Privacy and Cookies Policy
OF
BRETT JAMES FITNESS LIMITED (T/A FITNESS LAB SOHO)
GROW FITNESS LIMITED (T/A FITNESS LAB FITZROVIA)
FL MAYFAIR LIMITED (T/A FITNESS LAB MAYFAIR)
Last updated: 14th October 2023
Where applicable, this Privacy Policy (“Policy“) should be read together with the Fitness Lab Terms of Service which can be found at https://fitnesslab.fit/terms-conditions/. The defined terms included in the Fitness Lab Terms of Service shall have the same meaning as the defined terms in this Policy.
1. Introduction
This Policy applies to personal information held about our customers, suppliers and prospective suppliers, people who visit our website, and anyone else whose personal information we hold (“you”, “your”) when using our Services.
In this Policy, references, to “Company”, “we”, “us” or “our” means Brett James Fitness Limited (trading as Fitness Lab Soho), Grow Fitness Limited (trading as Fitness Lab Fitzrovia) and FL Mayfair Limited (trading as Fitness Lab Mayfair) (together, “Fitness Lab”). We respect your privacy and are committed to treating any information that we obtain about you with as much care as possible and in a manner that is compliant with all applicable data protection legislation including the Data Protection Act 2018 and the UK General Data Protection Regulation (“GDPR”) and any applicable national laws in relation to data protection and privacy (collectively, “Data Protection Legislation”). This Policy deals with where we are acting as a ‘data controller’ under the Data Protection Legislation: which essentially means where we are responsible for deciding what personal information we collect and how we use it.
This Policy explains:
- what personal data we may collect about you in connection with: (i) providing you with our goods and Services; (ii) your online interaction with us (including via our website(s), email or social media channels); (iii) our in-person interactions with you; and (iv) any other channels related or ancillary to the foregoing including any other communications sent by us or our employees to you (collectively, the “Channels“);
- how we collect, store, disclose, transfer, protect and otherwise process that information and for what purposes; and
- other important information, such as the lawful bases by which we process your personal data, how long we might retain your personal data, the rights you have in relation to personal data we hold about you, and how we use “cookies” and other technologies on our website.
This policy supplements (and its terms apply in addition to) any other terms of use or other terms and conditions agreed between you and the Company from time to time.
This Policy is intended to be communicated to you in a concise, transparent, intelligible, and easily accessible manner, but we appreciate that you may have queries or want to seek clarification as to its terms. If so, please contact us using the details available on our website.
The Company reserves the right to make changes to this Policy in order to reflect any changes in Data Protection Legislation and best practice from time to time. The Company will endeavour to notify you of such changes but you are advised to check for an updated version of this Policy each time you interact with us through the Channels.
If you require any further information, or wish to contact us about this Policy and how we collect and process your personal information, our full contact details are below:
Address: 12 Copper Works Apartments, 57 Blackhorse Road, London, United Kingdom, E17 7FN
Email: hello@fitnesslab.fit
Telephone: 020 3494 4200
2. What information do we collect about you?
- 2.1. The information we hold about you will depend on our relationship with you. Typically, this may include the following:
Customers |
We will collect information about you to enable you to receive our Services, to improve the Services we provide and for marketing. This includes:
|
Website users |
During the course of providing you with access to our website and other services, we sometimes need to collect information about you and your use of our website and other services. Where possible, unique identifiers are anonymised and at no time do we attempt to identify you as an individual. Where any such data can identify you, we process that data in accordance with the privacy terms set out in this Policy. Information we collect may include:
Our website does not collect precise real-time location information about your device. |
People we work with |
We collect personal data directly from individuals we work with. We collect personal data from their employers or the organisations they represent. We also collect personal data relating to people we work with from other organisations we work with. The personal data we collect relating to people we work with includes:
Our website does not collect precise real-time location information about your device. |
Suppliers |
We will collect contact information so that we can manage our relationship with you (unless you liaise with us via a third party), and bank account details (to enable payment for services). When you provide services to us, we may collect other information from you which is relevant to the provision of those services.. |
3. How we collect information about you
- 3.1. We will collect this information in a variety of ways depending on how we interact with you.
