Privacy Policy

We are ‘Strength& Ltd’, a limited company registered in England and Wales with company number 12821529. Our registered office is 3 Balsams Close, Hertford, SG13 8BN. If you have any questions about anything data related, Max Wilkinson our Company Secretary will be happy to answer. You can contact us by emailing max@strengthand.com or writing to our registered office.

We know that your data matters to you. That’s why Strength& takes your privacy seriously. But we need some data to provide you with the best experience. This document sets out what data we collect, how we use it, and what rights you have in relation to your data.

The GDPR has 7 core principles that apply to us as a controller of your data. All data should be:

1. Processed lawfully, fairly and transparently

2. Collected for specific and legitimate purposes

3. Adequate and relevant to the purpose of collection

4. Accurate and up to date

5. Kept in a form which permits personal identification for no longer than necessary

6. Processed in a manner that ensures security

7. Processed accountably by us, meaning that we are able to demonstrate compliance with the GDPR

Why do we collect your data? 

At Strength& we are passionate about strength and conditioning training. And we hope to make you too. But to do this, and provide you with this service, we need to collect some personal data. Our reason for collecting your data is called the ‘lawful basis’, and it varies depending on the individual piece of data.

For most data we collect, we rely on the lawful basis of fulfilling our contract with you to provide strength and conditioning services. We need data to fulfil this contract; to provide you with the best possible experience. We don’t require your consent to process this data.

Data relating to your health is ‘special category’ data. Our lawful basis for processing this is the contract that we have to fulfil, but we also need your consent to do this. By signing the PAR-Q form, you give you consent to us to process your health data.

We also store some data with the purpose of preventing the spread of COVID, in line with government guidelines for the fitness industry. Our basis for processing this data is for our legitimate interests (for data collected before 18 September 2020) and for data collected on or after 18 September 2020, to comply with our legal obligations.

There are other pieces of data that we collect which are not necessary to fulfil our contractual obligations to you. Collection of these pieces of data rely on your consent, which can be withdrawn at any time. See the section on ‘Your rights’ for more information on this.

What information do we collect?

We collect the following information to allow us to fulfil our contract with you to provide strength and conditioning training:

• Your name

• Contact information (email address, phone number)

• Health information on your screening form and any other information you disclose to us

• Data about your acceptance of your membership agreement

• Incident logs

• Attendance information

• Performance information

• Membership information (your payment record, dates payment is due)

• Billing information (card details). Note that this is not stored by us and is processed by a third party on our behalf.

• Your contact with us (depending on the nature of your contact)

We keep and will share the following information for NHS Test and Trace, unless you have opted out by letting us know.

• Your name and phone number

• Attendance information, including time of arrival and departure

We will ask for consent before collecting the following:

• Direct marketing

• Health screening information

• Your contact with us, including data disclosed by joining the group WhatsApp chat (depending on the nature of your contact)

What do we do with your data?

We use your data to:

• Process your application for membership

• Keep you informed on operational matters related to your membership

• Bill you for your membership

• To confirm and record your attendance at sessions

• To provide strength & conditioning services to you

• To provide you with relevant data about your performance

• Response to questions you may have about our services

• Analyse our business and how we provide a service to you and how we can improve our offering

• To contact you with promotional offers, if you have consented to this

• To prevent and detect fraud or any other crime

• With the data we gather for NHS Track and Trace we keep you and the community safe. You will be informed if you are at risk of COVID as a result of close contact with somebody who tested positive.

How long do we hold your data for?

We hold your data for no longer than is necessary. If you leave us, we will delete data that is no longer necessary. However, some data will be retained for 6 years to fulfil our accounting and audit requirements, as well as to defend ourselves against any claim that may be brought.

The following data will be deleted when you leave Strength&:

• Contact information (phone, email address)

• Attendance information

• Performance information

• Membership information

• Billing information

The following data will be retained for 6 years:

• Name

• Data about your acceptance of the membership agreement and payment of membership fees

• Medical information disclosed to us

• Incident logs

• Any contact you have with us, if it could affect our legal or financial obligations 

Data relating to Track and Trace will be deleted after 21 days, unless it is already held for one of the purposes outlined above. 

Who do we share your data with?

