Why we collect your personal data and what we do with it
At Home Fitness Ltd operates as a ‘licence’ company, where personal trainers within the brand operate as independent At Home Fitness licensees. Whilst it is the ultimate responsibility of each personal trainer to conform to the legal GDPR requirements, this document explains our policy about data held by both them (the licensee) and us (At Home Fitness Ltd).
When you supply personal details to either an At Home Fitness licensee (“they” or “them”) or directly to At Home Fitness Ltd (“we” or “us), they are stored and processed by both parties. The reasons and nature of this storage and processing is laid out below, along with our re-assurances and detail surrounding the control you have over your personal data.
The parts shown in bold below are the relevant terms used in the General Data Protection Regulation.
- At Home Fitness licensees (they) need to collect personal information, including contact details, home address, information regarding your health and fitness, and some information deemed ‘sensitive’, such as medical information, in order that they can provide you with a safe, effective and quality service. The service provided to you by them, and their agreement to provide it to you, constitutes a contract with you and them. You have the right to deny this information to them, but in doing so they would not be able to deliver their service to you.
- We (At Home Fitness Ltd) have access to, and occasionally process, personal information stored by At Home Fitness licensees, in order that we can support them in delivering a better service to you. Details of the ways this information is sometimes processed* is contained below. You have the right to deny any of this information to us (At Home Fitness Ltd) – just let us know by any convenient method.
- We (At Home Fitness Ltd) securely store payment details under EU-approved SCA (Strong Customer Authentication), which will be used to process payments for personal training services provided by any and all At Home Fitness licensees.
- We have a “legitimate Interest” in collecting that information, because without it we would be restricted in the support we offer our licensed At Home Fitness personal trainers to deliver the best service to you.
- We would like to be able to contact you in future if the opportunity arises that your service could be improved in any way. This may include requesting feedback from you or to resolve any complaints that may arise. This again constitutes “legitimate Interest”, but this time it is your legitimate interest.
- Provided we have your consent, we may occasionally send you general information or news about At Home Fitness that we think is either relevant or helpful to you, in the form of articles, advice or newsletters. You may withdraw this consent at any time – just let us know by any convenient method.
- We never share personal information with third parties, unless it is deemed necessary or relevant to the improvement or up-keep of the service being offered. The type of third parties with whom information is sometimes shared, and the nature of the usage of this information, is explained below.
- In the case when information is collected during a customer enquiry that you have made, wherein you do not end up paying for any At Home Fitness-related services, we will retain your information for a maximum period of 6 months after the date of the enquiry. This is to allow us to offer a smoother and more efficient service should contact be made with you within that time. If no contact has been made with you after 6 months then we will remove your information.
Your records are stored in the following ways:
- Information deemed ‘sensitive’, such as medical information relevant to the service being offered, is stored electronically (“in the cloud”) in a secure application using 2-factor authenticated password protection. The application providers have given us their assurances that they are fully compliant with the General Data Protection Regulations. Access to this data is password protected, and the passwords are changed regularly. Neither us (At Home Fitness Ltd) nor they (At Home Fitness licensees) will not use or process this information in any way without your expressed consent.
- Other personal information, including contact details, address and other non-sensitive information related to your health and fitness is stored electronically. Our providers have given us their assurances that they are fully compliant with the General Data Protection Regulations. Access to this data is password protected, and the passwords are changed regularly.
The ways in which we (At Home Fitness Ltd) might store and process information include:
- Communicating with people who are currently being offered a service by an At Home Fitness licensee, in order to help improve the service being offered. This may include requesting feedback from the customer or to resolve any complaints that may arise.
- Information is sometimes used as part of the training process, in line with our contract with At Home Fitness licensees to invest in their ongoing development. ‘Sensitive’ information as described above is never, and will never be, used as part of this training process without your express consent.
We will never share your data with anyone who does not need access without your written consent. Only the following people/agencies will have routine access to your data:
• At Home Fitness licensees trainers, in order that they can provide you with your service
• At Home Fitness Ltd, in order that we are able to both support the personal trainers within our licence who are providing a service to you, and secondly to communicate with you directly regarding any matters which constitute your “legitimate interest”.
From time to time, we may have to employ consultants to perform tasks which might give them access to your personal data (but never your medical information). We will ensure that they are fully aware that they must treat that information as confidential, and we will ensure that they sign a non-disclosure agreement.
You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors at any time.
We want you to be absolutely confident that we are treating your personal data responsibly and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so.
Of course, if you feel that we are mishandling your personal data in some way, you have the right to complain. Complaints need to be sent to what is referred to as the “Data Controller”. Here are the details you need for that:
Data Controller – Hyde Phillips
Email address – [email protected]
Phone number – 07538 672258
Postal address – 21 Farmstead Close, Sutton Coldfield B75 5UG
If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner’s Office.