Privacy Policy for IronThistle Fitness
At IronThistle Fitness, we are committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and protect your information when you engage with our services, including one-on-one personal training, group fitness classes, nutritional coaching, rehabilitation exercise programs, online training sessions, and corporate wellness programs.
IronThistle Fitness is located at 315 Heatherfield Road, Suite 4B, Edinburgh, EH12 7BA, United Kingdom.
Information We Collect
We collect various types of information to provide and improve our services to you.
- Personal Identifiable Information (PII): This includes information you provide directly to us when you sign up for services, complete health questionnaires, set up an account, or communicate with us. This may include your name, address, email address, phone number, date of birth, and payment information.
- Health and Fitness Information: To provide personalized training and coaching, we may collect information about your health status, fitness goals, medical history, physical activity levels, dietary habits, and progress. This is considered sensitive personal data and is handled with utmost care.
- Usage Data: When you access our online platforms or use our services, we may automatically collect certain information, such as your IP address, browser type, operating system, referring URLs, pages viewed, and the dates/times of your visits.
- Communication Data: Records of communications with us, including emails, phone calls, or messages through our platforms.
How We Use Your Information
We use the information we collect for various purposes, including:
- Service Delivery: To provide and manage our personal training, group fitness classes, nutritional coaching, rehabilitation exercise programs, and online training sessions. This includes creating personalized workout plans, tracking progress, and offering tailored advice.
- Communication: To communicate with you about your services, appointments, updates, and to respond to your inquiries.
- Billing and Payments: To process payments for the services you purchase.
- Improvement of Services: To understand how our services are used, analyze trends, personalize your experience, and develop new features and offerings.
- Legal Compliance: To comply with applicable laws, regulations, and legal processes.
- Security: To protect our legitimate business interests and legal rights, including fraud prevention and network security.
Legal Basis for Processing (GDPR)
For individuals in the European Economic Area (EEA) and the UK, we process your personal data based on the following legal grounds:
- Contractual Necessity: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract (e.g., providing personal training services).
- Legitimate Interests: Processing for our legitimate interests, provided these do not override your fundamental rights and freedoms (e.g., improving our services, preventing fraud, direct marketing of similar services).
- Consent: Where required by law, particularly for sensitive personal data (e.g., health information), we will obtain explicit consent from you. You have the right to withdraw your consent at any time.
- Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.
- Vital Interests: Rarely, to protect your vital interests or those of another person.
Data Sharing and Disclosure
We do not sell your personal information to third parties. We may share your information in the following circumstances:
- Service Providers: We may engage trusted third-party service providers to perform functions and provide services to us, such as payment processing, IT support, online training platforms, and analytics. These providers are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
- Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).
- Business Transfers: In the event of a merger, acquisition, or asset sale, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information.
- With Your Consent: We may share your information with your explicit consent for any purpose not covered by this Privacy Policy.
Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
For health and fitness information, we retain this data for the duration of your client relationship with us and for a reasonable period thereafter to allow for follow-up services or addressing any potential claims.
Your Data Protection Rights (GDPR and UK GDPR)
Under the General Data Protection Regulation (GDPR) and UK GDPR, you have the following rights concerning your personal data:
- The Right to Access: You have the right to request copies of your personal data.
- The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
- The Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal data, under certain conditions.
- The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
- The Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
- The Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- The Right to Withdraw Consent: Where our processing is based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.
- The Right to Lodge a Complaint: You have the right to complain to a supervisory authority, particularly in the UK, the Information Commissioner's Office (ICO), if you believe your data protection rights have been infringed.
To exercise any of these rights, please contact us using the details provided below. We may require you to verify your identity before responding to such requests.
Data Security
We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, please remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our services is at your own risk. You should only access the services within a secure environment.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.
Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:
IronThistle Fitness
315 Heatherfield Road
Suite 4B
Edinburgh, EH12 7BA
United Kingdom