Privacy Policy

This privacy policy sets out how Applebees Fitness uses and protects any information that you give to us when you use this website and in person.

Applebees Fitness is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement. Applebees Fitness may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 25th May 2018.


Version 1.0                                                                                                                                                               Date: 17/05/2018
Applebees Fitness patient privacy statement 
Applebees Fitness is aware of its obligations under the General Data Protection Regulation (GDPR) and is committed to protecting the privacy and security of your personal information. This privacy notice describes, in line with GDPR, how we collect and use personal data about you during and after your time as client. It also sets out how we use that information, how long we keep it for and other relevant information about your data.
 
This notice applies to current and former clients.
 
Data controller details
Applebees Fitness is a data controller, meaning that it determines the processes to be used when using your personal data. Our contact details are as follows: 
Applebees Fitness, Ben Appleby, [email protected], 07590583169
 
Data protection principles
In relation to your personal data, we will comply with data protection law. This says that the personal information we hold about you must be:
 
processed fairly, lawfully and in a clear, transparent way
collected only for valid reasons that we find proper for the course of your time as a patient and not used in any way that is incompatible with those purposes
only used in the way that we have told you about
accurate and up to date
kept only as long as is necessary for the purposes we outline 
process it in a way that ensures it will not be used for anything that you are not aware of or have consented to (as appropriate), lost or destroyed 
kept securely
 
Types of information we hold about you
Personal data or information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed. 
We hold many types of data about you, including:
 
your personal details including your name, address, date of birth, email address, phone numbers
Emergency contact and their contact numbers 
additional information held as a personal training client
Personal medical or health information, including past medical history
Physical activity past and present along with food likes/dislikes and diet plans/logs
Health data such as your BMI, blood pressure, mental wellbeing questions, height, weight, fat %, muscle %, body measurements.
 
Special categories of data
There are "special categories" of more sensitive personal data which require a higher level of protection, such as information about a person's health or sexual orientation.  The only data we collect on this is in regards:
·         Health
 
We do not store data on sexual orientation etc.
 
We will use your special category data:
·         to ensure the care you receive at our facilities and during any 1-1 or group Personal Training is appropriate to your condition
·         to determine reasonable adjustments that should be made for access to the to any of our facilities (COACH, French Weir park/ Wellington Cricket Ground, Wellington Community Centrea, Wellsprings Leisure Centre or at any other address - this may include parks, and your home address)
We must process special categories of data in accordance with more stringent guidelines. We will process special categories of data when the following applies:
·         you have given explicit consent to the processing - by purchasing any of our available packages, so this data is vital to make the necessary improvements to your health. 
·         we must process the data in order to carry out our legal obligations 
·         we must process data for reasons of substantial public interest
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.
As with all cases of seeking consent from you, you will have full control over your decision to give or withhold consent and there will be no consequences where consent is withheld. Consent, once given, may be withdrawn at any time. There will be no consequences where consent is withdrawn.
 
How we collect your data
We collect data about you in a variety of ways and this will usually start when you make an enquiry online, over the phone or in person and will continue when you attend your first and subsequent training sessions. At our business address, we keep paper and electronic records. Information we write down on paper may be transferred to our electronic system. We may receive information about you from your GP or other health care provider regarding your referral or, with your permission, additional information that will help us continue with your training. We may also hold the results of performance tests that you have undertaken that are relevant to compare with previous and future data to make the necessary improvements to your health. 
Personal data is kept in a variety of forms.  We store your data in the following ways:
·         Paper notes: These are stored at a home address in locked filing cabinets and are only accessible by your Personal Trainer.  At times these records may be scanned onto our electronic system for storage.  When the time comes to dispose of your paper notes, in-line with our statutory regulation, these notes are destroyed using a cross shredder and/or incineration.
·         Electronic notes: We use 'Goteamup' and 'My PT hub' to manage your personal data. Access to this system is by individualised password login only.  Access for this data is limited to Applebees Fitness management team and fitness instructors have reduced access to names of clients attending their class only. Personal Trainers of Applebees Fitness will have full access to their clients on MYPTHUB. Goteamup also have access and are GDPR compliant and data processor contracts are in place.
The premises where your data is held is locked and all our computer systems are username and password protected. 

Why we process your data (How we will use information about you)
The law on data protection allows us to process your data for certain reasons only, these are classified as legitimate interests. Most commonly, we will use your personal information in the following circumstances:
·         in order for us to carry out our contract with you (your requesting service and our agreement to provide it constitutes a contract) which will include confirming appointments, informing you of changes to appointments or other arrangements, changes to facilities or services.
·         in order to provide you with the best possible treatment by recording health and treatment information which would be in your best interest.
·         in order to carry out legally required duties such as those required by us by our government appointed regulator
·         where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests
We may use your personal information in these rare situations:
·         where we need to protect your or someone else’s interests
·         where it is needed in the public interest or for official purposes
 
Situations in which we will use your personal information
We need all the categories of information to primarily allow us to perform our contract of service with you and to enable us to comply with legal obligations. 
 
