Privacy Policy

Last updated: 01/09/2025

1. Introduction

This Privacy Policy explains how Bespoke Fitness Solutions ("we," "us," or "our") collects, uses, and protects your personal data. We are a personal training business based in the UK and committed to complying with the General Data Protection Regulation (GDPR).

2. Data Controller

The data controller is:

David Powell bespokefitnesssolutions@gmail.com

3. The Data We Collect

We may collect and process the following categories of personal data:

  • Identity Data: Name, date of birth, gender.

  • Contact Data: Email address, telephone number.

  • Health and Fitness Data: This may include sensitive personal data such as medical history, injuries, and fitness levels, which you provide to us voluntarily. We require this data to ensure your safety and to create a suitable training plan.

  • Financial Data: Bank account details and payment card details (note: we do not store full payment card details; these are processed securely by our payment provider).

  • Technical Data: IP address, browser type, and operating system when you interact with our website.

  • Usage Data: Information about how you use our services and website.

4. How We Collect Your Data

We collect data in the following ways:

  • Direct Interactions: When you fill out forms, communicate with us via email, phone, or in person, and provide us with information about your health and fitness.

  • Automated Technologies: As you interact with our website, we may automatically collect Technical Data about your equipment, Browse actions, and patterns.

5. How We Use Your Data and Our Lawful Basis for Processing

We will only use your personal data when the law allows us to. Our lawful bases for processing your data are as follows:

  • Contract: To perform the contract we are about to enter into or have entered into with you, for example, providing you with personal training services.

  • Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, to improve our services or to keep our records updated.

  • Consent: We will obtain your explicit consent for processing your sensitive personal data (e.g., health data). You have the right to withdraw this consent at any time.

  • Legal Obligation: Where we need to comply with a legal or regulatory obligation.

We use your data to:

  • Provide you with our personal training services.

  • Manage our relationship with you.

  • Process payments and issue invoices.

  • Keep you informed about our services (with your consent).

  • Improve our services.

6. Data Sharing and Third Parties

We will not share your personal data with any third parties except where necessary to provide our services or comply with the law. This may include:

  • Payment Processors: To securely process your payments.

  • Booking Software Providers: To manage your appointments.

  • Legal and Regulatory Bodies: If we are legally required to do so.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

7. International Transfers

We do not transfer your personal data outside the UK or the European Economic Area (EEA). If this changes, we will ensure that a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • The country has been deemed to provide an adequate level of protection for personal data by the European Commission.

  • We use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

8. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.

9. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.

10. Your Legal Rights

Under GDPR, you have the following rights:

  • Right to be informed: The right to be informed about how we collect and use your personal data.

  • Right of access: The right to request a copy of the personal data we hold about you.

  • Right to rectification: The right to have inaccurate personal data corrected.

  • Right to erasure: The right to request that we delete your personal data ("right to be forgotten").

  • Right to restrict processing: The right to block or suppress the processing of your personal data.

  • Right to data portability: The right to obtain and reuse your personal data for your own purposes.

  • Right to object: The right to object to us processing your personal data in certain circumstances.

  • Rights in relation to automated decision-making and profiling: The right not to be subject to a decision based solely on automated processing.

If you wish to exercise any of these rights, please contact us at bespokefitnesssolutions@gmail.com.

11. Complaints

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

12. Changes to This Privacy Policy

We may update this privacy policy from time to time. The latest version will always be available on our website.