Direct interactions |
You may give us your identity, contact details or other information by filling in online forms on our website or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
|
Automated technologies or interactions |
As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, pixels, server logs, and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies. |
Third parties or publicly available sources |
We may receive personal data about you from various third parties and public sources as set out below:
|
4. How we will use your information
- 4.1. Any personally identifiable information that you give to us will only be used for the purpose(s) for which it was supplied. In addition to any other purposes we tell you about from time to time, we may use the personal data described above to:
- personalise content on the Channels;
- send you promotional and marketing materials (where you have provided your consent), notifications, updates and news;
- provide and manage our Services;
- use internally for our business purposes (such as administration and training);
- respond to any correspondence from you – including enquiries, comments and complaints;
- administer any polls, services, questionnaires, contests or special events which you express an interest in from time to time;
- record your purchase and workout history and generally administering your account with us;
- carry out market research; and
- carry out other business activities in circumstances where you have, or ought reasonably to have, an expectation that we will process your personal data for a particular purpose (including as may be provided for in our Terms of Service or other agreement between us).
- 4.2. Automatically gathered information is used to enable us to provide you with a better service by helping us to understand how our website is used and by reporting any technical problems to us (anonymously).
5. Usage reporting (analytics)
- 5.1. To better understand how our website and services are used, we may use the services of another company to provide us with anonymous statistical information about your use of our website. Anonymous information is not covered by the Data Protection Legislation.
- 5.2. Our website uses Google Analytics. If you are not happy for to be included in their reporting, please do not use our website until we have a solution to allow you to opt-out. For information about how Google treats your information please visit their Privacy Policy.
6. Legal basis for processing
- 6.1. Your consent
- 6.1.1. By accepting the terms of this Policy, you give the Company your express, freely given consent to process any of your personal data in accordance with the terms of this Policy.
- 6.1.2. In relation to any processing of ‘special categories’ of personal information (including in particular relating to your health and fitness) we will generally rely on obtaining specific consent from you unless there is a legal requirement or other justification for processing that information.
- 6.1.3. You may withdraw your consent given under this paragraph (in whole or in part) at any time by contacting us at the details above. You can also unsubscribe from different types of emails by following the unsubscribe link displayed at the bottom of each email (if and as applicable). The withdrawal of your consent shall not affect the lawfulness of processing based on consent before withdrawal or the lawfulness of processing based on other lawful grounds as set out below.
- 6.2. Other lawful grounds
- 6.2.1. Without prejudice to the consent given by you under paragraph 1 above, the Company may process your personal data in any circumstances where such processing is necessary:
- in order to perform any agreement between us (including pursuant to our Terms of Service or for us to provide you with goods or services you have requested);
- to comply with any applicable law or regulation; or
- for the purposes of the legitimate interests pursued by us or third parties. These legitimate interests include the purposes outlined in this Policy but also include other general commercial interests and internal administrative purposes.
- to provide feedback information concerning your health, wellbeing and physical performance to an insurance company which has referred you to us for training and which is paying the cost of such training.
- 6.2.1. Without prejudice to the consent given by you under paragraph 1 above, the Company may process your personal data in any circumstances where such processing is necessary:
7. What if you refuse to provide us with any personal data?
- 7.1. Where we need to collect personal data by law, or under the terms of an agreement we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
- 7.2. Whilst we may be able to provide you with certain products and services notwithstanding your refusal to submit personal data, this may limit your ability to participate in some activities or features or your use of certain services.
- 7.3. We may lawfully obtain information from third parties or public sources and we may process that information where it is an essential component of the products and services we offer you.
8. Information we may share
- 8.1. We may share personal data with our group companies and partnered companies (if any) from time to time (together, “Affiliates“) in order to provide our goods and services to you and for the other purposes outlined in this Policy.
- 8.2. From time to time, we will also need to share personal data with the following types of third party service providers who we engage to provide services which facilitate our business and who may need to process your personal data to the extent necessary to provide those services:
- email service providers such as Mailchimp;
- workout, training and health service providers such as Trainerize;
- scheduling and appointment system providers such as Acuity Scheduling;
- payment processors such as Stripe;
- accounting software providers such as Xero Accounting;
- other third parties approved by you, such as social media sites which you link to your account or share content via or third parties who administer any competitions or surveys on our behalf which you voluntarily partake in; and
- any similar or replacement third parties from time to time.
- 8.3. We seek to ensure that any third party engaged by us who processes your personal data has policies and procedures in place to ensure compliance with the Data Protection Legislation. For any third parties that are based, or process data, overseas, we only engage such third parties in accordance with paragraph 10. Unless otherwise disclosed to you from time to time, we will remain the data controller in respect of your personal data notwithstanding that third parties may be engaged as data processors.
