fit20 UK, located at Office 6, Harry Brearley House, Stocksbridge, S36 2AE is responsible for controlling of personal data as shown in this privacy statement.
Niri Patel is fit20’s Data Protection Officer. He can be reached at firstname.lastname@example.org.
fit20 is a franchise organisation. fit20 UK is the franchisor and most fit20 studios are owned by franchisees. They are, according to the regulations of the General Data Protection Regulation (AVG), data processors. fit20 Group BV, located at Konijnenbergerweg 3, 8051 CC Hattem, The Netherlands is the developer of the application in which the training data is recorded.
Personal data we process
fit20 UK processes your personal data because you use our services and/or because you have provided us with them yourself.
This is an overview of the personal data we process:
- first and last name, gender, date of birth, photo
- address, phone number, email address
- information about your activities on our website, IP address, internet browser and device type
- other personal data that you actively provide, for example by creating a profile on this website, in correspondence and by telephone
- bank account number & payment method, membership type, start and end date yes/no interest in newsletter
- (possibly) the company you work for, in case of a business agreement
- reasons to (possibly) join, your wishes and goals
- (possible) other forms of sport or exercise in your daily life
- how you came in contact with fit20
- training dates and time, which personal trainer and possibly with whom you train together
- number of training sessions, reason of absence
- optional: height and weight
- setting fitness machines, scores per exercise, quality of execution
- personal data if we are legally obliged to do so, such as data we need for our tax return.
fit20 UK processes the following special and/or sensitive personal data:
- data concerning people younger than 16 years
fit20 UK processes your personal data for the following purposes:
- planning and scheduling training appointments
- to enable the membership administration
- to responsibly provide an effective fit20 training
- to send a newsletter
- to inform you about changes to our services and products
- for commercial and marketing actions
The following principles are used:
- needed to execute an agreement
Access to personal data by fit20
At fit20 only the personal trainer of the customer and the franchise entrepreneur/studio manager of the studio concerned have access to training data. Access by third parties will only occur after written permission from the customer.
A fit20 Group BV employee does get access to general personal information such as first name and surname when a customer (temporarily) starts training at another studio. This is necessary to enable the transfer to the other studio.
In addition, and only in case of emergency situations, the fit20 Group BV main programmer can be granted access permission.
The personal data for financial administration purposes can be accessed within the fit20 studios by the manager and employees of the relevant studio who are responsible for the member administration. This information is only accessed by fit20 franchise BV when this is needed to support the fit20 studio or for inspection purposes.
All employees of fit20 UK have signed a confidentiality agreement.
fit20 UK does not make decisions based on automated processing on matters that can have (significant) consequences for people. These are decisions taken by computer programs or systems, without a person (for example an employee of fit20 UK).
Retention periods personal data
After termination of the membership the following retention periods are used:
The Intake form and the other training data will be kept as long as needed according to the insurance company of fit20 UK and the fit20 studios, with a maximum of 3 years. The retention period still has to be indicated by the insurance companies.
fit20 is legally obliged to keep the financial administration and the agenda agreements for a period of 7 years.
Disclosing data with third parties
Personal data with be disclosed to various third parties if this is required for the fulfillment of the agreement and to comply with any legal obligation. Companies that process your data on our behalf have to comply with a processor agreement to ensure the same level of security and confidentiality of your data as fit20 UK does. fit20 UK remains responsible for these processing operations. Financial data are processed by the administration service company of the franchise studios involved.
Cookies or similar techniques we use
Access, modify or erase data
You have the right to access, rectify or delete your personal data. You also have the right to withdraw your consent for the data processing or to object to the processing of your personal data by fit20 UK.
You have the right to request access, rectification and erasure of your personal data or to request cancellation of your consent or objection to the processing of your personal data by mailing to email@example.com or to the e-mail address of your fit20 studio.
The franchise entrepreneur/studio manager will then contact you by phone to verify your identity.
How we protect personal data
fit20 UK takes the protection of your data seriously and takes appropriate measures to prevent misuse, loss of data, unauthorized access, unwanted disclosure and unauthorized modification. If you have the impression that your data are not secure or that there are indications of misuse, please contact firstname.lastname@example.org or your fit20 studio.
Our website and/or service does not intend to collect data about website visitors younger than 16 years, unless they have permission of their parents or guardians. We can’t check, however, if a visitor is older than 16. We encourage parents therefore to be involved in the online activities of their children, in order to prevent data about children being collected without parental consent. If you are convinced that we have collected personal information about a minor without parental permission, please contact us via email@example.com, then we will delete this information.
This privacy statement can be changed at any time. We will publish these changes here.
28 May, 2018