Six Star PT and Fitness commits to the following in respect to your data privacy and its obligations under the terms of the General Data Protection Regulations, 2018.
Client names, postal and email addresses, telephone numbers and contact preferences may be collated, along with date of birth and gender. Payment / card details may also be stored, along with medical information (e.g. height, weight, medical conditions and disabilities) and details regarding ethnicity.
The contact details of friends who are recommended may also be recorded, along with all other initial enquiries made by phone call, email or text message.
Processing of personal data
1. Personal data will be processed in a lawful, fair and transparent manner.
2. Any data which is collected will be done so for a specific and stated purpose and the purpose will be explained.
3. Collected data will be relevant to a specific task and data collection will be minimised as far as possible.
4. Personal data will be kept up to date and accurate.
5. Data will not be stored for longer than is necessary.
6. Data will be stored securely.
7. The data subject (i.e. client) consents that their data can be used and stored.
8. Personal data is held which is required to perform a contract or enter into a contract, for example in respect to payment details.
9. Vital interests are recorded – these include underlying medical conditions which may impact ability to exercise.
10. Public interest – the controller is processing personal data as it is justified by public interest.
11. Legitimate interest – processing is necessary for the purposes of legitimate interest, for example direct marketing.
Sensitive data may be held for one of the following reasons, in addition to the above reasons:
1. Health purposes
2. Employment purposes
3. Not for profit
4. Data has been made public
5. Legal reasons
6. Archiving / research
Consent is deemed to have been given by completing an Informed Consent Form, Physical Activity Readiness Questionnaire or any other affirmative action, e.g. an indication of the client’s training wishes provided in writing.
Terms are provided in clear and simple language and freedom to withdraw consent can be given at any time. Explicit consent is given for the collection of sensitive data.
Rights Under GDPR
Clients have the right to:
· Object to direct marketing
· Make a data subject access request
· Object to being subject to automated decisions having a legal or significant effect
· The right to be forgotten (or the right to erasure)
· The right to data portability
Please advise of any queries in writing: firstname.lastname@example.org