We only share your data with third parties when necessary to fulfil our contract with you, our legal requirements or where you give your consent. We always ensure that there is an appropriate data sharing agreement in place. We may share your data with the following organisations:

• We share your data with our payment processor to bill you.

• We may share information with our banks, other financial institutions or any regulatory agency or HMRC to comply with financial, money laundering or other legal obligations. 

• We store our data with Google. We use Google Drive to store some data and host files for collaboration within our organisation.

• Squarespace, our website host when you visit our website.

• We may share your information with our insurers if we need to make a claim.

• We may also share your information with NHS Track and Trace, to prevent the spread of COVID-19. You have the right to opt-out of this data sharing, contact us if you would like to exercise this right.

• If we used an external coach to run sessions, we may need to share data relating to your health with them, to keep you safe.

• WhatsApp, if you joined our WhatsApp group chat

Your rights

You have the right to see the data we hold about you. To do this, you can make a ‘Subject Access Request’. There is no specific form that this must take. However, it would be really helpful to us if you could email max@strengthand.com with the subject line ‘Subject Access Request’ and the main body of the email providing what (or all) data you would like us to provide to you. Remember to include your name and contact details so that we can identify and respond to you. 

You have the right to make sure your data is accurate. You have the right to tell us if the data we hold about you is inaccurate and we will rectify it as soon as reasonably possible. We will always take all reasonable steps to ensure that the data we hold is accurate. As a matter of good practise, we will keep a record of your request. 

For data which we have asked for consent to process or data that we process for Track and Trace, you have the right to withdraw your consent at any time. You also have the right to erasure and require us to delete that data. Please note that this right does not apply to data we have collected to fulfil our obligations under the contract we hold with you, unless its processing is no longer necessary. Also, if we need the data to comply with our legal obligations or for the establishment, defense or exercise of legal claims we will not be able to erase your data. In some situations, erasing some data (for example, health information) may make it unsafe for us to continue to provide a service. In these cases, we may have to terminate your membership.

You have the right to restrict processing of your personal data in some circumstances. This applies when you contest the accuracy of your data, when we no longer need it but you require it to bring legal action or if the data has been unlawfully processed.

For data which has been collected under the basis of the fulfilment of our contract with you, you have the right to portability. This means that we will provide you with your data in a form that is: structured, machine readable and commonly used. We can also transfer data to another controller if you request.

For any data we used for direct marketing purposes, you have the right to object to us processing it. You can always withdraw your consent to direct marketing. You also have the right to object to data being processed for NHS Track and Trace.

If you have a complaint about the way we handle your data, please get in touch with us using the details above. You also have the right to complain to the Information Commissioner, they are the supervisory authority for data in the UK. Their website is: www.ico.org.uk

Security

Your personal data will be secured with appropriate measures. It will be seen by employees, directors and office holders of Strength& on a strictly need to know basis.

Cookies and website analytics

This website collects personal data to power our site analytics, including:

• Information about your browser, network, and device

• Web pages you visited prior to coming to this website

• Your IP address

This information may also include details about your use of this website, including:

• Clicks

• Internal links

• Pages visited

• Scrolling

• Searches

• Timestamps
  

We share this information with Squarespace, our website analytics provider, to learn about site traffic and activity.

This website uses cookies and similar technologies, which are small files or pieces of text that download to a device when a visitor accesses a website or app. For information about viewing the cookies dropped on your device, visit The cookies Squarespace uses.

• These functional and required cookies are always used, which allow Squarespace, our hosting platform, to securely serve this website to you.

• These analytics and performance cookies are used on this site, only when you acknowledge our cookie banner. We use analytics cookies to view site traffic, activity, and other data.

If you create a customer account on this website, we collect personal information to improve our checkout experience and customer service.

This information may include your:

• Billing and shipping address(es)

• Details about your orders (for example, your shirt size)

• Email address

• Name

• Phone number

We share this information with Squarespace, our website hosting provider, so they can provide website services to us.

Change log

We detail changes to the privacy policy here, in a transparent way.

10 Sep 2020 - COVID test and trace data becomes mandatory to collect and store. Basis changed from legitimate interests to legal obligation.

15 Sep 2020 - WhatsApp chat data collection information added

19 Sep 2020 - Cookies, analytics added and website information added