Peter the Privacy Policy

Momentum Training may change this policy from time to time by updating this page: please check this page from time to time to ensure that you are happy with any changes. This policy is effective from 3 June 2018.

1. What’s this all about and who is Peter?

We’ve reviewed our information processing and security procedures to ensure we are compliant with updated data privacy laws and we’ve also created an updated privacy policy as of June 2018 (we may update it again from time to time by updating the text of this webpage, and if we make any material changes we will notify you by email, if you’ve opted into receiving email communications from us). Our updated privacy policy is written in plain English and we’re calling it Peter in an attempt to bring some life to the driest subject in the history of the world.

Peter’s job is to make it easier for you to understand what personal information we collect from you when you use our services and systems and why we collect it (hint: we use it to run the gym, we don’t sell it or anything like that). He’ll also tell you how we keep your personal information secure and what rights you have in relation to it. Peter knows that he isn’t very sexy, but also that he plays an important role, so he gets the job done as simply as possible, without any long words. Bit like Geoff.

2. How do we collect your personal information?

Under data protection law, Momentum is a ‘data controller’. This means that we are responsible for deciding how to hold and use personal information about you when you use our services and systems. We collect your personal data in a number of ways including via our email system, our website, our membership system Teamup, our e-marketing system Mailchimp, our payment processing systems Stripe and GoCardless and possibly also through our social media accounts on FaceBook and Instagram. People at the gym may also collect your phone number if they fancy you, but that’s nothing to do with us.

3. What personal information do we collect?

Personal information means any information about a living individual from which that person can be identified. It does not include data where the individual’s identity has been removed (anonymous data). There are also special categories of more sensitive personal information that require a higher level of protection – as described in paragraph 4. below.

When you use our services we will collect, store and use the following types and categories of personal information:

– your name (you can make one up if you like);

– your contact information (email address is mandatory but you can also provide your phone number if you want to sign up for SMS alerts for class waitlists etc.);

– your date of birth (we used to collect this so we could send you a funny email on your birthday but we’ve just switched this off as part of our data audit as we don’t really need it);

– your bank details and/or credit card details;

– your photo (if you want to upload one to your teamup account or send us one for the newsletter);

– details of an emergency contact; and

– details on how you like to be contacted (e.g. whether by SMS or email) and whether you want to receive our marketing emails (we send about 6-7 newsletters a year as well as other very occasional emails about events or offers we are running).

We also create information that becomes part of the personal information we hold about you, such as your details of your usage of the gym and our systems. Finally, when you use our systems, we may also use cookies. This is a whole new level of boring so we’ve separated it out from Peter – you can read about it here.

4. What is sensitive personal information and do we collect any?

New data protection legislation refers to a specific category of personal information called ‘sensitive information’, which encompasses information related to your racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background or trade union membership. Whilst we do not generally collect sensitive information, please note that we may collect and process it in the following circumstances (in each case only where the information is required for the performance of our contract with you and where we have your consent to us proessing this data):

– When health related information is volunteered by you and is required to assess your readiness for physical exercise. If, for example, you have a previous knee injury, and you tell us that you are concerned about how this will impact your ability to take part in our classes.

– When health related information is volunteered by you in order to request a membership freeze.

This type sensitive personal information requires higher levels of protection and we have appropriate policies and safeguards in place to protect this type of information.

5. What we do with the information we collect from you?

Sell it. Just kidding. We will never sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. Why do we actually need to collect this info? To understand your needs and provide you with a better service, and in particular for the following boring but important reasons:

– To carry out obligations arising from our contractual agreement, and to provide you with the information and products or services you request. This may include the facilitation of membership purchases and class bookings;

– To keep you safe (emergency contact details and health data as described above);

– To process payments and maintain accounts and records including membership records;

– To improve our services (e.g. to see which classes are oversubscribed and which are empty – to help us with class scheduling);

– To improve our website, prevent or detect fraud or abuses of it and enable third parties to carry out technical, logistical, research or other functions on it on our behalf based on statistical usage and analytics we collect;

– To send you newsletters and very occasional promotions and surveys;

– To put in our newsletters (only ever with your consent), so we can tell our other members about your great achievements, or take the piss out of you; and

– To notify you about changes to our services, terms and conditions, and indeed changes to Peter himself.

6. What about third party service providers?

We contract with a number of third party service providers to process your personal information on our behalf. The following activities are examples of those carried out by third party service providers:

– Online payments (Stripe and GoCardless).

– Membership management (Teamup).

– E-marketing (Mailchimp).

We expect all third party service providers to respect the security of your personal information and treat it in accordance with the law. We vet our third party service providers carefully and only work with the most reputable. If you require further details on the third party service providers we use to process your personal information, please contact us.

7. What about retention and storage?

We will only retain your personal information for as long as is necessary to fulfil the purposes we collected it for, including satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal information, we consider the:

– Amount, nature and sensitivity of the information;

– Potential risk of harm from unauthorised use or disclosure of your personal information; and

– The purposes for which we collected and used it and whether we still need to keep it in the same form.

8. What rights do you have in relation to the personal information we collect?

Under certain circumstances, by law, you have the right to:

– Request access to your personal information (known as a ‘data subject access request’). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

– Request correction of any incomplete or inaccurate personal information we hold about you.

– Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

– Object to processing of your personal information where we are relying on a legitimate interest and you want to object to processing on this ground. You also have the right to object where we are processing your information for marketing purposes, for example if we send you emails to keep in touch with you after you are no longer a member.

– Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

– Request the transfer of your personal information to another party.

– In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.

If you would like to exercise any of these rights, please contact us.

9. How do we keep your personal information secure?

We are committed to ensuring that your information is secure. In order to prevent loss, unauthorised access or disclosure, we maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable information. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

10. What is the legal basis on which we collect your personal data?

We primarily collect, store and process personal information about you on two grounds:

– Where it is necessary for our legitimate interest in running our business (provided that we are satisfied that your interests and fundamental rights do not override our legitimate business interests) e.g. we need to collect your financial details so we can charge you for your membership and we need your contact details so we can contact you about your class bookings etc.

– Where it is necessary to perform the contract we have entered into with you provide you with the right level of access to our services and facilities, based on your membership.

We may also use your personal information in the following circumstances: on the basis of your explicit consent to us processing your personal data for a specific purpose, where we need to protect your interests (or someone else’s) or where it is necessary for the public interest or for an official purpose.

If you have any questions about this privacy policy, please don’t hesitate to contact us.