When we use the words 'we', 'our', or 'us' in this policy, we are referring to Sculpt Fitness Studio. When we use the words ‘you’ or 'your' in this policy, we are referring to our clients, employees, self-employed trainers, job applicants, partners and suppliers.
What is ‘personal data’?
The General Data Protection Regulation (GDPR) is an EU Regulation (2016/679), defining personal data as ‘any information relating to an identifiable person who can be directly or indirectly identified, in particular by reference to an identifier’. This means any information that can identify who a person is.
As a controller of your personal data, we will take steps to keep your information safe and secure.
Who we collect information from
We collect personal information from:
Employees, Self-employed trainers or Job Applicants
Partners and Suppliers
Information we collect or receive about you
When you register for any membership with us, use our website, apply for a position within our firm, or provide services to us, we may collect and process the following types of information:
Members of our studio
Full name, postal address, date of birth, email address, contact telephone numbers, financial information i.e. credit/debit card details, interests and contact preferences
Employees, self-employed trainers or job applicants
Full name, postal address, date of birth, email address, contact telephone numbers, employer reference, bank details, NI number, copy passport, medical information
Partners and Suppliers
Company name, postal address, contact telephone numbers, email address, company status, financial information, credit information, directorship details, industry, profession
Special categories of personal data
When we are collecting and/or receiving personal information, this may include “sensitive” data such as health information. We will only use it for the specific purposes set out in this policy and treat it securely. This type of “sensitive data” is typically collected for our own insurance purposes and to ensure you are well enough to use the facilities. It is also typically collected during employment for specific reasons which employees will have been informed of (or will be informed).
How information is collected
We may collect and/or receive personal information from several channels, such as:
Completing registration forms to join our studio
Completing health questionnaires before using our services
When visiting our website and registering online
When booking classes
When emailing, texting or writing to us
When visiting us in person
During telephone calls
Via social networks
From recruitment agencies and online job sites
From CVs and interview notes when applying for a position
Through pre-employment checks (such as credit reference agencies, previous employer references, fraud prevention agencies)
Through employee performance reviews, disciplinary and grievance matters
Through return to work interviews, from GP reports and occupational therapists
We will continue to take steps in ensuring personal data collected, processed, and held by us is kept accurate and up-to-date and checked at annually.
Who we may share your information with
We may share information with third party providers, such as Mindbody, an online business management software portal and booking system; Wix.Com, who host our website and provide survey and marketing services; our self-employed trainers and other organisations we work with; past and future employers for reference purposes; third-party companies offering employee benefits; legal representatives.
How we use your personal information
Personal data will always have a lawful basis, either because:
It’s necessary for our performance of a contract or service with you, or;
We have received consent from you to use your personal data for one or more specific reasons, or;
We have a legal obligation to process data; or
It’s in our legitimate business interests to use it
Specifically, we will use information we hold about you in the following ways:
Members of our studio
Using service providers to support our business so that they can provide services to us and/or to you on our behalf (contractual obligations)
Shared with independent self-employed trainers for them to contact you to inform you of personal training services which they would like to offer you (we would ask for your consent)
Investigating complaints (we have a legal obligation)
Employees, self-employed trainers or job applicant
Due to the employment relationship between you and us (contractual obligations)
To collect data as part of your employment with us (legal obligations)
Sharing subjective data with medical professionals as part of attendance monitoring and used to assess the health, wellbeing, and welfare of employees and to highlight any issues which may require further investigation. Understanding disabilities to facilitate adaptations in the workplace, and/or to ensuring special needs are catered for at interview or selection testing. Sharing with government agencies when assessing the suitability of certain types of employment (we would ask for your consent)
Partners and suppliers
To perform and receive services stated in our agreement with the data subject (contractual obligations)
To comply with our legal obligations
Compiling statistics about the use of our site including data on traffic, usage patterns, user numbers, sales, and other information and assessing how well a particular industry sector is working (it's in our legitimate interests)
How your personal information is protected
Your personal data may be transferred abroad for any of the purposes explained in this policy and such transfer may be to a country outside of the EEA. We make every effort to ensure that any personal information and transactions you provide us with are kept secure. All credit card numbers and transactions are encrypted using Secure Socket Layer (SSL) encryption. Our MindBody payment portal server may be hosted outside of the EEA boundaries, however they take appropriate measures to ensure the server is secure. Mindbody complies with the Privacy Shield Principles for all onward transfers of personal data from the EU. They have been been assessed by TRUSTe for compliance with Enterprise Privacy Certification. Wix.com host our website and they participate in, and has certified its compliance with, the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.
Please be aware that, although we endeavour to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.
Personal data transmitted over unsecured networks is not permitted in any circumstances
All personal data to be transferred physically, whether in hardcopy form or on removable electronic media shall be transferred in a suitable container marked “confidential”
All electronic copies of personal data should be stored securely using passwords and data encryption
All hardcopies of personal data, along with any electronic copies stored on physical, removable media should be stored securely in a locked box, drawer, cabinet, or similar
Personal data will not be stored on any mobile device without the formal written approval of the Data Protection Officer, and for no longer than is necessary
Personal data will not be transferred to any device personally belonging to an employee or self-employed trainer
We require our Partners and Suppliers to ensure they keep up with safeguarding data and comply with all the required laws
Although we endeavour to provide standard security measures for information we process and maintain, no security system can prevent all potential security breaches.
How long we keep your personal information for
We won’t keep personal data for any longer than is necessary to fulfil the contractual obligation and will only keep it for longer when it is required by law.
If our business ownership changes
Rights you have regarding your personal data
You have the right to ask for a copy of personal information we hold about you or ask for your information to be corrected. You can ask us to delete the information we hold about you, prevent us from processing your information and object to us processing your information (withdraw consent). Please note, these rights may not apply where our basis for processing is by legal or contractual obligations.
For further information about a data subject’s rights, or if these rights wish to be exercised, our contact details are shown below:
For the attention of: Data Protection Officer
Phone: 07889 966106
Address: Sculpt Fitness Studios, Biddenham Country Park Sports Centre, Great Ouse Way, Biddenham, Bedford, MK40 4WG, or email:
Information on how to control data
We want to ensure that you can control our use of your data for direct marketing purposes. You will have the option to opt-out of receiving emails by using the unsubscribe links, or by contacting us by email, in writing or by phone. You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”).
These may help with preventing unsolicited marketing. Please note that these services will not prevent you from receiving marketing communications that you have consented to receiving.
How to complain
If you feel unhappy with the way we have handled your personal information, please give us the opportunity to put matters right and contact us: - Data Protection Officer, Sculpt Fitness Studios, Biddenham Country Park Sports Centre, Great Ouse Way, Biddenham, Bedford, MK40 4WG, or phone: 07889 966106 or email: email@example.com.
If you cannot settle your complaint with us, you can to refer the matter to the Information Commissioners Office at: - Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or call:
0303 123 1113.