in the USA (with suitable data privacy shields) or elsewhere. By submitting your personal data, you agree to this transfer, storing or processing.
If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
We need to keep customer information long enough to satisfy HMRC which is currently 6 years. We need to keep client personal data to satisfy our insurance requirements, which is currently 7 years. We keep information on prospective customers long enough to make our sales enquiry system effective.
If you subscribed to our newsletter via Mailchimp, you will remain on the list until you unsubscribe from that list.
Access to your information
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email or write to us. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate. We may not be able to remove all data as we will have to ensure that we can continue to comply with legal, accounting, taxation and our insurer’s requirements.
If you have a complaint about the way we are handling your information or how we have responded to a request for information or removal, you can take this up in the first instance by emailing us at the email address set out above.
If we can’t sort it out, the relevant supervisory authority for us is the Information Commissioner for the UK. You can contact them here.
Review of this Policy
We keep this Policy under regular review. This Policy was last updated in May 2018.