- 8.4. We may share your personal information with third parties where we are required to do so by law or regulation (such as in connection with an investigation of fraud or other legal enquiry) or in connection with other legal proceedings (including where we believe that your actions violate applicable laws, our Terms of Service or any usage guidelines for specific products or services, or threaten the rights, property, or safety of our Company, our users, or others.
9. Third party platforms
- 9.1. We may provide you with access to third party platforms (including Trainerize) or communicate with you via third party messaging platforms (including WhatsApp). While we try to use third party platforms that share our high standards and respect for privacy, we are not responsible for the content, security or privacy practices employed by third parties. Once you use or access a third party platform, you are subject to that platform’s terms and conditions, which will be available on its website, including but not limited to, its privacy policy and practices. Please carefully review these policies before you submit any data to these platforms.
10. Transferring your information outside Europe and the UK
- 10.1. In some circumstances, it may be necessary to transfer your information internationally. In particular your information may be transferred to and/or stored on the servers of our Affiliates or other third parties identified in paragraph 8 which are based outside of the UK and the European Economic Area (EEA).
- 10.2. However, we will not transfer your personal data outside of the UK or EEA unless:
- such transfer is to a country or jurisdiction which the UK Secretary of State or the European Commission (as appropriate) has approved as having an adequate level of protection;
- appropriate safeguards are in place as set out in applicable Data Protection Legislation; or
- the transfer is otherwise allowed by applicable Data Protection Legislation (including where we have your consent or the transfer is necessary for the performance of a contract with you).
11. Information shared by you
- 11.1. When you use our website and related services, we may invite you to share content via email or via a social network. If you choose to share content then please be aware that the privacy and cookies policies of such third party sites govern the information you submit to them and we encourage you to read them.
12. How long will we keep your information?
- 12.1. We will hold your personal information on our systems for as long as required to provide you the service you have requested. You may unsubscribe from a service whenever you choose; for example, if you registered to receive newsletters then you may unsubscribe by following the link provided in our emails. If you cease to use our services, we will delete the personal data from our booking system, Trainerize and any other systems where we may hold sensitive health data.
- 12.2. For as long as we do store your data, the Company follows generally accepted industry standards and maintains reasonable safeguards (in each case which are proportionate to the size and nature of our business) to attempt to ensure the security, integrity, and privacy of the information you have provided. The Company has security measures in place designed to protect against the loss, misuse, and alteration of the information under our control.
- 12.3. Notwithstanding our efforts to keep your personal data secure, no system can be 100% reliable. To the fullest extent permitted by law, we cannot be held liable for any loss you may suffer if a third party procures unauthorised access to any data you provide through the Channels. In addition, you are responsible for maintaining the strength and confidentiality of your login credentials.
- 12.4. We will notify you as soon as reasonably practicable if we have reason to believe that there has been a personal data breach by us (or your personal data held by us) which could adversely affect your rights and freedoms.
- 12.5. If you opt out from marketing, we will retain your information to enable us to respect your wishes to not be contacted for marketing purposes.
13. Your rights
- 13.1. Under the GDPR and subject to any conditions or requirements set out in the relevant Data Protection Legislation, you have the following rights in relation to the personal data we hold about you:
- the right to request a copy of your personal data held by us;
- the right to correct any inaccurate or incomplete personal data held by us;
- the right to request that we erase the personal data we hold about you;
- the right to request that we restrict the processing of your data;
- the right to have your personal data transferred to another organisation;
- the right to object to certain types of processing of your personal data by us; and
- the right to complain (please see paragraph 13 of this Policy).
- 13.2. Please note that these rights are not absolute – in some cases they will not apply to you, or to the particular use that we are making of your data, and there are exceptions (for example if we have to process the data to comply with our own legal obligations) but if that is the case we will let you know if you make a request that we believe we cannot comply with.
- 13.3. Any request from you for access to or a copy of your personal data must be in writing and we will endeavour to respond within a reasonable period and in any event within one month in compliance with data protection legislation. We will comply with our legal obligations as regards your rights as a data subject.
- 13.4. We aim to ensure that the information we hold about you is accurate at all times. To assist us in ensuring that your information is up to date, do let us know if any of your personal details change at the following email address:
15. Questions and complaints
- 15.1. For all questions or complaints about this Policy, we would appreciate the chance to deal with your concerns before you approach the relevant data protection authority. Please contact us in the first instance using the contact details on our website. If you are not located in the European Union, please indicate that in your communication.
- 15.2. You have the right to make a complaint at any time to the relevant supervisory authority for data protection issues, which in the UK is the Information Commissioner’s Office (ICO) (ico.org.uk) via their helpline on 0303 123 1113.