Date Adopted: 1st May 2018
This privacy notice provides information about how we use and share personal data about users of the website at crossfitcirencester.com and our booking and performance website at woodify.com. It covers the following topics:
- Who we are and how you can contact us
- What we use personal data for
- What kinds of personal data we use, and where we get it from
- What our legal grounds for handling personal data are
- Who we share the personal data with
- Where the personal data is stored and sent
- How long the personal data is kept for
- Whether the personal data is used to make decisions about you or to profile you
- Your rights in relation to the personal data we hold about you
- Who you can complain to if you are unhappy about the use of your personal data
- WHO WE ARE AND HOW YOU CAN CONTACT US
We are CrossFit Cirencester Ltd, which is a company registered in England number 11037414. Our registered office is at Unit 15, Elliott Road, Cirencester GL7 1YS.
CrossFit Cirencester Ltd is registered with the Information Commissioner’s Office as a Data Controller, registration number ZA321843 and is responsible for controlling the data you provide us with via our website or if you contact us using the details below. This means that it is responsible for ensuring that the personal data is used fairly and lawfully.
You can contact us by sending an email to email@example.com.
- WHAT WE USE PERSONAL DATA FOR
This section explains the purposes for which we use personal data about you. More detail about the types of personal data that we might use for these purposes can be found in section 3 below.
Providing our websites and our products and services to you
We use personal data to provide you with products and services through our websites. This includes:
- Creating an account for you at Wodify.com allowing you to record your personal performance, access our class scheduled and reserve spaces.
- Creating Direct Debit Mandates and other forms of processing.
This also includes contacting you about those services. For example, we may contact you by email or SMS message to let you know about significant changes to the services you have signed up for.
Prevention and detection of fraud and other crime
In order to detect or prevent fraud (for example, to ensure that no-one has fraudulently accessed your account or to confirm you have only entered information about yourself), we may use personal data from other sources to corroborate your details. We may use third parties to undertake these checks on our behalf.
We use personal data for marketing purposes. This includes showing you advertisements or otherwise informing you about products and services that we think may be of interest to you. These may relate to products and services offered by any current or future member of CrossFit Cirencester Ltd (see section 5) or any third party.
We will not sell your personal data to third parties for marketing purposes, but we may use it to promote third parties’ products and services.
We will only make contact with you for marketing purposes by email, telephone, SMS or similar methods if you have given us your consent to do so, and we will only do it using the methods which you have specifically chosen. For example, if you have indicated that you only wish to receive marketing communications by email, then that is the only method by which we will contact you for that purpose. However, you might still be contacted for other purposes – for example, as part of our relationship management (see below) or if contacting you is part of the service we are providing you with.
You can adjust your marketing preferences by emailing firstname.lastname@example.org and informing us that you would no longer like to receive marketing messages (these will include messages for social events). Please note that you will continue to receive service messages.
We use personal data for relationship management purposes. Relationship management is the ongoing maintenance of our relationship with you. This could include activities such as letting you know about product changes or planned maintenance activity, providing you with technical support or dealing with your enquiries.
Administering, monitoring and improving our websites
We use information such as how different people navigate around our websites, how long they spend on particular pages and whether they download any of our content in order to help customise and improve the user experience of our websites. It also allows us to tailor the website to match your interests and preferences better and helps us understand who has visited which pages to determine the most popular areas of the website.
This information is also used for security and system administration and to generate aggregate non-personalised information for use by us, our business contacts, selected third parties, sponsors or advertisers (such as anonymous statistics related to the take up or use of services, or to patterns of browsing).
Product or systems development and testing
We may sometimes use personal data while improving, developing or testing our products and systems. This includes making sure that our security measures are working properly. Where possible, we will anonymise or pseudonymise the data before doing this.
Legal and regulatory purposes
We may use your personal data for legal and regulatory purposes. For example, this might include responding to complaints or enquiries from you or a regulator about how we have used your personal data.
The information you give us may be combined with other information about you that is obtained from other sources, and the combined data may be used in accordance with this privacy notice. For example:
- The information you give us may be compared with data available elsewhere to verify your identity or validate the information you have provided (for example in the context of anti-fraud measures).
- Anonymised information about you may be combined with information about your devices (or cookies placed on your devices) to improve the quality and relevance of advertising material on websites you visit.
- WHAT KINDS OF PERSONAL DATA WE USE, AND WHERE WE GET IT FROM
We obtain and use information from various different sources. These are summarised in the following table.
|Type of information||Description||Source|
|Name and contact details||This is basic personal data about you, and how to get in touch with you.||This information is usually provided directly by you, typically through our websites.|
|Other information you provide in connection with the services||This is information you provide us in connection with the services we provide to you. For example, if you use any of our services this may include your answers to the medical questionnaire.|
|Transaction history||This is information about what products and services you have subscribed to or bought, when you bought them and, if applicable, how much you paid for them.||We produce these records ourselves.|
|Contact history||This is information about our contact with you. It also includes your behaviour in response to our interactions with you, such as whether you have opened our emails or clicked on a link.|
|Device information||This is information about the device you are using to access our websites, such as the type of device, its operating system, browser, IP address, screen resolution and what cookies are on it.||We produce these records ourselves by monitoring your use of our websites.|
|Third party data||This information that we obtain about from third parties and associate with you or your devices. For example, if you have a Public Facebook profile then the Wodify app may access it to retrieve your public photo to include in your Wodify Athlete Profile.||We may obtain this data from various different data suppliers.|
You are free to choose whether or not you give us your personal data. However, if you are signing up to one of our products or services we might not be able to provide you with that product or service if you do not give us the information we need in order to do so.
