FISH Fitness is registered with the Information Commissioner’s Office (ICO) as a data controller for the purposes of the Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR) under registration number A8640506.
Protecting your personal data
We are committed to safeguarding your personal information and we comply with all data protection laws including:
- The Data Protection Act 2018;
- The General Data Protection Regulation (GDPR); and
- Any regulations made under or to supplement either of the above, relating to the personal information that we collect about you.
- What personal data we collect about you;
- Why we collect that personal data;
- Who we share your personal data with;
- Why we might contact you and how you can change that;
- What rights you have in relation to your personal data.
- How long we retain your personal data;
- How we keep your personal data secure;
- Communication and updating your preferences
Personal data collected by FISH fitness
We hold the following personal information and we store personal data we collect about you while enquiring, purchasing any our services and whilst using any of our facilities and equipment within our fitness classes. These include:
- Personal data you have provided to us when you enquire, purchase or attend a class from us including name, address, contact details (including email address and phone number) of you and your baby
- Details of any referrals, or other contact and correspondence we may have had with you;
- Notes and reports about your health and any treatment and care you or your baby have received and/or need in respect of signing up for any of the classes offered by FISH Fitness
- Details and information provided by your Healthcare professional required for you or your baby to complete one of our classes
- Details and information provided by your Healthcare professional required to allow you or your baby to cancel one of your classes.
- Feedback and treatment outcome information provided to allow you or your baby to resume one of our classes;
- Information you give us when you make a payment to us, such as financial or credit card information;
- Other information received from other sources
- Completed our forms, or otherwise provided information to us, when accessing and/or using the products and services we make available, whether in our classes or otherwise
- Fitness class booking history
- Carry out a transaction on our website
- Contact us, for example by email, telephone or social media
- Personal data relating to your baby/infant (We hold data relating to members aged under 16 years old in order to provide to deliver fitness services specifically for the baby yoga and baby massage classes). We collect and process this data with the consent of a parent or holder of parental responsibility.
Where you use any of our websites, we may automatically collect personal data about you including:
- Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform,
Reasons for collecting that personal data
We collect and store your personal data in order to ensure you (and/or your baby) are suitable to attend the classes and to provide you with fitness class related services, such as enquiring, purchasing or attending our classes. The legal basis for processing any personal information as part of this request is processed in relation to taking necessary steps to sign up, purchase or complete the classes. Examples includes:
- Processing class purchases;
- Managing your purchase and the products and/or services available to you through it
- Collecting and managing your payment for classes and, if you do not pay, for taking such steps as are necessary to arrange for you to make that payment
- To notify you about changes to our products or services
- Collecting information in relation to ensuring you and your baby are suitable for the classes you have signed up for
- Collecting information in relation to your Healthcare professional having agreed it is safe for you and your baby to attend the classes you have signed up for
We also have legitimate interests for processing your personal data which include:
- To contact members to provide them with information about offers, products and services through email, SMS and post.
Who we share your personal data with:
In the usual course of our business we may disclose your personal data (to the extent necessary) to certain third- party organisations that we use to support the delivery of our services. This may include the following:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with you,
- Organisations providing IT systems support and hosting in relation to the IT systems on which your information is stored,
- Third party debt collectors for the purposes of debt collection,
- Third party service providers for the purposes of storage of information and confidential destruction;
- Third party marketing companies for the purpose of sending marketing emails, subject to obtaining appropriate consent.
- Where a third-party data processor is used, we ensure that they operate under contractual restrictions with regard to confidentiality and security, in addition to their obligations under Data Protection Laws.
Under the GDPR, you have the following rights, which we will always work to uphold:
- The right to be informed about our collection and use of your personal data.
- The right to access the personal data we hold about you.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
- The right to data portability. This means that, if you have provided personal data to us directly, we am using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
How long we retain your personal data
- If you have enquired about any FISH Fitness classes, products or services, we will retain your contact details and related information concerning your enquiry for 1 year from the date that we last had contact with you.
- If you have purchased any of the classes of products from FISH Fitness, we will keep the data relating specifically to that class or product (e.g. order forms, invoices, medical information from your Healthcase professional and related correspondence) for 5 years from the date of the contract.
- If you have requested that we do not send you communication in relation to FISH Fitness related courses we will always retain sufficient information to ensure that we remember to comply with your request.
- All of the periods stated in this section may be extended if there is a legal requirement to do so.
How do we keep your personal data secure
Unfortunately no data transmission/exchange or storage system can be guaranteed to be 100% secure. However we make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data.
We have implemented processes and practices to ensure we reduce the risk of the below in relation to your personal data:
- Unauthorised access
- Unauthorised destruction,
- Unauthorised loss
- Unauthorised alteration
- Unauthorised misuse
We also ensure your Personal Data is only accessible to a limited number of personnel who need access to the information to perform their duties.
We use STRIPE as our 3rd party provider for our payments platform. STRIPE are certified to the most stringent level of certification in the payments industry. For more info please go to https://stripe.com/docs/security/stripe
Receiving communications from FISH Fitness and updating your preferences
For new customers, we may contact you for information about other classes we offer. You will have the option to opt in or out on receiving any further information on our products and services.
If you are an existing customer you will have had an initial contact email at which point you can opt in or out on receiving communication from us in relation to other classes we may be running. This may be by email and SMS
You can also change your marketing preferences at any time by contacting us via email at firstname.lastname@example.org