If you do not provide your data to us
One of the reasons for processing your data is to allow us to carry out our duties in line with your contract of care with us. If you do not provide us with the data needed to do this, we will be unable to perform that care to ensure your best interests are being maintained. We may also be prevented from continuing with your service with us due to our legal obligations. 
Change of purpose
We will only use your personal information for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. 
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Automated decision making
No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.
Sharing your data
Your data will be shared with other Personal Trainers/Fitness Instructors of Applebees Fitness but only where it is necessary for them to undertake their duties.
 
We may share your data with third parties in order to facilitate a referral to another healthcare practitioner, investigation or to keep your GP informed about your progress with our service.  Third parties that process data on our behalf include:
MYPTHUB – Online Personal Training software
GOTEAMUP – Class booking and membership system
Mailchimp- Health and Fitness newsletter (Access limited to name and email address only)
 
Transferring information outside the EU
We do not share your data with bodies outside of the European Economic Area.
 
Data Security - Protecting your data
We have put in place measures to protect the security of your information against accidental loss or disclosure, alteration, unauthorised access, destruction or abuse. We have implemented processes to guard against such. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. 
 
Where we share your data with third parties, we provide written instructions to them to ensure that your data are held securely and in line with GDPR requirements. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.
 
How long we keep your data for
In line with data protection principles, we only keep your data for as long as we need it for, which will be at least for the duration of your being a client with us and we are legally required, by the Register of exercise professionals regulator, to keep this data for five years after your time as a client has ended. To determine any appropriate retention period for personal data beyond five years we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements. 
Once we no longer have a lawful use for retaining your information, we will dispose of it in a secure manner that maintains data security. 
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. 
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your time as a client with us.
Your rights in relation to your data
The law on data protection gives you certain rights in relation to the data we hold on you. 
·         the right of access. You have the right to access the data that we hold on you. To do so, you should make a subject access request. Find out how to do this from Ben Appleby (managing director).
·         the right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you can require us to correct it. 
·         the right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice. We also must inform you of any changes to how we use your data.
·         the right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it. However, if it falls under our legal obligation to keep your data securely for a longer period we will do so.
·         the right to restrict the processing of the data. For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct.
·         the right to portability. You may request transfer of the data that we hold on you for your own purposes.
If you want to access your data, review, verify or correct your data, request we erase your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact [email protected] and this request will be reviewed and actioned.  The director will then contact you in writing/email.

Fees
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee for a second or subsequent copy of information, for a summarised version/report or if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
 
Right to withdraw consent
Where you have provided consent to the collection, processing and transfer of your data, you have the right to withdraw that consent at any time. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate legal reason for doing so.
To withdraw consent, contact Ben Appleby at [email protected] and this request will be reviewed and actioned.  The director will then contact you in writing/email.
 
Making a complaint
If you have any questions about this Privacy Notice or how we handle your information, please contact Ben Appleby. They can be contacted on 07590583169, via email [email protected] have the right to make a complaint at any time to the supervisory authority in the UK for data protection matters, the Information Commissioner’s Office (ICO).
 
Website

How we use Cookies
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
We have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Introduction to Cookies
Cookies are small files stored in your browser and are used by most websites to help personalise your web experience. Some features on this site may not function if you do not allow cookies.
For additional information on cookies please check out the Information Commissioner's Office.
If you accept cookies the following cookies may be set on your device

Compliance Cookies
This is a small cookie used to store your cookie preferences.

Analytics Cookies
We use the Google Analytics service on this website. The information generated by the cookie about your use of our website (including your address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google undertakes not to associate your IP address with any other data held by Google.
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout .

Third Party Cookies
We use a number of tools and external applications, in particular Google Analytics, Google Maps and Google Custom Search, to enhance visitor interaction on our site. These services will set a cookie called 'PREF' which Google uses to track user preferences from one site to another.

Functional Cookies
These cookies are used on some sites when completing online forms, logging in to the site or using other functions. They do not contain any personal information and for the most part are automatically deleted when you close your browser.
If you want to delete any cookies that are already on your computer, please refer to the instructions for your file management software to locate the file or directory that stores cookies. You can access them through some types of browser.

More information about cookies, including how to block them or delete them, can be found at AboutCookies.org.
Details of cookies used by this website
This list shows all cookies used by this website, and what each is used for.

Cookie Name
Purpose
Expiry
__utmb Google Analytics cookie. This stores the domain name (hash code) of site, pages viewed this session, current time.
30 minutes
__utmc   Google Analytics cookie. This stores the domain name (hash code) of site. At end of session
__utma  Google Analytics cookie. This stores the domain name (hash code) of site, a unique visitor id (randomly generated number), time of first visit, time of previous visit, current time, number of sessions since first visit. 2 years
__utmz  Google Analytics cookie. This stores the domain name (hash code) of site, time when cookie last set, total number of visitor sessions, number of different channels or sources through which this site was reached, source of the last cookie update, search hit tag identifier (or just 'organic' if reached via normal search hit), search medium, keyword phrase used to find site. 6 months  
PREF  Saves the user's Google identifier, time of first receiving this cookie, last time when preferences were set, checksum for data integrity. This third-party cookie is placed by Google to track a user's preferences from one Google site to another.2 years

Links to other websites
Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Controlling your Personal Information
You may choose to restrict the collection or use of your personal information in the following ways:
whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at [email protected] We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.