- WHAT OUR LEGAL GROUNDS FOR HANDLING PERSONAL DATA ARE
This section explains the basis on which we process your personal data in connection with the websites.
Performance of our contract with you
When you complete any registration form on our websites, or purchase a product from the websites, we agree to provide you with products and services as set out in the Terms & Conditions for the relevant website. We need to use some of your personal data in order to be able to provide you with those products and services. For example, we need to know what services you have signed up for, and we need to process payment method details in order to take payment from you for any paid-for services.
We rely on your consent for sending you marketing materials by email, telephone, SMS or similar methods. You can give or withhold consent when you first sign up on the websites, and you can subsequently withdraw your consent through your account settings or (in the case of email) by clicking the “unsubscribe” link.
The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this isn’t outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.
The legitimate interests we are pursuing are:
|Understanding and keeping in touch with our customers||We have an interest in understanding what kinds of people use our products and services and how they use them. We also have an interest in keeping in touch with them, for example in order to keep them up to date with the products and services we provide to them.|
|Monitoring and securing our systems and data||Some of the ways we use personal data are justified by the need to ensure that our systems and the data we make available through the website are kept secure and only made available to the correct people.|
|Commercial interests||Like any commercial organisation, we seek to earn revenue through the services that we provide to our customers and clients.|
- WHO WE SHARE THE PERSONAL DATA WITH
We may provide your information to third parties who help us use it for the purposes described in section 2. For example:
- Our database of personal data may be hosted by third parties on our behalf (for example, Wodify).
- We use a third-party email broadcasting service in order to send you service emails or SMS messages or (if you have agreed to receive them) marketing emails.
- We use payment service providers in relation to any payments you make.
- We might use market research companies to help us better understand our customers.
These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations unless you agree otherwise.
Online advertising platforms
We may use third party advertising platform providers such as Google to serve advertisements to you. These third parties may use information about your visits to these and other websites in order to provide you with advertising about products and services that may be of interest to you.
Sometimes we may provide information associated with you to third parties who operate other websites (such as social media platforms) so that we can show you relevant advertisements while you are using those websites. This information will be protected so that you can only be identified if the third party already knows you – the information we provide only tells them that you are a user of our websites.
If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.
We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office.
Sharing of anonymised data with third parties
We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating to you.
- WHERE THE PERSONAL DATA IS STORED AND SENT
We are based in the United Kingdom and will access and use your information from here.
We also send information elsewhere in the world. For example:
- We hold a copy of our databases in the United States and Europe.
- We may use cloud-based technology or a data centre or backup facility overseas, and people in other countries may also need to access data for purposes such as technical support or system development and testing.
While countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:
- Putting in place a contract with the recipient containing terms which have been approved by the authorities as providing a suitable level of protection.
- Sending the information to an organisation which is a member of a scheme which has been approved by the authorities as providing a suitable level of protection. One example is the “Privacy Shield” scheme that has been agreed between the European and US authorities.
- HOW LONG THE PERSONAL DATA IS KEPT FOR
We will keep your personal data for as long as you are a registered member irrespective of your level of activity or temporary suspension of membership privileges and may keep it for an additional period of time from when your membership if formally closed. We keep the data for that additional period of time in case we need to respond to any enquiries from you (for example, if you have any questions about the amount we have billed you) or from any regulators.
We may close your account if you do not use it for a long time, and you can close your account at any time by contacting us using the details in section 1 above. For more information about this, please see the Terms & Conditions associated with your membership.
- WHETHER THE PERSONAL DATA IS USED TO MAKE AUTOMATED DECISIONS ABOUT YOU OR TO PROFILE YOU
We perform the following automated decision-making and profiling activities using your personal data. When we refer to profiling, we mean using personal data to make predictions about you, or to categorise you into particular groups.
Account management and marketing
If you do not use your account for a long time we may automatically categorise you as an inactive member. While you are classed as an inactive member we may attempt to reengage with you, for example by sending you messages reminding you about your membership.
We may also categorise you alongside other data subjects so that we can tailor advertisements for particular groups of people at the same time.
- YOUR RIGHTS IN RESPECT OF THE PERSONAL DATA THAT WE HOLD ABOUT YOU
You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please use the contact details set out in section 1.
- Access: You have a right to find out what personal data we hold about you, and certain other information such as how we are using it.
- Withdrawal of consent: When we rely on your consent to use your data (see section 4 above), you have the right to withdraw that consent at any time. You can do this by contacting us, or through your account settings or (in the case of marketing emails) by clicking the “unsubscribe” link.
- Objection to direct marketing: You have the right to object to us using your personal data for direct marketing purposes. If you do this, we will stop using it for those purposes.
- Rectification: If the information that we hold about you is inaccurate or out of date, you have a right to ask us to correct it.
- Objection to legitimate interests: If you disagree with us relying on the legitimate interests grounds for using your personal data (see section 4 above), you can object to us doing so. We will then reassess the extent to which we can continue to use the data in light of your particular circumstances.
- Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However, this usually won’t apply to all of your data because we might have good reason for needing to keep some of it.
- Restriction: In some circumstances you can ask us to restrict the ways in which we use your personal data.
- Portability: You have the right to receive some limited kinds of information in a portable format.
- WHO YOU CAN COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA
We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can investigate your concerns. Please contact us by sending an email to our Data Protection Officer at email@example.com.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.